1. Securing Your Digital Shadow
Ernest Staats
MS Information Assurance, CISSP, CEH, CWNA,
Security+, MCSE, CNA, I-Net+, Network+, Server+, A​+

2. Security Tips
• Don't sign up using anothersocialnetworkingaccount
• Lock down those socialnetworkprivacy settings
• Think before you post
• Lie. About. Everything

3. More Security Tips
• Usea passwordmanager andtwo-factor authentication
• Disposableemail DoNotTrackMe, and Yahoodisposable
emails MeltMail
• Usesecure browser suchasFirefox withlistedaddons
• Create personal andprofessional personas
• Delete yourInformationon Google
• Google ads
https://www.google.com/settings/u/0/ads/authenticated
• Privacyhttps://myaccount.google.com/

4. Identity Protection Tips
• Ask questions before you share it
• Lock it up
• Shred it before you put intrash
• Password protect it
• Freeze Credit (for allfamilymembers)
• Checkall familymembers digital foot print
• Set Google Alerts for family
• https://www.google.com/alerts#

5. Understand Risk
Mobile + IoT + Digital Shadow = Digital Monster
• IoT Scanner https://iotscanner.bullguard.com/
• IoT Search - Shodan https://www.shodan.io/explore

6. Protect Personal & Work Data
• Use and maintain anti-virus software and
a firewall
• Regularly scan your computer for
spyware
• Keep software up to date
• Evaluate your software's settings
• Remove unused software programs/Apps
• Consider creating separate user accounts
• Use passwords and encrypt sensitive files
• Dispose of sensitive information properly

7. Protecting Your Privacy
• Do business with credible companies
• Do not use primary email in online
submissions
• Avoid submitting credit card
information online
• Devote one credit card to online
purchases

8. Safe Social Networking
• Lie
• Limit personal information you post
• Internet is a public resource
• Be skeptical
• Evaluate your settings
• Be wary of third-party applications
• Use strong passwords

9. Avoid Identity Theft
• Do business with reputable companies
• Check privacy policies
• Be careful what information you
publicize
• Use and maintain anti-virus software
and a firewall
• Be aware of your account activity

10. Has your identity been stolen
• Unusual or unexplainable charges on
your bills
• Phone calls or bills for accounts,
products, or services that you do not
have
• Failure to receive regular bills or mail
• New, strange accounts appearing on
your credit report
• Unexpected denial of your credit card

11. What is IoT

12. The ‘S” in IoT

13. Common Passwords IoT

14. IoT Discovery Security
• Check your network from the outside
– https://iotscanner.bullguard.com/
• If found then run https://www.shodan.io/
• Download and Run RIoT
– https://www.beyondtrust.com/free-iot-
vulnerability-scanner/

15. IoT Protection
• Monthly check IoT & router's firmware
• Change administration passwords
• Change your Wi-Fi network name
• Select WPA2 encryption for Wi-Fi
• Stick a cut-off headset plug in laptop's
microphone
• Put Cover on Cam
• Research smart-home devices

16. Check your System Firewall
• Checkpoints free FW Verification
• Ransomware
• Identity Theft / Phishing
• Zero Day Vulnerability
• Bot Infection
• Browser Attack
• Anonymizer Usage
• Sensitive Data leakage
http://www.cpcheckme.com/checkme/

17. Digital Shadow
• Nothing to hide
• Don’t care if others know
• Just the internet
– Looking for a job or applying for credit
• One in millions (still easy to find)
• I get discounts (at what cost)
• I am getting something for Free (no)

18. Known Digital Shadows
PeekYou
Give a lot ofInformationfor free just wait andscroll down
http://www.peekyou.com/
Pipl
Search fora person using nameandlocationhttps://pipl.com/
Check Mate
Search fora person using nameandlocation
https://www.instantcheckmate.com
Spokeo
Searches lots ofpublic Records to find informationabout someone
http://www.spokeo.com
US Search
Search fora person using emailnameor user name
http://www.ussearch.com/

19. Unknown Digital Shadows
Pandora
What do theylisten to and who is following them http://www.pandora.com/
Twitter
See what they post online https://twitter.com/
Amazon
What aretheir likes wishes and look at comments http://www.amazon.com/
Facebook
Pay attention tofamily connections posting GPS
https://www.facebook.com/
Linkedin
What arethey posting https://www.linkedin.com/

20. Browser Trackers
• Visible Trackers:
– Google's red
– G+ button
– Facebook's "like”
– Twitter's little blue bird .

21. Digital Hygiene
• Keep an eye on your bank accounts - Click here
to learn how to set up two-factor authentication.
• Investigate your email address - Have I Been
Pwned
• Change your password - Read this article to help
you create hack-proof passwords.
• Close unused accounts - Here's an easy way to
manage all of your online accounts at once.
• Beware of phishing scams - Take our phishing
IQ test to see if you can spot a fake email.
• Manage passwords - LastPass or KeePass

22. Remove WiFi Networks
• iPhone or Ipad:
Settings → General → Reset → Reset
Network Settings.
• On Android phones and your computer
you can see the wifi networks you've
connected to before, and delete them
individually.

23. Understand Your Shadow
• Logout & clear browser of all settings
• Search your Name, place of work, school,
use google and DuckDuckGo
• Sign into Google
– https://google.com/history
– https://google.com/takeout
• Sign into Twitter
– request your advertiser list
– see your own interests
• About the Data What is stored
– https://aboutthedata.com/portal/registration/step1

24. About the Data

25. Browser Fingerprinting
• Use Electronic Frontier Foundation
Panopticlick tool
– "Test Me”
• Sticky Trackers
– "stick" in your
browser - instead of disappearing when you
leave a website

26. Clean your Shadow
• Clean Web Browser
– Use Ccleaner
• DEMO
• Delete Apps you don’t use
• Turn Off location settings
– Demo
• Use VPN
• Like Random things
• Delete mobile Number/ school/ work online
• Check App permissions
• Backup photos
• Use Password Manager

27. Basic Privacy Settings
• Facebook go to settings Privacy
– Turn off location
– Select Friends for post, phone, email address
– No to search engines outside of Facebook
• Twitter profile picture>Settings>Security
– Photo tagging do not allow
– Protect my tweets
– Uncheck add location to tweets
– Uncheck let others find me by my email

28. Metadata
• The most common types of metadata are:
– Software Version
– File share / servers
– Phone numbers, emails and usernames
– Location data: where your mobile phone is
– Date- and time-stamps on phone calls,
emails, files, and photos.
– Information about the device you are using
– The subject lines of your emails
• Covered in NY DFS Security Regulation “nonpublic information”

29. Scrubbing Meta Data
Discover Meta Data on websites
FOCA https://www.elevenpaths.com/labstools/foca/index.htm
Software
Jpg andPNGmetadatastriperhttp://www.steelbytes.com/?mid=30
BatchPurifierLITE
http://www.digitalconfidence.com/downloads.html
DocScrubber
http://www.javacoolsoftware.com/dsdownload.html
See MetaData in photos
http://regex.info/exif.cgi

30. Secure Mobile
• Mobile WiFi Demo:

31. Protect Mobile
• Keep all applications and system patched and
updated
• Use 5 digit Pin to lock device (at least)
• Don't install 'off-road' Android apps
• Don't jailbreak/root your mobile
• Install antivirus
• Enable two-factor authentication on every account
• Remove apps you don't use
• Use a password manager
• Cover WebCam / headphone-Mic Jack
• Turn Off WiFI – BlueTooth (when not using)

32. How Many APPS?
• The Number of Apps on your Device
impacts your security exposure:
– 0-19 Low
– 20-39 Moderate
– 40-59 High
– 60+ Very High
• What does the App do for you… at what
cost?

33. Mobile Device Encryption
• Encrypt Mobile and Backups
– freshly-rebooted, without being unlocked

34. TURN OFF WiFi/Bluetooth

36. NIST Cybersecurity Framework

37. Before Crossing The Border
• Register with Smart Traveler Enrollment Program
https://step.state.gov/step/
• First Backup Device and settings
• Establish a VPN account i.e. https://www.privateinternetaccess.com
• Make sure it is Encrypted Mobile, Laptop, & USB drive
• Factory Reset / reimage
– Configure VPN you established before
• Encrypt mobile
• Strong passcode six digit at least (No Fingerprint)

38. More - Before Crossing The Border
• Use a Secure phone - Silent Circle Phone
“Blackphone” https://goo.gl/WnXfOa
• Turn Off WiFi and Bluetooth
– Forget/ Remove all Wireless and Bluetooth networks (all the time)
• Disable Location tracking and history
https://maps.google.com/locationhistory/b/0
• Delete all History before stepping off plane
• Turn off all location and tracking information
• Setup a Temp email i.e. PBJapple@gmail.com Forward email if
needed