Diese Präsentation wurde erfolgreich gemeldet.
Die SlideShare-Präsentation wird heruntergeladen. ×

Personal Internet Security Practice

Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Wird geladen in …3
×

Hier ansehen

1 von 66 Anzeige

Personal Internet Security Practice

Herunterladen, um offline zu lesen

Ever wonder, "how can I make my home internet more secure" or "how can I make sure my kids are safely browsing the internet"? Join this cat meme filled presentation on how to secure your home's internet; everything from securing your wireless network to tools that you can use to help keep you and your family safe while surfing the web.

Ever wonder, "how can I make my home internet more secure" or "how can I make sure my kids are safely browsing the internet"? Join this cat meme filled presentation on how to secure your home's internet; everything from securing your wireless network to tools that you can use to help keep you and your family safe while surfing the web.

Anzeige
Anzeige

Weitere Verwandte Inhalte

Diashows für Sie (20)

Ähnlich wie Personal Internet Security Practice (20)

Anzeige

Weitere von Brian Pichman (20)

Aktuellste (20)

Anzeige

Personal Internet Security Practice

  1. 1. Personal Internet Security Practices Brian Pichman Twitter: @Bpichman
  2. 2. Agenda • Understanding Anonymity, Privacy, and Everything in Between • Protecting Yourself • Getting Hacked • Protecting Your Environment
  3. 3. Tools For Anonymity Making yourself more “invisible”
  4. 4. Onion Routing, Tor Browsing • Technique for anonymous communication to take place over a network. The encryption takes place at three different times: • Entry Node • Relay Node • Exit Node • Tor is made up of volunteers running relay servers. No single router knows the entire network (only its to and from). • Tor can bypass internet content filtering, restricted government networks (like China) or allow people to be anonymous whistle blowers. • Tor allows you to gain access to “.onion” websites that are not accessible via a normal web browser. • Communication on the Dark Web happens, via Web, Telnet, IRC, and other means of communication being developed daily.
  5. 5. Cloak of Invisibility Top reasons why people want to hide their IP address: 1. Hide their geographical location 2. Prevent Web tracking 3. Avoid leaving a digital footprint 4. Bypass any bans or blacklisting of their IP address 5. Perform illegal acts without being detected
  6. 6. Cloak of Invisibility How do you Hide an 800lb Gorilla? • Use Free Wifi (To Hide your location) • Use a Secure Web Browser • Use a Private VPN • Go back to Dial-up • Setup RF Data Transfer over CB Radio Waves • Use Kali linux to hack someone else’s Wifi Encryption. • Setup long-range Wireless Antennas
  7. 7. Cloak of Invisibility • How to hide yourself? • Private VPN • You want a TOTALLY anonymous service. • Look for one that keeps no log history (Verify via reviews) • Look at Bandwidth & Available Servers • Recommendations: • Private Internet Access (PIA) • TorGuard VPN • Pure VPN • Opera Web Browser • Avast AntiVirus (SecureLine) • Worst Case: Free WIFI
  8. 8. Normal Users and How They Appear:
  9. 9. VPN Protected Users
  10. 10. Cloak of Invisibility • How Tor anonymizes – “You”. • How VPN keeps ”You” protected.
  11. 11. Understanding Free Wifi • Sometimes a good alternative if you need to do something anonymously • Nothing is ever 100% anonymous • Some public wifi does track websites you access, what you do, etc. • Make sure your computer name you are using doesn’t include your actual name
  12. 12. Hacked WiFi – Cain and Abel
  13. 13. Best Tips and Practices For Connecting Privately Do • Use a device that you’ve never signed into anything ”personal on”. • Pro Tip: buy a computer from a Pawn Shop or Garage Sale • If using public WiFi; don’t make purchases with a credit card. Don’t • While on a VPN or any other anonymous tool; don’t sign into personal accounts (banks, social media, etc). • If posting, don’t use anything that could be associated to you
  14. 14. Easy Wins for Privacy • 10 Minute Email • https://10minutemail.com/ • Temporarily get an email box that’s anonymous and disappears after 10 minutes • Dr Cleaner (Mac) or Eraser (Win) can overwrite files on your computer with “blank” data to make file recovery near impossible. • Tools like Recuva is free softwares to allow you to restore deleted files.
  15. 15. Protecting Yourself
  16. 16. You • Sites to protect yourself all the time (not free) • IdentiyGuard.com • LifeLock.com • Sites to monitor when breached data gets related (this is free) • Haveibeenpwned.com • Password Management Sites (like lastpass.com) • Don’t have the same password for all your sites. • Don’t write your passwords down on a post-it-note and leave it at your desk
  17. 17. Google Isn’t Always Your Friend
  18. 18. Dual Factor Authentication • After logging in; verify login via Email, SMS, or an app with a code.
  19. 19. Credit Card Tools for Online Shopping • Check out Privacy.Com • https://privacy.com/join/473XB shameless plug
  20. 20. Random Tips and Tricks • Accept only people you know to personal and professional accounts • Never click on links from people you don’t know. • Especially if they are using a url shortner: bit.ly, tinyurl.com, etc • https://www.urlvoid.com/ - test the website to see if its safe • https://snapito.com/ gets a screenshot of what will load on the site • If there are people claiming to be you on social media, it’s best to get your account “verified” on those social media platforms • This lets users distinguish that you’re the actual official account • Dual factor authenticate all of your social media logins
  21. 21. More Sources • https://www.reddit.com/r/deepweb/ • DuckDuckGo.Com doesn’t track searches • Also lets you search of .onion sites when using TorBrowser to access.
  22. 22. Myths • I’m not worth being attacked. • Hackers won’t guess my password. • I/we have anti-virus software. • I’ll/we know if I/we been compromised.
  23. 23. Understanding Breaches and Hacks • A hack involves a person or group to gain authorized access to a protected computer or network • A breach typically indicates a release of confidential data (including those done by accident)
  24. 24. The Costs Of Breaches • This year’s study found the average consolidated total cost of a data breach is 3.9 million dollars and in the US the average is actually higher at 8.19 million. [IBM 2019 http://www-03.ibm.com/security/data-breach/] • Data Breached Companies Experience… • People loose faith in your brand • Loss in patrons • Financial Costs • Government Requirements, Penalties, Fees, etc. • Sending of Notifications • Payment of Identity Protection or repercussions. https://betanews.com/2016/02/10/the-economic-cost-of-being-hacked/
  25. 25. Protecting Your Home You home threats Data and Information
  26. 26. Why do People Attack? • Financial Gain • Stocks • Getting Paid • Selling of information • Data Theft • For a single person • For a bundle of people • Just Because • Malicious
  27. 27. https://www.experian.com/blogs/ask-experian/heres-how- much-your-personal-information-is-selling-for-on-the-dark- web/
  28. 28. Outside • Modem Router Firewall Switches • Servers End User • Phones • Computers • Laptops
  29. 29. Outer Defenses (Routers/Firewalls) • Site to Site Protection (Router to Router or Firewall to Firewall) • Encrypted over a VPN Connection • Protection With: • IDS • IPS • Web filtering • Antivirus at Web Level • Protecting INBOUND and OUTBOUND
  30. 30. Unified Threat Management • Single Device Security • All traffic is routed through a unified threat management device.
  31. 31. Areas of Attack On Outer Defense External Facing Applications • Anything with an “External IP” • NAT, ONE to ONE, etc. • Website • Custom Built Web Applications or Services Internal Applications • File Shares • Active Directory (usernames / passwords) • Patron Records • DNS Routing • Outbound Network Traffic • Who is going where
  32. 32. Attacks • Man in the Middle • Sitting between a conversation and either listening or altering the data as its sent across. • DNS Spoofing (https://null-byte.wonderhowto.com/how-to/hack-like-pro-spoof-dns- lan-redirect-traffic-your-fake-website-0151620/) set up a fake website and let people login to it. • D/DoS Attack (Distributed/Denial of Service Attack) • Directing a large amount of traffic to disrupt service to a particular box or an entire network. • Could be done via sending bad traffic or data • That device can be brought down to an unrecoverable state to disrupt business operations. • Sniffing Attacks • Monitoring of data and traffic to determine what people are doing.
  33. 33. Inner Defenses (Switches/Server Configs) • Protecting Internal Traffic, Outbound Traffic, and Inbound Traffic • Internal Traffic = device to device • Servers • Printers • Computers • Protected By: • Software Configurations • Group Policy • Password Policy • Hardware Configurations • Routing Rules
  34. 34. So…What Can You Do With Just This:
  35. 35. Updates, Patches, Firmware • Keeping your system updated is important. • Being on the latest and greatest [software/update/firmware] isn’t always good – but security updates are usually key and super important.
  36. 36. Passwords • Let’s talk about Passwords • Length of Password • Complexity of password requirements • DO NOT USE POST IT NOTES
  37. 37. Open DNS • https://www.opendns.com/home-internet-security/
  38. 38. Setting It Up • It’s simple, you will just want to update your router’s DNS entry (or if you wanted, you can do this directly on the device you wish to protect) • 208.67.222.123 • 208.67.220.123
  39. 39. Your Wireless Router • Have your wireless connection protected by a password to join • Have your wireless password interface ALSO protect with a password (that isn’t the default password either)
  40. 40. Other Tools To Protect The Computer
  41. 41. Microsoft https://account.microsoft.com/family/about
  42. 42. Apple https://support.apple.com/guide/mac-help/set-up-parental-controls-mtusr004/10.14/mac/10.14 https://www.apple.com/families/
  43. 43. Google Accounts for Kids • https://support.google.com/families/answer/7103338?hl=en
  44. 44. Qustodio https://www.qustodio.com/en/family/why-qustodio/
  45. 45. Understanding Wireless Encryption • Open (risky): Open Wi-Fi networks have no passphrase. You shouldn’t set up an open Wi-Fi network— • WEP 64 (risky): The old WEP protocol standard is vulnerable and you really shouldn’t use it. • WEP 128 (risky): This is WEP, but with a larger encryption key size. It isn’t really any less vulnerable than WEP 64. • WPA-PSK (TKIP): This uses the original version of the WPA protocol (essentially WPA1). It has been superseded by WPA2 and isn’t secure. • WPA-PSK (AES): This uses the original WPA protocol, but replaces TKIP with the more modern AES encryption. It’s offered as a stopgap, but devices that support AES will almost always support WPA2, while devices that require WPA will almost never support AES encryption. So, this option makes little sense. • WPA2-PSK (TKIP): This uses the modern WPA2 standard with older TKIP encryption. This isn’t secure, and is only a good idea if you have older devices that can’t connect to a WPA2-PSK (AES) network. • WPA2-PSK (AES): This is the most secure option. It uses WPA2, the latest Wi-Fi encryption standard, and the latest AES encryption protocol. You should be using this option. On some devices, you’ll just see the option “WPA2” or “WPA2-PSK.” If you do, it will probably just use AES, as that’s a common-sense choice. • WPAWPA2-PSK (TKIP/AES): Some devices offer—and even recommend—this mixed-mode option. This option enables both WPA and WPA2, with both TKIP and AES. This provides maximum compatibility with any ancient devices you might have, but also allows an attacker to breach your network by cracking the more vulnerable WPA and TKIP protocols. https://www.howtogeek.com/204697/wi-fi-security-should-you-use-wpa2-aes-wpa2-tkip-or-both
  46. 46. What’s the “Guest” Network On My Router • You can set up a “Guest” network for when people come over, you can have your network segmented out so they can’t see the other content/devices in your home: • Shared Photos and Files on a Personal Computer • Access to GoogleHome / Apple TV / etc
  47. 47. General Browsing Rules
  48. 48. What does HTTPS Do? • HTTPS verifies the identity of a website and encrypts nearly all information sent between the website and the user. • Protected information includes cookies, user agent details, URL paths, form submissions, and query string parameters. • HTTPS is a combination of HTTP and Transport Layer Security (TLS). • Browsers and other HTTPS clients are configured to trust a set of certificate authorities that can issue cryptographically signed certificates on behalf of web service owners.
  49. 49. What Doesn’t HTTPS Do? • HTTPS has several important limitations. • IP addresses and destination domain names are not encrypted. • Even encrypted traffic can reveal some information indirectly, such as time spent on site, or the size of requested resources or submitted information. • HTTPS only guarantees the integrity of the connection between two systems, not the systems themselves. • It is not designed to protect a web server from being hacked. • If a user’s system is compromised by an attacker, that system can be altered so that its future HTTPS connections are under the attacker’s control.
  50. 50. Why HTTPS? • Prevents Hackers from watching what you do over the Internet • Encrypts Data • Keeps stuff private • Keeps you safe • Prevents people from tracking your internet activity • Unencrypted HTTP request reveals information about a user’s behavior. The HTTP protocol does not protect data from interception or alteration.
  51. 51. Your Security is as Strong As the Weakest Link
  52. 52. Learn and Practice Cybersecurity • Learn to identify a scam email • Understanding the “fake” Facebook friends • Being careful of links you don’t recognize through email, search, or posts on social media. • Take webinars and free classes to learn about these things – have honest and open conversations
  53. 53. • Evolve Project • https://www.linkedin.com/in/bpichman • Twitter: @bpichman • Email: bpichman@evolveproject.org • Slideshare.net/bpichman Brian Pichman Questions?

Hinweis der Redaktion

  • http://www.pcmag.com/article2/0,2817,2403388,00.asp
  • https://en.wikipedia.org/wiki/BackTrack
  • Infrastructure:
    Network (Switches, Routers, Firewalls, Modem)
    WiFi Network
    VPN Connections
    Servers (File Storage, Active Directory, Application Servers).
    Phone System, Security System, Website, etc.
    End Clients
    End User PCs and other Peripherals
    Copiers, Scanners, Printers
    Software
  • HTTPS verifies the identity of a website or web service for a connecting client, and encrypts nearly all information sent between the website or service and the user.

    Protected information includes cookies, user agent details, URL paths, form submissions, and query string parameters. HTTPS is designed to prevent this information from being read or changed while in transit.

    HTTPS is a combination of HTTP and Transport Layer Security (TLS). TLS is a network protocol that establishes an encrypted connection to an authenticated peer over an untrusted network.

    Browsers and other HTTPS clients are configured to trust a set of certificate authorities [2] that can issue cryptographically signed certificates on behalf of web service owners. These certificates communicate to the client that the web service host demonstrated ownership of the domain to the certificate authority at the time of certificate issuance. This prevents unknown or untrusted websites from masquerading as a Federal website or service.
  • What HTTPS Doesn’t Do
    HTTPS has several important limitations. IP addresses and destination domain names are not encrypted during communication. Even encrypted traffic can reveal some information indirectly, such as time spent on site, or the size of requested resources or submitted information.
    HTTPS only guarantees the integrity of the connection between two systems, not the systems themselves. It is not designed to protect a web server from being hacked or compromised, or to prevent the web service from exposing user information during its normal operation. Similarly, if a user’s system is compromised by an attacker, that system can be altered so that its future HTTPS connections are under the attacker’s control. The guarantees of HTTPS may also be weakened or eliminated by compromised or malicious certificate authorities.
  • Data sent over HTTP is susceptible to interception, manipulation, and impersonation. This data can include browser identity, website content, search terms, and other user-submitted information.

×