During my short stay on the forums, I've seen a lot of users talking about OPSEC and security that this forum doesn't seem to be backing.
So, in my stead, I've made a list of computer OPSEC features you should really be using if you're wanting to be as secure as possible.
This is also pretty good when fighting multiple alphabet agencies.
1. Outer Shell
With the outer shell, you'd likely want a robust and strong operating system that is both reliable and dependant on the physical features that the computer boasts, such as the CPU, RAM, etc.
I recommend Debian for this step, as it's very easy to setup in terms of the next steps.
1.5. Custom boot integrity
This is the setup to protect against evil maid attacks, malware and any unauthorized changes to your computer without your knowledge.
Essentially, be using the Outer Shell's OS (Debian) to setup utilities to sign the kernels yourself with your own self-signing keys. This will require and depend on UEFI functionality.
2. Encryption
Typically, most people are happy with standard encryption for their devices, such as the default ubuntu encryption used. However, I highly recommend using LUKS2 disk encryption.
This works well with the custom boot integrity. I also recommend having at least three layers of VeraCrypt. This will make the whole process of gaining access a challenge if law enforcement is able find the devices.
3. Virtual Machine
Inside this virtual machine that's mounted to the outer shell will be where the work images are housed. I would recommend QubesOS for anyone being paranoid, but for overall functionality and accessibility, I would go with something like Windows.
So, in my stead, I've made a list of computer OPSEC features you should really be using if you're wanting to be as secure as possible.
This is also pretty good when fighting multiple alphabet agencies.
1. Outer Shell
With the outer shell, you'd likely want a robust and strong operating system that is both reliable and dependant on the physical features that the computer boasts, such as the CPU, RAM, etc.
I recommend Debian for this step, as it's very easy to setup in terms of the next steps.
1.5. Custom boot integrity
This is the setup to protect against evil maid attacks, malware and any unauthorized changes to your computer without your knowledge.
Essentially, be using the Outer Shell's OS (Debian) to setup utilities to sign the kernels yourself with your own self-signing keys. This will require and depend on UEFI functionality.
2. Encryption
Typically, most people are happy with standard encryption for their devices, such as the default ubuntu encryption used. However, I highly recommend using LUKS2 disk encryption.
This works well with the custom boot integrity. I also recommend having at least three layers of VeraCrypt. This will make the whole process of gaining access a challenge if law enforcement is able find the devices.
3. Virtual Machine
Inside this virtual machine that's mounted to the outer shell will be where the work images are housed. I would recommend QubesOS for anyone being paranoid, but for overall functionality and accessibility, I would go with something like Windows.
This forum account is currently banned. Ban Length: (Permanent)
Ban Reason: Self-Ban
Ban Reason: Self-Ban
