From 924f4d28b92df2c87c5e282ea61eb7623230ec8e Mon Sep 17 00:00:00 2001 From: drduh Date: Fri, 25 Apr 2025 19:00:44 -0700 Subject: [PATCH 1/8] start basics and thread modeling --- 01-Basics-Threat-Modeling.md | 1 + 1 file changed, 1 insertion(+) create mode 100644 01-Basics-Threat-Modeling.md diff --git a/01-Basics-Threat-Modeling.md b/01-Basics-Threat-Modeling.md new file mode 100644 index 00000000..d71d111d --- /dev/null +++ b/01-Basics-Threat-Modeling.md @@ -0,0 +1 @@ +# Basics and Threat Modeling From 4e4e33b839b1433b12587b8aaee3f0d946a2a481 Mon Sep 17 00:00:00 2001 From: drduh Date: Fri, 25 Apr 2025 19:01:10 -0700 Subject: [PATCH 2/8] apple security features --- 02-Apple-Security-Features.md | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 02-Apple-Security-Features.md diff --git a/02-Apple-Security-Features.md b/02-Apple-Security-Features.md new file mode 100644 index 00000000..6433f539 --- /dev/null +++ b/02-Apple-Security-Features.md @@ -0,0 +1,11 @@ +# Hardware + +# First boot + +# Admin and user accounts + +# Firmware + +# FileVault + +# Lockdown Mode From f0cd2087cd2f2f09a0b7e16fb68d522979933721 Mon Sep 17 00:00:00 2001 From: drduh Date: Fri, 25 Apr 2025 19:06:54 -0700 Subject: [PATCH 3/8] network and internet --- 01-Basics-Threat-Modeling.md | 4 +++- 02-Apple-Security-Features.md | 2 ++ 03-Network-Internet.md | 13 +++++++++++++ 3 files changed, 18 insertions(+), 1 deletion(-) create mode 100644 03-Network-Internet.md diff --git a/01-Basics-Threat-Modeling.md b/01-Basics-Threat-Modeling.md index d71d111d..7b86e4fc 100644 --- a/01-Basics-Threat-Modeling.md +++ b/01-Basics-Threat-Modeling.md @@ -1 +1,3 @@ -# Basics and Threat Modeling +# Basics + +# Threat Modeling diff --git a/02-Apple-Security-Features.md b/02-Apple-Security-Features.md index 6433f539..97ffc05d 100644 --- a/02-Apple-Security-Features.md +++ b/02-Apple-Security-Features.md @@ -1,5 +1,7 @@ # Hardware +# Install + # First boot # Admin and user accounts diff --git a/03-Network-Internet.md b/03-Network-Internet.md new file mode 100644 index 00000000..64c7f983 --- /dev/null +++ b/03-Network-Internet.md @@ -0,0 +1,13 @@ +# Firewall + +# Services + +# Browser + +# Siri Suggestions and Spotlight + +# DNS + +# Certificate authorities + +# VPN/Tor From 339bde594a254f8dd2c5729c09e91cfe52bad653 Mon Sep 17 00:00:00 2001 From: drduh Date: Fri, 25 Apr 2025 19:09:43 -0700 Subject: [PATCH 4/8] systems and apps --- 03-Network-Internet.md | 10 +++++++--- 04-Systems-Applications.md | 9 +++++++++ 2 files changed, 16 insertions(+), 3 deletions(-) create mode 100644 04-Systems-Applications.md diff --git a/03-Network-Internet.md b/03-Network-Internet.md index 64c7f983..94d6c04a 100644 --- a/03-Network-Internet.md +++ b/03-Network-Internet.md @@ -1,13 +1,17 @@ +# Wi-Fi + # Firewall # Services # Browser -# Siri Suggestions and Spotlight - # DNS +# VPN/Tor + +# SSH + # Certificate authorities -# VPN/Tor +# Siri Suggestions and Spotlight diff --git a/04-Systems-Applications.md b/04-Systems-Applications.md new file mode 100644 index 00000000..448755c9 --- /dev/null +++ b/04-Systems-Applications.md @@ -0,0 +1,9 @@ +# PGP/GPG + +# Messengers + +# Credentials + +# Malware + +# Homebrew From 7b024c96c357d3fe6ffff37986bab79883b8e3e2 Mon Sep 17 00:00:00 2001 From: drduh Date: Fri, 25 Apr 2025 19:13:13 -0700 Subject: [PATCH 5/8] advanced tools and resources --- 01-Basics-Threat-Modeling.md | 6 +++++- 02-Apple-Security-Features.md | 6 +++--- 05-Advanced-Tools-Resources.md | 11 +++++++++++ 3 files changed, 19 insertions(+), 4 deletions(-) create mode 100644 05-Advanced-Tools-Resources.md diff --git a/01-Basics-Threat-Modeling.md b/01-Basics-Threat-Modeling.md index 7b86e4fc..8ff2d607 100644 --- a/01-Basics-Threat-Modeling.md +++ b/01-Basics-Threat-Modeling.md @@ -1,3 +1,7 @@ # Basics -# Threat Modeling +# Threat modeling + +# Hardware selection + +# Installation diff --git a/02-Apple-Security-Features.md b/02-Apple-Security-Features.md index 97ffc05d..a7b08483 100644 --- a/02-Apple-Security-Features.md +++ b/02-Apple-Security-Features.md @@ -1,6 +1,4 @@ -# Hardware - -# Install +# Activation # First boot @@ -10,4 +8,6 @@ # FileVault +# System integrity + # Lockdown Mode diff --git a/05-Advanced-Tools-Resources.md b/05-Advanced-Tools-Resources.md new file mode 100644 index 00000000..dfdde26a --- /dev/null +++ b/05-Advanced-Tools-Resources.md @@ -0,0 +1,11 @@ +# Metadata artifacts + +# Physical access + +# System monitoring + +# Miscellaneous + +# Software + +# Resources From 33e0cce18ed1546e45abf2c9bb93c8c088023115 Mon Sep 17 00:00:00 2001 From: drduh Date: Fri, 25 Apr 2025 19:21:07 -0700 Subject: [PATCH 6/8] pencil in subsections --- 01-Basics-Threat-Modeling.md | 4 ++++ 02-Apple-Security-Features.md | 4 ++++ 03-Network-Internet.md | 24 ++++++++++++++++++++---- 04-Systems-Applications.md | 14 ++++++++++++++ 4 files changed, 42 insertions(+), 4 deletions(-) diff --git a/01-Basics-Threat-Modeling.md b/01-Basics-Threat-Modeling.md index 8ff2d607..e069b274 100644 --- a/01-Basics-Threat-Modeling.md +++ b/01-Basics-Threat-Modeling.md @@ -5,3 +5,7 @@ # Hardware selection # Installation + +## Activation + +## Apple account diff --git a/02-Apple-Security-Features.md b/02-Apple-Security-Features.md index a7b08483..4be44ba3 100644 --- a/02-Apple-Security-Features.md +++ b/02-Apple-Security-Features.md @@ -6,6 +6,10 @@ # Firmware +## Application + +## Kernel + # FileVault # System integrity diff --git a/03-Network-Internet.md b/03-Network-Internet.md index 94d6c04a..f9e2d1df 100644 --- a/03-Network-Internet.md +++ b/03-Network-Internet.md @@ -1,17 +1,33 @@ -# Wi-Fi +# Wireless # Firewall # Services +# DNS + +## Profiles + +## Dnsmasq + +## DNSCrypt + # Browser -# DNS +## Firefox + +## Chrome + +## Safari + +## Other + +## Privoxy # VPN/Tor # SSH -# Certificate authorities +# PKI -# Siri Suggestions and Spotlight +# Siri diff --git a/04-Systems-Applications.md b/04-Systems-Applications.md index 448755c9..ef2991c9 100644 --- a/04-Systems-Applications.md +++ b/04-Systems-Applications.md @@ -2,8 +2,22 @@ # Messengers +## Signal + +## iMessage + +## XMPP + # Credentials # Malware +## Sandbox + +## Hardening + +## Gatekeeper + +## Antivirus + # Homebrew From 1873d168dec0cd4052feb64c0537f6bde8ca8f18 Mon Sep 17 00:00:00 2001 From: drduh Date: Fri, 25 Apr 2025 19:29:15 -0700 Subject: [PATCH 7/8] tidy sections --- 01-Basics-Threat-Modeling.md | 2 +- 02-Apple-Security-Features.md | 10 +++------- 03-Network-Internet.md | 8 ++++---- 04-Systems-Applications.md | 4 ++-- 05-Advanced-Tools-Resources.md | 2 ++ 5 files changed, 12 insertions(+), 14 deletions(-) diff --git a/01-Basics-Threat-Modeling.md b/01-Basics-Threat-Modeling.md index e069b274..c932d599 100644 --- a/01-Basics-Threat-Modeling.md +++ b/01-Basics-Threat-Modeling.md @@ -1,4 +1,4 @@ -# Basics +# Principles # Threat modeling diff --git a/02-Apple-Security-Features.md b/02-Apple-Security-Features.md index 4be44ba3..52deb866 100644 --- a/02-Apple-Security-Features.md +++ b/02-Apple-Security-Features.md @@ -1,17 +1,13 @@ -# Activation - # First boot -# Admin and user accounts +# Admin accounts # Firmware -## Application - -## Kernel - # FileVault # System integrity # Lockdown Mode + +# Siri diff --git a/03-Network-Internet.md b/03-Network-Internet.md index f9e2d1df..0f1581a4 100644 --- a/03-Network-Internet.md +++ b/03-Network-Internet.md @@ -2,6 +2,10 @@ # Firewall +## Application + +## Kernel + # Services # DNS @@ -27,7 +31,3 @@ # VPN/Tor # SSH - -# PKI - -# Siri diff --git a/04-Systems-Applications.md b/04-Systems-Applications.md index ef2991c9..80722852 100644 --- a/04-Systems-Applications.md +++ b/04-Systems-Applications.md @@ -1,4 +1,4 @@ -# PGP/GPG +# GnuPG # Messengers @@ -14,7 +14,7 @@ ## Sandbox -## Hardening +## Hardened runtime ## Gatekeeper diff --git a/05-Advanced-Tools-Resources.md b/05-Advanced-Tools-Resources.md index dfdde26a..c0bf8257 100644 --- a/05-Advanced-Tools-Resources.md +++ b/05-Advanced-Tools-Resources.md @@ -4,6 +4,8 @@ # System monitoring +# PKI + # Miscellaneous # Software From de41ff198b0d4195e163547010b136adfd001450 Mon Sep 17 00:00:00 2001 From: drduh Date: Fri, 9 May 2025 16:55:27 -0700 Subject: [PATCH 8/8] start on basics --- 01-Basics-Threat-Modeling.md | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/01-Basics-Threat-Modeling.md b/01-Basics-Threat-Modeling.md index c932d599..5d0723d6 100644 --- a/01-Basics-Threat-Modeling.md +++ b/01-Basics-Threat-Modeling.md @@ -1,4 +1,9 @@ -# Principles +# Basics + +* Configure system and software updates to automatically download and install. See [Keep your Mac up to date](https://support.apple.com/guide/mac-help/keep-your-mac-up-to-date-mchlpx1065) or use `softwareupdate` to configure options. +* Encrypt data at rest with [FileVault](https://support.apple.com/guide/mac-help/protect-data-on-your-mac-with-filevault-mh11785) volume encryption. Use a [password manager](https://support.apple.com/105115) to guard and manage credentials. +* Create scheduled [backups](https://support.apple.com/104984) of important data. Practice [recovery](https://support.apple.com/102551) in the event of a compromise. +* Avoid third party software; if necessary, only install from official sources indicated by trusted developers. # Threat modeling