Onlinesecurityrecomendations2014 141230081030-conversion-gate02
- 1. Best practices for on-line SECURITY by Peter Finney | Thinker | inventor | innovator | technologist | consultant | husband, dad | into eXtreem sports ____ As more of our everyday objects become connected (the internet of things) more and more of our personal data and interactions are been shared and stored on-line. Not just your name, address, age, with home automation, heating and lighting, cctv, with wearables this is extends to health data, location, with biometrics your finger or voiceprint, with telematics apps or smart-cars your driving, and with smartphones and tablets, contacts, banking and other application data. Privacy and security of our personal information is key, with all of this data frequently stored in the cloud and on social profiles a comprehensive in-depth view of our attributes could potentially be obtained. So what are the risks and how can we better protect our information. You can never say never with security! However this presentation highlights some of the on-line security risks and best practices and recommendations to get you started and help better protect you in the evolving digital world. ____ @peterfinney December 2014
- 2. Getting to know the risks the bad guys • Weak passwords default and easy to guess or crack with tools. • Shoulder surfers watching you type a password. • Social engineering masquerading as a trustworthy entity. • Phrising email, fraudulent websites, social media post, text and phone calls. • Click jacking what does that short link really point to. • Drive-by-download malware download without your knowledge when visiting a website, viewing an e-mail or by clicking a deceptive pop-up window or link. • Malware spyware such as key loggers and RATs (Remote Access Tool kits). • Man in the middle conversation controlled by the attacker, you are not in direct communication. • Rogue hot-spots is that free Wi-Fi hotspot legit and safe. • Packet sniffers intercepting data over Wi-Fi or wired connection. • Zero-day attack or threat that exploits a previously unknown vulnerability. “Objective: steal your personal data or information such as credit card numbers, passwords or other information”
- 3. Best practices Passwords • Create complex strong passwords Use non dictionary words, include upper/lowercase characters, numbers and symbols !”£$%^&*().@#<> Long length 15-20+ characters. • Change frequently, every 3 months • Use a different password for each account • Review use of a password vault, or an encrypted password file examples Lastpass https://lastpass.com/ One Password https://agilebits.com/onepassword iCloud keychain http://support.apple.com/en-us/HT5813 (Safari) Chrome password manager https://support.google.com/chrome/answer/95606?hl=en-GB (easy to find chrome://settings/passwords, password management option in advanced settings) reference http://www.microsoft.com/en-gb/security/online-privacy/passwords-create.aspx ********************
- 4. Best practices Two factor authentication • Use two factor authentication where supported Something you know, a strong “Password” and something you own, Your Phone (…is sent a text code) or by using a one time password generator such as the “Google Authenticator” for android / iphone. ******************** Site Setup guide Facebook https://www.facebook.com/help/?faq=162604937135512 Google http://support.google.com/accounts/bin/static.py?hl=en&page=guide .cs&guide=1056283 Twitter https://blog.twitter.com/2013/getting-started-with-login-verification Linkedin http://blog.linkedin.com/2013/05/31/protecting-your-linkedin- account-with-two-step-verification/ Dropbox https://blog.dropbox.com/2014/10/have-you-enabled-two-step- verification/ Wordpress http://en.support.wordpress.com/security/two-step-authentication/ Apple ID http://support.apple.com/en-us/HT204152
- 5. Best practices Shoulder surfing • Use a privacy screen to help prevent shoulder surfers, be mindful and aware of your surroundings, public spaces such as planes, trains, café, hotel, meetings, conferences. • Use a screen saver set a suitable idle time e.g. 5 mins before activation always lock the screen when you are away from your computer Recommeded http://solutions.3m.com/wps/portal/3M/en_US/SDP/Privacy_Filters/
- 6. Best practices Firewall, Antivirus / Malware • Always enable and use Firewall (software) • Install, update and use Antivirus and Malware software OS Consider Windows 8.1 Windows Defender is free anti-malware software included with Windows http://windows.microsoft.com/en-gb/windows-8/how-protect-pc- from-viruses Apple Sophos (Free) http://www.sophos.com/en-us/products/free-tools/sophos-antivirus- for-mac-home-edition.aspx Intego Virus Barrier http://www.intego.com/virusbarrier/ Mobile https://www.lookout.com/
- 7. Best practices DNS, Web filtering DNS (Web Filtering) Options Consider OpenDNS Changing DNS settings to use OPENDNS http://www.opendns.com/ DNS Servers 208.67.222.222 208.67.220.220 DNScrypt / DNSSEC https://www.opendns.com/about/innovations/dnscrypt/ Google Public DNS https://developers.google.com/speed/public-dns/ DNS servers 8.8.8.8 8.8.4.4 https://developers.google.com/speed/public-dns/docs/security ISP Parental Controls (Security inc. in your broadband package?) BT http://bt.custhelp.com/app/answers/detail/a_id/46768/~/bt- parental-controls---%27how-to...%27-guide Virgin Media http://store.virginmedia.com/discover/broadband/broadbandextras/ web-safe.html Blue Coat K9 Web Filtering, Blue Coat K9 web protection for home users http://www1.k9webprotection.com/
- 8. Best practices Wi-Fi Hotspots • Can you trust that Wi-Fi hotspot? • Always use a trusted VPN service from your laptop, tablet or smartphone, this will encrypt your session. Free Wi-Fi Here Options Consider Surfeasy https://www.surfeasy.com/ Hotspot Shield http://www.hotspotshield.com/
- 9. Best practices Updates, trusted software and applications • Keep your OS, applications and plug-in’s up to date turn on automatic updates • ONLY install software and applications from a trusted source! Otherwise it could contain malware
- 10. Best practices Encryption • Encrypt your Hard Disk and external disk / USB drives. • ENSURE that you generate and securely store a recovery KEY !! Options Consider MAC File Vault http://support.apple.com/kb/HT4790 Windows 8.1 Pro Bitlocker http://windows.microsoft.com/en-gb/windows-8/bitlocker-drive- encryption
- 11. Best practices Backups (Zero-day) • Maintain regular backups (Encrypted) of your computer and social site profiles. • Store backups on an external drive in a DATA approved firebox, offsite away from your primary location. • Consider cloud backup such as Google Drive, Dropbox. Cloud storage providers which support two-factor authentication. Social Site Backup guide Google https://www.google.com/takeout/ Facebook https://www.facebook.com/help/?page=116481065103985 Linkedin https://help.linkedin.com/app/answers/detail/a_id/3/~/exporting- your-linkedin-connections
- 12. Best practices Secure browsing • Always connect to a social site using, https:// if supported ? this encrypts your connection to the web site with SSL. • Check website's address begins with HTTPS, and that a LOCK icon appears in the Address bar. • Click the lock icon, view the site security certificate details. Check that the certificate is issued by a trusted root CA such as “VeriSign” et al • Keep your web browser software up to date. • Do not browse the web using a “admin” account, ensure your user account type is “STANDARD”. Create a “STANDARD” user account for general web browsing Use a separate “Admin” user account for system maintenance
- 13. Best practices Step to avoid being Phished Fake emails, social media posts, texts and phone calls. • IF in doubt delete it! Only call a reputable trusted company back and verify the message was genuine. • Never respond and give your login or personal details. • Do not click on embedded links. • Do not reply, mark as SPAM and delete. • Do not call or text back missed unknown numbers. Guides Phishing: Frequently asked questions http://www.microsoft.com/en-gb/security/online-privacy/phishing- faq.aspx How to recognize phishing email messages, links, or phone calls http://www.microsoft.com/security/online-privacy/phishing- symptoms.aspx Simple Steps to avoid being phished http://www.sophos.com/en-us/security-news-trends/best- practices/phishing.aspx
- 14. You can never say never with security. I hope this presentation has answered some questions and maybe a starting point to research more. Remember there is always another point of view and something else to try the examples and recommendations are a guide to get you started. Safe surfing.