Ever wonder, "how can I make my home internet more secure" or "how can I make sure my kids are safely browsing the internet"? Join this cat meme filled presentation on how to secure your home's internet; everything from securing your wireless network to tools that you can use to help keep you and your family safe while surfing the web.
6. Onion Routing, Tor Browsing
• Technique for anonymous communication to take place over a network.
The encryption takes place at three different times:
• Entry Node
• Relay Node
• Exit Node
• Tor is made up of volunteers running relay servers. No single router knows
the entire network (only its to and from).
• Tor can bypass internet content filtering, restricted government networks
(like China) or allow people to be anonymous whistle blowers.
• Tor allows you to gain access to “.onion” websites that are not accessible
via a normal web browser.
• Communication on the Dark Web happens, via Web, Telnet, IRC, and other
means of communication being developed daily.
7. Cloak of Invisibility
Top reasons why people want to hide their IP address:
1. Hide their geographical location
2. Prevent Web tracking
3. Avoid leaving a digital footprint
4. Bypass any bans or blacklisting of their IP address
5. Perform illegal acts without being detected
8. Cloak of Invisibility
How do you Hide an 800lb Gorilla?
• Use Free Wifi (To Hide your location)
• Use a Secure Web Browser
• Use a Private VPN
• Go back to Dial-up
• Setup RF Data Transfer over CB Radio
Waves
• Use Kali linux to hack someone else’s
Wifi Encryption.
• Setup long-range Wireless Antennas
9. Cloak of Invisibility
• How to hide yourself?
• Private VPN
• You want a TOTALLY anonymous service.
• Look for one that keeps no log history (Verify via reviews)
• Look at Bandwidth & Available Servers
• Recommendations:
• Private Internet Access (PIA)
• TorGuard VPN
• Pure VPN
• Opera Web Browser
• Avast AntiVirus (SecureLine)
• Worst Case: Free WIFI
13. Understanding Free Wifi
• Sometimes a good alternative if
you need to do something
anonymously
• Nothing is ever 100% anonymous
• Some public wifi does track
websites you access, what you
do, etc.
• Make sure your computer name
you are using doesn’t include your
actual name
16. Best Tips and Practices For Connecting Privately
Do
• Use a device that you’ve never
signed into anything ”personal
on”.
• Pro Tip: buy a computer from a
Pawn Shop or Garage Sale
• If using public WiFi; don’t make
purchases with a credit card.
Don’t
• While on a VPN or any other
anonymous tool; don’t sign into
personal accounts (banks, social
media, etc).
• If posting, don’t use anything
that could be associated to you
17. Easy Wins for Privacy
• 10 Minute Email
• https://10minutemail.com/
• Temporarily get an email box that’s anonymous and disappears after 10
minutes
• Dr Cleaner (Mac) or Eraser (Win) can overwrite files on your
computer with “blank” data to make file recovery near impossible.
• Tools like Recuva is free softwares to allow you to restore deleted files.
19. You
• Sites to protect yourself all the time (not free)
• IdentiyGuard.com
• LifeLock.com
• Sites to monitor when breached data gets related (this is free)
• Haveibeenpwned.com
• Password Management Sites (like lastpass.com)
• Don’t have the same password for all your sites.
• Don’t write your passwords down on a post-it-note and leave it at your desk
24. Credit Card Tools for Online Shopping
• Check out Privacy.Com
• https://privacy.com/join/473XB
shameless plug
25. Random Tips and Tricks
• Accept only people you know to personal and professional accounts
• Never click on links from people you don’t know.
• Especially if they are using a url shortner: bit.ly, tinyurl.com, etc
• https://www.urlvoid.com/ - test the website to see if its safe
• https://snapito.com/ gets a screenshot of what will load on the site
• If there are people claiming to be you on social media, it’s best to get
your account “verified” on those social media platforms
• This lets users distinguish that you’re the actual official account
• Dual factor authenticate all of your social media logins
28. Myths
• I’m not worth being attacked.
• Hackers won’t guess my password.
• I/we have anti-virus software.
• I’ll/we know if I/we been compromised.
29. Understanding Breaches and Hacks
• A hack involves a person or group to gain authorized access to a
protected computer or network
• A breach typically indicates a release of confidential data (including
those done by accident)
30.
31.
32. The Costs Of Breaches
• This year’s study found the average consolidated total cost of a data breach
is 3.9 million dollars and in the US the average is actually higher at 8.19
million.
[IBM 2019
http://www-03.ibm.com/security/data-breach/]
• Data Breached Companies Experience…
• People loose faith in your brand
• Loss in patrons
• Financial Costs
• Government Requirements,
Penalties, Fees, etc.
• Sending of Notifications
• Payment of Identity Protection or
repercussions.
https://betanews.com/2016/02/10/the-economic-cost-of-being-hacked/
35. Why do People Attack?
• Financial Gain
• Stocks
• Getting Paid
• Selling of information
• Data Theft
• For a single person
• For a bundle of people
• Just Because
• Malicious
37. Outside
• Modem Router Firewall
Switches
• Servers
End User
• Phones
• Computers
• Laptops
38. Outer Defenses (Routers/Firewalls)
• Site to Site Protection (Router to
Router or Firewall to Firewall)
• Encrypted over a VPN Connection
• Protection With:
• IDS
• IPS
• Web filtering
• Antivirus at Web Level
• Protecting INBOUND and OUTBOUND
39. Unified Threat Management
• Single Device Security
• All traffic is routed through a unified
threat management device.
40. Areas of Attack On Outer Defense
External Facing Applications
• Anything with an “External IP”
• NAT, ONE to ONE, etc.
• Website
• Custom Built Web Applications
or Services
Internal Applications
• File Shares
• Active Directory (usernames /
passwords)
• Patron Records
• DNS Routing
• Outbound Network Traffic
• Who is going where
41. Attacks
• Man in the Middle
• Sitting between a conversation and either listening or altering the data as its sent
across.
• DNS Spoofing (https://null-byte.wonderhowto.com/how-to/hack-like-pro-spoof-dns-
lan-redirect-traffic-your-fake-website-0151620/) set up a fake website and let people
login to it.
• D/DoS Attack (Distributed/Denial of Service Attack)
• Directing a large amount of traffic to disrupt service to a particular box or an entire
network.
• Could be done via sending bad traffic or data
• That device can be brought down to an unrecoverable state to disrupt business
operations.
• Sniffing Attacks
• Monitoring of data and traffic to determine what people are doing.
45. Updates, Patches, Firmware
• Keeping your system updated is important.
• Being on the latest and greatest
[software/update/firmware] isn’t always
good – but security updates are usually key
and super important.
46. Passwords
• Let’s talk about Passwords
• Length of Password
• Complexity of password
requirements
• DO NOT USE POST IT NOTES
51. Setting It Up
• It’s simple, you will just want to update your router’s DNS entry
(or if you wanted, you can do this directly on the device you wish to
protect)
• 208.67.222.123
• 208.67.220.123
52. Your Wireless Router
• Have your wireless connection protected by a password to join
• Have your wireless password interface ALSO protect with a password
(that isn’t the default password either)
58. Understanding Wireless Encryption
• Open (risky): Open Wi-Fi networks have no passphrase. You shouldn’t set up an open Wi-Fi network—
• WEP 64 (risky): The old WEP protocol standard is vulnerable and you really shouldn’t use it.
• WEP 128 (risky): This is WEP, but with a larger encryption key size. It isn’t really any less vulnerable than
WEP 64.
• WPA-PSK (TKIP): This uses the original version of the WPA protocol (essentially WPA1). It has been
superseded by WPA2 and isn’t secure.
• WPA-PSK (AES): This uses the original WPA protocol, but replaces TKIP with the more modern AES
encryption. It’s offered as a stopgap, but devices that support AES will almost always support WPA2, while
devices that require WPA will almost never support AES encryption. So, this option makes little sense.
• WPA2-PSK (TKIP): This uses the modern WPA2 standard with older TKIP encryption. This isn’t secure, and is
only a good idea if you have older devices that can’t connect to a WPA2-PSK (AES) network.
• WPA2-PSK (AES): This is the most secure option. It uses WPA2, the latest Wi-Fi encryption standard, and the
latest AES encryption protocol. You should be using this option. On some devices, you’ll just see the option
“WPA2” or “WPA2-PSK.” If you do, it will probably just use AES, as that’s a common-sense choice.
• WPAWPA2-PSK (TKIP/AES): Some devices offer—and even recommend—this mixed-mode option. This
option enables both WPA and WPA2, with both TKIP and AES. This provides maximum compatibility with any
ancient devices you might have, but also allows an attacker to breach your network by cracking the more
vulnerable WPA and TKIP protocols.
https://www.howtogeek.com/204697/wi-fi-security-should-you-use-wpa2-aes-wpa2-tkip-or-both
59. What’s the “Guest” Network On My Router
• You can set up a “Guest” network for when people come over, you
can have your network segmented out so they can’t see the other
content/devices in your home:
• Shared Photos and Files on a Personal Computer
• Access to GoogleHome / Apple TV / etc
61. What does HTTPS Do?
• HTTPS verifies the identity of a website and encrypts nearly all
information sent between the website and the user.
• Protected information includes cookies, user agent details, URL paths,
form submissions, and query string parameters.
• HTTPS is a combination of HTTP and Transport Layer Security (TLS).
• Browsers and other HTTPS clients are configured to trust a set
of certificate authorities that can issue cryptographically signed
certificates on behalf of web service owners.
62. What Doesn’t HTTPS Do?
• HTTPS has several important limitations.
• IP addresses and destination domain names are not encrypted.
• Even encrypted traffic can reveal some information indirectly, such as time
spent on site, or the size of requested resources or submitted information.
• HTTPS only guarantees the integrity of the connection between two systems,
not the systems themselves.
• It is not designed to protect a web server from being hacked.
• If a user’s system is compromised by an attacker, that system can be altered
so that its future HTTPS connections are under the attacker’s control.
63. Why HTTPS?
• Prevents Hackers from watching what you
do over the Internet
• Encrypts Data
• Keeps stuff private
• Keeps you safe
• Prevents people from tracking your
internet activity
• Unencrypted HTTP request reveals
information about a user’s behavior.
The HTTP protocol does not protect data from interception or alteration.
65. Learn and Practice Cybersecurity
• Learn to identify a scam email
• Understanding the “fake” Facebook friends
• Being careful of links you don’t recognize through email, search, or
posts on social media.
• Take webinars and free classes to learn about these things – have
honest and open conversations
Infrastructure:
Network (Switches, Routers, Firewalls, Modem)
WiFi Network
VPN Connections
Servers (File Storage, Active Directory, Application Servers).
Phone System, Security System, Website, etc.
End Clients
End User PCs and other Peripherals
Copiers, Scanners, Printers
Software
HTTPS verifies the identity of a website or web service for a connecting client, and encrypts nearly all information sent between the website or service and the user.
Protected information includes cookies, user agent details, URL paths, form submissions, and query string parameters. HTTPS is designed to prevent this information from being read or changed while in transit.
HTTPS is a combination of HTTP and Transport Layer Security (TLS). TLS is a network protocol that establishes an encrypted connection to an authenticated peer over an untrusted network.
Browsers and other HTTPS clients are configured to trust a set of certificate authorities [2] that can issue cryptographically signed certificates on behalf of web service owners. These certificates communicate to the client that the web service host demonstrated ownership of the domain to the certificate authority at the time of certificate issuance. This prevents unknown or untrusted websites from masquerading as a Federal website or service.
What HTTPS Doesn’t Do
HTTPS has several important limitations. IP addresses and destination domain names are not encrypted during communication. Even encrypted traffic can reveal some information indirectly, such as time spent on site, or the size of requested resources or submitted information.
HTTPS only guarantees the integrity of the connection between two systems, not the systems themselves. It is not designed to protect a web server from being hacked or compromised, or to prevent the web service from exposing user information during its normal operation. Similarly, if a user’s system is compromised by an attacker, that system can be altered so that its future HTTPS connections are under the attacker’s control. The guarantees of HTTPS may also be weakened or eliminated by compromised or malicious certificate authorities.
Data sent over HTTP is susceptible to interception, manipulation, and impersonation. This data can include browser identity, website content, search terms, and other user-submitted information.