Red Hat DIRECTORY SERVER 8.1 - 11-01-2010 Manual de usuario descargar pdf (Pagina 101)

secret messages as you're typing them. For the purpose of recording, he might

as well use a hardware keylogger installed between keyboard and machine. Or

simply a hidden camera pointed towards your screen. Or even a TEMPEST

device, hoping that you still use a CRT screen.

Once he gets his hands on the contents of your computer, either physically or

from a remote location over the network, he may search for any plaintext

remnants in nonvolatile storage devices or RAM.

From where did you get your copy of GnuPG and Enigmail? You should only

trust software downloaded from the official web sites. Copies obtained from

other sources might have been tampered with, and as such contain viruses,

backdoors or trojans.

Finally, an attacker might persuade, force, or delude you (e.g. by impersonation)

to surrender your passphrase, your secret key, or your messages. And all these

attacks can be carried over your correspondents, too. The possibilities are

endless.

12.2.1. Basic protection

You must follow these golden rules in order to keep your machine reasonably

safe:

• Don't install, run, or open software of dubious origin (e.g. warez found on

peer-to-peer networks, or programs hosted on untrusted web sites). This

includes suspicious email attachments and macros on word processing

programs.

• Use an antivirus software, updated daily. Make frequent scans of your

machine and external hard drives.

• Use one or more antimalware programs.

• Filter network traffic with a personal firewall and deny all unknown

connections.

• Install OS vendor patches. Keep all your software up-to-date, and keep

yourself informed of the latest vulnerabilities.

• Use a screen lock when you are not physically in front of your computer

and there are strangers around.

• Use strong passwords. Don't write them down in easy-to-find places.

• If you use a Wi-Fi connection, enable WPA on your access point.

12.2.2. Increased protection

If your communications involve critically sensitive information, you should not

leave your computer physically accessible at all – even when turned off. If

stolen, the thief would have access to all your files, including your secret key.

The private key will still be protected by the passphrase but, by performing

analysis and forensics on the filesystem, the thief will have access to a lot of

plaintext data (temporary files, memory swap files, and such) that could include

information you thought was encrypted. Windows leaves a lot of data around,

and other OSes aren't much better with respect to this.

You might consider using whole-disk encryption at this point. Section 12.3.2.

mentions some disk encryption software for additional protection of your key

pair; most of this software can also be used to encrypt the whole OS.

101

1 2 ... 96 97 98 99 100 101 102 103 104 105 106

Comentarios a estos manuales

Sin comentarios

Red Hat DIRECTORY SERVER 8.1 - 11-01-2010 Manual de usuario Pagina 101

Comentarios a estos manuales

Relacionado con productos y manuales para Servidores Red Hat DIRECTORY SERVER 8.1 - 11-01-2010