r-Techsupport · sealsrock12 · Feb 24, 2023 · Feb 3, 2023 · Feb 3, 2023 · Feb 3, 2023
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -30,6 +30,7 @@ GEM
       ruby2_keywords (>= 0.0.4)
     faraday-net_http (2.0.3)
     ffi (1.15.5)
+    ffi (1.15.5-x64-mingw-ucrt)
     ffi (1.15.5-x64-unknown)
     forwardable-extended (2.6.0)
     gemoji (3.0.1)
@@ -214,6 +215,8 @@ GEM
     minitest (5.16.2)
     nokogiri (1.13.7-arm64-darwin)
       racc (~> 1.4)
+    nokogiri (1.13.7-x64-mingw-ucrt)
+      racc (~> 1.4)
     nokogiri (1.13.7-x64-unknown)
       racc (~> 1.4)
     nokogiri (1.13.7-x86_64-darwin)
@@ -252,17 +255,22 @@ GEM
       ethon (>= 0.9.0)
     tzinfo (1.2.10)
       thread_safe (~> 0.1)
+    tzinfo-data (1.2022.7)
+      tzinfo (>= 1.0.0)
     unf (0.1.4)
       unf_ext
     unf_ext (0.0.8.2)
+    unf_ext (0.0.8.2-x64-mingw-ucrt)
     unf_ext (0.0.8.2-x64-unknown)
     unicode-display_width (1.8.0)
+    wdm (0.1.1)
     webrick (1.7.0)
     zeitwerk (2.6.0)
 
 PLATFORMS
   arm64-darwin-21
   universal-darwin-22
+  x64-mingw-ucrt
   x64-unknown
   x86_64-linux
 
@@ -280,4 +288,4 @@ DEPENDENCIES
   webrick
 
 BUNDLED WITH
-   2.3.16
+   2.3.22
diff --git a/docs/networking/dns.md b/docs/networking/dns.md
@@ -0,0 +1,54 @@
+---
+layout: default
+title: Domain Name System
+nav_exclude: false
+has_children: false
+parent: Networking
+has_toc: true
+search_exclude: false
+last_modified_date: 2023-02-03
+---
+# Understanding DNS and How to Revert to Standard DNS Providers
+
+{: .no_toc}
+{% include toc.md %}
+
+## What is DNS?
+
+[DNS](/docs/learning/terms#domain-name-system), or the Domain Name System, is the system that translates human-readable domain names (e.g. www.google.com) into machine-readable IP addresses (e.g. 216.58.194.174). It acts as a sort of phonebook for the internet, allowing users to access websites and other online resources using easy-to-remember names instead of difficult-to-remember numerical addresses.
+
+## List of DNS Providers
+
+*You can use any of the following depending on your Personal Preference.*
+
+* **Google Public DNS:** 8.8.8.8 and 8.8.4.4
+* **Cloudflare:** 1.1.1.1 and 1.0.0.1
+* **OpenDNS:** 208.67.222.222 and 208.67.220.220
+* **Quad9:** 9.9.9.9 and 149.112.112.112
+
+## How to Revert to Standard DNS Providers
+
+The process of reverting to a standard DNS provider varies depending on the operating system you are using. Here are the steps for some common operating systems:
+
+### Windows
+
+1. Click the Start button and type "Control Panel" in the search bar.
+2. Click "Network and Sharing Center."
+3. Click "Change adapter settings."
+4. Right-click the network connection you want to change and select "Properties."
+5. Select "Internet Protocol Version 4 (TCP/IPv4)" and click "Properties."
+6.  Select "Use the following DNS server addresses" and enter the preferred DNS server addresses for the provider [you want to use](#list-of-dns-providers).
+7. Click OK to save the changes.
+
+### MacOS
+
+1. Click the Apple menu and select "System Preferences."
+2. Click "Network."
+3. Select the network connection you want to change and click "Advanced."
+4. Click the "DNS" tab.
+5. Click the "+" button to add a new DNS server address and enter the preferred DNS server addresses for the provider [you want to use](#list-of-dns-providers).
+6. Click OK to save the changes.
+
+### Linux
+
+The specific steps to change the DNS server in Linux depend on the distribution you are using. For most distributions, you can change the DNS server by editing the `/etc/resolv.conf` file and adding the preferred DNS server addresses for the provider [you want to use](#list-of-dns-providers).
diff --git a/docs/safety-security/disk-encryption.md b/docs/safety-security/disk-encryption.md
@@ -0,0 +1,209 @@
+---
+layout: default
+title: Disk Encryption
+nav_exclude: false
+has_children: false
+has_toc: true
+parent: Safety & Security
+search_exclude: false
+last_modified_date: 2023-02-05
+---
+
+# Disk Encryption
+{: .no_toc}
+
+Disk encryption is the process of converting plain text data into unreadable code, using mathematical algorithms, to secure sensitive information stored on a computer's hard drive. The encryption process protects data by making it unreadable to unauthorized users, even if they have physical access to the computer's disk.
+
+{% include toc.md %}
+
+## Uses of Disk Encryption
+
+* Protecting sensitive personal and financial information, such as passwords, social security numbers, and credit card numbers.
+* Securing confidential business data, such as trade secrets, customer information, and financial records.
+* Complying with legal and regulatory requirements, such as the General Data Protection Regulation (GDPR) and the Health Insurance Portability and Accountability Act (HIPAA).
+* Preventing data theft, such as through theft of laptops or external hard drives.
+
+## General Things Necessary for Secure Disk Encryption
+
+* Backups: Regularly backing up encrypted data is important in case of disk failure or corruption.
+* Secure Passwords: The strength of disk encryption depends on the strength of the password used to encrypt the data. It is important to choose strong, unique passwords 
+* Storing Passwords Safely: Passwords should be stored in a secure location, such as a password manager or a physically secure location, to prevent unauthorized access.
+* Usage of a Secure Algorithm: If the Method used for Encryption is *weak or has known vulnerabilities*, **it should not be used**.
+
+## Setting Up Full Disk Encryption on Windows using BitLocker
+
+BitLocker is a built-in disk encryption feature in Windows that provides full disk encryption for the operating system drive, as well as additional data drives. 
+
+Here's how to set up BitLocker on Windows:
+
+1. Go to Control Panel and select System and Security.
+2. Select BitLocker Drive Encryption.
+3. Select the drive that you want to encrypt and click on "Turn on BitLocker."
+4. Choose how you want to unlock your drive at startup, such as with a password or smart card.
+5. Choose how you want to back up your recovery key, such as saving it to a USB drive or printing it.
+6. Choose the encryption method and encryption settings, such as the encryption algorithm and the encryption key size.
+7. Start the encryption process and wait for it to complete. This process may take several hours, depending on the size of the drive.
+
+BitLocker is designed to lock down in the event of hardware or firmware changes, to prevent unauthorized access to the encrypted data. However, there may be times when hardware or firmware changes are necessary, such as during routine maintenance or upgrades. In these cases, BitLocker can be put into maintenance mode, allowing the changes to be made and then resumed. 
+
+## How to put BitLocker into maintenance mode:
+
+1. Go to Control Panel and select System and Security.
+2. Select BitLocker Drive Encryption.
+3. Select the drive that is encrypted with BitLocker.
+4. Click on "Suspend protection."
+5. Make the necessary hardware or firmware changes.
+6. Go back to BitLocker Drive Encryption and click on "Resume protection."
+7. Enter the BitLocker password and wait for the encryption process to resume.
+
+### Minimum Requirements for BitLocker / BitLocker to Go
+
+In order to use BitLocker, your computer must meet the following minimum requirements:
+
+* Windows 10 Pro or higher
+* An enabled Trusted Platform Module (TPM) version 1.2 or later
+
+## Setting up BitLocker to Go for detachable or Portable Storage
+
+BitLocker to Go provides a convenient and secure way to encrypt external drives and protect sensitive data stored on them. While it does have some limitations, it is a useful tool for anyone who needs to store sensitive data on an external drive. Just be sure to always keep a backup of your data and store your password in a safe place to avoid data loss.
+
+> ❗ BitLocker to Go is compatible with Windows operating systems that support BitLocker with no additional software required, but it is **NOT compatible** with MacOS or Linux without the use of third-party tools.
+
+To encrypt an external drive using BitLocker to Go, follow these steps:
+
+1. Connect the external drive to your Windows computer.
+2. Right-click on the drive in File Explorer and select "Turn on BitLocker".
+3. Follow the on-screen prompts to set up a password for the drive and select the encryption options.
+4. BitLocker will begin encrypting the drive, which may take some time depending on the size of the drive and the speed of your computer.
+
+## Unlocking a BitLocker to Go Drive
+
+To unlock a BitLocker to Go drive, simply connect it to a Windows computer and enter the password when prompted. The drive will then be unlocked and accessible just like any other drive.
+
+## Finding Bitlocker Recovery Keys 
+
+Bitlocker recovery keys can be found in several places, depending on how Bitlocker was set up:
+
+- In the Microsoft account: If the recovery key was saved to the Microsoft account, it can be found by signing in to the account and viewing the security information. Follow [this guide](https://support.microsoft.com/en-us/windows/finding-your-bitlocker-recovery-key-in-windows-6b71ad27-0b89-ea08-f143-056f5ab347d6) to retrieve it.
+- In the OneDrive account: If the recovery key was saved to the OneDrive account, it can be found by signing in to the account and searching for "Bitlocker".
+- On a USB drive: If the recovery key was saved to a USB drive, the USB drive must be inserted into the computer to access the encrypted data.
+- With the Bitlocker Recovery Console: If the recovery key was not saved to the Microsoft account or a USB drive, it can be found using the Bitlocker Recovery Console.
+
+> ❗ It is not possible to decrypt BitLocker drives without them and we will not asisst in doing so.
+
+## Setting up VeraCrypt
+
+VeraCrypt is a free, open-source disk encryption software for Windows, MacOS, and Linux. It allows you to create encrypted volumes and encrypt entire disks, including system drives. This article will cover the setup and use of VeraCrypt, as well as its advantages and disadvantages.
+
+### Minimum Requirements
+
+To use VeraCrypt, you will need a computer with a compatible operating system:
+
+- Windows 7 or later
+- MacOS X 10.6 or later
+- Linux Kernel version 2.6 or later
+
+## Installing VeraCrypt
+
+To install VeraCrypt, follow these steps:
+
+1. Download the VeraCrypt installer from the [official website](https://www.veracrypt.fr/en/Home.html).
+2. Run the installer and follow the on-screen prompts to install VeraCrypt.
+3. Once installed, launch VeraCrypt and follow the steps to create an encrypted volume or encrypt an entire disk.
+
+### Creating an Encrypted Volume
+
+To create an encrypted volume using VeraCrypt:
+
+1. Launch VeraCrypt and select "Create Volume".
+2. Select "Create an encrypted file container".
+3. Follow the on-screen prompts to create a password and choose the encryption options.
+4. VeraCrypt will create an encrypted file container that can be mounted as a virtual drive.
+
+### Encrypting an Entire Disk
+
+To encrypt an entire disk using VeraCrypt:
+
+1. Launch VeraCrypt and select "Encrypt a non-system partition/drive".
+2. Select the drive you wish to encrypt.
+3. Follow the on-screen prompts to create a password and choose the encryption options.
+4. VeraCrypt will begin encrypting the drive, which may take some time depending on the size of the drive and the speed of your computer.
+
+### Advantages and Disadvantages
+
+#### Advantages
+
+- Free and open-source
+- Cross-platform compatibility
+- Offers full disk encryption and encrypted volumes
+- Strong encryption options
+
+#### Disdvantages
+
+- May be more difficult to set up and use than other disk encryption software
+- Not as widely used as other disk encryption software, meaning there may be less support and resources available
+
+## Setting up LUKS
+
+LUKS (Linux Unified Key Setup) is a disk encryption specification for Linux. It provides a standard for encrypting entire storage devices, including hard drives and flash drives. This article will cover the setup and use of LUKS, as well as important things to keep in mind when using LUKS encryption.
+
+### Minimum Requirements
+
+To use LUKS, you will need a Linux operating system with the following minimum requirements:
+
+- Linux Kernel version 2.6.x or later
+- A supported Linux Distro
+
+### Encrypting a Device with LUKS
+
+To encrypt a device using LUKS:
+
+1. Open a terminal window and enter the following command: `sudo cryptsetup luksFormat /dev/sdX` (where `/dev/sdX` is the device you wish to encrypt).
+2. Follow the on-screen prompts to create a password for the encrypted device.
+3. Enter the following command to open the encrypted device: `sudo cryptsetup luksOpen /dev/sdX cryptname` (where `cryptname` is the name you wish to assign to the encrypted device).
+4. Create a filesystem on the encrypted device: `sudo mkfs.ext4 /dev/mapper/cryptname`
+5. Mount the encrypted device: `sudo mount /dev/mapper/cryptname /mnt/mountpoint` (where `/mnt/mountpoint` is the mount point you wish to use).
+
+### Unlocking an Encrypted Device
+
+To unlock an encrypted device:
+
+1. Open a terminal window and enter the following command: `sudo cryptsetup luksOpen /dev/sdX cryptname` (where `/dev/sdX` is the encrypted device and `cryptname` is the name you assigned to the encrypted device).
+2. Enter the password for the encrypted device.
+3. Mount the encrypted device: `sudo mount /dev/mapper/cryptname /mnt/mountpoint` (where `/mnt/mountpoint` is the mount point you wish to use).
+
+### Advantages and Disadvantages
+
+#### Advantages
+
+- LUKS is broadly availible accros Linux Distributions
+
+#### Disadvantages
+
+- No GUI (Graphical User Interface)
+- Requires a certain degree of knowledge of the Linux Terminal
+- No way of accessing Drives on Other Operating systems wihtout usage of 3rd Party Software 
+
+## Self-Encrypting Drives (SEDs)
+
+Self-Encrypting Drives (SEDs) are a type of hard disk drive (HDD) or solid state drive (SSD) that encrypt all data on the disk automatically without the need for any additional software or hardware.
+
+### Advantages and Disadvantages
+
+#### Advantages
+
+- Easy to use: SEDs are simple to use, as encryption is performed automatically in the background. No additional software or hardware is required.
+- Improved performance: SEDs are designed to encrypt data at the disk controller level, which minimizes the impact on system performance.
+- Increased security: SEDs encrypt all data on the disk, including data in use, which provides a higher level of security than traditional software-based encryption methods.
+- More affordable: SEDs are becoming more affordable, making them an attractive option for organizations that need to secure data on a budget.
+
+#### Disadvantages
+
+- Limited compatibility: SEDs are not compatible with all operating systems, and some systems may require additional software to use them.
+- Potential reduced performance: In some cases, the encryption process performed by SEDs can reduce system performance.
+- Insecure Encryption methods: Not every drive has equal security as it depends on the method used. If the method has flaws or is vulnerable it can't be changed in most cases.
+
+### Risks
+
+- Data loss: If the encryption key is lost or forgotten, the data on the SED will be inaccessible.
+- Physical damage: In the event of physical damage to the SED, the encrypted data may become inaccessible.
diff --git a/docs/safety-security/mfa.md b/docs/safety-security/mfa.md
@@ -41,6 +41,8 @@ We recommend using something that can be backed up or synchronized instead of a
     * Plugins are available for this manager to also store MFA.
 * Bitwarden
     * Under the Pro plan you can keep TOTP seeds in your manager.
+* Your password manager
+    * Check if your choice of password manager supports TOTP out of the box. Typically this can be a field you can add to your entry, and sometimes named "One-Time Password" or something else.
 
 ## Hardware tokens
 Hardware tokens are typically keyfobs, USB devices, or smartcards. For the purpose of this guide we will only talk about keyfobs and USB devices, since smartcards almost never are used by consumers.