[liberationtech] [SPAM:#] Recommended BYOD for Android for Activists?
Hi, Does anyone have any experience implementing a BYOD tool for a small activist group using Android? Can anyone recommend a tool that would do the basics? (Allow separation between personal and work, encryption, remote wipe, location etc) Thanks-A-- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
[liberationtech] Free or Cheap VPN for OS X?
Hi, Can anyone recommend a free or cheap VPN for OS X (a Psiphon 3 equivalent)? Before anyone says it, I'm well aware of the various dangers related to VPNs and the availability of TOR etc but I'm just looking for something for low risk stuff when travelling etc. Thanks.-A-- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
[liberationtech] [SPAM:####] [SPAM:###] Mobile MIFI or WIFI for DigiSec Training?
Does anyone recommend a particular MIFI or Mobile Wifi access point (ideally with future proof 4G capability) for a digital security training classroom? Where local wifi might not be available or secure etc.-- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
[liberationtech] Choice of Secure Cloud Backup Method or Provider?
Hi, I was wondering what the group's thoughts are on methods or choice of secure cloud backup. I mean SpiderOak got the Snowden seal of approval but using it's web interface or app obviously means sending them your keys and thus opening up a weakness. Similarly TrueCrypt containers on a Dropbox or Google Drive seems weak and impractical. AxCrypt then a cloud provider might work. Does anyone else have any thoughts or models which work quite well (for the average user)? -A -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Designing the best network infrastructure for a Human Rights NGO
Thanks, a very productive mail. Please keep this subject on topic. On Fri, 01 Mar 2013 16:55:53 + The Doctor dr...@virtadpt.net wrote: On 02/28/2013 03:35 PM, anonymous2...@nym.hush.com wrote: Thanks, yes I also have seen young and old people use linux but I've also seen hundreds of people trained to use it and as soonas they have to update a package in Linux, get confused and reach for a windows machine. Oh. Just like the Windows users who are being confronted with Hey - update me! pop-ups for Adobe Flash and Java and ignoring them because they think they're going to wreck their workstations? It's been a fun week for that in the salt mines. -- The Doctor [412/724/301/703] [ZS] Developer, Project Byzantium: http://project-byzantium.org/ PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1 WWW: https://drwho.virtadpt.net/ I'm not the Eater of Souls, I'm just his administrative assistant. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Designing the best network infrastructure for a.Human Rights NGO
Can we please get back to the issue at hand On Thu, 28 Feb 2013 13:16:03 + Bill Woodcock wo...@pch.net wrote: Ah, yes, those expensive man-hours. Security is so much easier when you don't give it time and attention. It also doesn't work. -Bill On Feb 28, 2013, at 8:09, anonymous2...@nym.hush.com anonymous2...@nym.hush.com wrote: I knew this was coming at some point. Yes I am starting with Windows, it's more functional (awaits incoming) and costs less in terms of expensive man hours (the hidden cost vs software) for an Linux guru to run and monitor the network. On Thu, 28 Feb 2013 13:03:00 + Bill Woodcock wo...@pch.net wrote: You want to do this securely, and you're _starting_ with Windows? -Bill On Feb 28, 2013, at 7:40, anonymous2...@nym.hush.com anonymous2...@nym.hush.com wrote: Hi, We are a human rights NGO that is looking to invest in the best possible level of network security (protection from high-level cyber-security threats, changing circumvention/proxy to protect IP address etc, encryption on endpoints and server, IDS/Physical and Software Firewall/File Integrity Monitoring, Mobile Device Management, Honeypots) we can get for a our internal network. I was wondering if people would critique the following network, add comments, suggestions and alternative methods/pieces of software. (Perhaps if it goes well we could make a short paper out of it, for others to use.) -Windows 2012 Server -VMWare virtual machines running Win 8 for remote access -Industry standard hardening and lock down of all OS systems. -Constantly changing proxies -PGP email with BES -Cryptocard tokens -Sophos Enterprise Protection, Encryption and Patch management -Sophos mobile management -Encrypted voice calls for mobile and a more secure alternative to Skype via Silent Circle. -TrueCrypt on all drives - set to close without use after a specific time -Easily controlled kill commands -False and poison pill files -Snort IDS -Honeypots -Tripwire -Cisco Network Appliance -No wifi -Strong physical protection in a liberal country as regards human rights I know there are many other factors, good training, constant monitoring, avoiding spearfishing, penetration testing, etc but if possible I would please like to keep the conversation on the network design and software. Thanks guys. -Anon -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Designing the best network infrastructure for a.Human Rights NGO
Frankly your whats wrong with a small minority of the people on LibTech. NGO's have to balance cost, security, people, user needs, current infrastructure, software/hardware donation programs, man hours etc etc...Every idiot knows Linux is more secure in many ways than Windows yet sometimes other factors come into play that require the use of MS. This topic is a genuine topic that has not been looked at to my knowledge by the movement - we have tons of material on VOIP safety, encryption, device management etc but not much on actually network design...I hope your glad that your smart-ass comments have dragged it sideways within the first two posts, to the detriment of the group. I have no interest in being trolled. Is there anyone on the list that wants to talk through this and give me some direct advice on how to implement a safe NGO operational network? On Thu, 28 Feb 2013 13:35:26 + Bill Woodcock wo...@pch.net wrote: Sorry, thought you'd asked for advice about the best possible way to do it. Didn't realize you meant best possible with no time or attention. But, wait, that's not quite it either, is it? You meant that you don't want to invest _your_ time and attention, but you think people on the list can solve that for you by contributing _our_ time and attention? I'm not sure it works that way, but perhaps someone who's feeling more charitable than I am right now can suggest the best possible solution that requires none of your time and attention and runs on Windows. Since I'm now 34 hours into an Ottawa-bound itinerary for the CIF, a tip of the hat to Canada: As secure as possible, under the circumstances. -Bill On Feb 28, 2013, at 8:22, anonymous2...@nym.hush.com anonymous2...@nym.hush.com wrote: Can we please get back to the issue at hand On Thu, 28 Feb 2013 13:16:03 + Bill Woodcock wo...@pch.net wrote: Ah, yes, those expensive man-hours. Security is so much easier when you don't give it time and attention. It also doesn't work. -Bill On Feb 28, 2013, at 8:09, anonymous2...@nym.hush.com anonymous2...@nym.hush.com wrote: I knew this was coming at some point. Yes I am starting with Windows, it's more functional (awaits incoming) and costs less in terms of expensive man hours (the hidden cost vs software) for an Linux guru to run and monitor the network. On Thu, 28 Feb 2013 13:03:00 + Bill Woodcock wo...@pch.net wrote: You want to do this securely, and you're _starting_ with Windows? -Bill On Feb 28, 2013, at 7:40, anonymous2...@nym.hush.com anonymous2...@nym.hush.com wrote: Hi, We are a human rights NGO that is looking to invest in the best possible level of network security (protection from high- level cyber-security threats, changing circumvention/proxy to protect IP address etc, encryption on endpoints and server, IDS/Physical and Software Firewall/File Integrity Monitoring, Mobile Device Management, Honeypots) we can get for a our internal network. I was wondering if people would critique the following network, add comments, suggestions and alternative methods/pieces of software. (Perhaps if it goes well we could make a short paper out of it, for others to use.) -Windows 2012 Server -VMWare virtual machines running Win 8 for remote access -Industry standard hardening and lock down of all OS systems. -Constantly changing proxies -PGP email with BES -Cryptocard tokens -Sophos Enterprise Protection, Encryption and Patch management -Sophos mobile management -Encrypted voice calls for mobile and a more secure alternative to Skype via Silent Circle. -TrueCrypt on all drives - set to close without use after a specific time -Easily controlled kill commands -False and poison pill files -Snort IDS -Honeypots -Tripwire -Cisco Network Appliance -No wifi -Strong physical protection in a liberal country as regards human rights I know there are many other factors, good training, constant monitoring, avoiding spearfishing, penetration testing, etc but if possible I would please like to keep the conversation on the network design and software. Thanks guys. -Anon -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Designing the best network infrastructure for a Human Rights NGO
Thanks, yes I also have seen young and old people use linux but I've also seen hundreds of people trained to use it and as soonas they have to update a package in Linux, get confused and reach for a windows machine. The NGO in a box stuff is ok but not what I am asking about at all, I'm speaking about a network for a Western NGO with significant operations and exposure from high-level threats and on the ground in 3rd world countries. Most of what I have gotten so far are lectures and rhetoric. On Thu, Feb 28 at 06:26 PM (UTC), Julian Oliver jul...@julianoliver.com wrote: ..on Thu, Feb 28, 2013 at 03:00:11PM +, anonymous2...@nym.hush.com wrote: If you think you can get a board member or a finance person in an NGO to use Linux then you are detached from the reality of how most NGO's work. The use will simply ignore it. Really? Have you tried a recent desktop Linux distribution? What about Android? While not a fan of Ubuntu myself, I've seen both an 11yr old girl and a 70yr old retired farmer installing packages and watching videos, making documents in Ubuntu. One quite often hears many people find it far less confusing than Windows. Linux is just a kernel. GNU tools, applications and the UI are what make it a Desktop OS - and they vary in usability. Anyway, to be a little more constructive on the topic, check out Tactical Tech's NGO-in-a-box. All built on free and open software: Everyday tools for NGOs Base NGO in-a-box is a collection of tools for the day-to-day running of small to medium sized NGOs. Produced by Tactical Tech in association with WomensNet, this toolkit aims to make it easier to set up base, find the right software and learn how to use it. Targeted primarily at NGOs and advocacy organisations in developing countries the Box contains a set of peer-reviewed Free and Open Source Software tools, with associated guides and tutorials. http://archive.tacticaltech.org/ngo-in-a-box-base.html Testimonials: http://archive.tacticaltech.org/whatpeoplesayaboutus.html Cheers, Julian On Thu, 28 Feb 2013 14:50:08 + Andreas Bader noergelpi...@hotmail.de wrote: anonymous2...@nym.hush.com: Hi, We are a human rights NGO that is looking to invest in the best possible level of network security (protection from high-level cyber-security threats, changing circumvention/proxy to protect IP address etc, encryption on endpoints and server, IDS/Physical and Software Firewall/File Integrity Monitoring, Mobile Device Management, Honeypots) we can get for a our internal network. I was wondering if people would critique the following network, add comments, suggestions and alternative methods/pieces of software. (Perhaps if it goes well we could make a short paper out of it, for others to use.) I also work for a human rights NGO. First don't use an internal network, you need a decentral communication and information network. Second, Windows is not easier than Linux, compare Windows 8 and Debian with Gnome 2. I would probably use a SEL Kernel like in SL 6, when possible a Live-System. Forget all the closed-source software. Now the Software: -Firefox with Torbutton -Thunderbird with Torbirdy and OpenPGP -Vidalia Encrypt your systems with LUKS, its also FDE. Truecrypt doesn't work with Linux as FDE. You can possibly try Liberte Linux, someone on this list presented it to us, its made for secure communication. And if you are unsure about Linux and Windows in High Level Security Systems, then you should probably go and get a real Sysadmin/Security-Fanatic. How good are you with IT-Sec? I don't want to offend you, but you sound like a beginner. Andreas (P.S.: Skype? You can't be serious. ICQ and Facebookchat is more secure. Use IRC). -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Julian Oliver http://julianoliver.com http://criticalengineering.org -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech