Our valued sponsor

Diving Deep into OPSEC: Let's Guard Our Data

Don

Mentor Group Gold
Dec 19, 2020
1,462
1
1,214
113
35
Register now
You must login or register to view hidden content on this page.
Hello everyone,

Having benefited greatly from the wisdom shared in this forum, I felt it timely to initiate a dedicated thread on OPSEC.
Operational Security (OPSEC) is not just a buzzword—it's a necessity in our tech-driven world, and it extends far beyond KYC (Dangers of KYC and compliance officers).

Our personal and business data's safety is paramount in today's digital world. Drawing on the collective knowledge here, let's delve deeper into tools and strategies to mitigate risks.
I warmly invite all to share their insights and expertise. Thank you!

Here's a collection of different "technological areas" and relevant tools to get the discussion going.

Do you use any of them or something else? Why? Why not?

Operating Systems:
  • Windows 10/11 Pro: With features like BitLocker for disk encryption and Windows Defender for built-in malware protection.
  • Linux Distributions: Such as Ubuntu, Fedora, or Debian which are known for robust security and can be further hardened for corporate use.
Potentially More Secure Operating Systems:
  • Qubes OS: Uses compartmentalization to isolate different tasks on a computer.
  • Tails: A live operating system that you can start on almost any computer from a USB stick or a DVD. It helps you use the internet anonymously.
Office Suites:
  • Microsoft Office 365: It offers cloud-based productivity tools and has advanced security features.
  • Google Workspace: Previously G Suite, offers cloud-native applications with built-in security features.
  • LibreOffice: open-sourced office alternative
Secure Browsing:
  • Tor Browser: Helps anonymize web browsing activities.
  • Brave: A privacy-focused browser that blocks trackers and ads.
  • DuckDuckGo: extension for chrome/firefox
Search Engines:
  • DuckDuckGo: A search engine that doesn't track you.
  • StartPage: Offers Google search results in a privacy-focused manner.
Network Monitoring and Defense:
  • Wireshark: For capturing and analyzing network packets.
  • Little Snitch: Monitors outbound connections from your computer.
Email Security:
  • Barracuda Email Security Gateway: Protects against phishing, spam, and malware.
  • Mimecast: Offers email security, archiving, and continuity solutions.
  • Proofpoint: Provides advanced threat protection for email.
Secure Messaging and Communication:
  • ProtonMail: Encrypted email service based in Switzerland.
  • eM Client - Email Client and Calendar Software for Windows and Mac
  • Tutanota: end-to-end encrypted email app and a freemium secure email service.
Endpoint Security:
  • Bitdefender GravityZone Business Security: Offers protection against malware, phishing, and more.
  • Kaspersky Endpoint Security: Provides robust security features for corporate endpoints.
  • Symantec Endpoint Protection: A comprehensive endpoint security solution.
Virtual Private Network (VPN):
  • SET up your private VPN?
  • Mullvad: Known for its strict no-logs policy and anonymous payment methods.
  • ProtonVPN: Offers strong encryption and based in Switzerland, which has strong privacy laws (or does it?)
  • WireGuard: A new VPN protocol that is lightweight and highly secure.
Firewalls and UTM (Unified Threat Management):
  • Fortinet FortiGate: A high-performance firewall solution.
  • Cisco Meraki MX: Cloud-managed security and SD-WAN.
  • Sophos UTM: Provides firewall, web filtering, email security, and more.
Password Managers:
  • LastPass Enterprise: For centralized password management in companies.
  • 1Password for Business: Secure password manager with a team focus.
  • Dashlane Business: Provides password management and dark web monitoring.
  • KeePassXC: Open-source password manager where you control the database.
  • Bitwarden: Open-source password manager with end-to-end encryption.
Secure Cloud Storage:
  • Box: Offers enterprise-level security and collaboration features.
  • Tresorit: Known for its end-to-end encryption.
  • Dropbox Business: With advanced security features.
Collaboration and Communication Tools:
  • Session - encrypted messenger getsession.org
  • Slack Enterprise Grid: Collaboration tool with enterprise-level security.
  • Microsoft Teams: Part of the Office 365 suite with advanced security options.
  • Zoom: Offers video conferencing with end-to-end encryption.
  • Signal: End-to-end encrypted messaging app.
  • Wire: Secure and encrypted chat, voice, and video calls.
Identity and Access Management (IAM):
  • Okta: Provides identity and access management solutions.
  • Microsoft Azure Active Directory: Offers identity services and access management.
  • OneLogin: Unified access management for applications.
Backup and Recovery:
  • Veeam Backup & Replication: Protects critical data.
  • Acronis Cyber Backup: Provides cyber protection with secure backup.
  • Druva inSync: Cloud-based data protection and management.
Mobile Device Management (MDM):
  • VMware Workspace ONE: Unified endpoint management for devices.
  • MobileIron: Offers mobile-centric, zero-trust security approach.
  • Microsoft Intune: Part of the Microsoft Enterprise Mobility + Security offering.
File Encryption:
  • VeraCrypt: Successor to TrueCrypt, it provides on-the-fly encryption for files and whole drives.
  • GNU Privacy Guard (GPG): For file and email encryption.
  • Cryptomator: open source, encrypts your data quickly and easily. Afterwards, you can upload them protected to your favourite cloud service.
Anti-Malware and Firewall:
  • Malwarebytes: For malware detection and removal.
  • GlassWire: Monitor network activity and block potential threats.
Secure Document Destruction:
  • BleachBit: Open-source tool for cleaning your computer and freeing up space while also shredding documents.
  • Eraser: Securely erases data from hard drives.
  • JohnnyDoes device: Patent for secure erasing of data
  • RedkeyUSB
Anonymous or pseudonymous Payments:
Data protection
  • BusKill - Dead Man Switch triggered when a magnetic breakaway is tripped
 
Mentor Group Gold also has a lot of resources. Along with legal professionals, payment and crypto solutions, and virtual cards, there is also a list of valuable services, including:
SIM CARDS, VPN Providers.

I find the digital sim particularly useful, which supports 2FA.

Phones are one of the most significant points of vulnerability.

At the same time, in many places, it's getting problematic to use phones anonymously.

https://www.icenews.is/2022/07/31/unregistered-pre-paid-mobile-phones-to-be-banned-in-sweden/
If you enable location history or search history with Google they arguably don’t sell your data (although they do give it to law enforcement agencies if subpoenaed). There are companies that do this; the biggest are mobile operators. Supposedly bounty hunters could buy a person’s real-time location for like few hundred dollars (in certain places).
 
Mentor Group Gold also has a lot of resources. Along with legal professionals, payment and crypto solutions, and virtual cards, there is also a list of valuable services, including:
SIM CARDS, VPN Providers.

I find the digital sim particularly useful, which supports 2FA.

Phones are one of the most significant points of vulnerability.

At the same time, in many places, it's getting problematic to use phones anonymously.

https://www.icenews.is/2022/07/31/unregistered-pre-paid-mobile-phones-to-be-banned-in-sweden/
If you enable location history or search history with Google they arguably don’t sell your data (although they do give it to law enforcement agencies if subpoenaed). There are companies that do this; the biggest are mobile operators. Supposedly bounty hunters could buy a person’s real-time location for like few hundred dollars (in certain places).

Good point. Usually, there are work arounds on the SIM registration though. Whenever I pass through Germany (another EUSSR country with strict registration requirements!) I visit one of the Turkish-owned small supermarkets / used phone sellers you find even in smaller cities. They hook you up with activated pre-paid SIMs for cash, no questions asked.
 
  • Like
Reactions: mraleph and jafo
rof/% smi(&% I remember when this was going on. Goes to show you how gullible most people are. :rolleyes:
this case is still reminding itself here and there as people are still being prosecuted, and those phone logs/recordings are being used as evidence.
 
  • Haha
Reactions: jafo
this case is still reminding itself here and there as people are still being prosecuted, and those phone logs/recordings are being used as evidence.
When I was a kid in my first year of VWO (a special advanced high school - I was 12 years old then) a German teacher of physics said:
Every punishment for an idiot is NEVER enough! rof/%

That stuck with me 100%!

I even wrote it in my diary and highlighted it. I extrapolated the following from it a few years after that:

Mistakes are paid with money "or" blood!
Sometimes, the "or" is inclusive.
In special cases of mistakes caused by hubris and greed, torture enters the party!
In extreme cases of mistakes, i.e. betrayal, defrauding, or absconding with the life savings of involuntary participants, the ultimate price is paid in the currency of "LIFE"!


I don't feel bad, sympathy, or empathy for those caught up in this. They are horrible people! Not because of their so-called "criminal activities", but because they believed an OBVIOUS FEEL-GOOD LIE that someone out there was vying for their safety and had their best interest at heart!

Just look at FALSE CONFESSIONS:
False Confessions: False confessions occur more than most people think and result from a variety of factors, including the use of coercive and deceptive tactics during an interrogation.

Now, imagine being locked up in a cell without water, food, blanket, isolation etc etc and all a person has to do is SNITCH on others or invent a lie.... How long will they last? Do you know who will last long? Only those who have their OWN a*s to cover even more than others.
For example, this former cop:
Man who refused to decrypt hard drives is free after four years in jail. Court holds that jail time to force decryption can't last more than 18 months.

I don't know if that former cop really has principles or if he has something way worse to hide (they accuse him of having pedo stuff). If it's the latter I hope they catch him. But it's rare for a guy to withstand this kind of pressure. The Diesel Therapy of the feds alone will drive most men crazy.

Peace.

PS. This man did four years on a contempt charge that as a matter of LAW could NOT exceed 18 months. He was set free without a charge and without a record, but he DID the time though. Who, after this, can still have respect for the "law"??? :rolleyes:
 
  • Like
Reactions: Don
Excellent list.

I would add Matrix (Element) as e2e encrypted open source collaboration tool and remove ALL Microsoft and Google cloud products!

Using office365 you would be surprised what data can all be found there, even after it was deleted for years. An easily obtained court order will allow authorities to copy all data using ediscovery such as teams, mails, deleted mails, SharePoint, onedrive and so on as well put a legal hold on it so nobody can delete or alter any information.
 
  • Like
Reactions: jafo