Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Harbin clinic iot-mobile-no-vid

476 views

Published on

Mobile IoT and Digital Shadow Security Tips

Published in: Government & Nonprofit
  • Login to see the comments

  • Be the first to like this

Harbin clinic iot-mobile-no-vid

  1. 1. Securing Your Digital Shadow Ernest Staats MS Information Assurance, CISSP, CEH, CWNA, Security+, MCSE, CNA, I-Net+, Network+, Server+, A​+
  2. 2. Security Tips • Don't sign up using anothersocialnetworkingaccount • Lock down those socialnetworkprivacy settings • Think before you post • Lie. About. Everything
  3. 3. More Security Tips • Usea passwordmanager andtwo-factor authentication • Disposableemail DoNotTrackMe, and Yahoodisposable emails MeltMail • Usesecure browser suchasFirefox withlistedaddons • Create personal andprofessional personas • Delete yourInformationon Google • Google ads https://www.google.com/settings/u/0/ads/authenticated • Privacyhttps://myaccount.google.com/
  4. 4. Identity Protection Tips • Ask questions before you share it • Lock it up • Shred it before you put intrash • Password protect it • Freeze Credit (for allfamilymembers) • Checkall familymembers digital foot print • Set Google Alerts for family • https://www.google.com/alerts#
  5. 5. Understand Risk Mobile + IoT + Digital Shadow = Digital Monster • IoT Scanner https://iotscanner.bullguard.com/ • IoT Search - Shodan https://www.shodan.io/explore
  6. 6. Protect Personal & Work Data • Use and maintain anti-virus software and a firewall • Regularly scan your computer for spyware • Keep software up to date • Evaluate your software's settings • Remove unused software programs/Apps • Consider creating separate user accounts • Use passwords and encrypt sensitive files • Dispose of sensitive information properly
  7. 7. Protecting Your Privacy • Do business with credible companies • Do not use primary email in online submissions • Avoid submitting credit card information online • Devote one credit card to online purchases
  8. 8. Safe Social Networking • Lie • Limit personal information you post • Internet is a public resource • Be skeptical • Evaluate your settings • Be wary of third-party applications • Use strong passwords
  9. 9. Avoid Identity Theft • Do business with reputable companies • Check privacy policies • Be careful what information you publicize • Use and maintain anti-virus software and a firewall • Be aware of your account activity
  10. 10. Has your identity been stolen • Unusual or unexplainable charges on your bills • Phone calls or bills for accounts, products, or services that you do not have • Failure to receive regular bills or mail • New, strange accounts appearing on your credit report • Unexpected denial of your credit card
  11. 11. What is IoT
  12. 12. The ‘S” in IoT
  13. 13. Common Passwords IoT
  14. 14. IoT Discovery Security • Check your network from the outside – https://iotscanner.bullguard.com/ • If found then run https://www.shodan.io/ • Download and Run RIoT – https://www.beyondtrust.com/free-iot- vulnerability-scanner/
  15. 15. IoT Protection • Monthly check IoT & router's firmware • Change administration passwords • Change your Wi-Fi network name • Select WPA2 encryption for Wi-Fi • Stick a cut-off headset plug in laptop's microphone • Put Cover on Cam • Research smart-home devices
  16. 16. Check your System Firewall • Checkpoints free FW Verification • Ransomware • Identity Theft / Phishing • Zero Day Vulnerability • Bot Infection • Browser Attack • Anonymizer Usage • Sensitive Data leakage http://www.cpcheckme.com/checkme/
  17. 17. Digital Shadow • Nothing to hide • Don’t care if others know • Just the internet – Looking for a job or applying for credit • One in millions (still easy to find) • I get discounts (at what cost) • I am getting something for Free (no)
  18. 18. Known Digital Shadows PeekYou Give a lot ofInformationfor free just wait andscroll down http://www.peekyou.com/ Pipl Search fora person using nameandlocationhttps://pipl.com/ Check Mate Search fora person using nameandlocation https://www.instantcheckmate.com Spokeo Searches lots ofpublic Records to find informationabout someone http://www.spokeo.com US Search Search fora person using emailnameor user name http://www.ussearch.com/
  19. 19. Unknown Digital Shadows Pandora What do theylisten to and who is following them http://www.pandora.com/ Twitter See what they post online https://twitter.com/ Amazon What aretheir likes wishes and look at comments http://www.amazon.com/ Facebook Pay attention tofamily connections posting GPS https://www.facebook.com/ Linkedin What arethey posting https://www.linkedin.com/
  20. 20. Browser Trackers • Visible Trackers: – Google's red – G+ button – Facebook's "like” – Twitter's little blue bird .
  21. 21. Digital Hygiene • Keep an eye on your bank accounts - Click here to learn how to set up two-factor authentication. • Investigate your email address - Have I Been Pwned • Change your password - Read this article to help you create hack-proof passwords. • Close unused accounts - Here's an easy way to manage all of your online accounts at once. • Beware of phishing scams - Take our phishing IQ test to see if you can spot a fake email. • Manage passwords - LastPass or KeePass
  22. 22. Remove WiFi Networks • iPhone or Ipad: Settings → General → Reset → Reset Network Settings. • On Android phones and your computer you can see the wifi networks you've connected to before, and delete them individually.
  23. 23. Understand Your Shadow • Logout & clear browser of all settings • Search your Name, place of work, school, use google and DuckDuckGo • Sign into Google – https://google.com/history – https://google.com/takeout • Sign into Twitter – request your advertiser list – see your own interests • About the Data What is stored – https://aboutthedata.com/portal/registration/step1
  24. 24. About the Data
  25. 25. Browser Fingerprinting • Use Electronic Frontier Foundation Panopticlick tool – "Test Me” • Sticky Trackers – "stick" in your browser - instead of disappearing when you leave a website
  26. 26. Clean your Shadow • Clean Web Browser – Use Ccleaner • DEMO • Delete Apps you don’t use • Turn Off location settings – Demo • Use VPN • Like Random things • Delete mobile Number/ school/ work online • Check App permissions • Backup photos • Use Password Manager
  27. 27. Basic Privacy Settings • Facebook go to settings Privacy – Turn off location – Select Friends for post, phone, email address – No to search engines outside of Facebook • Twitter profile picture>Settings>Security – Photo tagging do not allow – Protect my tweets – Uncheck add location to tweets – Uncheck let others find me by my email
  28. 28. Metadata • The most common types of metadata are: – Software Version – File share / servers – Phone numbers, emails and usernames – Location data: where your mobile phone is – Date- and time-stamps on phone calls, emails, files, and photos. – Information about the device you are using – The subject lines of your emails • Covered in NY DFS Security Regulation “nonpublic information”
  29. 29. Scrubbing Meta Data Discover Meta Data on websites FOCA https://www.elevenpaths.com/labstools/foca/index.htm Software Jpg andPNGmetadatastriperhttp://www.steelbytes.com/?mid=30 BatchPurifierLITE http://www.digitalconfidence.com/downloads.html DocScrubber http://www.javacoolsoftware.com/dsdownload.html See MetaData in photos http://regex.info/exif.cgi
  30. 30. Secure Mobile • Mobile WiFi Demo:
  31. 31. Protect Mobile • Keep all applications and system patched and updated • Use 5 digit Pin to lock device (at least) • Don't install 'off-road' Android apps • Don't jailbreak/root your mobile • Install antivirus • Enable two-factor authentication on every account • Remove apps you don't use • Use a password manager • Cover WebCam / headphone-Mic Jack • Turn Off WiFI – BlueTooth (when not using)
  32. 32. How Many APPS? • The Number of Apps on your Device impacts your security exposure: – 0-19 Low – 20-39 Moderate – 40-59 High – 60+ Very High • What does the App do for you… at what cost?
  33. 33. Mobile Device Encryption • Encrypt Mobile and Backups – freshly-rebooted, without being unlocked
  34. 34. TURN OFF WiFi/Bluetooth
  35. 35. NIST Cybersecurity Framework
  36. 36. Before Crossing The Border • Register with Smart Traveler Enrollment Program https://step.state.gov/step/ • First Backup Device and settings • Establish a VPN account i.e. https://www.privateinternetaccess.com • Make sure it is Encrypted Mobile, Laptop, & USB drive • Factory Reset / reimage – Configure VPN you established before • Encrypt mobile • Strong passcode six digit at least (No Fingerprint)
  37. 37. More - Before Crossing The Border • Use a Secure phone - Silent Circle Phone “Blackphone” https://goo.gl/WnXfOa • Turn Off WiFi and Bluetooth – Forget/ Remove all Wireless and Bluetooth networks (all the time) • Disable Location tracking and history https://maps.google.com/locationhistory/b/0 • Delete all History before stepping off plane • Turn off all location and tracking information • Setup a Temp email i.e. PBJapple@gmail.com Forward email if needed

×