Module 3 Protecting Your Data and Privacy.pdf
Document Details
Uploaded by Deleted User
2020
Tags
Full Transcript
Module 3: Protecting Your Data and Privacy Introduction to Cybersecurity (I2CS) Module Objectives Module Title: Protecting Your Data and Privacy Module Objective: Explain how to protect yourself while online. Topic Title Topic Objective Protecting Your Devices and...
Module 3: Protecting Your Data and Privacy Introduction to Cybersecurity (I2CS) Module Objectives Module Title: Protecting Your Data and Privacy Module Objective: Explain how to protect yourself while online. Topic Title Topic Objective Protecting Your Devices and Identify ways to protect their computing devices. Network Data Maintenance Use wireless networks safely. Who Owns Your Data? Create strong passwords. Safeguarding Your Online Privacy Implement techniques to maintain data securely. Discover Your Own Risky Online Explain ways to enhance security of online data. Behavior © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2 3.1 Protecting Your Devices and Network © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3 Protecting Your Devices and Network Protecting Your Computing Devices Some top tips on how to protect the security of your devices: Turn the You should use at least one type of firewall (either a software firewall or a hardware firewall on a router) to firewall on protect your device from unauthorized access. The firewall should be turned on and constantly updated to prevent hackers from accessing your personal or organizational data. Install Malicious software, such as viruses and spyware, is designed to gain unauthorized access to your computer and antivirus and data. Once installed, viruses can destroy your data and slow down your computer. They can even take over your antispyware computer and broadcast spam emails using your account. Spyware can monitor your online activities, collect your personal information or produce unwanted pop-up ads on your web browser while you are online. To prevent this, you should only ever download software from trusted websites. However, it would help if you always used antivirus software to provide another layer of protection. This software, which often includes antispyware, is designed to scan your computer and incoming email for viruses and delete them. Manage your Hackers are always trying to take advantage of your operating system or web browser vulnerabilities. Therefore, operating to protect your computer and your data, you should set the security settings on your computer and browser to a system and medium level or higher. You should also regularly update your computer’s operating system, including your web browser browser, and download and install the latest software patches and security updates from the vendors. Set up All your computing devices should be password protected to prevent unauthorized access. Any stored password information, especially sensitive or confidential data, should be encrypted. You should only store necessary protection information on your mobile device in case it is stolen or lost. Remember, if any of your devices is compromised, the criminals may be able to access all data through your cloud storage service provider, such as iCloud or © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4 Google Drive. Protecting Your Devices and Network Wireless Network Security at Home Wireless networks allow Wi-Fi-enabled devices to connect to the network by way of an SSID. A wireless router can be configured not to broadcast the SSID, but there needs to be an adequate security for a wireless network. Hackers will be aware of the preset SSID and default password, so to prevent intruders from entering your home wireless network you should change these details. Furthermore, you can encrypt wireless communication by enabling wireless security and the WPA2 encryption feature on your wireless router. But be aware even with WPA2 encryption enabled, a wireless network can still be vulnerable. Discovery of a security flaw in the WPA2 protocol in 2017 Key reinstallation attacks (KRACKs) by intruders that break the encryption between a wireless router and a wireless device, giving them access to network data can exploit this vulnerability. This flaw affects all modern, protected Wi-Fi networks, and to mitigate this situation, you should: Update all wireless capable devices as soon as security updates become available Use a wired connection for any devices with a wired NIC Use a trusted VPN service when accessing a wireless network. © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5 Protecting Your Devices and Network Public Wi-Fi Risks When you are away from home, you can access your online information and surf the Internet via public wireless networks or Wi-Fi hotspots. However, some risks are involved, meaning it is best not to access or send personal information using public Wi-Fi. It would help if you continuously verified that your device does not configure with file and media sharing and requires user authentication with encryption. You should also use an encrypted VPN service to prevent others from intercepting your information (known as ‘eavesdropping’) over a public wireless network. This service gives you secure access to the Internet by encrypting the connection between your device and the VPN server. Even if hackers intercept a data transmission in an encrypted VPN tunnel, they cannot decipher it. © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6 Protecting Your Devices and Network A Strong Password Here are a few simple tips to help you when choosing a strong password. © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7 Protecting Your Devices and Network Using a Passphrase It would help if you considered using passphrases instead of passwords to prevent unauthorized access to your devices. A passphrase generally takes the form of a sentence (‘Acat th@tlov3sd0gs.’), making it easier for you to remember. And because it’s longer than a typical password, it’s less vulnerable to dictionary or brute-force attacks. Here are a few tips for creating a good passphrase: © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8 Protecting Your Devices and Network Password Guidelines The United States National Institute of Standards and Technology (NIST) has published improved password requirements. NIST standards are intended for government applications but can also serve as a standard for other sectors. These guidelines aim to place responsibility for user verification on service providers and ensure a better experience for users overall. They state: Passwords should be at least eight characters but no more than 64 characters. Common, easily guessed passwords, such as ‘password’ or ‘abc123’, should not be used. No composition rules should exist, including lower and uppercase letters and numbers. Users should be able to see the password when typing to help improve accuracy. All printing characters and spaces should be allowed. There should be no password hints. There should be no password expiration period. There should be no knowledge-based authentication, such as providing answers to secret questions or verifying transaction history. © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9 3.2 Data Maintenance © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10 Data Maintenance What is Encryption? Encryption is the process of converting information into a form in which unauthorized parties cannot read it. Only a trusted, authorized person with a secret key or password can decrypt the data and access it in its original form. Note the encryption itself does not prevent someone from intercepting the data. It can only prevent an unauthorized person from viewing or accessing the content. Some criminals may encrypt your data and make it unusable until you pay a ransom. © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11 Data Maintenance How Do You Encrypt Your Data? The use of software programs is to encrypt files, folders, and even entire drives. EFS is a Windows feature that can encrypt data. It directly links to a specific user account, and only the user who encrypts the data can access it after encryption using EFS. How to encrypt data using EFS in all Windows versions: Step 1 Step 2 Step 3 Step 4 Step 5 Select one or Right click the Find and click Select the ‘Encrypt Files and folders that more files or selected data and ‘Advanced.’ contents to secure have been encrypted folders. go to ‘Properties.’ data’ check box. with EFS are displayed in green. © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12 Data Maintenance Back Up Your Data Having a backup may prevent the loss of irreplaceable data. To back up data correctly, you will need an additional storage location and must copy the data to that location regularly. Some of these additional storage locations: Home network Locally storing your data means that you have total control of it. Secondary location You could copy all your data to a NAS, a simple external hard drive, or maybe even back up important folders on thumb drives, CDs, DVDs, or tapes. In this scenario, you are the data owner, and you are responsible for the cost and maintenance of the storage device equipment. The cloud You could subscribe to a cloud storage service, like AWS. The cost of this service will depend on the storage space you need, so you may need to be more selective about what data you back up. You will have access to your backup data as long as you have access to your account. One of the benefits of using a cloud storage service is that your data is safe in the event of a storage device failure or if you experience an extreme situation such as a fire or theft. © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13 Data Maintenance How Do You Delete Your Data Permanently? Have you ever had to delete data or get rid of a hard drive? If so, did you take any precautions to safeguard the data to keep it from falling into the wrong hands? What should you do to ensure you delete your files securely and permanently? To erase data, so it is no longer recoverable, it must be overwritten with ones and zeroes multiple times, using tools specifically designed to do just that. SDelete from Microsoft claims to have the ability to remove sensitive files altogether. Shred for Linux and Secure Empty Trash for Mac OS X claim to provide a similar service. The only way to ensure that data or files are not recoverable is to destroy the hard drive or storage device physically. Many criminals have taken advantage of files thought to be impenetrable or irrecoverable! © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14 3.3 Who Owns Your Data? © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15 Who Owns Your Data? Understand the Terms The Terms of Service will include some sections, from user rights and responsibilities to disclaimers and account modification terms. The data use policy outlines how the service provider will collect, use and share your data. The privacy settings allow you to control who sees information about you and who can access your profile or account data. The security policy outlines what the company is doing to secure the data it obtains from you. © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16 Who Owns Your Data? What are you Agreeing To? You have successfully created the @Apollo account and agreed to the Terms of Service of the online photo sharing company. But do you really know what you have signed up for? © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17 Who Owns Your Data? Before You Sign Up What factors should you consider before you sign up for an online service? Have you read the Terms of Service? What are your rights regarding your data? Can you request a copy of your data? What can the provider do with the data you upload? What happens to your information when you close your account? © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18 3.4 Safeguarding Your Online Privacy © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19 Safeguarding Your Online Privacy Two Factor Authentication Popular online services, such as Google, Facebook, Twitter, LinkedIn, Apple, and Microsoft, use two-factor authentication to add an extra layer of security for account logins. Besides your username and password or personal identification number (PIN), two-factor authentication requires a second token to verify your identity. This may be a: a physical object such as a credit card, mobile phone, or fob a biometric scan such as a fingerprint or facial and voice recognition Verification code sent via SMS or email. © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20 Safeguarding Your Online Privacy Open Authorization Open authorization (OAuth) is an open standard protocol that allows you to use your credentials to access third-party applications without exposing your password. What does this mean in practice? You are looking forward to registering for Cisco’s ‘Cybersecurity Essentials,’ the next course in this series, to help you develop your career. But you must be logged into the eLearning portal to do so. You can’t remember your login details, but that’s OK. The portal allows you to log in using your credentials from a social media website such as Facebook or via another account such as Google. So instead of having to reset your login details, you easily log into the eLearning portal using your existing social media accounts and register for your next course. You can’t wait to get started! © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21 Safeguarding Your Online Privacy Email and Web Browser Privacy These problems can be minimized by enabling the in-private browsing mode on your web browser. Many of the most used web browsers have their name for private browser mode: Microsoft Internet Explorer: InPrivate Google Chrome: Incognito Mozilla Firefox: Private tab or private window Safari: Private browsing How does the private mode work? When private mode is enabled, cookies — files saved to your device to indicate your visited websites — are disabled. Therefore, remove any temporary internet files, and delete your browsing history when you close the window or program. This may help prevent others from gathering information about your online activities and enticing you to buy something with targeted ads. Even with private browsing enabled and cookies disabled, companies are constantly developing new ways of fingerprinting users to track their online behavior. © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22 3.5 Discover Your Own Risky Online Behavior © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23 3.6 Module Quiz © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24 Attacks, Concepts and Techniques Summary What Did I Learn in this Module? It is important to protect the security of your devices. Some tips for doing this are: turn the firewall on, install antivirus and antispyware, manage your operating system browser, and set up password protection. The preset SSID and default password should change to prevent intruders from entering your home wireless network. Furthermore, it would help if you encrypted wireless communication by enabling wireless security and the WPA2 encryption feature on your wireless router. But even with WPA2 encryption enabled, a wireless network can still be vulnerable. It is best not to access or send any personal information when using public Wi-Fi. It would help if you continuously verified that your device configures file and media sharing and requires user authentication with encryption. You should also use an encrypted VPN service to prevent others from intercepting your information over a public wireless network. Always use strong passwords, not using misspelled passwords of common dictionary words, and using special characters and passwords longer than ten characters. You should consider the use of passphrases. Encryption is the process of converting information into a form in which unauthorized parties cannot read it. The encryption itself does not prevent someone from intercepting the data. It can only prevent an unauthorized person from viewing or accessing the content. © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25 Attacks, Concepts and Techniques Summary What Did I Learn in this Module? (Cont.) The use of software programs is to encrypt files, folders, and even entire drives. Encrypting File System (EFS) is a Windows feature that can encrypt data. Having a backup may prevent the loss of irreplaceable data. Some storage locations are the home network, secondary location, and the cloud. To erase data, so it is no longer recoverable, it must be overwritten with ones and zeroes multiple times, using tools specifically designed to do just that. However, the only way to ensure that data or files are not recoverable is to destroy the hard drive or storage device physically. The Terms of Service will include some sections, from user rights and responsibilities to disclaimers and account modification terms. Consider some factors before you sign up for an online service, like reading it and knowing your rights. Regarding your data, if or not you can request a copy of your data, among others. Popular online services like Google and Facebook use two-factor authentication to add an extra layer of security for account logins. Open authorization (OAuth) is an open standard protocol that allows you to use your credentials to access third-party applications without exposing your password. A simple forged or spoofed email can lead to a massive data breach and cause irreversible damage to your reputation. These problems can be minimized by enabling the in-private browsing mode on your web browser. © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26 Attacks, Concepts and Techniques Summary New Terms and Commands Firewall SDelete Forged email Antivirusi Shred Spoofed email Antispyware Secure Empty Trash Shodan Terms of Services Service set identifier (SSID) Data use policy Virtual private network (VPN) Privacy settings Passphrase Security policy National Institute of Standards Two factor authentication and Technology (NIST) Personal identification number Encryption (PIN) Encryption File System (EFS) Biometric scan Amazon Web Services (AWS) Open authorization (OAuth) Cloud Social sharing © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27