Module 3 Protecting Your Data and Privacy.pdf

Full Transcript

Module 3: Protecting
Your Data and Privacy
Introduction to Cybersecurity (I2CS)
Module Objectives
Module Title: Protecting Your Data and Privacy
Module Objective: Explain how to protect yourself while online.

Topic Title Topic Objective

Protecting Your Devices and
Identify ways to protect their computing devices.
Network
Data Maintenance Use wireless networks safely.

Who Owns Your Data? Create strong passwords.

Safeguarding Your Online Privacy Implement techniques to maintain data securely.
Discover Your Own Risky Online
Explain ways to enhance security of online data.
Behavior

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
3.1 Protecting Your Devices
and Network

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
Protecting Your Devices and Network
Protecting Your Computing Devices
Some top tips on how to protect the security of your devices:

Turn the You should use at least one type of firewall (either a software firewall or a hardware firewall on a router) to
firewall on protect your device from unauthorized access. The firewall should be turned on and constantly updated to
prevent hackers from accessing your personal or organizational data.
Install Malicious software, such as viruses and spyware, is designed to gain unauthorized access to your computer and
antivirus and data. Once installed, viruses can destroy your data and slow down your computer. They can even take over your
antispyware computer and broadcast spam emails using your account. Spyware can monitor your online activities, collect
your personal information or produce unwanted pop-up ads on your web browser while you are online. To
prevent this, you should only ever download software from trusted websites. However, it would help if you always
used antivirus software to provide another layer of protection. This software, which often includes antispyware, is
designed to scan your computer and incoming email for viruses and delete them.
Manage your Hackers are always trying to take advantage of your operating system or web browser vulnerabilities. Therefore,
operating to protect your computer and your data, you should set the security settings on your computer and browser to a
system and medium level or higher. You should also regularly update your computer’s operating system, including your web
browser browser, and download and install the latest software patches and security updates from the vendors.
Set up All your computing devices should be password protected to prevent unauthorized access. Any stored
password information, especially sensitive or confidential data, should be encrypted. You should only store necessary
protection information on your mobile device in case it is stolen or lost. Remember, if any of your devices is compromised,
the criminals may be able to access all data through your cloud storage service provider, such as iCloud or
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4

Google Drive.
Protecting Your Devices and Network
Wireless Network Security at Home
Wireless networks allow Wi-Fi-enabled devices to connect to the network by way of an SSID.
A wireless router can be configured not to broadcast the SSID, but there needs to be an adequate security
for a wireless network.
Hackers will be aware of the preset SSID and default password, so to prevent intruders from entering your
home wireless network you should change these details.
Furthermore, you can encrypt wireless communication by enabling wireless security and the WPA2
encryption feature on your wireless router.
But be aware even with WPA2 encryption enabled, a wireless network can still be vulnerable.

Discovery of a security flaw in the WPA2 protocol in 2017
Key reinstallation attacks (KRACKs) by intruders that break the encryption between a wireless router
and a wireless device, giving them access to network data can exploit this vulnerability.
This flaw affects all modern, protected Wi-Fi networks, and to mitigate this situation, you should:
Update all wireless capable devices as soon as security updates become available
Use a wired connection for any devices with a wired NIC
Use a trusted VPN service when accessing a wireless network.

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
Protecting Your Devices and Network
Public Wi-Fi Risks
When you are away from home, you can access your online information and surf the Internet via
public wireless networks or Wi-Fi hotspots.

However, some risks are involved, meaning it is best not to access or send personal information
using public Wi-Fi.

It would help if you continuously verified that your device does not configure with file and media
sharing and requires user authentication with encryption.

You should also use an encrypted VPN service to prevent others from intercepting your
information (known as ‘eavesdropping’) over a public wireless network.

This service gives you secure access to the Internet by encrypting the connection between your
device and the VPN server.

Even if hackers intercept a data transmission in an encrypted VPN tunnel, they cannot decipher it.

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
Protecting Your Devices and Network
A Strong Password

Here are a few simple tips to help you when choosing a strong password.

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
Protecting Your Devices and Network
Using a Passphrase
It would help if you considered using passphrases instead of passwords to prevent unauthorized
access to your devices.
A passphrase generally takes the form of a sentence (‘Acat th@tlov3sd0gs.’), making it easier for
you to remember.
And because it’s longer than a typical password, it’s less vulnerable to dictionary or brute-force
attacks.
Here are a few tips for creating a good passphrase:

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
Protecting Your Devices and Network
Password Guidelines
The United States National Institute of Standards and Technology (NIST) has published improved
password requirements.
NIST standards are intended for government applications but can also serve as a standard for
other sectors.
These guidelines aim to place responsibility for user verification on service providers and ensure a
better experience for users overall.
They state:
Passwords should be at least eight characters but no more than 64 characters.
Common, easily guessed passwords, such as ‘password’ or ‘abc123’, should not be used.
No composition rules should exist, including lower and uppercase letters and numbers.
Users should be able to see the password when typing to help improve accuracy.
All printing characters and spaces should be allowed.
There should be no password hints.
There should be no password expiration period.
There should be no knowledge-based authentication, such as providing answers to secret
questions or verifying transaction history.

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
3.2 Data Maintenance

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
Data Maintenance
What is Encryption?
Encryption is the process of converting information into a form in which unauthorized parties
cannot read it.

Only a trusted, authorized person with a secret key or password can decrypt the data and access
it in its original form.

Note the encryption itself does not prevent someone from intercepting the data.

It can only prevent an unauthorized person from viewing or accessing the content.

Some criminals may encrypt your data and make it unusable until you pay a ransom.

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
Data Maintenance
How Do You Encrypt Your Data?
The use of software programs is to encrypt files, folders, and even entire drives.
EFS is a Windows feature that can encrypt data. It directly links to a specific user account, and only the
user who encrypts the data can access it after encryption using EFS.
How to encrypt data using EFS in all Windows versions:

Step 1 Step 2 Step 3 Step 4 Step 5
Select one or Right click the Find and click Select the ‘Encrypt Files and folders that
more files or selected data and ‘Advanced.’ contents to secure have been encrypted
folders. go to ‘Properties.’ data’ check box. with EFS are displayed
in green.

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
Data Maintenance
Back Up Your Data
Having a backup may prevent the loss of irreplaceable data.
To back up data correctly, you will need an additional storage location and must copy the data to
that location regularly.

Some of these additional storage locations:

Home network Locally storing your data means that you have total control of it.

Secondary location You could copy all your data to a NAS, a simple external hard drive, or maybe even back up
important folders on thumb drives, CDs, DVDs, or tapes. In this scenario, you are the data
owner, and you are responsible for the cost and maintenance of the storage device
equipment.
The cloud You could subscribe to a cloud storage service, like AWS. The cost of this service will depend
on the storage space you need, so you may need to be more selective about what data you
back up. You will have access to your backup data as long as you have access to your
account. One of the benefits of using a cloud storage service is that your data is safe in the
event of a storage device failure or if you experience an extreme situation such as a fire or
theft.
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
Data Maintenance
How Do You Delete Your Data Permanently?
Have you ever had to delete data or get rid of a hard drive?

If so, did you take any precautions to safeguard the data to keep it from falling into the wrong
hands?

What should you do to ensure you delete your files securely and permanently?
To erase data, so it is no longer recoverable, it must be overwritten with ones and zeroes
multiple times, using tools specifically designed to do just that.
SDelete from Microsoft claims to have the ability to remove sensitive files altogether.
Shred for Linux and Secure Empty Trash for Mac OS X claim to provide a similar service.
The only way to ensure that data or files are not recoverable is to destroy the hard drive or
storage device physically.
Many criminals have taken advantage of files thought to be impenetrable or irrecoverable!

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
3.3 Who Owns Your Data?

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
Who Owns Your Data?
Understand the Terms

The Terms of Service will include some sections, from user rights and responsibilities to
disclaimers and account modification terms.

The data use policy outlines how the service provider will collect, use and share your data.

The privacy settings allow you to control who sees information about you and who can access
your profile or account data.

The security policy outlines what the company is doing to secure the data it obtains from you.

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16
Who Owns Your Data?
What are you Agreeing To?

You have successfully created the @Apollo account and agreed to the Terms of Service of the
online photo sharing company.

But do you really know what you have signed up for?

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17
Who Owns Your Data?
Before You Sign Up
What factors should you consider before you sign up for an online service?

Have you read the Terms of Service?

What are your rights regarding your data?

Can you request a copy of your data?

What can the provider do with the data you upload?

What happens to your information when you close your account?

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18
3.4 Safeguarding Your Online
Privacy

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19
Safeguarding Your Online Privacy
Two Factor Authentication
Popular online services, such as Google, Facebook, Twitter, LinkedIn, Apple, and Microsoft, use
two-factor authentication to add an extra layer of security for account logins.

Besides your username and password or personal identification number (PIN), two-factor
authentication requires a second token to verify your identity.

This may be a:
a physical object such as a credit card, mobile phone, or fob
a biometric scan such as a fingerprint or facial and voice recognition
Verification code sent via SMS or email.

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20
Safeguarding Your Online Privacy
Open Authorization
Open authorization (OAuth) is an open standard protocol that allows you to use your credentials to
access third-party applications without exposing your password.
What does this mean in practice?
You are looking forward to registering for Cisco’s ‘Cybersecurity Essentials,’ the next course in this
series, to help you develop your career. But you must be logged into the eLearning portal to do
so.

You can’t remember your login details, but that’s OK. The portal allows you to log in using your
credentials from a social media website such as Facebook or via another account such as
Google.

So instead of having to reset your login details, you easily log into the eLearning portal using your
existing social media accounts and register for your next course. You can’t wait to get started!

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21
Safeguarding Your Online Privacy
Email and Web Browser Privacy
These problems can be minimized by enabling the in-private browsing mode on your web
browser.
Many of the most used web browsers have their name for private browser mode:
Microsoft Internet Explorer: InPrivate
Google Chrome: Incognito
Mozilla Firefox: Private tab or private window
Safari: Private browsing

How does the private mode work?
When private mode is enabled, cookies — files saved to your device to indicate your visited
websites — are disabled.
Therefore, remove any temporary internet files, and delete your browsing history when you
close the window or program.
This may help prevent others from gathering information about your online activities and
enticing you to buy something with targeted ads.
Even with private browsing enabled and cookies disabled, companies are constantly
developing new ways of fingerprinting users to track their online behavior.
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22
3.5 Discover Your Own Risky
Online Behavior

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23
3.6 Module Quiz

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24
Attacks, Concepts and Techniques Summary
What Did I Learn in this Module?
It is important to protect the security of your devices.
Some tips for doing this are: turn the firewall on, install antivirus and antispyware, manage your operating system browser, and
set up password protection.
The preset SSID and default password should change to prevent intruders from entering your home wireless network.
Furthermore, it would help if you encrypted wireless communication by enabling wireless security and the WPA2 encryption
feature on your wireless router.
But even with WPA2 encryption enabled, a wireless network can still be vulnerable.
It is best not to access or send any personal information when using public Wi-Fi.
It would help if you continuously verified that your device configures file and media sharing and requires user authentication
with encryption.
You should also use an encrypted VPN service to prevent others from intercepting your information over a public wireless
network.
Always use strong passwords, not using misspelled passwords of common dictionary words, and using special characters and
passwords longer than ten characters.
You should consider the use of passphrases.
Encryption is the process of converting information into a form in which unauthorized parties cannot read it.
The encryption itself does not prevent someone from intercepting the data.
It can only prevent an unauthorized person from viewing or accessing the content.

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25
Attacks, Concepts and Techniques Summary
What Did I Learn in this Module? (Cont.)
The use of software programs is to encrypt files, folders, and even entire drives.
Encrypting File System (EFS) is a Windows feature that can encrypt data.
Having a backup may prevent the loss of irreplaceable data.
Some storage locations are the home network, secondary location, and the cloud.
To erase data, so it is no longer recoverable, it must be overwritten with ones and zeroes multiple times, using tools specifically
designed to do just that.
However, the only way to ensure that data or files are not recoverable is to destroy the hard drive or storage device physically.
The Terms of Service will include some sections, from user rights and responsibilities to disclaimers and account modification
terms.
Consider some factors before you sign up for an online service, like reading it and knowing your rights.
Regarding your data, if or not you can request a copy of your data, among others.
Popular online services like Google and Facebook use two-factor authentication to add an extra layer of security for account
logins.
Open authorization (OAuth) is an open standard protocol that allows you to use your credentials to access third-party
applications without exposing your password.
A simple forged or spoofed email can lead to a massive data breach and cause irreversible damage to your reputation.
These problems can be minimized by enabling the in-private browsing mode on your web browser.

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26
Attacks, Concepts and Techniques Summary
New Terms and Commands
Firewall SDelete Forged email
Antivirusi Shred Spoofed email
Antispyware Secure Empty Trash
Shodan Terms of Services
Service set identifier (SSID) Data use policy
Virtual private network (VPN) Privacy settings
Passphrase Security policy
National Institute of Standards Two factor authentication
and Technology (NIST) Personal identification number
Encryption (PIN)
Encryption File System (EFS) Biometric scan
Amazon Web Services (AWS) Open authorization (OAuth)
Cloud Social sharing

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27