first fast review

doc has been reviewed to current practices
This commit is contained in:
Federico Bonelli 2018-09-25 22:11:34 +02:00
parent 1bdb0f851d
commit a1de8fbd63
1 changed files with 42 additions and 32 deletions

View File

@ -1,38 +1,40 @@
# Dyne.org Operational Security Handbook
AKA a certain behaviour and a set of rules of thumb that will keep you and your information more safe as well in day to day as in production, with a particular focus on mac users. Plus an appendix on operational choices for dyne.org projects confidentiality.
>>>>> THIS IS A LIVING DOC
##A draft
v 0.08
last revision 27-06-2017
v 0.09
last revision 25-09-2018
## Discrection and confidentiality
1. Behavioural discretion
First thing first: assess the type of opposition you have. Consider that we operate in general in medium confidential environment. Type of opposition: who wants to know, why.
Risk assessment: always assess the opposition as stronger than you (and is true that it has a lot of resources), but avoid paranoia: role playing on project based compartments and personal trust is at the base of any assessment. You should use to determine the level of trust of fellows.
Risk assessment: always assess that **the opposition as stronger than you** (and is true that it has a lot of resources), but avoid paranoia: role playing on project based compartments and personal trust is at the base of any assessment. You should use to determine the level of trust of fellows.
* RULE OF THUMB: if you have no trust in someone you should not have business with him :)
* RULE OF FOOT TUMB: friends with everyone, in bed with no one
1.1.
2. Operative discretion: when project is running or when you are in indian country (a.k.a. unfriendly or uncharted territory)
If operation has a peculiar opsec everyone will be briefed beforehand. In any case:
If operation has a peculiar opsec level everyone will be briefed beforehand. In any case:
* tree circles metaphore: inner, outer and opposition
* Exemples from cospiracy: rings - in a ring of pairs all information is accessible by all the peers, but nothing goes out to others without agreeing between the inner parties: rule of 5; no more than 5 persons can be efficiently part of a ring. Communication needs escalates. In soviet classic security organizations this was compartimentalised with a controller/ringleader mechanism. We are not in need of that level of paranoia. Yet is good to know.
* Exemples from cospiracy: rings - in a ring of pairs all information is accessible by all the peers, but nothing goes out to others without agreeing between the inner parties: rule of 5; no more than 5 persons can be efficiently part of a ring. Communication needs escalates. In soviet classic security organisations this was compartmentalised with a controller/ringleader mechanism. We are not in need of that level of paranoia. Yet is good to know just in case.
* Positive view: in/out border: Enforcing confidentiality between peers, agree if disclosure to outer ring is necessary, and keep it on a need to know basis.
* plan B
* “lagendina": write down stuff with pen and ink and keep it in a drawer;
* "il pizzino": a paper written by hand that can be sent to someone, gets read and destroyed on spot. Or such kind of things. Works, is safe from sigint, implies a certain level of trust.
* keep a plan B
* “lagendina": write down stuff with pen and ink and keep it in a drawer; It is not safer but is much more expensive for the opposition to send a team to break in your house and look for a piece of paper than bug your computer with malware
* "il pizzino": a paper written by hand that can be sent to someone, gets read and destroyed on spot. Or such kind of things. Works, is safe from sigint, implies a certain level of trust. A plus is that you can recognise calligraphy and handwriting brings signs of emotional stress. Consider a form of talk that might carry a world that if used implies you believe you are compromised... the rest is a Le Carre book (a very good read).
* Need to know - a measure to be used in delivery or operations: you know only what you need to know to perform your task to protect the operation. In this case you dont talk any more about the whole picture, you operate temporarily on a "need to know" basis. Because we are peers you will be debriefed at the end.
* Communication loop outside the magic circle: strategies, objectives, keywords
3. Confidentiality -
A document marked confidential has to be kept such: partial or total disclosure is up to be decided upon by the responsible. Has to have a distribution list printed on his first page so that all recipients know who has access to the document.
A document not marked confidential is still to be kept with a bit of discretionality
A document not marked confidential is still to be spoken of with a bit of discretional assessment outside our circle.
3.1. Dyne is a think (&do) tank but also a software foundry. WE USE FIRST OUR OWN SOFTWARE if it does the job. Then open source, then eventually proprietary. Some software we DONT USE ON PURPOISE. IS BANNED. For security reasone AND also for public image reasons.
3.1. Dyne is a think (&do) tank but also a software foundry. WE USE FIRST OUR OWN SOFTWARE if it does the job. Then open source, then eventually proprietary. Some software we DONT USE ON PURPOSE. IS BANNED. For security reasons AND also for public image reasons.
3.2. Project based workflow confidentiality
* project lead has always to know
@ -41,17 +43,24 @@ A document not marked confidential is still to be kept with a bit of discretiona
3.3. Confidentiality tool:
* You need to create a ssh key, that is composed by two keys, a public and a private
* You need to create a GPG key.
* This key is also attached to your dyne.org mail.
* You need to create a GPG key. Get familiar with double key encryption
* The public key is also attached to your dyne.org mail.
* Use a long key (>4k)
* backup your secret key
* use a unique pass phrase that you don't have to write anywhere and you will always remember.
* backup your secret key SAFELY
* use to unlock your key a unique pass phrase that you don't have to write anywhere and you will always remember.
* never put your passphrase in a keychain, never write it down, never use easy to guess stuff or cyphers
* keep a secret password file in a safe place. To do so you can use gpg, keep a password file encrypted with gpg.
* dyne developed tomb for hiding secret things in your file servers
* dyne developed tomb for hiding secret things in your file servers if on linux get familiar with tomb
* on mac you can use encryption AES 256 on disk images
* dyne developed secrets.dyne.org for shared passwords. Use it were necessary. This tool allows you to encode a string (a password) and shread it into 5 string that can be distributed to friends. Putting 3 of them together can reconstruct the secret string and, as an example, use the lost password to re-open a bitcoin wallet. Use it.
3.3.1. Use of dyne.org git for confidential material
3.3.1. Use of dyne.org git for confidential material: gitea.dyne.organisations
3.3.2. Use cloud.dyne.org for keeping files you want to sych within your machines or share with your collegues
* avoid google docs. A file on gdocs is to be consider compromised
* avoid dropbox type of services for sharing: use cloud.dyne.org
### OSX "security for toddlers"
@ -62,9 +71,9 @@ written by fredd
Basic computer security for mac users.
• physical MAC can be stolen or bugged
• passwords and user setup
• encrypted home setup
• Password manager and password security rules of thumbs
• passwords and user setup 101
• encrypted home
• Password manager and password security rules of thumbs: use apple keychain
• Email is king
• double key how it works for dummies
• gpgmail https://gpgtools.org/index.html install and configuration walkthrough
@ -73,13 +82,15 @@ ref: https://www.intego.com/mac-security-blog/15-mac-hardening-security-tips-to
Data security
* use encrypted disk image instead of tomb
* Backups and safekeeping
* use encrypted disk image instead of tomb (howto)
* Backups and safekeeping (cloud.dyne.org)
* to find stuff back on many disks I use diskcatalogmaker
* Owncloud: walkthrough for owncloud configuration and use
* you can use apple security tools (cloud backup etc) for your stuff but not for any dyne confidential stuff
* cloud: walkthrough for nextcloud configuration and use
* you can use apple security tools (cloud backup etc) for your stuff but not for any dyne confidential stuff. Best not to use icloud
* don't trust icloud keychain backup
INSTALL SHELL OSX DEV tools
INSTALL HOMEBREW
GIT
@ -91,27 +102,26 @@ GIT
Privacy
• Tor
• Tor Browser
• remember that any phone is a recording and tracking device
• remember that any phone is a perfect recording and tracking device
Mobile
is your channel in clear or not? Is your channel cleared or memorised forever? Were the memory is going to stay? Logs?
* Signal (http://support.whispersystems.org/hc/en-us/articles/212477768-Is-it-secure-Can-I-trust-it-) is not so cool but safe (maybe)
* Telegram is cool but not safe
* Telegram is cool but not safe. This is good. Get used to the fact that your everyday communication is NEVER SAFE. NOTHING IS SAFE NOR SECURE.
* IRC
* xchat azure configuration walkthrough
## DYNE OFFICE Toolkit WALKTHROUGH
* office.dyne.org
based on odoo: calendar, contacts, project kanban, archived documents
* docs.dyne.org
repository for file sharing document based on our servers. Functionalities similar to google drive and dropbox
* pad.dyne.org and calc.dyne.org for shared document writing
* office.dyne.orghas been replaced by nextcloud: cloud.dyne.org
* repository for file sharing document based on our servers. Functionalities similar to google drive and dropbox
* pad.dyne.org for shared document writing.
* get used to markdown
* libre office reference office suite
* vdc.dyne.org video conference platform
* irc.dyne.org
* coggle.it (mindmap)
* coggle.it (mindmap, not secure, useful)
Federico Bonelli