Protecting Your Privacy: Cyberspace Security, Real World Safety

Protecting Your Privacy CYBERSPACE SECURITY, REAL WORLD SAFETY

Presented by

Seminar Agenda

Session 1

45 Minutes

Introduction

Who we are

How we can help

Agenda/Session Goals

PowerPoint Preso (Main Focus)

Tools & Example

Break

10 Minutes

Session 2

15 Minutes

Beyond physical / local proximity

to deeper into Cyber

Groups

Trends

Q&A

TBD

5 Minutes

Session 3

15 Minutes

Closing/Next steps

Help with residual audience

installation of Browser / Add-Ons

/ Extensions

1:1 Q&A

Carpe Diem Strategic Services

(CDSS), a veteran owned service-

disabled business that offers

education and training which

addresses threats to digital

communications and online privacy.

Our mission is to assist individuals,

families, and small businesses to

understand, identify, and reduce

threats and vulnerabilities that expose

their business, financial, intellectual

property, and sensitive personal data

to potential exploitation and risk.

We provide easy-to-understand tips,

tools, and techniques that modify

potentially unwitting risky behavior.

Our Goals to Help You Protect Your Privacy

Knowledge transfer Reviewing the evolving vulnerability landscape and your mitigation steps

Identify your vulnerabilities Cyber Peeping Toms; Information Snoops, CPU Thieves

Adapt to your exposures Flood lights, Curtains, Controls, Behaviors

Secure your electronic devices, cards & personas Understanding what your device is doing - - being proactively curious

Coaching on how to educate family, friends, and

colleagues about cybersecurity Understanding how their behaviors impact you, family, employment

Visual proof of Peepers

Quick Fixes to Moderate to Increased Thoroughness

Behaviors more important than tools

Scope of Services:

The More You Look, The More You See

RISK MITIGATION Home or car alarms won’t

necessarily prevent attackers from

breaking into your house or vehicle.

However, improving your ability to

detect your exposures can help to

mitigate risks, loss of assets &

reduce future attacks.

Cyber Peeping

Toms

CPU Thieves

Info Snoops

On-line Family Diary

What Aspect of Your Life Is Not

Accessible by the Internet?

What’s Your Digital Persona?

What aspect of your life is not online?

Assessing Your Risk Profile

Introduction

Are you a target?

Where are your vulnerabilities?

Who are your adversaries?

What do they want?

How will they go about getting what they want?

What strategies will you use to protect your:

Image/Reputation

Family

Career

Finances

Assets

Lost assets are much easier to recover than your reputation

Assessing Your Risk Profile - Demo

Introduction

Network Monitoring

Wireless Monitoring

Getting Your Data to the Safety Zone

Banking/Financial Personal Data Buying Habits GPS Breadcrumbs

Encrypted Hard Drive

Encrypted Email

Anti-Virus Protection

Strong Password(s)

What security measures have you implemented?

What’s at stake?

Introduction

Identity fraud

Loss of money/finances

Higher interest rates, credit ineligibility, or bankruptcy

Time/Expense of resolving identity theft

Loss of privacy

Broken relationships

Damaged image/reputation

Personal safety/Kidnapping target

Decline in employability/healthcare

Quality vs. “Target Marketing” Advertisements

Is someone making your system obsolete?*

*System can be defined as

desktop/laptop computers,

smartphones, tablets, and

other Internet-ready devices

Did You Know?

According to the IC3* 2012 Internet Crime Report:

There were 289,874 complaints received with an

adjusted dollar loss of over $525 million

U.S. males slightly outnumbered females in complaints

filed

The highest percentage of complaints are between

40-59 years of age And those

statistics just account for the reported

cases!

*The Internet Crime

Complaint Center (IC3) is

a partnership between

the FBI and the NW3C.

Empower Yourself

Introduction

Detect

Respond Adapt

Prevent

Knowledge

Power

You Can Find Articles & Statistics…

Agenda

DEMONSTRATIONS

Live Demonstrations

Ghostery

Calomel SSL Validation

Open PGP

NoScript

Truecrypt

Google Images (http://images.google.com/)

Always assess how tools are supported

Agenda

TOOLS/RESOURCES

Ghostery

Ghostery® shows you the invisible

web – cookies, tags, web bugs, pixels

and beacons--and gives you a roll-

call of over 1,700 ad networks,

behavioral data providers, web

publishers and other companies

interested in your activity.

Then we help you learn about those

companies, so you can make

informed decisions about what you are/aren’t willing to share, and control your online privacy.

Ghostery is available for nearly every device and browser: Firefox,

IE, Safari, Chrome, Opera, iOS and Android via the Firefox Browser.

Calomel SSL Validation

This add-on was designed to more easily show

the true security state of the connection so

everyone can learn more about ciphers and

encryption using SSL. Firefox currently shows a

green URL tag for an extended validation (EV)

or a blue URL tag for a domain validation (DV)

certificate and a lock icon if the connection is

SSL encrypted.

We did not think this was enough information to

decide if the connection to the site was truly

secure. This is why the "Calomel SSL Validation"

add-on was developed. We score the

connection on the following items: if the

certificate was valid, if the fully qualified host

name is equal to the common name the

certificate was registered for and the strength

of the cipher and cipher key length.

NoScript

Introduction

The NoScript Firefox extension provides

extra protection for Firefox, Seamonkey

and other mozilla-based browsers: this

free, open source add-on allows JavaScript, Java, Flash and other plugins

to be executed only by trusted web sites of your choice (e.g. your online bank).

NoScript's unique whitelist based pre-

emptive script blocking approach prevents exploitation of security vulnerabilities (known and even not

known yet!) with no loss of functionality...

Open PGP

Introduction

OpenPGP is a non-proprietary protocol for encrypting

email using public key cryptography. It is based on PGP as

originally developed by Phil Zimmermann. The OpenPGP

protocol defines standard formats for encrypted messages,

signatures, and certificates for exchanging public keys.

Disk Encryption

Introduction

Creates a virtual encrypted disk within a file and mounts it as a real disk.

Encrypts an entire partition or storage device such as USB flash drive or hard

drive.

Encrypts a partition or drive where Windows is installed (pre-boot

authentication).

Encryption is automatic, real-time (on-the-fly) and transparent.

Comments We’ve Received

Not sure I know how to confirm deletion of my Blue-toothed

contacts at vehicle lease end.

Response to commercial trackers “ughh”, “wow”, “...is that legal for them to do?”

Is it safe to control my home security controls over the

Internet?

How do I know what my neighbors can see on my network?

Tried encrypted mail before but was too difficult and no

one to communicate with.

Disgusting

Had uneasy feeling that I was being tracked but didn't

know how or what to do.

Yeah, employees probably are putting things onto external

clouds (e.g. Google Docs, etc.) for convenience.

What can you do (sigh)?

Some Best Practices

Do not post too much personal information online

If it’s free, you are probably the payment…

Use special characters when creating passwords

Be curious about your Smart Device … look around

Do not store passwords online or on your computer

Update your anti-virus software often

Don’t store cookies

Looks for sites using https://

Encrypt hard drives to protect your personal data

Be wary of public Wi-Fi: Secure vs. Unsecure Networks

Turn off Blue Tooth if not being actively used

Understanding what others can see about you, your network

Learn privacy implication of features and new technology

Do not post too much personal information online

Additional Reading

Baby Monitor Vulnerability http://arstechnica.com/security/2013/10/hack-turns-belkin-baby-monitor-into-iphone-controlled-bugging-device/

LG SmartTV http://arstechnica.com/security/2013/11/lg-smart-tv-snooping-extends-to-home-networks-second-blogger-says/

Electronic Frontier Organization Suggestions on Surveillance Security (draft) https://ssd.eff.org/

Discussions (technical crowd) on Privacy http://slashdot.org/tags.pl?tagname=privacy

FBI Cyber Most Wanted http://www.fbi.gov/wanted/cyber

Logged Wi-Fi Networks https://wigle.net/

Privacy Topics https://en.wikipedia.org/wiki/Online_privacy

Monthly Newsletter (Coming Soon!)

Newsletter Title

TBD

CYBERSPACE SECURITY, REAL WORLD SAFETY

Next Steps

Want to stay current with the latest news, trends & tips

on protecting your privacy? Subscribe to our blog by

sending us an email at [email protected]