Ask HN: What tools to use for a political party IT infrastructure?

6 pointsgreencore5y ago5 comments

Hi HN, I'm trying to establish a new IT infrastructure for my political party (leftist). Would you recommend any tools for it?

5 comments

maltalex5y ago

In this day and age, I'd recommend consulting with actual security professional for organizations as public as political parties.

Short of that, make sure to (at least) cover the basics:

- Ask everyone to use a trusted password manager and strong, unique password for everything. Avoid shared accounts and shared passwords.

- Enable 2FA everywhere, strongly prefer authentication apps or even better, hardware tokens over SMS. Use SMS 2FA only as a last resort.

- Have everyone go through cyber security awareness training. Many attacks start off as (spear) phishing emails and/or various social engineering shenanigans.

- Update every piece of software obsessively. That includes everything from workstations and phones to servers, VPNs, routers and printers. Do not use any device which isn't supported anymore.

probinso5y ago

Use NextCloud.

It's going to be worth doing threat modeling for different things, but a lot of operational problems can be solved with this and it is self-hosted

speedgoose5y ago

Probably not AWS if your party don't like Amazon.

pestaa5y ago

It could be somewhat hypocritical to use big cloud providers if the party is heavily anti-corporate, but even then... who cares?

You can very well be in favor of regulating companies whose services you rely on, and accept the consequently increased bills.

speedgoose5y ago

I would guess a few people would care. A journalist or two.

No regulation doesn't necessarily mean lower bills. Look at the fortune of Jeff Bezos.

j / k navigate · click thread line to collapse

5 comments

maltalex5y ago

In this day and age, I'd recommend consulting with actual security professional for organizations as public as political parties.

Short of that, make sure to (at least) cover the basics:

- Ask everyone to use a trusted password manager and strong, unique password for everything. Avoid shared accounts and shared passwords.

- Enable 2FA everywhere, strongly prefer authentication apps or even better, hardware tokens over SMS. Use SMS 2FA only as a last resort.

- Have everyone go through cyber security awareness training. Many attacks start off as (spear) phishing emails and/or various social engineering shenanigans.

- Update every piece of software obsessively. That includes everything from workstations and phones to servers, VPNs, routers and printers. Do not use any device which isn't supported anymore.

probinso5y ago

Use NextCloud.

It's going to be worth doing threat modeling for different things, but a lot of operational problems can be solved with this and it is self-hosted

speedgoose5y ago

Probably not AWS if your party don't like Amazon.

pestaa5y ago

It could be somewhat hypocritical to use big cloud providers if the party is heavily anti-corporate, but even then... who cares?

You can very well be in favor of regulating companies whose services you rely on, and accept the consequently increased bills.

speedgoose5y ago

I would guess a few people would care. A journalist or two.

No regulation doesn't necessarily mean lower bills. Look at the fortune of Jeff Bezos.

j / k navigate · click thread line to collapse