Personal Security: A Comprehensive Approach Based on Defense in Depth
Ahmed Sobhi
Security Analyst | Cybersecurity Professional | Purple Team | Helping Individuals & Organizations Protect Their Information
Hello, now I’ll tell you about the methodology I use, or in other words, the key elements I consider when someone asks me to secure their personal device.
This methodology is based on a crucial information security standard called “Defense in Depth,” which divides cybersecurity into 10 layers in the following order: Physical Security?—?Perimeter Security?—?Network Security?—?Endpoint Security?—?Access Control?—?Application Security?—?Data Security?—?Security Awareness and Training?—?Incident Response and Monitoring?—?Regular Audits and Assessments.
Of course, the implementation of these strategies may vary depending on the situation or scenario in front of you. Let’s start with the most important stages that should be executed:
1. Update the Operating System and All Used Software: Despite its simplicity, this point is crucial, and it can be overlooked amid more complex elements. Therefore, I always like to start with it, ensuring that all your applications and operating systems are up to date.
This point usually doesn’t require specific tools or programs. All you need to do is activate automatic updates, and they will take care of the rest.
An additional point regarding the used software is to make sure you have antivirus programs and Endpoint Detection and Response (EDR) programs. Confirm that they scan all parts of the system, including filtering search results to help the client avoid any suspicious or untrusted websites.
2. Implement Strong and Strict Password Policies:
Information security specialists understand the ease of accessing user passwords through various attacks. Hence, they have established policies for choosing passwords, which unfortunately most users do not apply because they can be complex.
Therefore, at this point, I strongly recommend using a password manager from well-known programs. These tools allow you to store and manage your passwords securely, encrypting them in a safe manner. You only need to remember the password for the password manager itself.
To enhance security for the client, I like to use a code I created as an automated password generator that applies the strictest password policies, specifically following the NIST Password Guidelines. This ensures generating very strong passwords using the same algorithms we use for encryption keys. The generated passwords are nearly impossible to crack. All you have to do is put these passwords into the password manager, and that’s it.
3- Utilizing Two-Factor Authentication (2FA): ?Ensure that your client uses 2FA in all the programs and services they use. Almost all significant websites now employ robust and effective 2FA algorithms. I recommend using Google Authenticator for this step.
4- Network Connections Examination: ?Here, we delve into the real work. First, examine all established connections between your device and any other, monitor all the packets being sent to or from your device, and keep an eye on the IPs your device is currently connected to, along with all the services or files using the internet on your device. If you notice anything unusual or untrustworthy, take immediate action.
In this section, I use multiple tools to collect and analyze data, with key ones being Wireshark or Tcpdump. Additionally, I use PowerShell through a script I developed and a Network Monitor code I programmed to track and log real-time data flow through the device for analysis and necessary actions.
领英推荐
5- Securing Wi-Fi: ?Since we’re in the network security phase, Wi-Fi security is crucial. Access the Wi-Fi network interface, check the password and encryption first. Then, disable remote access?—?this is a critical step. Additionally, consider specifying MAC addresses that can connect to Wi-Fi. Ensure every aspect of Wi-Fi is secure, with reliable and trustworthy services or closed if not essential.
6- Firewall Configuration: ?The final step in network protection is examining firewall settings. Confirm that all programs allowed through the firewall (or rules) are legitimate. Fine-tune firewall settings to ensure the best possible protection for the client.
7- Backup & Encryption: ?One of the most important steps is creating backups for the client’s data. I’m not referring to cloud backups since ransomware can reach and delete data there. Instead, perform backups on an external hard drive not connected to the internet. Specialized products are available for this purpose.
Additionally, important data, especially those backed up, should be effectively encrypted. In this section, I use an Encryption and Decryption tool I programmed. It applies the AES encryption algorithm used internally “at rest,” generating encryption keys through specific algorithms. It’s crucial to use a unique encryption key for each client, and they should be educated on using the program for encryption and decryption when needed.
8- Privacy Settings and User Permissions Review: ?At this stage, examine your client’s accounts on social media, email, etc., to ensure they aren’t sharing anything that could be exploited by attackers. Verify that they aren’t falling victim to social engineering, phishing, or similar attacks. This step requires a strong understanding of open-source intelligence.
Also, verify the privacy settings for all the websites and accounts they use, ensuring nothing compromises their privacy negatively.
9- Physical Security: ?Secure the device itself against direct hardware penetration, such as password bypass techniques, various USB attacks, or any unauthorized physical access. While prioritizing network and communication security is essential, ensuring the physical security of the device is equally critical.
In this stage, I use specialized tools, such as code that locks USB ports. It scans any flash drive before the device starts reading it, ensuring it is indeed a flash drive. If it contains an auto-run program, it raises an alert. Additionally, the code connects to the client’s mobile Bluetooth. If the device is a certain distance away from it and still open, it automatically locks, and so forth.
10- Cybersecurity Awareness Development for the User: ?All the previous work is somewhat meaningless if the user lacks cybersecurity awareness and doesn’t comprehend the severity of hacking operations and how they can negatively impact their lives. While the fact that a person has contracted you to secure their devices and information implies a basic awareness of the importance of their data, they need to understand the significance of each part in the system, how to interact with it, and what to do if they sense danger. They should also know how to handle tools and programs and how to monitor individuals, emails, and messages that may be deceptive or targeting them.
All of this is part of your role as an information security specialist?—?to educate the client on how to avoid a potential hacking incident.
In conclusion, it’s essential to note that these steps secure a single device and not an entire information security system. Explaining a comprehensive information security system is beyond the scope of a single post. However, if you follow these systematic steps, it will significantly help you secure the device in hand.
Additionally, keep in mind that my approach is personal and reflects my preferred methodology. It’s not mandatory for everyone to use the same approach. We all apply the same scientific principles, and you may execute these steps in your way, with your preferred order and tools that you find suitable.
Cyber Security Analyst (SOC T1)
5 个月Very helpful????
Cyber Security || SOC Analyst
5 个月???? ?? ????? ??????? ??
Network Engineer&Security| Student
5 个月Very informative
Student at Faculty Of Commerce English Section Cairo university
5 个月I'm so proud of you, my love?? ??? ???? ?? ?????? ????? ????? ?????
Marketing Specialist | Content Creator
5 个月Great job ??????