From d4e4b26b3b768fa041148cad5db549ba5619eda9 Mon Sep 17 00:00:00 2001 From: Tyler Perkins Date: Wed, 12 Jan 2022 00:30:01 -0500 Subject: [PATCH] Update for 12-01-22 00:30 --- tech/cia-do-dont.wiki | 21 +++++++++++++++++++++ tech/security.wiki | 2 +- 2 files changed, 22 insertions(+), 1 deletion(-) diff --git a/tech/cia-do-dont.wiki b/tech/cia-do-dont.wiki index e9fb4b9..ae6cb2b 100644 --- a/tech/cia-do-dont.wiki +++ b/tech/cia-do-dont.wiki @@ -46,3 +46,24 @@ This is the CIA list of dos and donts. * DO document disk forensic footprint that could created by tool * DONOT read, write, or cache data to disk for no reason * DONOT write plain text collected data to the disk +* DO encrypt all data written to disk +* DO utilize a secure erase when removing a files from disk that also wipes + filename, datetime stamp, and contents +* DO perfom at least a single pass of zeros over the content of the file +* DONOT perform disk IO operations that will make the system unresponsive +* DONOT use a magic header or footer +* DONOT use hard-coded filenames or filepaths. These must be configurable at + deployment time by the operator +* DO have a configurable max size limit or output file count for writing files + +== Dates/Time == + +* DO use GMT/UTC/Zulu +* DONOT use US-centeric timestamps +* DO use YYYYMMDD instead + +== PSP/AV == + +* DONOT assume free versions of PSP is the same as retail PSP. Test on all + versions in a sandbox +* DO test PSPs with recently live internet connections when possible diff --git a/tech/security.wiki b/tech/security.wiki index 5057e29..e8b277d 100644 --- a/tech/security.wiki +++ b/tech/security.wiki @@ -6,7 +6,7 @@ Tools useful for security, either offensive or defensive Hiding information -[[cia-do-dont]] +* [[cia-do-dont]] === Ciphers ===