SlideShare a Scribd company logo
1 of 25
Download to read offline
Introduction to
Personal Digital
Security and Privacy
Robert Hurlbut
RobertHurlbut.com • @RobertHurlbut
Robert Hurlbut
Software Security Architect
Microsoft MVP – Developer Security 2005-2010, 2015-
2018
(ISC)2 CSSLP 2014-2017
Co-host Application Security Podcast (@appsecpodcast)
Contacts
Web Site: https://roberthurlbut.com
LinkedIn: RobertHurlbut
Twitter: @RobertHurlbut
© 2017 Robert Hurlbut
Connected world
We live in a very connected and tracked world
When we …
browse the web,
send an email,
turn on our phones,
purchase items with our credit cards
- all of it is tracked for various reasons
Some of this may be useful, but in some cases, this
information can be harmful or used for nefarious
purposes
© 2017 Robert Hurlbut
Privacy
The desire of a person to control the
disclosure of personal information
© 2017 Robert Hurlbut
Confidentiality
The ability of a person to control release
of personal information to another entity
under an agreement limiting further
release of that information
© 2017 Robert Hurlbut
Security
Protection of privacy and confidentiality
through policies, procedures and
safeguards
© 2017 Robert Hurlbut
Why do they matter?
Ethically, privacy and confidentiality are considered
to be rights (in our culture)
Information revealed may result in harm to interests
of the individual
© 2017 Robert Hurlbut
Solutions to Personal Digital
Privacy and Security
Passwords, Password Manager, and 2FA
Email
Credit Cards
Cloud Storage
Virtual Private Network (VPN)
Browsing Options
Tor
Tails
Other Recommendations
Personal Mobile and Wi-Fi Security
© 2017 Robert Hurlbut
Passwords
Passwords are not easy to manage
Need to remember the rules – and many still write them
down
Many use a version of <password>1, <password>2,
<password>3 to keep them different
Best passwords are passphrases (25+ characters)
Green Horses Jumps Orange Fences
Tiny Elephant Is 35% Home Cooked
Check if your email / password has been compromised by
entering your email:
https://haveibeenpwned.com/
© 2017 Robert Hurlbut
Password Manager
Help manage passwords – one master password to
unlock many passwords
Helps with creating secure passwords
Helps with managing unique passwords (one per
website)
Can also use to keep track of answers to security
questions, etc.
1Password https://1password.com/
Blur https://dnt.abine.com/ (many other
services)
© 2017 Robert Hurlbut
2FA – Two Factor Authentication
One password is not enough for keeping accounts safe
Many services now offer 2FA – Amazon, Google,
Microsoft, etc.
https://twofactorauth.org/
Set up with SMS, or better, with an Authenticator App
Google Authenticator (avail. for iOS, Android,
etc.)
Authy (https://authy.com/) (avail. for iOS, Android,
etc.)
© 2017 Robert Hurlbut
Email
All email is wide open – anyone could potentially
read it
Plus, it is stored in copies somewhere (even if
deleted on your local email app)
Use PGP (Pretty Good Privacy)
http://openpgp.org/
Proton Mail (https://protonmail.com/)
POBox to manage multiple emails
(https://www.pobox.com/)
© 2017 Robert Hurlbut
Credit Cards
Criminals will target your debit and credit cards
Check your free credit report (once a year)
https://www.annualcreditreport.com
Experian and TransUnion also free once a year
Consider Fraud Alert / Freeze Accounts
Watch for card skimming
Consider virtual and prepaid cards
© 2017 Robert Hurlbut
Cloud Storage
Cloud storage makes it convenient to back up data
Not all cloud storage options are encrypted or secure
enough
Microsoft OneDrive (no encryption (256-bit in-
transit))
Google Drive (128-bit encryption – they own keys)
Apple iCloud (128-bit encryption – they own keys)
DropBox (256-bit encryption – they own keys)
Best: SpiderOak (https://spideroak.com/) or BackBlaze
(https://www.backblaze.com/) (256-bit AES encryption – 2FA
and you own keys)
© 2017 Robert Hurlbut
Virtual Private Network (VPN)
Virtual Private Networks (VPNs) provide good mix of security
and privacy
Route internet traffic through a secure channel
Privacy – not anonymity
Available for desktop, laptop, mobile phones
Select a reputable paid VPN provider (do not use free ones)
that states no or minimal logging
Private Internet Access (PIA)
https://www.privateinternetaccess.com/
F-Secure Freedome
https://www.f-secure.com/en_US/web/home_us/freedome
© 2017 Robert Hurlbut
OpenVPN
Many firewalls / routers have built-in OpenVPN
Easy to set up, install OpenVPN Client on computer
OpenVPN How To
https://openvpn.net/index.php/open-
source/documentation/howto.html
© 2017 Robert Hurlbut
Browsing Options
Most browsers track what you are doing (Google
Chrome, Mozilla Firefox, Microsoft IE/Edge)
This helps advertisers know what you like, etc.
Other options:
DuckDuckGo
https://duckduckgo.com
© 2017 Robert Hurlbut
Tor
Tor (acronym for “the onion router”) is network and
software package that helps anonymity
Tor encrypts data and hides source / destination of
internet traffic
Tor Browser Bundle to navigate the web on the
internet
https://www.torproject.org
© 2017 Robert Hurlbut
Tails
Using Tor on your own computer may not be enough
to keep it anonymous
Tails is a live operating system (using DVD, USB, SD
card)
It routes all connections through Tor network
Provides anonymity and privacy solution
Using DVD, no internet session information is saved
https://tails.boum.org
© 2017 Robert Hurlbut
Other Recommendations
Virtual machines (VirtualBox, VMWare, Parallels,
etc.)
Separate laptop / separate identities (email, etc.) –
keep these separate to truly be anonymous and
private
© 2017 Robert Hurlbut
Personal Mobile Security
1. Update to latest version / patch
2. Password/Passcode protect your device
3. Lock your device
4. Review / adjust permissions per mobile app
5. Use anti-virus software (mainly Android)
6. Sync/back up your data
7. Install a phone finder app
8. Turn off Wi-Fi / Bluetooth when not home
and not around trusted endpoints (i.e.
almost everywhere!)
© 2017 Robert Hurlbut
Personal Wi-Fi Security
Don’t connect to public Wi-Fi – if so, use VPN
Ideally, use Mobile Hotspot tethered to Phone (turn off Wi-
Fi/Bluetooth)
For Home Wi-Fi, set up:
SSID with random name (max 32 chars)
WPA2 (AES) with secure password with over 25
characters / random or passphrase (max 63 chars)
Never use WEP, and don’t use the automatic “button”
feature on Wi-Fi routers – not secure
Don’t use WPA, WPA2 (TKIP), WPA2 (TKIP + AES), etc.
https://www.lifewire.com/how-to-beef-up-security-on-your-
home-wireless-network-2487660
© 2017 Robert Hurlbut
Lots of things to do!
All important methods for keeping secure and private
Mix and match – use what works best for you
© 2017 Robert Hurlbut
Resources - Books
Personal Digital Security: Protecting Yourself from Online Crime
Michael Bazzell
Hiding from the Internet: Eliminating Personal Online
Information
Michael Bazzell
The Complete Privacy and Security Desk Reference: Volume 1:
Digital
Michael Bazzell and Justin Carroll
The Art of Invisibility: The World’s Most Famous Hacker Teaches
You How to Be Safe in the Age of Big Brother and Big Data
Kevin Mitnick
© 2017 Robert Hurlbut
Questions?
Contacts
Web Site:
https://roberthurlbut.com
LinkedIn: RobertHurlbut
Twitter: @RobertHurlbut
© 2017 Robert Hurlbut

More Related Content

What's hot

Module5 desktop-laptop-security-b
Module5 desktop-laptop-security-bModule5 desktop-laptop-security-b
Module5 desktop-laptop-security-bBbAOC
 
October 2012 is_national_cyber_security_awareness_month
October 2012 is_national_cyber_security_awareness_monthOctober 2012 is_national_cyber_security_awareness_month
October 2012 is_national_cyber_security_awareness_monthEvelyn Berrier
 
10 Cyber Safety Tips Every Internet User Must Follow
10 Cyber Safety Tips Every Internet User Must Follow10 Cyber Safety Tips Every Internet User Must Follow
10 Cyber Safety Tips Every Internet User Must FollowQuick Heal Technologies Ltd.
 
How to keep your laptop & mobile safe
How to keep your laptop & mobile safeHow to keep your laptop & mobile safe
How to keep your laptop & mobile safekanika sharma
 
Adult Internet Safety
Adult Internet SafetyAdult Internet Safety
Adult Internet Safetyreidcollins42
 
Idc security roadshow may2015 Adrian Aron
Idc security roadshow may2015 Adrian AronIdc security roadshow may2015 Adrian Aron
Idc security roadshow may2015 Adrian AronDejan Jeremic
 
Word press website security
Word press website securityWord press website security
Word press website securityTony Perez
 
Website Security - Latest and Greatest (WordPress 2014)
Website Security - Latest and Greatest (WordPress 2014)Website Security - Latest and Greatest (WordPress 2014)
Website Security - Latest and Greatest (WordPress 2014)Tony Perez
 
Security is a process, not a plugin (WordCamp Oslo 2018)
Security is a process, not a plugin (WordCamp Oslo 2018)Security is a process, not a plugin (WordCamp Oslo 2018)
Security is a process, not a plugin (WordCamp Oslo 2018)Thomas Vitale
 
ISNGI 2016 - Keynote Speaker: Mr Wienke Giezeman - "The Things Network"
ISNGI 2016 - Keynote Speaker: Mr Wienke Giezeman - "The Things Network"ISNGI 2016 - Keynote Speaker: Mr Wienke Giezeman - "The Things Network"
ISNGI 2016 - Keynote Speaker: Mr Wienke Giezeman - "The Things Network"SMART Infrastructure Facility
 
Security is a process, not a plugin (WordCamp Torino 2018)
Security is a process, not a plugin (WordCamp Torino 2018)Security is a process, not a plugin (WordCamp Torino 2018)
Security is a process, not a plugin (WordCamp Torino 2018)Thomas Vitale
 
Security is a process, not a plugin (WordCamp London 2018)
Security is a process, not a plugin  (WordCamp London 2018)Security is a process, not a plugin  (WordCamp London 2018)
Security is a process, not a plugin (WordCamp London 2018)Thomas Vitale
 
Why are Software Updates so Important for your Security
Why are Software Updates so Important for your SecurityWhy are Software Updates so Important for your Security
Why are Software Updates so Important for your SecurityQuick Heal Technologies Ltd.
 
10 steps to protecting your computer to the world of internet.
10 steps to protecting your computer to the world of internet.10 steps to protecting your computer to the world of internet.
10 steps to protecting your computer to the world of internet.Khalil Jubran
 

What's hot (20)

Cyber security and crime
Cyber security and crimeCyber security and crime
Cyber security and crime
 
Module5 desktop-laptop-security-b
Module5 desktop-laptop-security-bModule5 desktop-laptop-security-b
Module5 desktop-laptop-security-b
 
October 2012 is_national_cyber_security_awareness_month
October 2012 is_national_cyber_security_awareness_monthOctober 2012 is_national_cyber_security_awareness_month
October 2012 is_national_cyber_security_awareness_month
 
10 Cyber Safety Tips Every Internet User Must Follow
10 Cyber Safety Tips Every Internet User Must Follow10 Cyber Safety Tips Every Internet User Must Follow
10 Cyber Safety Tips Every Internet User Must Follow
 
How to keep your laptop & mobile safe
How to keep your laptop & mobile safeHow to keep your laptop & mobile safe
How to keep your laptop & mobile safe
 
Lock computer ppt
Lock computer pptLock computer ppt
Lock computer ppt
 
Adult Internet Safety
Adult Internet SafetyAdult Internet Safety
Adult Internet Safety
 
VenkaSure Total Security+
VenkaSure Total Security+VenkaSure Total Security+
VenkaSure Total Security+
 
It hotspot shield new
It hotspot shield newIt hotspot shield new
It hotspot shield new
 
Idc security roadshow may2015 Adrian Aron
Idc security roadshow may2015 Adrian AronIdc security roadshow may2015 Adrian Aron
Idc security roadshow may2015 Adrian Aron
 
Word press website security
Word press website securityWord press website security
Word press website security
 
Website Security - Latest and Greatest (WordPress 2014)
Website Security - Latest and Greatest (WordPress 2014)Website Security - Latest and Greatest (WordPress 2014)
Website Security - Latest and Greatest (WordPress 2014)
 
Security is a process, not a plugin (WordCamp Oslo 2018)
Security is a process, not a plugin (WordCamp Oslo 2018)Security is a process, not a plugin (WordCamp Oslo 2018)
Security is a process, not a plugin (WordCamp Oslo 2018)
 
ISNGI 2016 - Keynote Speaker: Mr Wienke Giezeman - "The Things Network"
ISNGI 2016 - Keynote Speaker: Mr Wienke Giezeman - "The Things Network"ISNGI 2016 - Keynote Speaker: Mr Wienke Giezeman - "The Things Network"
ISNGI 2016 - Keynote Speaker: Mr Wienke Giezeman - "The Things Network"
 
Security is a process, not a plugin (WordCamp Torino 2018)
Security is a process, not a plugin (WordCamp Torino 2018)Security is a process, not a plugin (WordCamp Torino 2018)
Security is a process, not a plugin (WordCamp Torino 2018)
 
Security is a process, not a plugin (WordCamp London 2018)
Security is a process, not a plugin  (WordCamp London 2018)Security is a process, not a plugin  (WordCamp London 2018)
Security is a process, not a plugin (WordCamp London 2018)
 
Why are Software Updates so Important for your Security
Why are Software Updates so Important for your SecurityWhy are Software Updates so Important for your Security
Why are Software Updates so Important for your Security
 
10 steps to protecting your computer to the world of internet.
10 steps to protecting your computer to the world of internet.10 steps to protecting your computer to the world of internet.
10 steps to protecting your computer to the world of internet.
 
OPSEC Bulletin - April 2016
OPSEC Bulletin - April 2016OPSEC Bulletin - April 2016
OPSEC Bulletin - April 2016
 
Computer security
Computer securityComputer security
Computer security
 

Similar to Introduction to Personal Privacy and Security

Onlinesecurityrecomendations2014 141230081030-conversion-gate02
Onlinesecurityrecomendations2014 141230081030-conversion-gate02Onlinesecurityrecomendations2014 141230081030-conversion-gate02
Onlinesecurityrecomendations2014 141230081030-conversion-gate02amiinaaa
 
TheInternetDigitalSecurityfddreeere.pptx
TheInternetDigitalSecurityfddreeere.pptxTheInternetDigitalSecurityfddreeere.pptx
TheInternetDigitalSecurityfddreeere.pptxHAYDEECAYDA
 
Protecting your online identity - Managing your passwords
Protecting your online identity -  Managing your passwordsProtecting your online identity -  Managing your passwords
Protecting your online identity - Managing your passwordsBunmi Sowande
 
Information security awareness - 101
Information security awareness - 101Information security awareness - 101
Information security awareness - 101mateenzero
 
Cyber Security Seminar
Cyber Security SeminarCyber Security Seminar
Cyber Security SeminarJeremy Quadri
 
Cybersecurity Fundamentals for Bar Associations
Cybersecurity Fundamentals for Bar AssociationsCybersecurity Fundamentals for Bar Associations
Cybersecurity Fundamentals for Bar AssociationsNowSecure
 
CryptoParty Belfast July 2015 Online Privacy Tips
 CryptoParty Belfast July 2015 Online Privacy Tips CryptoParty Belfast July 2015 Online Privacy Tips
CryptoParty Belfast July 2015 Online Privacy Tipspgmaynard
 
Slicksheet best practicesforkeepingyourhomenetworksecure
Slicksheet best practicesforkeepingyourhomenetworksecureSlicksheet best practicesforkeepingyourhomenetworksecure
Slicksheet best practicesforkeepingyourhomenetworksecureMargus Meigo
 
Cyber security and Privacy Awareness manual
Cyber security and Privacy Awareness manual Cyber security and Privacy Awareness manual
Cyber security and Privacy Awareness manual Jay Nagar
 
The fundamentals of Android and iOS app security
The fundamentals of Android and iOS app securityThe fundamentals of Android and iOS app security
The fundamentals of Android and iOS app securityNowSecure
 
Internet security
Internet securityInternet security
Internet securityrfukunaga
 
You think you are safe online. Are You?
You think you are safe online. Are You?You think you are safe online. Are You?
You think you are safe online. Are You?TechGenie
 
The Safest Way To Interact Online
The Safest Way To Interact OnlineThe Safest Way To Interact Online
The Safest Way To Interact Onlinepcsafe
 
Border crossing mobile social media life-saving security tips
Border crossing mobile social media life-saving security tipsBorder crossing mobile social media life-saving security tips
Border crossing mobile social media life-saving security tipsErnest Staats
 
OWASP Mobile Top 10
OWASP Mobile Top 10OWASP Mobile Top 10
OWASP Mobile Top 10NowSecure
 
Staying Safe - Overview of FREE Encryption Tools
Staying Safe - Overview of FREE Encryption ToolsStaying Safe - Overview of FREE Encryption Tools
Staying Safe - Overview of FREE Encryption ToolsMicky Metts
 

Similar to Introduction to Personal Privacy and Security (20)

Onlinesecurityrecomendations2014 141230081030-conversion-gate02
Onlinesecurityrecomendations2014 141230081030-conversion-gate02Onlinesecurityrecomendations2014 141230081030-conversion-gate02
Onlinesecurityrecomendations2014 141230081030-conversion-gate02
 
TheInternetDigitalSecurityfddreeere.pptx
TheInternetDigitalSecurityfddreeere.pptxTheInternetDigitalSecurityfddreeere.pptx
TheInternetDigitalSecurityfddreeere.pptx
 
Protecting your online identity - Managing your passwords
Protecting your online identity -  Managing your passwordsProtecting your online identity -  Managing your passwords
Protecting your online identity - Managing your passwords
 
Information security awareness - 101
Information security awareness - 101Information security awareness - 101
Information security awareness - 101
 
Cyber Security Seminar
Cyber Security SeminarCyber Security Seminar
Cyber Security Seminar
 
Cybersecurity Fundamentals for Bar Associations
Cybersecurity Fundamentals for Bar AssociationsCybersecurity Fundamentals for Bar Associations
Cybersecurity Fundamentals for Bar Associations
 
CryptoParty Belfast July 2015 Online Privacy Tips
 CryptoParty Belfast July 2015 Online Privacy Tips CryptoParty Belfast July 2015 Online Privacy Tips
CryptoParty Belfast July 2015 Online Privacy Tips
 
Slicksheet best practicesforkeepingyourhomenetworksecure
Slicksheet best practicesforkeepingyourhomenetworksecureSlicksheet best practicesforkeepingyourhomenetworksecure
Slicksheet best practicesforkeepingyourhomenetworksecure
 
Cyber security and Privacy Awareness manual
Cyber security and Privacy Awareness manual Cyber security and Privacy Awareness manual
Cyber security and Privacy Awareness manual
 
The fundamentals of Android and iOS app security
The fundamentals of Android and iOS app securityThe fundamentals of Android and iOS app security
The fundamentals of Android and iOS app security
 
Internet security
Internet securityInternet security
Internet security
 
Cyber security awareness presentation nepal
Cyber security awareness presentation nepalCyber security awareness presentation nepal
Cyber security awareness presentation nepal
 
You think you are safe online. Are You?
You think you are safe online. Are You?You think you are safe online. Are You?
You think you are safe online. Are You?
 
The Safest Way To Interact Online
The Safest Way To Interact OnlineThe Safest Way To Interact Online
The Safest Way To Interact Online
 
Border crossing mobile social media life-saving security tips
Border crossing mobile social media life-saving security tipsBorder crossing mobile social media life-saving security tips
Border crossing mobile social media life-saving security tips
 
OWASP Mobile Top 10
OWASP Mobile Top 10OWASP Mobile Top 10
OWASP Mobile Top 10
 
Protect your Privacy
Protect your PrivacyProtect your Privacy
Protect your Privacy
 
Staying Safe - Overview of FREE Encryption Tools
Staying Safe - Overview of FREE Encryption ToolsStaying Safe - Overview of FREE Encryption Tools
Staying Safe - Overview of FREE Encryption Tools
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
 
Cyber security for journalists
Cyber security for journalistsCyber security for journalists
Cyber security for journalists
 

Recently uploaded

Communication Accommodation Theory Kaylyn Benton.pptx
Communication Accommodation Theory Kaylyn Benton.pptxCommunication Accommodation Theory Kaylyn Benton.pptx
Communication Accommodation Theory Kaylyn Benton.pptxkb31670
 
Dynamics of Professional Presentationpdf
Dynamics of Professional PresentationpdfDynamics of Professional Presentationpdf
Dynamics of Professional Presentationpdfravleel42
 
Burning Issue presentation of Zhazgul N. , Cycle 54
Burning Issue presentation of Zhazgul N. , Cycle 54Burning Issue presentation of Zhazgul N. , Cycle 54
Burning Issue presentation of Zhazgul N. , Cycle 54ZhazgulNurdinova
 
Machine learning workshop, CZU Prague 2024
Machine learning workshop, CZU Prague 2024Machine learning workshop, CZU Prague 2024
Machine learning workshop, CZU Prague 2024Gokulks007
 
The Real Story Of Project Manager/Scrum Master From Where It Came?!
The Real Story Of Project Manager/Scrum Master From Where It Came?!The Real Story Of Project Manager/Scrum Master From Where It Came?!
The Real Story Of Project Manager/Scrum Master From Where It Came?!Loay Mohamed Ibrahim Aly
 
Communication Accommodation Theory Kaylyn Benton.pptx
Communication Accommodation Theory Kaylyn Benton.pptxCommunication Accommodation Theory Kaylyn Benton.pptx
Communication Accommodation Theory Kaylyn Benton.pptxkb31670
 
Juan Pablo Sugiura - eCommerce Day Bolivia 2024
Juan Pablo Sugiura - eCommerce Day Bolivia 2024Juan Pablo Sugiura - eCommerce Day Bolivia 2024
Juan Pablo Sugiura - eCommerce Day Bolivia 2024eCommerce Institute
 
ISO 25964-1Working Group ISO/TC 46/SC 9/WG 8
ISO 25964-1Working Group ISO/TC 46/SC 9/WG 8ISO 25964-1Working Group ISO/TC 46/SC 9/WG 8
ISO 25964-1Working Group ISO/TC 46/SC 9/WG 8Access Innovations, Inc.
 

Recently uploaded (8)

Communication Accommodation Theory Kaylyn Benton.pptx
Communication Accommodation Theory Kaylyn Benton.pptxCommunication Accommodation Theory Kaylyn Benton.pptx
Communication Accommodation Theory Kaylyn Benton.pptx
 
Dynamics of Professional Presentationpdf
Dynamics of Professional PresentationpdfDynamics of Professional Presentationpdf
Dynamics of Professional Presentationpdf
 
Burning Issue presentation of Zhazgul N. , Cycle 54
Burning Issue presentation of Zhazgul N. , Cycle 54Burning Issue presentation of Zhazgul N. , Cycle 54
Burning Issue presentation of Zhazgul N. , Cycle 54
 
Machine learning workshop, CZU Prague 2024
Machine learning workshop, CZU Prague 2024Machine learning workshop, CZU Prague 2024
Machine learning workshop, CZU Prague 2024
 
The Real Story Of Project Manager/Scrum Master From Where It Came?!
The Real Story Of Project Manager/Scrum Master From Where It Came?!The Real Story Of Project Manager/Scrum Master From Where It Came?!
The Real Story Of Project Manager/Scrum Master From Where It Came?!
 
Communication Accommodation Theory Kaylyn Benton.pptx
Communication Accommodation Theory Kaylyn Benton.pptxCommunication Accommodation Theory Kaylyn Benton.pptx
Communication Accommodation Theory Kaylyn Benton.pptx
 
Juan Pablo Sugiura - eCommerce Day Bolivia 2024
Juan Pablo Sugiura - eCommerce Day Bolivia 2024Juan Pablo Sugiura - eCommerce Day Bolivia 2024
Juan Pablo Sugiura - eCommerce Day Bolivia 2024
 
ISO 25964-1Working Group ISO/TC 46/SC 9/WG 8
ISO 25964-1Working Group ISO/TC 46/SC 9/WG 8ISO 25964-1Working Group ISO/TC 46/SC 9/WG 8
ISO 25964-1Working Group ISO/TC 46/SC 9/WG 8
 

Introduction to Personal Privacy and Security

  • 1. Introduction to Personal Digital Security and Privacy Robert Hurlbut RobertHurlbut.com • @RobertHurlbut
  • 2. Robert Hurlbut Software Security Architect Microsoft MVP – Developer Security 2005-2010, 2015- 2018 (ISC)2 CSSLP 2014-2017 Co-host Application Security Podcast (@appsecpodcast) Contacts Web Site: https://roberthurlbut.com LinkedIn: RobertHurlbut Twitter: @RobertHurlbut © 2017 Robert Hurlbut
  • 3. Connected world We live in a very connected and tracked world When we … browse the web, send an email, turn on our phones, purchase items with our credit cards - all of it is tracked for various reasons Some of this may be useful, but in some cases, this information can be harmful or used for nefarious purposes © 2017 Robert Hurlbut
  • 4. Privacy The desire of a person to control the disclosure of personal information © 2017 Robert Hurlbut
  • 5. Confidentiality The ability of a person to control release of personal information to another entity under an agreement limiting further release of that information © 2017 Robert Hurlbut
  • 6. Security Protection of privacy and confidentiality through policies, procedures and safeguards © 2017 Robert Hurlbut
  • 7. Why do they matter? Ethically, privacy and confidentiality are considered to be rights (in our culture) Information revealed may result in harm to interests of the individual © 2017 Robert Hurlbut
  • 8. Solutions to Personal Digital Privacy and Security Passwords, Password Manager, and 2FA Email Credit Cards Cloud Storage Virtual Private Network (VPN) Browsing Options Tor Tails Other Recommendations Personal Mobile and Wi-Fi Security © 2017 Robert Hurlbut
  • 9. Passwords Passwords are not easy to manage Need to remember the rules – and many still write them down Many use a version of <password>1, <password>2, <password>3 to keep them different Best passwords are passphrases (25+ characters) Green Horses Jumps Orange Fences Tiny Elephant Is 35% Home Cooked Check if your email / password has been compromised by entering your email: https://haveibeenpwned.com/ © 2017 Robert Hurlbut
  • 10. Password Manager Help manage passwords – one master password to unlock many passwords Helps with creating secure passwords Helps with managing unique passwords (one per website) Can also use to keep track of answers to security questions, etc. 1Password https://1password.com/ Blur https://dnt.abine.com/ (many other services) © 2017 Robert Hurlbut
  • 11. 2FA – Two Factor Authentication One password is not enough for keeping accounts safe Many services now offer 2FA – Amazon, Google, Microsoft, etc. https://twofactorauth.org/ Set up with SMS, or better, with an Authenticator App Google Authenticator (avail. for iOS, Android, etc.) Authy (https://authy.com/) (avail. for iOS, Android, etc.) © 2017 Robert Hurlbut
  • 12. Email All email is wide open – anyone could potentially read it Plus, it is stored in copies somewhere (even if deleted on your local email app) Use PGP (Pretty Good Privacy) http://openpgp.org/ Proton Mail (https://protonmail.com/) POBox to manage multiple emails (https://www.pobox.com/) © 2017 Robert Hurlbut
  • 13. Credit Cards Criminals will target your debit and credit cards Check your free credit report (once a year) https://www.annualcreditreport.com Experian and TransUnion also free once a year Consider Fraud Alert / Freeze Accounts Watch for card skimming Consider virtual and prepaid cards © 2017 Robert Hurlbut
  • 14. Cloud Storage Cloud storage makes it convenient to back up data Not all cloud storage options are encrypted or secure enough Microsoft OneDrive (no encryption (256-bit in- transit)) Google Drive (128-bit encryption – they own keys) Apple iCloud (128-bit encryption – they own keys) DropBox (256-bit encryption – they own keys) Best: SpiderOak (https://spideroak.com/) or BackBlaze (https://www.backblaze.com/) (256-bit AES encryption – 2FA and you own keys) © 2017 Robert Hurlbut
  • 15. Virtual Private Network (VPN) Virtual Private Networks (VPNs) provide good mix of security and privacy Route internet traffic through a secure channel Privacy – not anonymity Available for desktop, laptop, mobile phones Select a reputable paid VPN provider (do not use free ones) that states no or minimal logging Private Internet Access (PIA) https://www.privateinternetaccess.com/ F-Secure Freedome https://www.f-secure.com/en_US/web/home_us/freedome © 2017 Robert Hurlbut
  • 16. OpenVPN Many firewalls / routers have built-in OpenVPN Easy to set up, install OpenVPN Client on computer OpenVPN How To https://openvpn.net/index.php/open- source/documentation/howto.html © 2017 Robert Hurlbut
  • 17. Browsing Options Most browsers track what you are doing (Google Chrome, Mozilla Firefox, Microsoft IE/Edge) This helps advertisers know what you like, etc. Other options: DuckDuckGo https://duckduckgo.com © 2017 Robert Hurlbut
  • 18. Tor Tor (acronym for “the onion router”) is network and software package that helps anonymity Tor encrypts data and hides source / destination of internet traffic Tor Browser Bundle to navigate the web on the internet https://www.torproject.org © 2017 Robert Hurlbut
  • 19. Tails Using Tor on your own computer may not be enough to keep it anonymous Tails is a live operating system (using DVD, USB, SD card) It routes all connections through Tor network Provides anonymity and privacy solution Using DVD, no internet session information is saved https://tails.boum.org © 2017 Robert Hurlbut
  • 20. Other Recommendations Virtual machines (VirtualBox, VMWare, Parallels, etc.) Separate laptop / separate identities (email, etc.) – keep these separate to truly be anonymous and private © 2017 Robert Hurlbut
  • 21. Personal Mobile Security 1. Update to latest version / patch 2. Password/Passcode protect your device 3. Lock your device 4. Review / adjust permissions per mobile app 5. Use anti-virus software (mainly Android) 6. Sync/back up your data 7. Install a phone finder app 8. Turn off Wi-Fi / Bluetooth when not home and not around trusted endpoints (i.e. almost everywhere!) © 2017 Robert Hurlbut
  • 22. Personal Wi-Fi Security Don’t connect to public Wi-Fi – if so, use VPN Ideally, use Mobile Hotspot tethered to Phone (turn off Wi- Fi/Bluetooth) For Home Wi-Fi, set up: SSID with random name (max 32 chars) WPA2 (AES) with secure password with over 25 characters / random or passphrase (max 63 chars) Never use WEP, and don’t use the automatic “button” feature on Wi-Fi routers – not secure Don’t use WPA, WPA2 (TKIP), WPA2 (TKIP + AES), etc. https://www.lifewire.com/how-to-beef-up-security-on-your- home-wireless-network-2487660 © 2017 Robert Hurlbut
  • 23. Lots of things to do! All important methods for keeping secure and private Mix and match – use what works best for you © 2017 Robert Hurlbut
  • 24. Resources - Books Personal Digital Security: Protecting Yourself from Online Crime Michael Bazzell Hiding from the Internet: Eliminating Personal Online Information Michael Bazzell The Complete Privacy and Security Desk Reference: Volume 1: Digital Michael Bazzell and Justin Carroll The Art of Invisibility: The World’s Most Famous Hacker Teaches You How to Be Safe in the Age of Big Brother and Big Data Kevin Mitnick © 2017 Robert Hurlbut