Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.

Introduction to Personal Privacy and Security

171 vues

Publié le

Many are concerned about their own personal digital privacy and security. This slide deck introduces you to privacy and security concepts, ways to keep safe in the digital world, and some resources for further education and research.

  • Soyez le premier à commenter

Introduction to Personal Privacy and Security

  1. 1. Introduction to Personal Digital Security and Privacy Robert Hurlbut RobertHurlbut.com • @RobertHurlbut
  2. 2. Robert Hurlbut Software Security Architect Microsoft MVP – Developer Security 2005-2010, 2015- 2018 (ISC)2 CSSLP 2014-2017 Co-host Application Security Podcast (@appsecpodcast) Contacts Web Site: https://roberthurlbut.com LinkedIn: RobertHurlbut Twitter: @RobertHurlbut © 2017 Robert Hurlbut
  3. 3. Connected world We live in a very connected and tracked world When we … browse the web, send an email, turn on our phones, purchase items with our credit cards - all of it is tracked for various reasons Some of this may be useful, but in some cases, this information can be harmful or used for nefarious purposes © 2017 Robert Hurlbut
  4. 4. Privacy The desire of a person to control the disclosure of personal information © 2017 Robert Hurlbut
  5. 5. Confidentiality The ability of a person to control release of personal information to another entity under an agreement limiting further release of that information © 2017 Robert Hurlbut
  6. 6. Security Protection of privacy and confidentiality through policies, procedures and safeguards © 2017 Robert Hurlbut
  7. 7. Why do they matter? Ethically, privacy and confidentiality are considered to be rights (in our culture) Information revealed may result in harm to interests of the individual © 2017 Robert Hurlbut
  8. 8. Solutions to Personal Digital Privacy and Security Passwords, Password Manager, and 2FA Email Credit Cards Cloud Storage Virtual Private Network (VPN) Browsing Options Tor Tails Other Recommendations Personal Mobile and Wi-Fi Security © 2017 Robert Hurlbut
  9. 9. Passwords Passwords are not easy to manage Need to remember the rules – and many still write them down Many use a version of <password>1, <password>2, <password>3 to keep them different Best passwords are passphrases (25+ characters) Green Horses Jumps Orange Fences Tiny Elephant Is 35% Home Cooked Check if your email / password has been compromised by entering your email: https://haveibeenpwned.com/ © 2017 Robert Hurlbut
  10. 10. Password Manager Help manage passwords – one master password to unlock many passwords Helps with creating secure passwords Helps with managing unique passwords (one per website) Can also use to keep track of answers to security questions, etc. 1Password https://1password.com/ Blur https://dnt.abine.com/ (many other services) © 2017 Robert Hurlbut
  11. 11. 2FA – Two Factor Authentication One password is not enough for keeping accounts safe Many services now offer 2FA – Amazon, Google, Microsoft, etc. https://twofactorauth.org/ Set up with SMS, or better, with an Authenticator App Google Authenticator (avail. for iOS, Android, etc.) Authy (https://authy.com/) (avail. for iOS, Android, etc.) © 2017 Robert Hurlbut
  12. 12. Email All email is wide open – anyone could potentially read it Plus, it is stored in copies somewhere (even if deleted on your local email app) Use PGP (Pretty Good Privacy) http://openpgp.org/ Proton Mail (https://protonmail.com/) POBox to manage multiple emails (https://www.pobox.com/) © 2017 Robert Hurlbut
  13. 13. Credit Cards Criminals will target your debit and credit cards Check your free credit report (once a year) https://www.annualcreditreport.com Experian and TransUnion also free once a year Consider Fraud Alert / Freeze Accounts Watch for card skimming Consider virtual and prepaid cards © 2017 Robert Hurlbut
  14. 14. Cloud Storage Cloud storage makes it convenient to back up data Not all cloud storage options are encrypted or secure enough Microsoft OneDrive (no encryption (256-bit in- transit)) Google Drive (128-bit encryption – they own keys) Apple iCloud (128-bit encryption – they own keys) DropBox (256-bit encryption – they own keys) Best: SpiderOak (https://spideroak.com/) or BackBlaze (https://www.backblaze.com/) (256-bit AES encryption – 2FA and you own keys) © 2017 Robert Hurlbut
  15. 15. Virtual Private Network (VPN) Virtual Private Networks (VPNs) provide good mix of security and privacy Route internet traffic through a secure channel Privacy – not anonymity Available for desktop, laptop, mobile phones Select a reputable paid VPN provider (do not use free ones) that states no or minimal logging Private Internet Access (PIA) https://www.privateinternetaccess.com/ F-Secure Freedome https://www.f-secure.com/en_US/web/home_us/freedome © 2017 Robert Hurlbut
  16. 16. OpenVPN Many firewalls / routers have built-in OpenVPN Easy to set up, install OpenVPN Client on computer OpenVPN How To https://openvpn.net/index.php/open- source/documentation/howto.html © 2017 Robert Hurlbut
  17. 17. Browsing Options Most browsers track what you are doing (Google Chrome, Mozilla Firefox, Microsoft IE/Edge) This helps advertisers know what you like, etc. Other options: DuckDuckGo https://duckduckgo.com © 2017 Robert Hurlbut
  18. 18. Tor Tor (acronym for “the onion router”) is network and software package that helps anonymity Tor encrypts data and hides source / destination of internet traffic Tor Browser Bundle to navigate the web on the internet https://www.torproject.org © 2017 Robert Hurlbut
  19. 19. Tails Using Tor on your own computer may not be enough to keep it anonymous Tails is a live operating system (using DVD, USB, SD card) It routes all connections through Tor network Provides anonymity and privacy solution Using DVD, no internet session information is saved https://tails.boum.org © 2017 Robert Hurlbut
  20. 20. Other Recommendations Virtual machines (VirtualBox, VMWare, Parallels, etc.) Separate laptop / separate identities (email, etc.) – keep these separate to truly be anonymous and private © 2017 Robert Hurlbut
  21. 21. Personal Mobile Security 1. Update to latest version / patch 2. Password/Passcode protect your device 3. Lock your device 4. Review / adjust permissions per mobile app 5. Use anti-virus software (mainly Android) 6. Sync/back up your data 7. Install a phone finder app 8. Turn off Wi-Fi / Bluetooth when not home and not around trusted endpoints (i.e. almost everywhere!) © 2017 Robert Hurlbut
  22. 22. Personal Wi-Fi Security Don’t connect to public Wi-Fi – if so, use VPN Ideally, use Mobile Hotspot tethered to Phone (turn off Wi- Fi/Bluetooth) For Home Wi-Fi, set up: SSID with random name (max 32 chars) WPA2 (AES) with secure password with over 25 characters / random or passphrase (max 63 chars) Never use WEP, and don’t use the automatic “button” feature on Wi-Fi routers – not secure Don’t use WPA, WPA2 (TKIP), WPA2 (TKIP + AES), etc. https://www.lifewire.com/how-to-beef-up-security-on-your- home-wireless-network-2487660 © 2017 Robert Hurlbut
  23. 23. Lots of things to do! All important methods for keeping secure and private Mix and match – use what works best for you © 2017 Robert Hurlbut
  24. 24. Resources - Books Personal Digital Security: Protecting Yourself from Online Crime Michael Bazzell Hiding from the Internet: Eliminating Personal Online Information Michael Bazzell The Complete Privacy and Security Desk Reference: Volume 1: Digital Michael Bazzell and Justin Carroll The Art of Invisibility: The World’s Most Famous Hacker Teaches You How to Be Safe in the Age of Big Brother and Big Data Kevin Mitnick © 2017 Robert Hurlbut
  25. 25. Questions? Contacts Web Site: https://roberthurlbut.com LinkedIn: RobertHurlbut Twitter: @RobertHurlbut © 2017 Robert Hurlbut