IoT & General Privacy Questions

classic Classic list List threaded Threaded
16 messages Options
Reply | Threaded
Open this post in threaded view
|

IoT & General Privacy Questions

Andy Burnett
Just curious what privacy steps or trade offs everyone has taken/made to secure their home network, family, etc.  To boil it down to a few questions:

- How do you handle IoT devices on your network?  Separate VLAN?  Subnet using another router?  Nothing?

- How do you handle email security?  PGP?  Nothing?

- How do you handle password management?  Password manager?  Rolodex?  Memorization?

- How do you handle off-site backup?  Own/Nextcloud?  Commercial backup provider?  Tapes sent to Greenland to be frozen in a glacier? ;)

Would appreciate any input because you all are the real experts here!  I'm just a guy who boots Ubuntu on his Macbook.

Andy
Reply | Threaded
Open this post in threaded view
|

Re: [Chugalug] IoT & General Privacy Questions

Stephen Kraus
Seperate VLAN or Gateway for IoT. Isolate them on their own network. Our IoT at our house has its own Wifi network.

Off-site backup consists of a pair of 512GB USB drives alternating between my home servers and my safe deposit box monthly. Mostly contains essential documents: Insurance/Home/Health/Car/ID stuff. In house, we have a RAID-60 array backed up onto a Buffalo external drive.

Password Management: PassManager on an Adruino USB key that my wife and I share.

On Mon, Jun 19, 2017 at 9:14 AM, Andy Burnett <[hidden email]> wrote:
Just curious what privacy steps or trade offs everyone has taken/made to
secure their home network, family, etc.  To boil it down to a few questions:

- How do you handle IoT devices on your network?  Separate VLAN?  Subnet
using another router?  Nothing?

- How do you handle email security?  PGP?  Nothing?

- How do you handle password management?  Password manager?  Rolodex?
Memorization?

- How do you handle off-site backup?  Own/Nextcloud?  Commercial backup
provider?  Tapes sent to Greenland to be frozen in a glacier? ;)

Would appreciate any input because you all are the real experts here!  I'm
just a guy who boots Ubuntu on his Macbook.

Andy



--
View this message in context: http://chugalug.1100489.n5.nabble.com/IoT-General-Privacy-Questions-tp12054.html
Sent from the Chugalug mailing list archive at Nabble.com.
_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug


_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
Reply | Threaded
Open this post in threaded view
|

Re: [Chugalug] IoT & General Privacy Questions

David White-2
In reply to this post by Andy Burnett
  • We don't really have anything in our house considered an IoT device. But if we did, I would definitely subnet it / put it on a separate wireless network than the one where my computers and data is connected to

  • I don't really worry about email "security" - I have a gmail address (obviously) and don't really have anything to hide.
    • I do have 2FA enabled
    • I do run a separate email address (not on Google) for my business email - I manage that server myself

  • I use a combination of 2 separate password managers with a (very) strong master password (each password manager has a different master password)

  • I have 2 Synology NAS boxes here in my home office, which then get backed up. I have a brother in a different part of town where I plan to deploy a 3rd Synology NAS for better off-site backups. For now, I have some things being backed up (using compression and encryption) into Google Drive

On Mon, Jun 19, 2017 at 9:14 AM, Andy Burnett <[hidden email]> wrote:
Just curious what privacy steps or trade offs everyone has taken/made to
secure their home network, family, etc.  To boil it down to a few questions:

- How do you handle IoT devices on your network?  Separate VLAN?  Subnet
using another router?  Nothing?

- How do you handle email security?  PGP?  Nothing?

- How do you handle password management?  Password manager?  Rolodex?
Memorization?

- How do you handle off-site backup?  Own/Nextcloud?  Commercial backup
provider?  Tapes sent to Greenland to be frozen in a glacier? ;)

Would appreciate any input because you all are the real experts here!  I'm
just a guy who boots Ubuntu on his Macbook.

Andy



--
View this message in context: http://chugalug.1100489.n5.nabble.com/IoT-General-Privacy-Questions-tp12054.html
Sent from the Chugalug mailing list archive at Nabble.com.
_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug



--
David White

_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
Reply | Threaded
Open this post in threaded view
|

Re: [Chugalug] IoT & General Privacy Questions

Stephen Kraus

On Mon, Jun 19, 2017 at 9:21 AM, David White <[hidden email]> wrote:
  • We don't really have anything in our house considered an IoT device. But if we did, I would definitely subnet it / put it on a separate wireless network than the one where my computers and data is connected to

  • I don't really worry about email "security" - I have a gmail address (obviously) and don't really have anything to hide.
    • I do have 2FA enabled
    • I do run a separate email address (not on Google) for my business email - I manage that server myself

  • I use a combination of 2 separate password managers with a (very) strong master password (each password manager has a different master password)

  • I have 2 Synology NAS boxes here in my home office, which then get backed up. I have a brother in a different part of town where I plan to deploy a 3rd Synology NAS for better off-site backups. For now, I have some things being backed up (using compression and encryption) into Google Drive

On Mon, Jun 19, 2017 at 9:14 AM, Andy Burnett <[hidden email]> wrote:
Just curious what privacy steps or trade offs everyone has taken/made to
secure their home network, family, etc.  To boil it down to a few questions:

- How do you handle IoT devices on your network?  Separate VLAN?  Subnet
using another router?  Nothing?

- How do you handle email security?  PGP?  Nothing?

- How do you handle password management?  Password manager?  Rolodex?
Memorization?

- How do you handle off-site backup?  Own/Nextcloud?  Commercial backup
provider?  Tapes sent to Greenland to be frozen in a glacier? ;)

Would appreciate any input because you all are the real experts here!  I'm
just a guy who boots Ubuntu on his Macbook.

Andy



--
View this message in context: http://chugalug.1100489.n5.nabble.com/IoT-General-Privacy-Questions-tp12054.html
Sent from the Chugalug mailing list archive at Nabble.com.
_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug



--
David White

_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug



_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
Reply | Threaded
Open this post in threaded view
|

Re: [Chugalug] IoT & General Privacy Questions

Mike Harrison-4
In reply to this post by Andy Burnett

> On Jun 19, 2017, at 9:14 AM, Andy Burnett <[hidden email]> wrote:
>
> Just curious what privacy steps or trade offs everyone has taken/made to
> secure their home network, family, etc.  To boil it down to a few questions:
>
> - How do you handle IoT devices on your network?  Separate VLAN?  Subnet
> using another router?  Nothing?

If I do more, I’ll be setting up a separate network for “media devices”, but my real answer is:  treat your interior network as hostile. No open shares, etc..

> - How do you handle email security?  PGP?  Nothing?

I can do PGP, but few people I need to converse email with use PGP/GPG. So: SSL-TLS//IMAP/POP and SSL-TLS/SMTP takes care of my immediate transport. most of it to/from GMAIl servers, although I also still run some domains and mailboxes (and this list) on my own mail server.

> - How do you handle off-site backup?  Own/Nextcloud?  Commercial backup
> provider?  Tapes sent to Greenland to be frozen in a glacier? ;)

USB Drives in 2+ locations. Timemachine and Rsync scripts.

———

Now that I’ve told you all of that, I need to warn you that I take physical access to my systems very seriously.



The hole in all of those good intentions: My mobile Android phone.

 




_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
Reply | Threaded
Open this post in threaded view
|

Re: [Chugalug] IoT & General Privacy Questions

Stephen Kraus
But Mike, I'm sure you have remote wiping setup on there ;)

https://support.google.com/accounts/answer/6160491?hl=en

On Mon, Jun 19, 2017 at 9:32 AM, Mike Harrison <[hidden email]> wrote:

> On Jun 19, 2017, at 9:14 AM, Andy Burnett <[hidden email]> wrote:
>
> Just curious what privacy steps or trade offs everyone has taken/made to
> secure their home network, family, etc.  To boil it down to a few questions:
>
> - How do you handle IoT devices on your network?  Separate VLAN?  Subnet
> using another router?  Nothing?

If I do more, I’ll be setting up a separate network for “media devices”, but my real answer is:  treat your interior network as hostile. No open shares, etc..

> - How do you handle email security?  PGP?  Nothing?

I can do PGP, but few people I need to converse email with use PGP/GPG. So: SSL-TLS//IMAP/POP and SSL-TLS/SMTP takes care of my immediate transport. most of it to/from GMAIl servers, although I also still run some domains and mailboxes (and this list) on my own mail server.

> - How do you handle off-site backup?  Own/Nextcloud?  Commercial backup
> provider?  Tapes sent to Greenland to be frozen in a glacier? ;)

USB Drives in 2+ locations. Timemachine and Rsync scripts.

———

Now that I’ve told you all of that, I need to warn you that I take physical access to my systems very seriously.



The hole in all of those good intentions: My mobile Android phone.






_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug


_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
Reply | Threaded
Open this post in threaded view
|

Re: [Chugalug] IoT & General Privacy Questions

William D. Roush
In reply to this post by Andy Burnett
> How do you handle IoT devices on your network?  Separate VLAN?  Subnet using another router?  Nothing?

Nothing, yet. When I do: VLAN'd (like everything else).

> How do you handle email security?  PGP?  Nothing?

I've used PGP off and on, but few people I communicate use it, I'm currently not using it. I host my own mail because I hate myself but at least I control storage and retention on it.

> - How do you handle password management?  Password manager?  Rolodex?  Memorization?

Password manager.

>  - How do you handle off-site backup?  Own/Nextcloud?  Commercial backup provider?  Tapes sent to Greenland to be frozen in a glacier? ;)

LTO6 tapes + tape library, tapes in a ~3-4 month rotation, weekly offsite rotation, but I'm pushing some VMs to tape as frequently as *hourly*.

William Roush | https://www.roushtech.net/
Office: 423.933.2114 | Cell: 423.463.0592 | Email: [hidden email]

-----Original Message-----
From: Chugalug [mailto:[hidden email]] On Behalf Of Andy Burnett
Sent: Monday, June 19, 2017 9:14 AM
To: [hidden email]
Subject: [Chugalug] IoT & General Privacy Questions

Just curious what privacy steps or trade offs everyone has taken/made to secure their home network, family, etc.  To boil it down to a few questions:

- How do you handle IoT devices on your network?  Separate VLAN?  Subnet using another router?  Nothing?

- How do you handle email security?  PGP?  Nothing?

- How do you handle password management?  Password manager?  Rolodex?
Memorization?

- How do you handle off-site backup?  Own/Nextcloud?  Commercial backup provider?  Tapes sent to Greenland to be frozen in a glacier? ;)

Would appreciate any input because you all are the real experts here!  I'm just a guy who boots Ubuntu on his Macbook.

Andy



--
View this message in context: http://chugalug.1100489.n5.nabble.com/IoT-General-Privacy-Questions-tp12054.html
Sent from the Chugalug mailing list archive at Nabble.com.
_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
Reply | Threaded
Open this post in threaded view
|

Re: [Chugalug] IoT & General Privacy Questions

Andy Burnett
What password manager(s)?  My wife and I use LastPass, but that's only because Steve Gibson likes it on Security Now.
Reply | Threaded
Open this post in threaded view
|

Re: [Chugalug] IoT & General Privacy Questions

Jason Griffey
In reply to this post by Andy Burnett

Separate network for my IoT devices, using Home Assistant on an RPi to manage them all/control them/set up actions. 

Email security: don't communicate anything over email that needs real security. If I'm doing anything that needs secure communication, I'm using Signal.

Pwd management: 1Password for _everything_, randomized pwds, 15+ characters that I have no hope of remembering, very strong vault pass phrase. Vault is synced via Dropbox, but encrypted at rest. 

Backup - Local server in house with attached Drobo, all machines in house back up to it directly, and then server and it back up to Backblaze.

Jason


On Mon, Jun 19, 2017 at 8:14 AM Andy Burnett <[hidden email]> wrote:
Just curious what privacy steps or trade offs everyone has taken/made to
secure their home network, family, etc.  To boil it down to a few questions:

- How do you handle IoT devices on your network?  Separate VLAN?  Subnet
using another router?  Nothing?

- How do you handle email security?  PGP?  Nothing?

- How do you handle password management?  Password manager?  Rolodex?
Memorization?

- How do you handle off-site backup?  Own/Nextcloud?  Commercial backup
provider?  Tapes sent to Greenland to be frozen in a glacier? ;)

Would appreciate any input because you all are the real experts here!  I'm
just a guy who boots Ubuntu on his Macbook.

Andy



--
View this message in context: http://chugalug.1100489.n5.nabble.com/IoT-General-Privacy-Questions-tp12054.html
Sent from the Chugalug mailing list archive at Nabble.com.
_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug

_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
Reply | Threaded
Open this post in threaded view
|

Re: [Chugalug] IoT & General Privacy Questions

Dave Brockman
In reply to this post by Andy Burnett
On 2017-06-19 09:14, Andy Burnett wrote:
> Just curious what privacy steps or trade offs everyone has taken/made
> to
> secure their home network, family, etc.  To boil it down to a few
> questions:


That is a long conversation worthy of several bourbons, and there are no
simple questions
or simple answers.


> - How do you handle IoT devices on your network?  Separate VLAN?  
> Subnet
> using another router?  Nothing?

I don't.  I don't buy things that have no need for Internet access that
think they need Internet
access, and things that I acquire that think they need Internet access
are not physically plugged
in with a cable, nor given WiFi credentials.  I do not buy devices that
require 3rd party cloud
access to work, and I discuss this with the other family members.  My
house will never own a Nest
or similar.  We do own "Network thermostats".

> - How do you handle email security?  PGP?  Nothing?

Hate to break it to you, but aside from a handful of tinfoil hatters,
this
doesn't exist.  If you want to securely transfer information or files, I
highly
suggest you look at a different transport mechanism than email.  There
are a few
people I will exchange sensitive information with over email, but we
have already
exchanged keys years ago....

> - How do you handle password management?  Password manager?  Rolodex?
> Memorization?


Keepass.  Works on all my devices, syncs to my owncloud/nextcloud.

> - How do you handle off-site backup?  Own/Nextcloud?  Commercial backup
> provider?  Tapes sent to Greenland to be frozen in a glacier? ;)


Until recently, it was ACD.  Still looking for a cheap replacement.  
Otherwise, I xfer to
USB drives spread around town.  Not a realistic option for others.

Regards,

dtb
_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
Reply | Threaded
Open this post in threaded view
|

Re: [Chugalug] IoT & General Privacy Questions

Alex Smith (K4RNT)
In reply to this post by Andy Burnett
My backups are in the Svalbard Global Seed Vault. Of course they're considered genetic material... ;)



Sent with Mailtrack

" 'With the first link, the chain is forged. The first speech censured, the first thought forbidden, the first freedom denied, chains us all irrevocably.' Those words were uttered by Judge Aaron Satie as wisdom and warning... The first time any man's freedom is trodden on, we’re all damaged." - Jean-Luc Picard, quoting Judge Aaron Satie, Star Trek: TNG episode "The Drumhead"
- Alex Smith
- Kent, Washington (metropolitan Seattle area)

On Mon, Jun 19, 2017 at 6:14 AM, Andy Burnett <[hidden email]> wrote:
Just curious what privacy steps or trade offs everyone has taken/made to
secure their home network, family, etc.  To boil it down to a few questions:

- How do you handle IoT devices on your network?  Separate VLAN?  Subnet
using another router?  Nothing?

- How do you handle email security?  PGP?  Nothing?

- How do you handle password management?  Password manager?  Rolodex?
Memorization?

- How do you handle off-site backup?  Own/Nextcloud?  Commercial backup
provider?  Tapes sent to Greenland to be frozen in a glacier? ;)

Would appreciate any input because you all are the real experts here!  I'm
just a guy who boots Ubuntu on his Macbook.

Andy



--
View this message in context: http://chugalug.1100489.n5.nabble.com/IoT-General-Privacy-Questions-tp12054.html
Sent from the Chugalug mailing list archive at Nabble.com.
_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug


_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
Reply | Threaded
Open this post in threaded view
|

Re: [Chugalug] IoT & General Privacy Questions

Mike Harrison-4
In reply to this post by Dave Brockman

> On Jun 20, 2017, at 11:48 PM, [hidden email] wrote:
>
> On 2017-06-19 09:14, Andy Burnett wrote:
>> Just curious what privacy steps or trade offs everyone has taken/made to
>> secure their home network, family, etc.  To boil it down to a few questions:
>
>
> That is a long conversation worthy of several bourbons, and there are no simple questions
> or simple answers.
>


Sounds like an agenda for a meeting..
_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
Reply | Threaded
Open this post in threaded view
|

Re: [Chugalug] IoT & General Privacy Questions

Stephen Kraus
IoT meeting, hooray! I can bring gadgets for shenanigans! 

ESP32/ESP8266 and some TI Launchpad stuff.

On Wed, Jun 21, 2017 at 11:52 AM, Mike Harrison <[hidden email]> wrote:

> On Jun 20, 2017, at 11:48 PM, [hidden email] wrote:
>
> On 2017-06-19 09:14, Andy Burnett wrote:
>> Just curious what privacy steps or trade offs everyone has taken/made to
>> secure their home network, family, etc.  To boil it down to a few questions:
>
>
> That is a long conversation worthy of several bourbons, and there are no simple questions
> or simple answers.
>


Sounds like an agenda for a meeting..
_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug


_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
Reply | Threaded
Open this post in threaded view
|

Re: [Chugalug] IoT & General Privacy Questions

Andy Burnett
In reply to this post by Mike Harrison-4
Bourbons and an IoT discussion?  Sign me up!
Reply | Threaded
Open this post in threaded view
|

Re: [Chugalug] IoT & General Privacy Questions

Unkmar
In reply to this post by Stephen Kraus
- How do you handle IoT devices on your network?  Separate VLAN?  Subnet
using another router?  Nothing?

I consider my home network Hostile. (Windows and Android devices and psk WiFi)
My Chromecast are almost always off. I rarely use my tablet. My phone is Android. My file transfers are rare and by scp or sftp. If I send smaller files by other means, I consider it compromised. If I feel the need to share a password, it is usually spread spectrum or multiple channels. Might get part of it via Email, part verbal or text or something. The verbal portion is likely to be a simple riddle challenge that you aren't to verbalize the answer. The riddle is generally based on knowledge I know we share. I generally consider all forms of communication compromised to some degree.  The windows computers are not allowed to do file/print sharing or RDP.

Password manager with strong random passwords I can't hope to remember.  Sample of what one MIGHT look like: jU4r%sx8kL3njjyZxV   And you can assume they are 16 to 32 characters long.  Most are 24 to 32.  Some systems don't allow them that long.  I am also likely to use spaces as part of my password. PIN base systems?  7 to 10 digits when possible. I do my best to never have access to those. I straight up consider those broken.
A 4 digit PIN is a whole in your system. I don't have a debit card or credit card setup with a PIN for this very reason.

I don't properly have personal backups. In most cases, my critical data has been offline for years. (Offline = Stored on a HDD that has not been attached to any device). The things that matter most to me can bleed (Friends and Family).  The rest is just stuff.

Lucius L. Hilley III

On Wed, Jun 21, 2017 at 12:06 PM, Stephen Kraus <[hidden email]> wrote:
IoT meeting, hooray! I can bring gadgets for shenanigans! 

ESP32/ESP8266 and some TI Launchpad stuff.

On Wed, Jun 21, 2017 at 11:52 AM, Mike Harrison <[hidden email]> wrote:

> On Jun 20, 2017, at 11:48 PM, [hidden email] wrote:
>
> On 2017-06-19 09:14, Andy Burnett wrote:
>> Just curious what privacy steps or trade offs everyone has taken/made to
>> secure their home network, family, etc.  To boil it down to a few questions:
>
>
> That is a long conversation worthy of several bourbons, and there are no simple questions
> or simple answers.
>


Sounds like an agenda for a meeting..
_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug


_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug



_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
Reply | Threaded
Open this post in threaded view
|

Re: [Chugalug] IoT & General Privacy Questions

Ed King-2
In reply to this post by Stephen Kraus

I just "discovered" the TI Launchpad a few days ago and purchased one.  Should arrive soon.   Looks like fun.   But first I want to assemble/install the BMOW Rom-inator into my Mac Plus 😊


Why do I get so much pleasure from dicking around with 30+ year old computers???




From: Chugalug <[hidden email]> on behalf of Stephen Kraus <[hidden email]>
Sent: Wednesday, June 21, 2017 12:06 PM
To: Cha. Unix Gnu Android Linux User Group
Cc: Andy Burnett
Subject: Re: [Chugalug] IoT & General Privacy Questions
 
IoT meeting, hooray! I can bring gadgets for shenanigans! 

ESP32/ESP8266 and some TI Launchpad stuff.

On Wed, Jun 21, 2017 at 11:52 AM, Mike Harrison <[hidden email]> wrote:

> On Jun 20, 2017, at 11:48 PM, [hidden email] wrote:
>
> On 2017-06-19 09:14, Andy Burnett wrote:
>> Just curious what privacy steps or trade offs everyone has taken/made to
>> secure their home network, family, etc.  To boil it down to a few questions:
>
>
> That is a long conversation worthy of several bourbons, and there are no simple questions
> or simple answers.
>


Sounds like an agenda for a meeting..
_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug


_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug