Securing Your Digital Shadow

Ernest StaatsMS Information Assurance, CISSP, CEH, CWNA,Security+, MCSE, CNA, I-Net+, Network+, Server+, A +

Security Tips• Don't sign up using another social networking account

• Lock down those social network privacy settings

• Think before you post

• Lie. About. Everything

More Security Tips

• Use a password manager and two-factor authentication

• Disposable email DoNotTrackMe, and Yahoo disposableemails Melt Mail

• Use secure browser such as Firefox with listed addons

• Create personal and professional personas

• Delete your Information on Google

• Google ads https://www.google.com/settings/u/0/ads/authenticated

• Privacy https://myaccount.google.com/

Identity Protection Tips

• Ask questions before you share it

• Lock it up

• Shred it before you put in trash

• Password protect it

• Freeze Credit (for all family members)

• Check all family members digital foot print

• Set Google Alerts for family

• https://www.google.com/alerts#

Understand Risk

Mobile + IoT + Digital Shadow = Digital Monster• IoT Scanner https://iotscanner.bullguard.com/

• IoT Search - Shodan https://www.shodan.io/explore

Protect Personal & Work Data

• Use and maintain anti-virus software and a firewall

• Regularly scan your computer for spyware

• Keep software up to date

• Evaluate your software's settings

• Remove unused software programs/Apps

• Consider creating separate user accounts

• Use passwords and encrypt sensitive files

• Dispose of sensitive information properly

Protecting Your Privacy

• Do business with credible companies

• Do not use primary email in online

submissions

• Avoid submitting credit card

information online

• Devote one credit card to online

purchases

Safe Social Networking

• Lie

• Limit personal information you post

• Internet is a public resource

• Be skeptical

• Evaluate your settings

• Be wary of third-party applications

• Use strong passwords

Avoid Identity Theft

• Do business with reputable companies

• Check privacy policies

• Be careful what information you

publicize

• Use and maintain anti-virus software

and a firewall

• Be aware of your account activity

Has your identity been stolen

• Unusual or unexplainable charges on your bills

• Phone calls or bills for accounts, products, or services that you do not have

• Failure to receive regular bills or mail

• New, strange accounts appearing on your credit report

• Unexpected denial of your credit card

What is IoT

The ‘S” in IoT

Common Passwords IoT

IoT Discovery Security

• Check your network from the outside

– https://iotscanner.bullguard.com/

• If found then run https://www.shodan.io/

• Download and Run RIoT

– https://www.beyondtrust.com/free-iot-

vulnerability-scanner/

IoT Protection

• Monthly check IoT & router's firmware

• Change administration passwords

• Change your Wi-Fi network name

• Select WPA2 encryption for Wi-Fi

• Stick a cut-off headset plug in laptop's

microphone

• Put Cover on Cam

• Research smart-home devices

Check your System Firewall

• Checkpoints free FW Verification • Ransomware

• Identity Theft / Phishing

• Zero Day Vulnerability

• Bot Infection

• Browser Attack

• Anonymizer Usage

• Sensitive Data leakage

http://www.cpcheckme.com/checkme/

Digital Shadow

• Nothing to hide

• Don’t care if others know

• Just the internet

– Looking for a job or applying for credit

• One in millions (still easy to find)

• I get discounts (at what cost)

• I am getting something for Free (no)

Known Digital ShadowsPeekYou

Give a lot of Information for free just wait and scroll down

http://www.peekyou.com/

PiplSearch for a person using name and location https://pipl.com/

Check MateSearch for a person using name and location

https://www.instantcheckmate.com

SpokeoSearches lots of public Records to find information about someone

http://www.spokeo.com

US Search Search for a person using email name or user name

http://www.ussearch.com/

Unknown Digital ShadowsPandora What do they listen to and who is following them http://www.pandora.com/Twitter See what they post online https://twitter.com/

Amazon

What are their likes wishes and look at comments http://www.amazon.com/

FacebookPay attention to family connections posting GPS https://www.facebook.com/

Linkedin

What are they posting https://www.linkedin.com/

Browser Trackers

• Visible Trackers:

– Google's red

– G+ button

– Facebook's "like”

– Twitter's little blue bird .

Digital Hygiene

• Keep an eye on your bank accounts - Click here to learn how to set up two-factor authentication.

• Investigate your email address - Have I Been Pwned

• Change your password - Read this article to help you create hack-proof passwords.

• Close unused accounts - Here's an easy way to manage all of your online accounts at once.

• Beware of phishing scams - Take our phishing IQ test to see if you can spot a fake email.

• Manage passwords - LastPass or KeePass

Remove WiFi Networks

• iPhone or Ipad:

Settings → General → Reset → Reset

Network Settings.

• On Android phones and your computer

you can see the wifi networks you've

connected to before, and delete them

individually.

Understand Your Shadow• Logout & clear browser of all settings

• Search your Name, place of work, school,

use google and DuckDuckGo

• Sign into Google– https://google.com/history

– https://google.com/takeout

• Sign into Twitter– request your advertiser list

– see your own interests

• About the Data What is stored– https://aboutthedata.com/portal/registration/step1

About the Data

Browser Fingerprinting

• Use Electronic Frontier Foundation

Panopticlick tool

– "Test Me”

• Sticky Trackers

– "stick" in your

browser - instead of disappearing when you

leave a website

Clean your Shadow• Clean Web Browser

– Use Ccleaner• DEMO

• Delete Apps you don’t use

• Turn Off location settings – Demo

• Use VPN

• Like Random things

• Delete mobile Number/ school/ work online

• Check App permissions

• Backup photos

• Use Password Manager

Basic Privacy Settings• Facebook go to settings Privacy

– Turn off location

– Select Friends for post, phone, email address

– No to search engines outside of Facebook

• Twitter profile picture>Settings>Security

– Photo tagging do not allow

– Protect my tweets

– Uncheck add location to tweets

– Uncheck let others find me by my email

Metadata• The most common types of metadata are:

– Software Version

– File share / servers

– Phone numbers, emails and usernames

– Location data: where your mobile phone is

– Date- and time-stamps on phone calls, emails, files, and photos.

– Information about the device you are using

– The subject lines of your emails

• Covered in NY DFS Security Regulation “nonpublic information”

Scrubbing Meta Data Discover Meta Data on websites

FOCA https://www.elevenpaths.com/labstools/foca/index.htm

SoftwareJpg and PNG metadata striper http://www.steelbytes.com/?mid=30

BatchPurifier LITE

http://www.digitalconfidence.com/downloads.html

Doc Scrubber

http://www.javacoolsoftware.com/dsdownload.html

See MetaData in photos http://regex.info/exif.cgi

Secure Mobile

• Mobile WiFi Demo:

Protect Mobile

• Keep all applications and system patched and updated

• Use 5 digit Pin to lock device (at least)

• Don't install 'off-road' Android apps

• Don't jailbreak/root your mobile

• Install antivirus

• Enable two-factor authentication on every account

• Remove apps you don't use

• Use a password manager\

• Cover WebCam / headphone-Mic Jack

• Turn Off WiFI – BlueTooth (when not using)

How Many APPS?• The Number of Apps on your Device

impacts your security exposure:

– 0-19 Low

– 20-39 Moderate

– 40-59 High

– 60+ Very High

• What does the App do for you… at what cost?

Mobile Device Encryption

• Encrypt Mobile and Backups

– freshly-rebooted, without being unlocked

TURN OFF WiFi/Bluetooth

NIST Cybersecurity Framework

Before Crossing The Border• Register with Smart Traveler Enrollment Program

https://step.state.gov/step/

• First Backup Device and settings

• Establish a VPN account i.e. https://www.privateinternetaccess.com

• Make sure it is Encrypted Mobile, Laptop, & USB drive

• Factory Reset / reimage– Configure VPN you established before

• Encrypt mobile

• Strong passcode six digit at least (No Fingerprint)

More - Before Crossing The Border

• Use a Secure phone - Silent Circle Phone

“Blackphone” https://goo.gl/WnXfOa

• Turn Off WiFi and Bluetooth– Forget/ Remove all Wireless and Bluetooth networks (all the time)

• Disable Location tracking and history https://maps.google.com/locationhistory/b/0

• Delete all History before stepping off plane

• Turn off all location and tracking information

• Setup a Temp email i.e. PBJapple@gmail.com Forward email if

needed