Introduction 1
The Problems; Security as a process; A guide to the manual
1.1 Security and Insecurity 4
Methods and trends of surveillance, censorship and el ectronic attacks; Specific threats faced by human rights defenders
1.2 Security awar eness 9
Securing: Your operational environment; Office environment; Personal Workspace; Public environment
Questions to ask yourself 11
W h e re is my data? Who knows my password? Whose computer is thi s?
Who is this? Who can access my computer? Do I know my environm e n t ?
1.3 Thr ea t assessment and the security circle 14
Modelling risk and developing a strategic diagram; Threat prevention;
Reactions to threats; Security circl e
2.1 Windo ws Security 20
Operati ng system updates; File Allocations; Lock Screens; BIOS
2.2 Pass wor d Protection 26
How passwords are compromised through profi ling, social engineering, brute force attacks
Creating Passwords 28
How to create passwords using mnemonics and software
2.3 Infor mation Backup , Destr uction and Recovery 30
Infor mation backup strategies; frequent access files, non-frequent
access files, system backup
Information Destruction 32
Secure and permanent data deleti on; Wiping removable devices; Wiping guidelines
Information Recovery 34
Prevention of information loss; Recovering lost data
2.4 Cryptology 36
Histor y of modern cryptology; Encrypting your computer; Public key encryption and security; Digital signatures; Encryption insecurity
2.5 Internet Surveillance and Monitoring 43
How the Internet is monitored; Threats from cookies; Monitoring email communications; Spoofi ng Internet & Email Filtering 46
Fil tering email for specific keywords; Internet filtering Internet Censorship 48
Blocking websites from access by DNS, IP, keyword blocking; DNS hij acking
2.6 Circumvention of Internet censorship and filtering 51
Circumventing Internet censorship with proxy servers; Different types of proxy servers, their features and advantages; Anonymity networks; Anonymous Internet publishing
2.7 Encryption on the Internet 59
Verifying secure Internet connecti on with SSL certificates; Man-in-the-Middle attacks
2.8 Stegano graph y 67
Lingui stic Steganography - Semagrams; Open Codes; Covered Ciphers Data Steganography - Hiding text in images, i n audio; Steganography software; Detecting steganography
2.9 Malicious softwar e and Spam 75
Histor y of viruses; Malware variations and their effects; Reacting to malware attacks; Spam and prevention
2.10 Identity Theft and Profiling 82
Profiling today; What makes up your digital profile; How cookies are used; Digital identity; Authenticity and Anonymi ty; Preventing profiling
3. Changes to legislation on Internet privacy and freedom of expression affecting work and safety of Human Rights Defender s around the world 88
3.1 Censorship of online content and Online publishing 92
3.2 Website Filtering 98
3.3 Communications Surveillance 101
3.4 Cryptology and Circ u m v e n t i o n 104
4.1 Case Study1 - Crea ting a Security Polic y 106
Drafting a security plan; Components of the plan; Case Study – developing a security plan for a human rights NGO
4.2 Case Study 2 - Communica tion channels 110
A human rights NGO is researching and documenting cases of torture in their country. They need to store this information securely and communicate it to the headquarters in a different country
4.3 Case Study 3 - Securing and Ar chi ving Data 116
A human rights NGO wishes to transfer its large collection of paper documents to a computer and secure it from loss, theft and unauthorised access
4.4 Case Study 4 - Secure Email and Blogging 121
A journalist reporting on human rights violations by email and blogging fears that her messages are being censored and tampered with. She wishes to secure her online identity and communications, anonymise her Internet presence and adopt good password techniques

Scarica gratuitamente l'intero testo 164 pagine .pdf 9,21 Mb