Protect Yourself from Cyber Risks 2012 SEAS Cybersecurity Awareness Day 10/17/12 Jay Carter, CISSP CISA
Agenda Overview Notable Targets of Hackers What You Can Do to Protect Yourself Identity Theft Questions 2
Overview The intent of this presentation is to raise your awareness to the continuous cybersecurity risks we all face daily in our personal lives, and to discuss what you can do to reduce your level of risk. This information is for personal consideration only, and must not be applied to University owned computers. The events discussed in this presentation were reported publically, and links to the sources are provided. No application mentioned in this presentation is endorsed by Harvard, nor used in the University s Information Security Program. 3
Torn from the Headlines How Apple and Amazon Security Flaws Led to My Epic Hacking (08/06/12) - http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honanhacking/ 6.4 Million Passwords Reportedly Stolen From LinkedIn Website (06/06/12) - http://abcnews.go.com/us/linkedin-hacked-64-million-user-passwordsreportedly-leaked/story?id=16508728#.uhwamyxrtw4 Dropbox gets hacked... Again (08/01/12) - http://www.zdnet.com/dropbox-gets-hacked-again-7000001928/ 4
Torn from the Headlines Anonymous Claims To Have Hacked Facebook s Website (06/01/12) - http://washington.cbslocal.com/2012/06/01/anonymous-claims-tohave-hacked-facebooks-website/ Like LinkedIn, eharmony is hacked; 1.5 million passwords stolen (06/06/12) - http://articles.latimes.com/2012/jun/06/business/la-fi-tn-eharmonyhacked-linkedin-20120606 itunes Hack: Users Report Unauthorized Charges On Accounts (02/10/12) - http://www.huffingtonpost.com/2012/02/10/itunes-hack-unauthorizedcharges-apple_n_1268593.html 5
There is Hope 6
Defense in Depth - Network Enable the firewall native to your Operating System - http://windows.microsoft.com/en-us/windows-vista/understanding- Windows-Firewall-settings - https://support.apple.com/kb/ht1810 Test your firewall - https://www.grc.com/x/ne.dll?bh0bkyd2 (Windows only) Wi-Fi Security - Best security practices http://www.wi-fi.org/discover-andlearn/security, http://wirelessdefence.org/contents/home%20wireless%20security% 20Tips.htm 7
Defense in Depth - OS Install antivirus software, good free choices: - http://windows.microsoft.com/en-us/windows/products/security-essentials - http://www.sophos.com/en-us/products/free-tools/sophos-antivirus-formac-home-edition.aspx Patch your computer to most current level Enable Automatic Updates - http://windows.microsoft.com/en-us/windows-vista/understanding- Windows-automatic-updating - https://www.apple.com/softwareupdate/ Operating System and software patch scanner - https://secunia.com/vulnerability_scanning/personal/ - http://informer-technologies-inc.mac.informer.com/ 8
Defense in Depth - Browser Consider using Chrome as your browser - https://www.computerworld.com/s/article/9223957/german_gov_t_end orses_chrome_as_most_secure_browser Security browser extensions - https://www.eff.org/https-everywhere - https://www.ghostery.com/ - http://donottrack.us/ - http://noscript.net/ 9
Protect Yourself Multi-factor Authentication something you know AND something you have - Gmail 2-step verification http://gmailblog.blogspot.com/2011/02/advanced-sign-in-security-foryour.html - Yahoo! second sign-in verification http://www.ymailblog.com/blog/2011/12/yahoo-introduces-stronger-userauthentication-%e2%80%93-second-sign-in-verification/ - PayPal Security Key https://www.paypal.com/us/cgibin?cmd=xpt/marketing_commanddriven/securitycenter/paypalsecurityk ey-outside&bn_r=o - Facebook Login Approvals https://www.facebook.com/note.php?note_id=10150172618258920 - Dropbox two-step verification https://blog.dropbox.com/index.php/another-layer-of-security-for-yourdropbox-account/ 10
Protect Yourself Password Manager/Safe DON T SAVE VIA BROWSER - LastPass http://lastpass.com/ - KeePass http://keepass.info/ Google Alerts for your personal information - http://www.google.com/alerts Review your Credit Reports - http://www.ftc.gov/bcp/edu/microsites/freereports/index.shtml All purpose security resources - http://www.onguardonline.gov/ - www.nsa.gov/ia/_files/factsheets/best_practices_datasheets.pdf - https://ssl.apple.com/support/security/ 11
Protect Yourself Encrypt your hard disk - Windows BitLocker http://windows.microsoft.com/en- US/windows7/products/features/bitlocker - Mac OS X FileVault https://support.apple.com/kb/ph7024 or https://support.apple.com/kb/ht4790 - TruCrypt http://www.truecrypt.org/ Backup your hard disk - Backup both locally AND online Windows http://windows.microsoft.com/en- US/windows7/products/features/backup-and-restore Mac OS X https://support.apple.com/kb/ht1553 Commodo Backup http://backup.comodo.com/ (Windows) SugarSync https://www.sugarsync.com/ MozyHome https://mozy.com/home/free/ 12
Protect Yourself Securely erase your hard disk - UCSD Center for Recording Magnetic Research http://cmrr.ucsd.edu/people/hughes/secureerase.shtml - Darik s Boot And Nuke (DBAN) http://www.dban.org/ Encrypt email containing your sensitive data - Hushmail https://www.hushmail.com/ Mobile Device Security - Android http://source.android.com/tech/security/ - ios https://www.apple.com/ipad/business/resources/ - Windows Phone http://www.microsoft.com/security/onlineprivacy/mobile-phone-safety.aspx 13
When It All Goes Wrong If you become a victim of identity theft - Federal Trade Commission http://www.ftc.gov/bcp/edu/microsites/idtheft/ - United States Postal Service https://postalinspectors.uspis.gov/investigations/mailfraud/fraudschem es/mailtheft/identitytheft.aspx - FBI https://www.fbi.gov/about-us/investigate/cyber/identity_theft - Massachusetts http://www.mass.gov/ocabr/consumer/identity-theft/ 14
Questions?