protecting your privacy: cyberspace security, real world safety
DESCRIPTION
Carpe Diem Strategic Services (CDSS), a veteran owned service-disabled business that offers education and training which addresses threats to digital communications and online privacy. Their mission is to assist individuals, families, and small businesses to understand, identify, and reduce threats and vulnerabilities that expose their business, financial, intellectual property, and sensitive personal data to potential exploitation and risk. (Presentation, slides, and content created by AEGILITY)TRANSCRIPT
Protecting Your Privacy CYBERSPACE SECURITY, REAL WORLD SAFETY
Presented by
Seminar Agenda
Session 1
45 Minutes
Introduction
Who we are
How we can help
Agenda/Session Goals
PowerPoint Preso (Main Focus)
Tools & Example
Break
10 Minutes
Session 2
15 Minutes
Beyond physical / local proximity
to deeper into Cyber
Groups
Trends
Q&A
TBD
5 Minutes
Session 3
15 Minutes
Closing/Next steps
Help with residual audience
installation of Browser / Add-Ons
/ Extensions
1:1 Q&A
Carpe Diem Strategic Services
(CDSS), a veteran owned service-
disabled business that offers
education and training which
addresses threats to digital
communications and online privacy.
Our mission is to assist individuals,
families, and small businesses to
understand, identify, and reduce
threats and vulnerabilities that expose
their business, financial, intellectual
property, and sensitive personal data
to potential exploitation and risk.
We provide easy-to-understand tips,
tools, and techniques that modify
potentially unwitting risky behavior.
Our Goals to Help You Protect Your Privacy
Knowledge transfer Reviewing the evolving vulnerability landscape and your mitigation steps
Identify your vulnerabilities Cyber Peeping Toms; Information Snoops, CPU Thieves
Adapt to your exposures Flood lights, Curtains, Controls, Behaviors
Secure your electronic devices, cards & personas Understanding what your device is doing - - being proactively curious
Coaching on how to educate family, friends, and
colleagues about cybersecurity Understanding how their behaviors impact you, family, employment
Visual proof of Peepers
Quick Fixes to Moderate to Increased Thoroughness
Behaviors more important than tools
Scope of Services:
The More You Look, The More You See
RISK MITIGATION Home or car alarms won’t
necessarily prevent attackers from
breaking into your house or vehicle.
However, improving your ability to
detect your exposures can help to
mitigate risks, loss of assets &
reduce future attacks.
Cyber Peeping
Toms
CPU Thieves
Info Snoops
On-line Family Diary
What Aspect of Your Life Is Not
Accessible by the Internet?
What’s Your Digital Persona?
What aspect of your life is not online?
Assessing Your Risk Profile
Introduction
Are you a target?
Where are your vulnerabilities?
Who are your adversaries?
What do they want?
How will they go about getting what they want?
What strategies will you use to protect your:
Image/Reputation
Family
Career
Finances
Assets
Lost assets are much easier to recover than your reputation
Assessing Your Risk Profile - Demo
Introduction
Network Monitoring
Wireless Monitoring
Getting Your Data to the Safety Zone
Banking/Financial Personal Data Buying Habits GPS Breadcrumbs
Encrypted Hard Drive
Encrypted Email
Anti-Virus Protection
Strong Password(s)
What security measures have you implemented?
What’s at stake?
Introduction
Identity fraud
Loss of money/finances
Higher interest rates, credit ineligibility, or bankruptcy
Time/Expense of resolving identity theft
Loss of privacy
Broken relationships
Damaged image/reputation
Personal safety/Kidnapping target
Decline in employability/healthcare
Quality vs. “Target Marketing” Advertisements
Is someone making your system obsolete?*
*System can be defined as
desktop/laptop computers,
smartphones, tablets, and
other Internet-ready devices
Did You Know?
According to the IC3* 2012 Internet Crime Report:
There were 289,874 complaints received with an
adjusted dollar loss of over $525 million
U.S. males slightly outnumbered females in complaints
filed
The highest percentage of complaints are between
40-59 years of age And those
statistics just account for the reported
cases!
*The Internet Crime
Complaint Center (IC3) is
a partnership between
the FBI and the NW3C.
Empower Yourself
Introduction
Detect
Respond Adapt
Prevent
Knowledge
Power
You Can Find Articles & Statistics…
Agenda
DEMONSTRATIONS
Live Demonstrations
Ghostery
Calomel SSL Validation
Open PGP
NoScript
Truecrypt
Google Images (http://images.google.com/)
Always assess how tools are supported
Agenda
TOOLS/RESOURCES
Ghostery
Ghostery® shows you the invisible
web – cookies, tags, web bugs, pixels
and beacons--and gives you a roll-
call of over 1,700 ad networks,
behavioral data providers, web
publishers and other companies
interested in your activity.
Then we help you learn about those
companies, so you can make
informed decisions about what you are/aren’t willing to share, and control your online privacy.
Ghostery is available for nearly every device and browser: Firefox,
IE, Safari, Chrome, Opera, iOS and Android via the Firefox Browser.
Calomel SSL Validation
This add-on was designed to more easily show
the true security state of the connection so
everyone can learn more about ciphers and
encryption using SSL. Firefox currently shows a
green URL tag for an extended validation (EV)
or a blue URL tag for a domain validation (DV)
certificate and a lock icon if the connection is
SSL encrypted.
We did not think this was enough information to
decide if the connection to the site was truly
secure. This is why the "Calomel SSL Validation"
add-on was developed. We score the
connection on the following items: if the
certificate was valid, if the fully qualified host
name is equal to the common name the
certificate was registered for and the strength
of the cipher and cipher key length.
NoScript
Introduction
The NoScript Firefox extension provides
extra protection for Firefox, Seamonkey
and other mozilla-based browsers: this
free, open source add-on allows JavaScript, Java, Flash and other plugins
to be executed only by trusted web sites of your choice (e.g. your online bank).
NoScript's unique whitelist based pre-
emptive script blocking approach prevents exploitation of security vulnerabilities (known and even not
known yet!) with no loss of functionality...
Open PGP
Introduction
OpenPGP is a non-proprietary protocol for encrypting
email using public key cryptography. It is based on PGP as
originally developed by Phil Zimmermann. The OpenPGP
protocol defines standard formats for encrypted messages,
signatures, and certificates for exchanging public keys.
Disk Encryption
Introduction
Creates a virtual encrypted disk within a file and mounts it as a real disk.
Encrypts an entire partition or storage device such as USB flash drive or hard
drive.
Encrypts a partition or drive where Windows is installed (pre-boot
authentication).
Encryption is automatic, real-time (on-the-fly) and transparent.
Comments We’ve Received
Not sure I know how to confirm deletion of my Blue-toothed
contacts at vehicle lease end.
Response to commercial trackers “ughh”, “wow”, “...is that legal for them to do?”
Is it safe to control my home security controls over the
Internet?
How do I know what my neighbors can see on my network?
Tried encrypted mail before but was too difficult and no
one to communicate with.
Disgusting
Had uneasy feeling that I was being tracked but didn't
know how or what to do.
Yeah, employees probably are putting things onto external
clouds (e.g. Google Docs, etc.) for convenience.
What can you do (sigh)?
Some Best Practices
Do not post too much personal information online
If it’s free, you are probably the payment…
Use special characters when creating passwords
Be curious about your Smart Device … look around
Do not store passwords online or on your computer
Update your anti-virus software often
Don’t store cookies
Looks for sites using https://
Encrypt hard drives to protect your personal data
Be wary of public Wi-Fi: Secure vs. Unsecure Networks
Turn off Blue Tooth if not being actively used
Understanding what others can see about you, your network
Learn privacy implication of features and new technology
Do not post too much personal information online
Additional Reading
Baby Monitor Vulnerability http://arstechnica.com/security/2013/10/hack-turns-belkin-baby-monitor-into-iphone-controlled-bugging-device/
LG SmartTV http://arstechnica.com/security/2013/11/lg-smart-tv-snooping-extends-to-home-networks-second-blogger-says/
Electronic Frontier Organization Suggestions on Surveillance Security (draft) https://ssd.eff.org/
Discussions (technical crowd) on Privacy http://slashdot.org/tags.pl?tagname=privacy
FBI Cyber Most Wanted http://www.fbi.gov/wanted/cyber
Logged Wi-Fi Networks https://wigle.net/
Privacy Topics https://en.wikipedia.org/wiki/Online_privacy
Monthly Newsletter (Coming Soon!)
Newsletter Title
TBD
CYBERSPACE SECURITY, REAL WORLD SAFETY
Next Steps
Want to stay current with the latest news, trends & tips
on protecting your privacy? Subscribe to our blog by
sending us an email at [email protected]