Successfully reported this slideshow.

Harbin clinic iot-mobile-no-vid

1

Share

Loading in …3
×
1 of 38
1 of 38

Harbin clinic iot-mobile-no-vid

1

Share

Download to read offline

Description

Mobile IoT and Digital Shadow Security Tips

Transcript

  1. 1. Securing Your Digital Shadow Ernest Staats MS Information Assurance, CISSP, CEH, CWNA, Security+, MCSE, CNA, I-Net+, Network+, Server+, A​+
  2. 2. Security Tips • Don't sign up using anothersocialnetworkingaccount • Lock down those socialnetworkprivacy settings • Think before you post • Lie. About. Everything
  3. 3. More Security Tips • Usea passwordmanager andtwo-factor authentication • Disposableemail DoNotTrackMe, and Yahoodisposable emails MeltMail • Usesecure browser suchasFirefox withlistedaddons • Create personal andprofessional personas • Delete yourInformationon Google • Google ads https://www.google.com/settings/u/0/ads/authenticated • Privacyhttps://myaccount.google.com/
  4. 4. Identity Protection Tips • Ask questions before you share it • Lock it up • Shred it before you put intrash • Password protect it • Freeze Credit (for allfamilymembers) • Checkall familymembers digital foot print • Set Google Alerts for family • https://www.google.com/alerts#
  5. 5. Understand Risk Mobile + IoT + Digital Shadow = Digital Monster • IoT Scanner https://iotscanner.bullguard.com/ • IoT Search - Shodan https://www.shodan.io/explore
  6. 6. Protect Personal & Work Data • Use and maintain anti-virus software and a firewall • Regularly scan your computer for spyware • Keep software up to date • Evaluate your software's settings • Remove unused software programs/Apps • Consider creating separate user accounts • Use passwords and encrypt sensitive files • Dispose of sensitive information properly
  7. 7. Protecting Your Privacy • Do business with credible companies • Do not use primary email in online submissions • Avoid submitting credit card information online • Devote one credit card to online purchases
  8. 8. Safe Social Networking • Lie • Limit personal information you post • Internet is a public resource • Be skeptical • Evaluate your settings • Be wary of third-party applications • Use strong passwords
  9. 9. Avoid Identity Theft • Do business with reputable companies • Check privacy policies • Be careful what information you publicize • Use and maintain anti-virus software and a firewall • Be aware of your account activity
  10. 10. Has your identity been stolen • Unusual or unexplainable charges on your bills • Phone calls or bills for accounts, products, or services that you do not have • Failure to receive regular bills or mail • New, strange accounts appearing on your credit report • Unexpected denial of your credit card
  11. 11. What is IoT
  12. 12. The ‘S” in IoT
  13. 13. Common Passwords IoT
  14. 14. IoT Discovery Security • Check your network from the outside – https://iotscanner.bullguard.com/ • If found then run https://www.shodan.io/ • Download and Run RIoT – https://www.beyondtrust.com/free-iot- vulnerability-scanner/
  15. 15. IoT Protection • Monthly check IoT & router's firmware • Change administration passwords • Change your Wi-Fi network name • Select WPA2 encryption for Wi-Fi • Stick a cut-off headset plug in laptop's microphone • Put Cover on Cam • Research smart-home devices
  16. 16. Check your System Firewall • Checkpoints free FW Verification • Ransomware • Identity Theft / Phishing • Zero Day Vulnerability • Bot Infection • Browser Attack • Anonymizer Usage • Sensitive Data leakage http://www.cpcheckme.com/checkme/
  17. 17. Digital Shadow • Nothing to hide • Don’t care if others know • Just the internet – Looking for a job or applying for credit • One in millions (still easy to find) • I get discounts (at what cost) • I am getting something for Free (no)
  18. 18. Known Digital Shadows PeekYou Give a lot ofInformationfor free just wait andscroll down http://www.peekyou.com/ Pipl Search fora person using nameandlocationhttps://pipl.com/ Check Mate Search fora person using nameandlocation https://www.instantcheckmate.com Spokeo Searches lots ofpublic Records to find informationabout someone http://www.spokeo.com US Search Search fora person using emailnameor user name http://www.ussearch.com/
  19. 19. Unknown Digital Shadows Pandora What do theylisten to and who is following them http://www.pandora.com/ Twitter See what they post online https://twitter.com/ Amazon What aretheir likes wishes and look at comments http://www.amazon.com/ Facebook Pay attention tofamily connections posting GPS https://www.facebook.com/ Linkedin What arethey posting https://www.linkedin.com/
  20. 20. Browser Trackers • Visible Trackers: – Google's red – G+ button – Facebook's "like” – Twitter's little blue bird .
  21. 21. Digital Hygiene • Keep an eye on your bank accounts - Click here to learn how to set up two-factor authentication. • Investigate your email address - Have I Been Pwned • Change your password - Read this article to help you create hack-proof passwords. • Close unused accounts - Here's an easy way to manage all of your online accounts at once. • Beware of phishing scams - Take our phishing IQ test to see if you can spot a fake email. • Manage passwords - LastPass or KeePass
  22. 22. Remove WiFi Networks • iPhone or Ipad: Settings → General → Reset → Reset Network Settings. • On Android phones and your computer you can see the wifi networks you've connected to before, and delete them individually.
  23. 23. Understand Your Shadow • Logout & clear browser of all settings • Search your Name, place of work, school, use google and DuckDuckGo • Sign into Google – https://google.com/history – https://google.com/takeout • Sign into Twitter – request your advertiser list – see your own interests • About the Data What is stored – https://aboutthedata.com/portal/registration/step1
  24. 24. About the Data
  25. 25. Browser Fingerprinting • Use Electronic Frontier Foundation Panopticlick tool – "Test Me” • Sticky Trackers – "stick" in your browser - instead of disappearing when you leave a website
  26. 26. Clean your Shadow • Clean Web Browser – Use Ccleaner • DEMO • Delete Apps you don’t use • Turn Off location settings – Demo • Use VPN • Like Random things • Delete mobile Number/ school/ work online • Check App permissions • Backup photos • Use Password Manager
  27. 27. Basic Privacy Settings • Facebook go to settings Privacy – Turn off location – Select Friends for post, phone, email address – No to search engines outside of Facebook • Twitter profile picture>Settings>Security – Photo tagging do not allow – Protect my tweets – Uncheck add location to tweets – Uncheck let others find me by my email
  28. 28. Metadata • The most common types of metadata are: – Software Version – File share / servers – Phone numbers, emails and usernames – Location data: where your mobile phone is – Date- and time-stamps on phone calls, emails, files, and photos. – Information about the device you are using – The subject lines of your emails • Covered in NY DFS Security Regulation “nonpublic information”
  29. 29. Scrubbing Meta Data Discover Meta Data on websites FOCA https://www.elevenpaths.com/labstools/foca/index.htm Software Jpg andPNGmetadatastriperhttp://www.steelbytes.com/?mid=30 BatchPurifierLITE http://www.digitalconfidence.com/downloads.html DocScrubber http://www.javacoolsoftware.com/dsdownload.html See MetaData in photos http://regex.info/exif.cgi
  30. 30. Secure Mobile • Mobile WiFi Demo:
  31. 31. Protect Mobile • Keep all applications and system patched and updated • Use 5 digit Pin to lock device (at least) • Don't install 'off-road' Android apps • Don't jailbreak/root your mobile • Install antivirus • Enable two-factor authentication on every account • Remove apps you don't use • Use a password manager • Cover WebCam / headphone-Mic Jack • Turn Off WiFI – BlueTooth (when not using)
  32. 32. How Many APPS? • The Number of Apps on your Device impacts your security exposure: – 0-19 Low – 20-39 Moderate – 40-59 High – 60+ Very High • What does the App do for you… at what cost?
  33. 33. Mobile Device Encryption • Encrypt Mobile and Backups – freshly-rebooted, without being unlocked
  34. 34. TURN OFF WiFi/Bluetooth
  35. 35. NIST Cybersecurity Framework
  36. 36. Before Crossing The Border • Register with Smart Traveler Enrollment Program https://step.state.gov/step/ • First Backup Device and settings • Establish a VPN account i.e. https://www.privateinternetaccess.com • Make sure it is Encrypted Mobile, Laptop, & USB drive • Factory Reset / reimage – Configure VPN you established before • Encrypt mobile • Strong passcode six digit at least (No Fingerprint)
  37. 37. More - Before Crossing The Border • Use a Secure phone - Silent Circle Phone “Blackphone” https://goo.gl/WnXfOa • Turn Off WiFi and Bluetooth – Forget/ Remove all Wireless and Bluetooth networks (all the time) • Disable Location tracking and history https://maps.google.com/locationhistory/b/0 • Delete all History before stepping off plane • Turn off all location and tracking information • Setup a Temp email i.e. PBJapple@gmail.com Forward email if needed

Description

Mobile IoT and Digital Shadow Security Tips

Transcript

  1. 1. Securing Your Digital Shadow Ernest Staats MS Information Assurance, CISSP, CEH, CWNA, Security+, MCSE, CNA, I-Net+, Network+, Server+, A​+
  2. 2. Security Tips • Don't sign up using anothersocialnetworkingaccount • Lock down those socialnetworkprivacy settings • Think before you post • Lie. About. Everything
  3. 3. More Security Tips • Usea passwordmanager andtwo-factor authentication • Disposableemail DoNotTrackMe, and Yahoodisposable emails MeltMail • Usesecure browser suchasFirefox withlistedaddons • Create personal andprofessional personas • Delete yourInformationon Google • Google ads https://www.google.com/settings/u/0/ads/authenticated • Privacyhttps://myaccount.google.com/
  4. 4. Identity Protection Tips • Ask questions before you share it • Lock it up • Shred it before you put intrash • Password protect it • Freeze Credit (for allfamilymembers) • Checkall familymembers digital foot print • Set Google Alerts for family • https://www.google.com/alerts#
  5. 5. Understand Risk Mobile + IoT + Digital Shadow = Digital Monster • IoT Scanner https://iotscanner.bullguard.com/ • IoT Search - Shodan https://www.shodan.io/explore
  6. 6. Protect Personal & Work Data • Use and maintain anti-virus software and a firewall • Regularly scan your computer for spyware • Keep software up to date • Evaluate your software's settings • Remove unused software programs/Apps • Consider creating separate user accounts • Use passwords and encrypt sensitive files • Dispose of sensitive information properly
  7. 7. Protecting Your Privacy • Do business with credible companies • Do not use primary email in online submissions • Avoid submitting credit card information online • Devote one credit card to online purchases
  8. 8. Safe Social Networking • Lie • Limit personal information you post • Internet is a public resource • Be skeptical • Evaluate your settings • Be wary of third-party applications • Use strong passwords
  9. 9. Avoid Identity Theft • Do business with reputable companies • Check privacy policies • Be careful what information you publicize • Use and maintain anti-virus software and a firewall • Be aware of your account activity
  10. 10. Has your identity been stolen • Unusual or unexplainable charges on your bills • Phone calls or bills for accounts, products, or services that you do not have • Failure to receive regular bills or mail • New, strange accounts appearing on your credit report • Unexpected denial of your credit card
  11. 11. What is IoT
  12. 12. The ‘S” in IoT
  13. 13. Common Passwords IoT
  14. 14. IoT Discovery Security • Check your network from the outside – https://iotscanner.bullguard.com/ • If found then run https://www.shodan.io/ • Download and Run RIoT – https://www.beyondtrust.com/free-iot- vulnerability-scanner/
  15. 15. IoT Protection • Monthly check IoT & router's firmware • Change administration passwords • Change your Wi-Fi network name • Select WPA2 encryption for Wi-Fi • Stick a cut-off headset plug in laptop's microphone • Put Cover on Cam • Research smart-home devices
  16. 16. Check your System Firewall • Checkpoints free FW Verification • Ransomware • Identity Theft / Phishing • Zero Day Vulnerability • Bot Infection • Browser Attack • Anonymizer Usage • Sensitive Data leakage http://www.cpcheckme.com/checkme/
  17. 17. Digital Shadow • Nothing to hide • Don’t care if others know • Just the internet – Looking for a job or applying for credit • One in millions (still easy to find) • I get discounts (at what cost) • I am getting something for Free (no)
  18. 18. Known Digital Shadows PeekYou Give a lot ofInformationfor free just wait andscroll down http://www.peekyou.com/ Pipl Search fora person using nameandlocationhttps://pipl.com/ Check Mate Search fora person using nameandlocation https://www.instantcheckmate.com Spokeo Searches lots ofpublic Records to find informationabout someone http://www.spokeo.com US Search Search fora person using emailnameor user name http://www.ussearch.com/
  19. 19. Unknown Digital Shadows Pandora What do theylisten to and who is following them http://www.pandora.com/ Twitter See what they post online https://twitter.com/ Amazon What aretheir likes wishes and look at comments http://www.amazon.com/ Facebook Pay attention tofamily connections posting GPS https://www.facebook.com/ Linkedin What arethey posting https://www.linkedin.com/
  20. 20. Browser Trackers • Visible Trackers: – Google's red – G+ button – Facebook's "like” – Twitter's little blue bird .
  21. 21. Digital Hygiene • Keep an eye on your bank accounts - Click here to learn how to set up two-factor authentication. • Investigate your email address - Have I Been Pwned • Change your password - Read this article to help you create hack-proof passwords. • Close unused accounts - Here's an easy way to manage all of your online accounts at once. • Beware of phishing scams - Take our phishing IQ test to see if you can spot a fake email. • Manage passwords - LastPass or KeePass
  22. 22. Remove WiFi Networks • iPhone or Ipad: Settings → General → Reset → Reset Network Settings. • On Android phones and your computer you can see the wifi networks you've connected to before, and delete them individually.
  23. 23. Understand Your Shadow • Logout & clear browser of all settings • Search your Name, place of work, school, use google and DuckDuckGo • Sign into Google – https://google.com/history – https://google.com/takeout • Sign into Twitter – request your advertiser list – see your own interests • About the Data What is stored – https://aboutthedata.com/portal/registration/step1
  24. 24. About the Data
  25. 25. Browser Fingerprinting • Use Electronic Frontier Foundation Panopticlick tool – "Test Me” • Sticky Trackers – "stick" in your browser - instead of disappearing when you leave a website
  26. 26. Clean your Shadow • Clean Web Browser – Use Ccleaner • DEMO • Delete Apps you don’t use • Turn Off location settings – Demo • Use VPN • Like Random things • Delete mobile Number/ school/ work online • Check App permissions • Backup photos • Use Password Manager
  27. 27. Basic Privacy Settings • Facebook go to settings Privacy – Turn off location – Select Friends for post, phone, email address – No to search engines outside of Facebook • Twitter profile picture>Settings>Security – Photo tagging do not allow – Protect my tweets – Uncheck add location to tweets – Uncheck let others find me by my email
  28. 28. Metadata • The most common types of metadata are: – Software Version – File share / servers – Phone numbers, emails and usernames – Location data: where your mobile phone is – Date- and time-stamps on phone calls, emails, files, and photos. – Information about the device you are using – The subject lines of your emails • Covered in NY DFS Security Regulation “nonpublic information”
  29. 29. Scrubbing Meta Data Discover Meta Data on websites FOCA https://www.elevenpaths.com/labstools/foca/index.htm Software Jpg andPNGmetadatastriperhttp://www.steelbytes.com/?mid=30 BatchPurifierLITE http://www.digitalconfidence.com/downloads.html DocScrubber http://www.javacoolsoftware.com/dsdownload.html See MetaData in photos http://regex.info/exif.cgi
  30. 30. Secure Mobile • Mobile WiFi Demo:
  31. 31. Protect Mobile • Keep all applications and system patched and updated • Use 5 digit Pin to lock device (at least) • Don't install 'off-road' Android apps • Don't jailbreak/root your mobile • Install antivirus • Enable two-factor authentication on every account • Remove apps you don't use • Use a password manager • Cover WebCam / headphone-Mic Jack • Turn Off WiFI – BlueTooth (when not using)
  32. 32. How Many APPS? • The Number of Apps on your Device impacts your security exposure: – 0-19 Low – 20-39 Moderate – 40-59 High – 60+ Very High • What does the App do for you… at what cost?
  33. 33. Mobile Device Encryption • Encrypt Mobile and Backups – freshly-rebooted, without being unlocked
  34. 34. TURN OFF WiFi/Bluetooth
  35. 35. NIST Cybersecurity Framework
  36. 36. Before Crossing The Border • Register with Smart Traveler Enrollment Program https://step.state.gov/step/ • First Backup Device and settings • Establish a VPN account i.e. https://www.privateinternetaccess.com • Make sure it is Encrypted Mobile, Laptop, & USB drive • Factory Reset / reimage – Configure VPN you established before • Encrypt mobile • Strong passcode six digit at least (No Fingerprint)
  37. 37. More - Before Crossing The Border • Use a Secure phone - Silent Circle Phone “Blackphone” https://goo.gl/WnXfOa • Turn Off WiFi and Bluetooth – Forget/ Remove all Wireless and Bluetooth networks (all the time) • Disable Location tracking and history https://maps.google.com/locationhistory/b/0 • Delete all History before stepping off plane • Turn off all location and tracking information • Setup a Temp email i.e. PBJapple@gmail.com Forward email if needed

More Related Content

×