Download - Harbin clinic iot-mobile-no-vid
Securing Your Digital Shadow
Ernest StaatsMS Information Assurance, CISSP, CEH, CWNA,Security+, MCSE, CNA, I-Net+, Network+, Server+, A +
Security Tips• Don't sign up using another social networking account
• Lock down those social network privacy settings
• Think before you post
• Lie. About. Everything
More Security Tips
• Use a password manager and two-factor authentication
• Disposable email DoNotTrackMe, and Yahoo disposableemails Melt Mail
• Use secure browser such as Firefox with listed addons
• Create personal and professional personas
• Delete your Information on Google
• Google ads https://www.google.com/settings/u/0/ads/authenticated
• Privacy https://myaccount.google.com/
Identity Protection Tips
• Ask questions before you share it
• Lock it up
• Shred it before you put in trash
• Password protect it
• Freeze Credit (for all family members)
• Check all family members digital foot print
• Set Google Alerts for family
• https://www.google.com/alerts#
Understand Risk
Mobile + IoT + Digital Shadow = Digital Monster• IoT Scanner https://iotscanner.bullguard.com/
• IoT Search - Shodan https://www.shodan.io/explore
Protect Personal & Work Data
• Use and maintain anti-virus software and a firewall
• Regularly scan your computer for spyware
• Keep software up to date
• Evaluate your software's settings
• Remove unused software programs/Apps
• Consider creating separate user accounts
• Use passwords and encrypt sensitive files
• Dispose of sensitive information properly
Protecting Your Privacy
• Do business with credible companies
• Do not use primary email in online
submissions
• Avoid submitting credit card
information online
• Devote one credit card to online
purchases
Safe Social Networking
• Lie
• Limit personal information you post
• Internet is a public resource
• Be skeptical
• Evaluate your settings
• Be wary of third-party applications
• Use strong passwords
Avoid Identity Theft
• Do business with reputable companies
• Check privacy policies
• Be careful what information you
publicize
• Use and maintain anti-virus software
and a firewall
• Be aware of your account activity
Has your identity been stolen
• Unusual or unexplainable charges on your bills
• Phone calls or bills for accounts, products, or services that you do not have
• Failure to receive regular bills or mail
• New, strange accounts appearing on your credit report
• Unexpected denial of your credit card
IoT Discovery Security
• Check your network from the outside
– https://iotscanner.bullguard.com/
• If found then run https://www.shodan.io/
• Download and Run RIoT
– https://www.beyondtrust.com/free-iot-
vulnerability-scanner/
IoT Protection
• Monthly check IoT & router's firmware
• Change administration passwords
• Change your Wi-Fi network name
• Select WPA2 encryption for Wi-Fi
• Stick a cut-off headset plug in laptop's
microphone
• Put Cover on Cam
• Research smart-home devices
Check your System Firewall
• Checkpoints free FW Verification • Ransomware
• Identity Theft / Phishing
• Zero Day Vulnerability
• Bot Infection
• Browser Attack
• Anonymizer Usage
• Sensitive Data leakage
http://www.cpcheckme.com/checkme/
Digital Shadow
• Nothing to hide
• Don’t care if others know
• Just the internet
– Looking for a job or applying for credit
• One in millions (still easy to find)
• I get discounts (at what cost)
• I am getting something for Free (no)
Known Digital ShadowsPeekYou
Give a lot of Information for free just wait and scroll down
http://www.peekyou.com/
PiplSearch for a person using name and location https://pipl.com/
Check MateSearch for a person using name and location
https://www.instantcheckmate.com
SpokeoSearches lots of public Records to find information about someone
http://www.spokeo.com
US Search Search for a person using email name or user name
http://www.ussearch.com/
Unknown Digital ShadowsPandora What do they listen to and who is following them http://www.pandora.com/Twitter See what they post online https://twitter.com/
Amazon
What are their likes wishes and look at comments http://www.amazon.com/
FacebookPay attention to family connections posting GPS https://www.facebook.com/
What are they posting https://www.linkedin.com/
Browser Trackers
• Visible Trackers:
– Google's red
– G+ button
– Facebook's "like”
– Twitter's little blue bird .
Digital Hygiene
• Keep an eye on your bank accounts - Click here to learn how to set up two-factor authentication.
• Investigate your email address - Have I Been Pwned
• Change your password - Read this article to help you create hack-proof passwords.
• Close unused accounts - Here's an easy way to manage all of your online accounts at once.
• Beware of phishing scams - Take our phishing IQ test to see if you can spot a fake email.
• Manage passwords - LastPass or KeePass
Remove WiFi Networks
• iPhone or Ipad:
Settings → General → Reset → Reset
Network Settings.
• On Android phones and your computer
you can see the wifi networks you've
connected to before, and delete them
individually.
Understand Your Shadow• Logout & clear browser of all settings
• Search your Name, place of work, school,
use google and DuckDuckGo
• Sign into Google– https://google.com/history
– https://google.com/takeout
• Sign into Twitter– request your advertiser list
– see your own interests
• About the Data What is stored– https://aboutthedata.com/portal/registration/step1
Browser Fingerprinting
• Use Electronic Frontier Foundation
Panopticlick tool
– "Test Me”
• Sticky Trackers
– "stick" in your
browser - instead of disappearing when you
leave a website
Clean your Shadow• Clean Web Browser
– Use Ccleaner• DEMO
• Delete Apps you don’t use
• Turn Off location settings – Demo
• Use VPN
• Like Random things
• Delete mobile Number/ school/ work online
• Check App permissions
• Backup photos
• Use Password Manager
Basic Privacy Settings• Facebook go to settings Privacy
– Turn off location
– Select Friends for post, phone, email address
– No to search engines outside of Facebook
• Twitter profile picture>Settings>Security
– Photo tagging do not allow
– Protect my tweets
– Uncheck add location to tweets
– Uncheck let others find me by my email
Metadata• The most common types of metadata are:
– Software Version
– File share / servers
– Phone numbers, emails and usernames
– Location data: where your mobile phone is
– Date- and time-stamps on phone calls, emails, files, and photos.
– Information about the device you are using
– The subject lines of your emails
• Covered in NY DFS Security Regulation “nonpublic information”
Scrubbing Meta Data Discover Meta Data on websites
FOCA https://www.elevenpaths.com/labstools/foca/index.htm
SoftwareJpg and PNG metadata striper http://www.steelbytes.com/?mid=30
BatchPurifier LITE
http://www.digitalconfidence.com/downloads.html
Doc Scrubber
http://www.javacoolsoftware.com/dsdownload.html
See MetaData in photos http://regex.info/exif.cgi
Protect Mobile
• Keep all applications and system patched and updated
• Use 5 digit Pin to lock device (at least)
• Don't install 'off-road' Android apps
• Don't jailbreak/root your mobile
• Install antivirus
• Enable two-factor authentication on every account
• Remove apps you don't use
• Use a password manager\
• Cover WebCam / headphone-Mic Jack
• Turn Off WiFI – BlueTooth (when not using)
How Many APPS?• The Number of Apps on your Device
impacts your security exposure:
– 0-19 Low
– 20-39 Moderate
– 40-59 High
– 60+ Very High
• What does the App do for you… at what cost?
Before Crossing The Border• Register with Smart Traveler Enrollment Program
https://step.state.gov/step/
• First Backup Device and settings
• Establish a VPN account i.e. https://www.privateinternetaccess.com
• Make sure it is Encrypted Mobile, Laptop, & USB drive
• Factory Reset / reimage– Configure VPN you established before
• Encrypt mobile
• Strong passcode six digit at least (No Fingerprint)
More - Before Crossing The Border
• Use a Secure phone - Silent Circle Phone
“Blackphone” https://goo.gl/WnXfOa
• Turn Off WiFi and Bluetooth– Forget/ Remove all Wireless and Bluetooth networks (all the time)
• Disable Location tracking and history https://maps.google.com/locationhistory/b/0
• Delete all History before stepping off plane
• Turn off all location and tracking information
• Setup a Temp email i.e. [email protected] Forward email if
needed