AstonJ

AstonJ

How do you secure your dev machine/environment

Following on from this post in Do you use LittleSnitch or the equivalent on your OS? I think it might be worth us creating this thread so we can share tips and tricks we might have picked up over the years to help secure our dev machines and home networks - if you have any please share!

Most Liked

Eiji

Eiji

In 99.999999999% cases I prefer prevent instead of defend tactic. I block adds, 3rd part content (including cookies) and usually access sites I already known. I use Gentoo Linux and I decide what’s inside my environment setup part by part. Maybe it’s a bit too manual, but in exchange I don’t have support for everything like cups without a printer and so on. :smiling_imp:

Most of apps and services is open source alternative for BigTech products. I rarely use Google, Twitter/X account only for giveaways, Discord only for a contact with family and Slack also for Elixir contacts. I had a LinkedIn account, but for some reason just checking inbox was a “suspicious activity” and because of that they require my ID scan (which in many countries is illegal btw.), so I showed middle finger and stopped using it.

I do not pay by card online. I prefer cash or “old, good” bank transfer. Simply most type of attacks that require “rush without thinking” does not work on me. On a single key I access a terminal with lots of useful information and actions.

sezaru

sezaru

I use a Yubikey as a 2FA for doing anything with root access in my computer.

Also, for critical files, I create a vault with CryFS (which I can easily manage using the Gnome app called Vaults) and only mount it when I need something from it.

For firewall, I have a small device running PFSense that manage all the internet access to my local network instead of handling that in each computer.

Finally, for data storage and backup I use a NUC as a NAS with all data and I have a wireguard VPN setup on it so i can access it when I’m not at home.

AstonJ

AstonJ

macOS

Apart from the obvious like setting a password etc…

  • Turn on FileVault to encrypt your drive: Privacy & Security > FileVault
  • Turn on your firewall: Network > Firewall (then periodically click on ‘Options’ to check those in the list of incoming connections).
  • Enable end-to-end encryption of iCloud data: iCloud > Advanced Data Protection

Oddly - none of the above is on by default!

  • Install LittleSnitch to allow/disallow connections to the web (there are free alternatives)
  • Set up Time Machine backups (encrypted and usually run two and keep old copies)
  • Check Privacy & Security > Files * Folders to see which folders your apps can access
  • Check Privacy & Security > Full Disk Access
  • Check Privacy & Security > Accessibility to see which apps can ‘control’ your Mac
  • Check Lock Screen > require password after screen saver begins immediately/whatever you require
  • Check General > login items for apps/services that automatically start at login
  • Check your folder permissions (particularly if you have added any to you home folder). Folder > right click > info (should be you > Read & Write and everyone > no access)
  • Privacy & Security > Advanced > log out automatically after inactivity (means a password would be required instead of just Touch ID)

You may also want to look at Apple’s new Lockdown Mode, which they say can offer extreme protection.

Where Next?

Popular in Dev Env & Tools Top

AstonJ
I’ve been reinstalling macOS after trying out Tahoe, and when I went to migrate from a Time Machine backup I got an error I’ve not see be...
New
sodapopcan
I just placed on an order for my first mechanical watch since I last wore one in my mid 20s which was… oh boy, technically decadeS ago (t...
New
hq1
Hey! Just wanted to share my ExUnit NeoVim plugin: GitHub - aerosol/nvim-exunit: Opinionated ExUnit test runner for NeoVim · GitHub The...
New
g33kidd
Just curious as to what everyone is using in terms of colors. I’m currently using Sublime Text 3 and using the GoldenDragon color scheme....
New
BartOtten
How do you all enter the pipe operator |> on your keyboard? I keep having troubles with it :frowning:
New
AstonJ
macOS had always used your Account Name as your Username (Case-Preserving) but from around Catalina onwards it started downcasing usernam...
New
JoeZMar
After the keyboard thread has convinced me to purchase a UHK I wanted to make one about the mouse. Switching to a programmable keyboard h...
New
AstonJ
Following the Is your computer's internet connection wired or wireless? (Poll) I thought it might be an idea to have an accompany thread ...
New
AstonJ
Just noticed mine has gotten quite unwieldy and should probably be split into multiple files - but curious how big everyone else’s is! (...
New
SpaceVim
I am author of SpaceVim, As you know SpaceVim is a vim config which provide layer feature. https://github.com/SpaceVim/SpaceVim I want ...
New

Other popular topics Top

Darmani72
If I have a post route which an argument: post /my_post_route/:my_param1, MyController.my_post_handler How would get the post params ...
New
mcarvalho
What is the difference between System.get_env and Application.get_env? For example, what are best practices to use one versus another.
New
RisingFromAshes
I’ve read in another post that it may be possible with a router helper - but I couldn’t find an appropriate one, and tbh, I’m still just ...
New
sergio_101
I am VERY much an elixir newbie. I have taken one elixir course and one phoenix course on Udemy. During that course, I saw the instructor...
New
AstonJ
Please see the new poll here: Which code editor or IDE do you use? (Poll) (2022 Edition) It’s been a while since we first asked this, I...
208 31142 143
New
ashish173
I am using Ecto timestamps with postgres, I can see the timestamps() use the :naive_dateime but for my use case I wanted to store the ti...
New
boundedvariable
I am going through the kafka architecture. All the features what the kafka is providing are already in Erlang. I would like hear your opi...
New
openscript
Hello! Sorry for this astonishing simple question, but I’m really stuck. I try to set up the intellij-elixir plugin, but I don’t know ho...
New
Qqwy
Update: How to use the Blogs & Podcasts section You can post links to your blog posts or podcasts either in one of the Official Blog...
3271 126479 1222
New
AstonJ
Seen any cool LiveView demos, sample apps or examples? Please post them here! :003:
New

We're in Beta

About us Mission Statement