The following commit has been merged in the master branch:
commit ad78a5b91c28370c412d0eb8fb0c8588e3aac3e6
Author: DocOcassi <[email protected]>
Date: Tue Dec 30 11:19:01 2014 +0000
Still sorting markdown
diff --git a/doc/index.md b/doc/index.md
index e4d518b..c24d6b2 100644
--- a/doc/index.md
+++ b/doc/index.md
@@ -1,4 +1,4 @@
-= Debian-Sanctuary =
+# Debian-Sanctuary
Change name to Debian Sanctuary
@@ -8,7 +8,8 @@ The system will present tasks related to use cases for the
user. It will install
I have used a modified risk assessment for identifying the Threats, and
Controls Measures, which will in turn identify the tools required: see
[[Risk.odt]]
-== links ==
+## links
+
Project home
http://wiki.debian.org/DebianFreedom
@@ -23,13 +24,17 @@ Info Regarding the Pure blends
http://blends.debian.org/blends
-== Risk Assessment ==
+## Risk Assessment
+
+### Task
-=== Task ===
Each task (Use Case).
-=== Hazards ===
-each line will define an individual threat:
+### Hazards
+
+Each line will define an individual threat:
+| Hazard | Description |
+| ---- | ---- |
| Tool Failure | Your computer hardware/software being exploited |
| Tool Theft | Your computer being stolen |
| Theft | Theft of value |
@@ -37,47 +42,52 @@ each line will define an individual threat:
| Infiltration | infiltration into the actual system/protocol |
| Manipulation | Manipulation of Objective |
-=== Information ===
+### Information
+
Categories of information that a Hazard could compromise:
-| Personal | Personal information about family, generally used for Identity
theft or blackmail |
-| Behavioural | Used for Selling marketing and Spying
|
-| Financial | Used to denote things with monetary value
|
-| Ideological | Used to identify political affiliation
|
-| Operational | used to identify actions and resist pressure
|
-| Private | information of a sensitive nature
|
+| Information Type | Description
|
+| ---- | ----
|
+| Personal | Personal information about family, generally used for
Identity theft or blackmail |
+| Behavioural | Used for Selling marketing and Spying
|
+| Financial | Used to denote things with monetary value
|
+| Ideological | Used to identify political affiliation
|
+| Operational | used to identify actions and resist pressure
|
+| Private | information of a sensitive nature
|
+
+### Likelihood
-=== Likelihood ===
In an environment with *no* protection the possibility of compromise.
-=== Control Measures ===
+### Control Measures
+
Based on the Hazard and the Information threatened, define countermeasures to
use to mitigate risk.
-| # | Control Measure | Description
|
-| --- | --- | ---
|
-| 1 | OS Choice | A Secure OS with minimal
active exploits |
-| 2 | Firewall | Protect yourself by
blocking direct attacks |
-| 3 | Anti-virus/Malware | Ensure you have Updated and
active virus/malware protection, this may be provided by the OS |
-| 4 | Computer Use Training / User Competanccy | When using a computer to
acieve tasks safely. |
-| 5 | Cache Purging | Ensure any processed
information is not left where it can be recovered |
-| 6 | Password Safe | If you have access
passwords/keys, ensure they are stored in a safe location |
-| 7 | Disk Encryption | Protect your sensitive
information from being recovered from silenced disks |
-| 8 | Transport Encryption | Encrypt data during
transit, must be to an acceptable* standard |
-| 9 | Out of Band Authentication | Authentication where a
shared secret had been securely passed and verified |
-| 10 | Authenticated Encryption | Encryption that has been
secured by an Authenticated secret |
-| 11 | Transport Anonymity | A transport to prevent
identification of actors communication |
-| 12 | Perfect Forward Secrecy. | Encryption which ,even if
intercepted, cannot be decrypted with any key |
-| 13 | Anonymity | Communication cannot be
identified or authenticated. |
-| 14 | Platform Selection | Choice of platform/network
to use based on protection given (https://tosdr.org) |
-| 15 | Authentication | Authentication (less strong
then OOB?) |
-| 16 | System Use Training | A Specific system needs to
give special usage information to the user |
-| 17 | Censorship Resistance |
|
-| | |
|
+| # | Control Measure | Description
|
+| ---- | ---- | ----
|
+| 1 | OS Choice | A Secure OS with minimal
active exploits |
+| 2 | Firewall | Protect yourself by
blocking direct attacks |
+| 3 | Anti-virus/Malware | Ensure you have Updated
and active virus/malware protection, this may be provided by the OS |
+| 4 | Computer Use Training / User Competanccy | When using a computer to
acieve tasks safely. |
+| 5 | Cache Purging | Ensure any processed
information is not left where it can be recovered |
+| 6 | Password Safe | If you have access
passwords/keys, ensure they are stored in a safe location |
+| 7 | Disk Encryption | Protect your sensitive
information from being recovered from silenced disks |
+| 8 | Transport Encryption | Encrypt data during
transit, must be to an acceptable* standard |
+| 9 | Out of Band Authentication | Authentication where a
shared secret had been securely passed and verified |
+| 10 | Authenticated Encryption | Encryption that has been
secured by an Authenticated secret |
+| 11 | Transport Anonymity | A transport to prevent
identification of actors communication |
+| 12 | Perfect Forward Secrecy. | Encryption which ,even if
intercepted, cannot be decrypted with any key |
+| 13 | Anonymity | Communication cannot be
identified or authenticated. |
+| 14 | Platform Selection | Choice of platform/network
to use based on protection given (https://tosdr.org) |
+| 15 | Authentication | Authentication (less
strong then OOB?) |
+| 16 | System Use Training | A Specific system needs to
give special usage information to the user |
+| 17 | Censorship Resistance |
|
+| | |
|
(* If it is good enough for trade agreements.)
-== Tools ==
+## Tools
Tools available brief description and control measures implemented, I have
just taken this from my limited uderstanding of these systems, and will need
further investigation to be sure of these claims.
There are also grades of protection provided by packages, which isn't
investigated here, but an implementation of some kind of grading may be useful
but also difficult.
@@ -114,11 +124,11 @@ There are also grades of protection provided by packages,
which isn't investigat
These are preliminary and there is a definite need to have thouruogh analysis
of these tools bassed on their claims.
-== Use Training ==
+## Use Training
The Largest point of failure in all these systems is the user, through
misconfiguration of misuse, we need a method to engage the user and their
thought process when using these tools. from general computer use to using a
specific tool, these should be easily accessible to the user and available from
Context of use use, the language must be as clear as possibly and accessibly to
users of all levels.
-== Development ==
+## Development
`blends-dev`
Tools to build metapackages from template
--
Debian Privacy Tools Pure Blend
_______________________________________________
Blends-commit mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/blends-commit
