Personal Privacy and Security: Computer Security Lectures 2014/15 S2

This video is part of the computer/information/cyber security and ethical hacking lecture series; by Z. Cliffe Schreuders at Leeds Beckett University. Laboratory work sheets, slides, and other open educational resources are available at http://z.cliffe.schreuders.org.

The slides themselves are creative commons licensed CC-BY-SA, and images used are licensed as individually attributed.

Topics covered in this lecture include:

Practical advice you can use to keep yourself safer online!

Authentication
Passwords are important
They are the keys to your kingdom
Passwords are hard to use well
Solutions
Don’t reuse the same password for different services
Use high entropy techniques to generate passwords
Use password managers & have a master password
Use multifactor authentication / one-time passwords
Google Authenticator app, SMS, Yubikey
Google, Facebook
Privacy
Controlling information about yourself, is not a simple task
Lots of sites track your every move online
Technical solutions
Consider your privacy settings on your online services and apps
Evaluate your security settings for apps and OSs
Technical solutions
Do Not Track (cookie, to opt-out of tracking). “Subverted” by MS IE, which typically sets as default (therefore advertisers are more likely to ignore it)
Blocking cookies (or third-party cookies)
Blocking advertising (using AdBlock)
Blocking tracking (using NoScript, blocking Google Anaytics and others using Ghostery, using encryption, generate false traffic with TrackMeNot)
Is this ethical, if their business models rely on tracking and profiling end users?
Technical solutions
Using anonymising solutions such as:
VPN (virtual private network)
Tor (The Onion Router)
Proxies
I2P (Invisible Internet Project)
Technical solutions
Your data in the cloud
Storing your data on someone else’s server is convenient, but somewhat risky
Google Drive, Dropbox, etc
Data in the cloud
Technical solutions
Encrypt everything on your own computer, before uploading to a server
Some cloud storage systems are built this way:
MEGA, SpiderOak
Alternatively use EncFS, to encrypt and decrypt automatically before it is stored
Physical access
Technical solutions
Each separate user should have a separate user account – never login to a GUI as root/Administrator
Lock the screen or log out when leaving a computer
Data privacy
Technical solutions
Encrypt everything, everywhere
Full disk encryption
Hardware vs software encryption
Consider Webcams and microphones
Software breaks and misbehaves
Software vulnerabilities are accidentally introduced by programmers
Malware is intentionally malicious
Technical solutions
If you use Windows, install The Enhanced Mitigation Experience Toolkit, and use it to further protect the programs you use
Run software in sandboxes (for example, Sandboxie)
Don’t install software you don’t trust
Keep software up to date
Use anti-malware – there are free options
Email
Email is insecure
Yet email is very important
Technical solutions
Don’t assume all email is trustworthy
Critically evaluate attachments
S/MIME
PGP
Web
HTTP is insecure
HTTP is very important
Technical solutions
Use HTTPS
Check for secure connections
Check certificates
Wi-Fi security
Technical solutions
Wi-Fi encryption
Don’t use WEP
WPA2 is considered fairly secure
Disable Wi-Fi Protected Setup (WPS): it can often enable circumvention of authentication
Be safe

Previous post:

Next post: