1. No category

Today`s Cyber Security Weather Forecast: Partly Cloudy with

Today'sCyberSecurityWeatherForecast:
PartlyCloudywithChanceofRain
(ButNo,TheSkyISN'TFalling...)
BigSkyInformaFonSecurityConference
JoeStSauver,Ph.D.([email protected])
Scien8st,FarsightSecurity,Inc.
10:00-10:50AM,April19th,2017
NorthBallroomintheUC,
UniversityofMontana,Missoula,MT
hOps://www.stsauver.com/joe/bigsky/
I.IntroducFon
Thanks
•  I'dliketothankMr.AdrianIrishandeveryoneinvolvedwith
planningtheBigSkyInforma8onSecurityConferenceforthe
invita8ontotalkwithyoutoday.
•  I'dalsoliketothankMr.NathanYrizarryforhispa8entassistance
withmee8ng/travellogis8cs.
•  Thanks,too,toMr.BenApril,Ms.MerikeKaeoandDr.PaulVixie
atFarsightSecurity,forleWngmetakethe8metobewithyou
heretoday.
•  Andlastbutnotleast,thankstoallofYOUformaking8meto
aOendtoday.
3
ALiSleAboutMe
•  IworkedfortheUniversityofOregonCompu8ngCenterinEugene
forabout28years.Duringpartofthat8me,IranAcademic
Compu8ng(roughlyathirdoftheCompu8ngCenter).
•  Around2006,underacontractUOsignedwithInternet2,Ibegan
workingforInternet2astheirNaFonwideSecurityPrograms
Manager.SomewhatlaterIalsoassumedresponsibilityforthe
InCommonSSL/TLSCerFficateProgramandMulFfactorProgram.
•  In2014,Ifinallyle_UOandjoinedPaulVixie'scompany,Farsight
Security,Inc.,(hOps://farsightsecurity.com/).
•  WithFarsight'sconsent,Iremainac8veinavarietyofna8onaland
interna8onalcybersecurityac8vi8es,includingservingasoneof
halfadozenSeniorTechnicalAdvisorsforM3AAWG,and
par8cipa8ngontheREN-ISACTAG(TechnicalAdvisoryGroup).
•  Youcanseesomeofmypreviouspublictalksandblogpos8ngsat
hOps://www.stsauver.com/joe/
4
It'sNicetoBeBackInMontana
•  Inmanyways,beinghereinMissoulafeelsalotlike"coming
home."Every8meI'vebeeninthestate,I'vebeenstruckbyits
wildbeautyandlimitlessopportunity.
•  IalsoreallylikeMontanans.MywifeBevwasborninHelena,and
hergrandparentsusedtohavearanchupintheSweetGrassHills
aroundWhitlash,outsideofShelby,justsouthoftheAlberta
border.
•  Anyhow,Ithinkyou'reluckytoliveinaterrificstate.Thanksfor
leWngmevisit.
5
Today'sFormatAndAudience
•  I'vepreparedsomematerialtogooverwithyou.
•  IwastoldtoexpectamixofregularusersandITfolks,soI'mgoing
tointerleavemymaterialabit,withhopefullyneithergroup
feelingneglected(orboredoroverwhelmed).
•  Ifyou'vegotques8onsaswegoalong,youcanaskthemorsave
themtotheend(Idowanttostayon8me,soifwegettoomany
ques8onsImaydefersomeofthemtotheend).
•  I'llbemakingtheseslidesavailable,justlikemostofmytalks,soif
wedon'tgetthrougheverything,don'tworry,youcanalways
checktheslides(ifyouwantto).
6
SpeakingofSlides...
•  Bynowyoumayhaveno8cedmyslidestyle–theexactopposite
ofthe"havethreeorfourbriefbulletpointsperslide"format
that'snormallyrecommendedforPowerPoint-ware.
•  Thisisinten8onal,andIdoitforanumberofreasons,including:
--Itforcesmetoprepare(semi-)coherentcomments.:-)
--IthelpsmestayontrackandreducesthelikelihoodthatI'llget
sidetrackedandrunoutof8me
--ItreducesthelikelihoodthatI'llbemisquotedby3rdpar8es
--Iteliminatestheneedforyoutotrytotakenotes(youcanjust
grabacopyofmyslidesa_erthefact)
--Thosewhocouldn'tmakethesessioncanatleastlookatthe
slidesifthey'recurious
--It'slike"capFoning"forthedeaforhearing-impaired.
--GoogleandBingtendtoindexmyslidespreOywell,too,FWIW
--Butrelax:I'mNOTgoingtoreadmyslidestoyouword-for-word
7
MyInterestinThePercepFonofRisk
andDecisionMaking
•  Inmanyways,today'stalkisallaboutthepercepFonofrisk,and
howhumanbeingsmakesecuritydecisionsinlightofthoserisks.
•  FWIW,myterminaldegreeisfromwhatwaspreviouslyknownas
theDecisionSciencesDepartment(nowrechristened"Opera8ons
andBusinessAnaly8cs")attheUniversityofOregon.
•  Aspartofthatprogram,Iwasfortunatetobeabletotakeclasses
fromsometrulylegendarydecisiontheorists,includingDr.Paul
SlovicofUO'sPsychDepartment&DecisionResearch,Inc.,see
(hOp://www.decisionresearch.org/researcher/paul-slovic-ph-d/)
•  ThatbackgroundinDecisionSciencesprovidedanicefounda8on
formyworkincybersecuritysincethedominantapproachto
cybersecurityatthemanageriallayerhasnowbecomefirmly
rootedin"riskmanagement."
8
RiskManagement?
•  Whenmanagementadoptsariskmanagementapproachforcyber
security,theythinkaboutconceptslike...
•  "Risk=threatxvulnerabilityxconsequence"
•  "Op8onsforrespondingtoarisk:mi8gatetherisk,avoidtherisk,
transfertherisk,accepttherisk..."
•  "Ensurethatcostsofmi8ga8ngrisksdon'texceedtheexpected
lossesthatmightotherwisehaveoccured."
•  Riskmanagementapproachesareo_enlumpedwithinanoverall
"Governance,RiskandCompliance"framework.
•  YoucanseemytakeonGRCvstechnicalsecurityinadozenslidesI
puttogetherfor"MovingFromSecuritytoGovernance,Riskand
Compliance:CampusPerspec8vePanel"
hOps://www.stsauver.com/joe/security-to-grc/security-to-grc.pdf
9
III.Risk,andThePercepFonofRisk
"[...]peopleoveresFmaterisksthatarebeing
talkedaboutandremainanobjectofpublic
scruFny.News,bydefiniFon,isabout
anomalies."
BeyondFear:ThinkingSensiblyaboutSecurity
inanUncertainWorld(2003),BruceSchneier
(hOps://books.google.com/books?
id=btgLBwAAQBAJ&pg=PA27&lpg=PA27)
BelieveItOrNot,IMO,ThingsAreActuallyGoing
PreSyWellInMontanaHigherEdCyberSecurity
•  Tothebestofmyknowledge,Montanacollegesanduniversi8es
haveNOTandareNOTexperiencing:
–  Majordatabreaches
–  Widespreadmalwareinfec8ons/worms
–  Ongoingdistributeddenialofservice(DDoS)aOack
–  OutboundemailgeWngblockedbymajorserviceproviders
–  Majordatacenterfiresorotherphysicaldisasters
–  Mul8-million-dollarfinancialloss(e.g.,businessemail
compromise,etc)
THAT'SWONDERFUL!
SpecificExamplesofStuffGoingWell
•  Studentstookclassesandlearnednewstuff,includingonline.
•  Faculty/staffgottheirworkdone(andgotpaid!),perhapsteaching,
perhapsdoingresearchandmakingsomecoolnewdiscoveries.
CybersecurityDIDN'Tgetintheway.
•  Millionsofpeopleallovertheplaceusedtheircomputersandtheir
smartphonesandnothingsignificantwentawry..."
•  Americanswereabletosendandreceivemail,buystuffonthe
web,spend8meonsocialmedia,playcomputergames,etc.
•  Somepeopleevenrecentlyspent8mewiththeirfamiliesand
friendsoverEasterdinnerwithagoodboOleofwineandDIDN'T
spendtheweekendworryingaboutcybersecurityorworkingon
fixingcompromisedcomputers.
•  ThisisNOT"news."Butitreallyshouldbe.Stuffisactually
workingpreSywell,atleastforthemostpart,Ithink.
12
I'veSaidIThinkThingsAreGoingPreSyWellBefore
•  Forexample,checkout:"SeeingOnlySharkFinsandDiscarded
Plas8cShoppingBagsInanSeaofBeauty,EleganceandPlenty,"
hOp://www.cybergreen.net/2016/02/01/201621seeing-onlyshark-fins-and-discarded-plas8c-shopping-bags-in-an-sea-ofbeauty-elegance-and-plenty/
•  "Today’scybersecurityculturelargelydiscountsorignoresthe
Internet’soverwhelmingsuccess.We’vebecomecablenews
journalists,con8nuallysearchingfornewtragedies,newdisasters.
Professionalpessimistsandparanoids,wesearchforevidence
suppor8ngourpersecu8oncomplex:yes,theworldreallyisoutto
getus,see?Wetakeprideinbeingskep8cal,streetsmart,cynical,
anddistrusrul.Ourdemeanorisrou8nelygrave,headsshaking
backandforth,clearlyconveyingthattheaudienceshouldnot
expectthepa8enttolive,evenwithourownherculeaneffortsand
theconveyanceofmuchtreasure.Thisisamistake."
13
TheNewssays...
•  Ifyoufollowthenews,yourimpressionwillalmostcertainlybe
thattheInternetISapreSydangerousandscaryplace.
•  Badnewsalwaysseemstomakesheadlines:
– "Horriblenewmalware..."
– "HugeDDoS!"
– "Inconceivably-boneheadedsocwareflaws"
– "Worsethaneverybefore..."
– "Recordbreakingbreach"
14
EOTWAWKI?
•  Thelogicalconclusionfromallthisbadcybersecuritynewsisthat
the"EndoftheWorldAsWeKnowIt"mustbeimminent.
•  SurelyitMUSTbe8metodisconnectfromtheInternet,retreatto
ourhomesandpassivelyawaittheTerminators*and"Skynet."**
•  Imeanhey,it'sreally,REALLYbadoutthereaccordingtothe
media,right?RIGHT?
•  NO.NOT.
-----
*"RussiaTrainsRobotToShootGuns:CanHumansPreventRiseOf
Terminator-LikeKillingMachines?"(17April2017),
hOp://www.tech8mes.com/ar8cles/205103/20170417/russia-trainsrobot-to-shoot-guns-can-humans-prevent-rise-of-terminator-likekilling-machines.htm
**hOp://terminator.wikia.com/wiki/Skynet
15
"ButJoe!PeopleAreReallyShellingOutTheBucks!"
•  "Worldwidespendingoncybersecurityispredictedtotop$1
trillionforthefive-yearperiodfrom2017to2021,accordingto
theCybersecurityMarketReport,publishedbyCybersecurity
Ventures.[...]
"Inearly2015IngaBeale,CEOattheBri8shinsurerLloyd's,
claimedthatcybercrimewascos8ngbusinessesgloballyupto
$400billionayear.SeveralmonthslaterJuniperResearchreleased
areportwhichsaidcybercrimewillcostbusinessesover$2trillion
by2019.MicrosocCEOSatyaNadellastated$3trillionofmarket
valuewasdestroyedin2015duetocybercrime."
hOp://www.csoonline.com/ar8cle/3083798/security/
cybersecurity-spending-outlook-1-trillion-from-2017-to-2021.html
16
IDon'tCare.MyOutlookIsSFllOpFmisFcForCyber
•  Peoplemaycallme"naive"or"simple-minded"or"Pollyannaish"*
forbelievingthatthingsaregenerallygoingwellonline--op8mism
hasneverbeenvery"fashionable"inthecybersecurity
community.
•  Gloomanddoomistheexpectedorderoftheday.Scarepeople.
MakethingsseemasBADastheypossiblycouldbe.FearSELLS!**
•  IadmitI'vebeenaspronetoward"cyberpessimism"asthenext
guy,butI'mmakingaconsciousefforttoobjecFvelyre-self-assess.
----
*"Whenyouputaposi?vespinoneverything,eventhingsthatcallforsadnessor
discouragement,you'rebeingpollyannaish.Thewordcomesfroma1913children's
bookbyEleanorH.Porter,Pollyanna,aboutayounggirlwhotriestofindsomething
posi?veineverysitua?on—atrickshecalls"theGladGame."
[fromvocabulary.com]
**hPps://seekingalpha.com/ar?cle/4034827-rising-fears-liX-cybersecurity-boats
17
I'mNotTheOnlyOne"Re-Self-Assessing"
"Google’sactuallyareallygoodexamplewherethey’vedonealotofuser
tes8ngintermsofhowdopeoplerespondtosecuritywarnings.Havingtoomany
ofthemandhavingthemwhenthey’reunclearisreallyhardtogetpeopleto
understandwhatyou’retryingtocommunicatetothem,andthenalsomo8vate
themtotakethestepsandthebehaviorthatyouhopethattheywilldo."***
"IthinkoneofthenegaFveconsequencesofsomeofthisfear-based
communicaFonisthatwhenyou’vesufficientlyscaredpeople,theymakepoor
decision[s]andthat’sactuallyhowweendupwithreallypoorlawsandregula8on
inthisspaceaswellbecause,youknow,we’vesufficientlyfreakedoutsocietyand
they’redistracted,they’renotfocusedontherightthings."***
"[...]ifthere’sanonlineaccountthat’scompromisedtoday,it’sabig
headline.It’snewseverywhere,andIthinkweneedtogetpeopletothepoint
wherethey’recomfortableenoughwiththisnewnormal,thattheydon’tfreak
outeveryFme.Becauseagain,thatfeariswhereitmakesitreallydifficultfor
themtomakesmart,logicaldecisionsaboutwhattodonext."
"Cybersecuritytoday:Turningposi8vewithnewthinkingandinnova8on"(emphasis
added),hOps://www.helpnetsecurity.com/2017/03/20/cybersecurity-today/
18
CyberSecurity!Weather
•  Mynewgoalistohelppeoplethinkaboutcybersecurityevents
thewaytheythinkabouttheweather.
•  Wenormallydon'tgettooexcitedabouttheweather,wejust
copewithit.
•  Ititlookslikeit'sgoingtorainorsnow,wetakealongrainorsnow
gear.
•  Ifit'swarmandbreezy,weenjoythosegloriousdays..
•  But,ifthereissevereweathercoming,weprepareandrespond
appropriatelytothat,too.Wejustdon'tfreakout.
19
InternetMetaphorsAreNotNew
•  Analogiesbetweentheonlineworldandtherealworldare
commonando_enstrainedandpainful(sorry).
– 
– 
– 
– 
"SurfingtheInternetwave..."
"Ridingtheinforma8onsuperhighway..."
"Weneedacyberhealthcareini8a8vetocureinfectedcomputers..."
etc.,etc.,etc.
•  Theno8onofInternet-as-weatherISyetanothercliché,butifit
makeseveryonecalmdownandquitreac8nghystericallyabout
cybersecurity,puWngupwithyetanotherclichémaybeworthit.
It'shardtogetreallyhystericalabout"cyberdrizzle."
•  Infact,let'smakecybersecurityreallymundane.Let'sMEASUREit.
20
III.CyberSecurityStaFsFcs
"Tomeasureistoknow."
LordKelvin
"AreThingsREALLYGoingPreSyWellOnline?"
•  Ifthere'sanydisagreementoverwhetherthingsaregoingwell(or
goingpoorly),surelywecanjust"checkthenumbers"andfind
outwhat'sreallytrue...Thisiscertainlytrueinmostotherfields.
•  Ifsomeoneassertedthattheeconomyisgoingwell(orbadly),
economistscouldproducestudiesthatdocumentthemarketisup,
orproduc8vityisdown,orthebalanceoftradeisunchanged,etc.
•  Inhealthcare,ifwewonderedhowthefightagainstcanceris
going,doctorscantellushowmanypeoplearenewlydiagnosed
eachyear,andhowmanypa8entsarecuredorinremissionetc.
•  Heck,eveninsportswekeepextensivesta8s8cs.
•  Butincybersecurity,there'so_enacurious/disconcer8nglackof
explicitmeasurementsfromsecurityresearchersorgovernment
agenciesforsomethingsoapparentlyimportant,andmakeno
mistake,cybersecuritymetricsAREimportant(ifhardtoget).
22
SomeUsersofCybersecurityMetrics
•  Metricstellthegovernmentwhetheraddi8onallegisla8on/
regula8on(oraddi8onalfunding)maybeneededforcybersecurity
•  MetricstellISPshowmuchtheymighthavetospendtocleanup
boOedcustomers
•  Securitysocwareandsecurityhardwarevendorsusemetricsto
helppriori8zetheirR&Dfornewcybersecurityproducts
•  Lawenforcementagenciesmayusecybersecuritymetricsto
priori8zetheirlimitedlawenforcementresources("worstbot?")
•  Usersmayevenusecybersecuritymetricstohelpinformdecisions
aboutwhoorwhattotrustonline.
•  See"BotandBotnetMetricsGuide(Analysis&
Recommenda8ons),page64,Appendix4,WG7,FCCCSRICIII
hOps://transi8on.fcc.gov/bureaus/pshs/advisory/csric3/
CSRIC_III_WG7_Report_March_%202013.pdf
23
ManyWANTHardNumbersAboutCyber,
ButThereMayBeFewNumbersToBeHad
•  Infact,weactuallydon'tknowsomepreSybasicinformaFon
aboutcybersecurity.
•  Forexample,considermalware.Arguably,malwareisoneofthe
biggestcybersecuritythreats.
•  Weknowthatourvulnerabilitytomalwarecanbegreatly
reducedifsystemsarerunningthelatestoperaFngsystem(and
arefullypatchedup-to-date).
•  SowhatfracFonofoursystemsarerunningWindows,butnot
Windows10?
24
OrHeck,"TellMeAboutWindows7Usage..."
•  Windows7wasoriginallyintroducedinOct2009,7+yearsago.
•  Windows7wentendofmainstreamsupporton1/13/2015.
•  Windows7willgoendofextendedsupporton1/14/2020.*
•  Usersshouldreallybeupgradedbynow(butmanysFllhavenot).
•  MaybeYOU'REsFllrunningWindows7?Areyouatleastcarefully
patching?PatchingisVERYIMPORTANT.
-----
*hOp://www.pcmag.com/ar8cle2/0,2817,2475079,00.asp
25
ExampleOfARecentVulnerabilityinWindows7
ThisisjustONEof700vulnerabiliFes,avg.weightedCVSS7.1(asof
4/16/2017)foundinWindows7...Thisvulnerabilitywaspatchedby
Microso_onMarch14th,2017.
26
IsHaving700VulnerabiliFes(Over7Years)"Bad?"
•  Assumeyouhavethreechoices:
a)HavezerovulnerabiliFes(thathavebeenreportedandfixed)
b)Have350vulnerabiliFesthathavebeenfound,responsibly
disclosedandcorrected
c)Have700vulnerabiliFesthathavebeenfound,responsibly
disclosed,andcorrected
•  Flawsthathavebeenfoundandfixedareflawsthatnolonger
exist,atleastINPATCHEDSYSTEMS.
•  Alargenumberofflawsmaybeanindicatorthatcodehasbeen
thoroughlyscruFnized,andvirtuallyallissuesuncovered
•  Alargenumberofflawsmayalsobeasignthatpoorprogramming
pracFceswereemployed,andnumerouslatentflawssFllremain.
27
•  Howdoesthiscomparetosomeotheropera8ngsystems?
WhatAboutWindows10?OSX?iOS?Android?
•  Windows10:269over3years,weightedaverageCVSS:6.9
hOps://www.cvedetails.com/vulnerability-list/vendor_id-26/
product_id-32238/Microso_-Windows-10.html
•  MacOSX:1817over18years,weightedaverageCVSS:7.4
hOps://www.cvedetails.com/product/156/Apple-Mac-Os-X.html?
vendor_id=49
•  AppleIphoneOS:1176over11years,weightedaverageCVSS6.7
hOps://www.cvedetails.com/product/15556/Apple-IphoneOs.html?vendor_id=49
•  Android:880over9years,weightedaverageCVSS8.1
hOps://www.cvedetails.com/product/19997/GoogleAndroid.html?vendor_id=1224
•  NOvendormakesatotallyflawlessoperaFngsystem.
•  ShouldweEXPECT~100vulns/product/yearonaverage?
28
CouldWeScanTheNetworkToFindThe%-age
ofConnectedHostsSFllUsingWindows7?
•  Sure.Infact,yourschoolmayALREADYbescanningcampus
systemstofindWindows7systemsthatneedupdaFng.
•  Thatsaid,wecould(intheory)scantheenFreglobalIPv4
Internetinjust3minuteswithmasscan*(givena10Gbpsnetwork
connec8on),BUTbecausemanysystemsare:
•  behindfirewallsand/or
•  usingprivateaddressspace(NAT/PAT),
itmaybeimpossibletoactuallyassessmanyofthosesystems.
•  Firewallsandprivateaddressspaceareanexampleofabothgood-AND-bad"securitytechnology"--firewallsandNATmay
helptacFcally,buthurtour"bigpicture"strategicunderstanding.
-----
*blog.erratasec.com/2013/09/masscan-en8re-internet-in-3minutes.html
29
Agent-Based("PhoneHome")ReporFng
•  Obstacleslikefirewallscanbeovercomeviaagent-basedmethods,
e.g.,smallprogramsrunningonsystemsthatconnectoutbound
throughfirewallstoperiodically"reportin"aboutthecurrent
statusofthesystemwherethey'rerunning.
•  Surprise!Microso_10(andnowevenWindows7forthatmaOer)
includesatelemetrycomponentcalled"UniversalTelemetry
Client"(orDiagTrac),seehOp://www.zdnet.com/ar8cle/
windows-10-telemetry-secrets/andhOps://tweakhound.com/
2015/11/02/windows-7-diagnos8cs-tracking-service/
•  Somean8virusproductshavesimilarrepor8ngcapabili8es.
•  Ifyouhavestringentprivacyconcerns,youmaywanttoconsider
disablingrepor8ng,orpoten8allyblockthoseconnec8onsatthe
networklevel–butnotethatdoingsomayhamperthesecurity
community'sunderstandingofWindowsecosystem,justlike
peoplewhotrytododgetheFederalcensustaker.
30
Some3rdPartyStaFsFcsAboutWindows7Use...
•  DuoSecurity:"OfallWindowsdevicesanalyzed,65percentare
runningWindows7..."*
•  NetMarketShare'sgraph:Windows7:49.42%**
•  StatCounterDesktopWindowsVersionsMarketShareWorldwide
March2017:47.06%***
•  W3SchoolsOSPla`ormSta?s?cs,March2017:Win7:33.2%****
•  Notethatrange--from33%toalmostexactly2Xthat!WOW...
-----
*hOps://duo.com/assets/ebooks/2016-Duo-Security-Trusted-Access-ReportMicroso_-Edi8on.pdf
**hOps://www.netmarketshare.com/opera8ng-system-market-share.aspx?
qprid=10&qpcustomd=0
***hOp://gs.statcounter.com/os-version-market-share/windows/desktop/
worldwide
****hOps://www.w3schools.com/browsers/browsers_os.asp
31
"HowDidThose3rdParFesGetTheirStats?"
•  Weblogscommonlyincludeopera8ngsysteminforma8on(but
notethatuserscanchangetheiruseragentstring,seeforexample
hOps://www.howtogeek.com/113439/how-to-change-yourbrowsers-user-agent-without-installing-any-extensions/)
•  ApplicaFoninstallersmaydetectopera8ngsysteminforma8on
duringinstalla8on,andthenreportthatdata(hopefullya_erfirst
askingforpermissiontodoso!)
•  Usersmayselectfromdifferentversionsofproductsbasedonthe
O/Sthey'reusing("ClickheretodownloadFooforWindows7")
•  Researchersmayscanthesystemsthattheycanreach
•  Analystsmaytrackaggregatenewsystemsales
•  Pollstersmayaskuserstoself-reportwhatthey'reusing
•  TheseandothermeasureswillNOTbeunbiasedes8mators,so
takeanysuches8mateasbeingonlyaVERYroughapproxima8on.
32
"WhyDon'tAllTheStatsAboutWindows7Agree?"
•  Peoplemaymeasuredifferentthings,differentways...
•  ArewelookingatstatsforjusttheUnitedStates,orthewhole
world?(keepinmindthatsystemslocatedinIndonesiamayhave
thesameaOackpoten8alassystemslocatedinIdaho)
•  ArewelookingatstatsJUSTforlaptop/desktopusers,orstatsfor
allInternet-connecteddevices?(includingvirtualmachines,
smartphones,servers,tablets,InternetofThingsdeviceslike
homesecuritycamerasand"smart"lightbulbs,etc.?)
NotethatHALFofallInternet-connecteddevicesworldwidemay
nowconsistofAndroiddevices...
•  Ifinterested,see'On"Normalizing"or"Scaling"Cybersecurity
MetricsandMeasuringTheRightThingForTheRightEn88es,'
hOp://www.cybergreen.net/2016/03/29/2016310on-normalizingor-scaling-cybersecurity-metrics-and-measuring-the-right-thingfor-the-right-en88es/
33
PracFcalInformaFon:UpgradingtoWindows10
•  ManycollegesoruniversiFesmayhaveaMicrosoclicenseplan
thatcoversupgradesforinsFtuFonalsystems.Doesyours?
•  Microso_offeredafreeupgradetoWindows10forthegeneral
publicun8lJuly29th,2016.Thatfreeupgradeofferisnowover,
unlessyou'reacustomerwhousesassis8vetechnologies.
IfyouAREsuchauser,seehOps://www.microso_.com/en-gb/
accessibility/windows10upgradeforafreeupgradepath.
•  Otherwiseyoucans8llbuyWindows10Homefor$120
orWindows10Profor$200(academicdiscountsmayapply),
seehOps://www.microso_store.com/store/msusa/en_US/pdp/
Windows-10-Home/productID.319937100
•  Ins8llothercases(suchasold,slow,orsystemsthathavehad
hardlives(likesomelaptops))itmaymakemoresensetoreplace
yoursystemen8relygiventhatabrandnewlaptopcompletewith
alicenseforWindows10startsataround$300.
34
"Didn'tIReadSomethingAboutUS-CERTTelling
UsersThatWindows7WasBeSerThanWin10?
•  Youmaybethinkingof"Windows10CannotProtectInsecure
ApplicaFonsLikeEMET[EnhancedMigraFonExperienceToolkit]
Can,"seehOps://insights.sei.cmu.edu/cert/2016/11/windows-10cannot-protect-insecure-applica8ons-like-emet-can.html
•  ThecomparisoninthatpostisreallybetweenFOURop8ons:Win7
(withoutEMET),Win7(withEMET),Win10(withoutEMET)and
Win10(withEMET).Atablethatwasaddedtothear8clemakesit
clearthatEMETdeliverssubstan8alprotec8onstobothWin7and
Win10,andWin7WITHEMEToffersmoreprotec8onsthanWin
10WITHOUTEMET.UnfortunatelyMicroso_islikelys8llplanning
todumpEMETonJuly31st,2018.SoatleastasofJuly31st,2018,
Windows10willthenbecomethemostsecureop8onavailable
(w/oEMET).SeealsohOps://blogs.technet.microso_.com/srd/
2016/02/02/enhanced-mi8ga8on-experience-toolkit-emet35
version-5-5-is-now-available/
BoSomLineRecommendaFon
•  Ifyou'resFllusingWindows7,Ithinkit'sFmetoupgradeto
Windows10UNLESSyouhaveaspecificapplicaFonthatprevents
youfromdoingso,oryourlocalsupportpeopletellyounotto.
•  Whyupgrade?Itisn'tanythingapocalyp8c,it'sjustliketradingin
yourold200,000mileHondaoroldFordPickupwhenyougetthe
chance...Yeah,thatrigmayhavegivenyoualotofgoodmiles,but
the8mecomeswhenitmakessensetogetsomethingaliOle
newerandsaferandmorefuelefficientandmorereliablethatyou
don'thaveto8nkerwithorworryabout.Don'tbetoosen8mental.
•  BTW,doesyoursitehaveaspecificpolicyencouraginguserstoat
leaststayonafullyMicroso_-supportedversionofWindows,if
you'regoingtouseWindows?Ifnot,maybethat'ssomethingto
36
consider?
Don'tForgetAllYourOTHERSocware,Too!
•  Onceyou'vegotyouropera8ngsystemupgradedandpatched,fix
alltherestoftheso_wareyou'vegotloadedon,too...Yourweb
browser(s),youremailclient,Microso_Office,AdobeReader,
OracleJava,etc.,etc.,etc.
•  Thebesttoolforflaggingso_wareinneedofanupgradeonthePC
isprobablySecunia.
•  Onprivatesystems,seehOps://www.flexeraso_ware.com/
enterprise/products/so_ware-vulnerability-management/
personal-so_ware-inspector/(free)
•  Forins8tu8onallyownedandmanagedsystems,considerSecunia
CSI,seehOps://www.flexeraso_ware.com/enterprise/products/
so_ware-vulnerability-management/corporate-so_wareinspector/
37
AlternaFvestoWindows
•  Whilewe'retalkingaboutopera8ngsystemsandapps,letmealso
remindyouthattherearealternaFvestoWindows.
•  Ifyouspendmuch8meatna8onalorinterna8onalcybersecurity
mee8ngs,onethingimmediatelyhitsyou:thereareLOTSofMacs
atthosemeeFngs.
•  PeoplewhodocybersecurityforalivingtendtopreferMacsfor
manyreasons,butamajoroneisthatonlyaFnyfracFonofall
malwaretargetsMacusers.Tomakethatconcrete,McAfeesays
thatthereareover600milliondifferentpiecesofknownmalware
(seehOps://www.mcafee.com/us/resources/reports/rp-quarterlythreats-mar-2017.pdfatpage36).But,therearejustover450,000
piecesofMacmalware(seepage39ofthesamereport).
450,000/600,000,000*100è0.075%
•  Maybethere'saMacinyourfuture,someday,too?
38
WhatAboutSmartPhoneOS's?
•  AlargefracFonofallmobilemalware(es8matesarearound97%,
seeforexamplehOps://www.scmagazineuk.com/updated-97-ofmalicious-mobile-malware-targets-android/ar8cle/535410/)
targetsAndroid.Advantagegoestoanynon-Androidsmartphone.
•  Partoftheissueisthatonly50%ofAndroiddevicesaregexng
updated(seehOps://www.wired.com/2017/03/good-newsandroids-huge-security-problem-geWng-less-huge/),andonly
3%ofAndroidphonesarerunningthelatestAndroidO/S
("Nougat")while"nearly80%"ofiOSdevicesarerunningiOS10.
•  NowaddtothatthefactthatitiscommonformanyAndroidusers
tojailbreaktheirphones,loading"free"appsfrom"thirdparty
sources"whereatleastsomecontentmayrou8nelybemalicious.
•  However,evenhere,thereissubstan8alroomforop8mism:
asnotedintheWiredar8clecitedabove,Googlehasmade
substan8alprogressinincreasingdeploymentofAndroidupdates.
39
IV.DataBreaches
"Databreacheso_enresultinCEOfiring"
hOp://www.csoonline.com/ar8cle/3040982/
security/data-breaches-o_en-result-in-ceo-firing.html
What'sA"DataBreach?"
•  Inadatabreach,anunauthorizedpersongainsaccesstoyour
personalorfinancialdata.
•  Forexample:
–  Anintruderatacollegeoruniversitygainsunauthorizedaccess
tostudentacademicrecords.
–  Abusinessthattakescreditcardsiscompromised,andan
onlinecriminalgetscustomercreditcardnumbers,plusmaybe
thecreditcardowner'snameandbillingaddress.
–  Adisgruntledinsiderdownloadsacopyofaproprietary
customerlist,perhapsforsaletoadirectcompe8tor.
–  Adoctor'sunencryptedlaptopisstolen,poten8allyexposing
detailsaboutherpaFentsandtheirhealthcare.
–  Computersaresoldas"surplus"withintactharddrives
–  Thesearejustafewofmanypossiblebreachscenarios...
41
RecentHeadlinesFromTheDataBreachWars
•  "Yahoosaysnewhackaffected1billionusers,separatefrom
earlieraSack,"hOp://www.cnbc.com/2016/12/14/yahoo-says-new-hackaffected-1-billion-users-separate-from-earlier-aOack.html
Butdoyouknowanyonewhos@llusesaYahooaccountfor
email?Isuredon't.SowhoAREthose"billionusers?"
•  "Spammergate:TheFallofanEmpire,"
hOps://mackeeper.com/blog/post/339-spammergate-the-fall-ofan-empire
"Thesitua8onpresentsatangiblethreattoonlineprivacyand
securityasitinvolvesadatabaseof1.4billionemailaccounts
combinedwithrealnames,userIPaddresses,ando_enphysical
address."
Butwait,isthatevenPII?Insomestates,Isupposeyes...
42
OnTheOtherHand...
•  "LeakedSourceanditsdatabaseofhackedaccountsisgone,"
hOps://www.engadget.com/2017/01/27/leakedsource-databreach-no8fica8on-site-down/
•  "Awebsitethatsoldaccesstoadatabaseofmorethan3billion
hackedaccountshassuddenlyvanished.LeakedSourcehadbuilta
businessoncollec8ngandpackaginginforma8onexposedthrough
variousdatabreaches.Itgatheredcompromisedaccountdetails
andmadeitsearchablesouserscouldseewhichoftheiremail
addresses,phonenumbersandpasswordswerevulnerable.[...]
Thecircumstancessurroundingthesite'sdisappearancearemurky.
Ausergoingby"LTD"wrote[...]:"LeakedSourceisdownforever
andwon'tbecomingback.Ownerraidedearlythismorning.
Wasn'tarrested,butallSSDsgottaken,andLeakedSourceservers
gotsubpoena'dandplacedunderfederalinves8ga8on[...]"
43
RecentBreaches,ALLINDUSTRIES,Visualized
44
RecentBreachesINACADEMIAVisualized
45
There'saTradiFonintheCyberSecurityIndustryof
BashingHigherEdAsBeing"Weak"OnCyber...
•  Forexample,CloudMasksays"Didyouknowthatsince2005,highereduca8on
hackswereresponsiblefor35percentofalldatabreachesandthatthereisat
leastoneaOackoncollegesanduniversi8eseveryweek?"
(hOps://www.cloudmask.com/videos/higher-educa8on-has-high-risk-of-databreach-video)
•  Orconsider"Thethreatlandscapeinhighereduca8onismoredangerousthan
ever.In2016to-date,theeduca8onsectorrosetotheNo.2mosttargeted
sectorinSymantec’smostrecentInternetSecurityThreatReport,movingup
fromtheNo.3spotlastyear.[...]collegeshavehistoricallylaggedbehindthe
corporatesectorwhenitcomestopayingaOen8ontodatasecurity,embracing
thebestcyber-securitytechnologyavailableormodernizingtheirIT
environmentformacyber-securitydefensepointofview."
(hOps://www.netswitch.net/educa8on-2-target-for-cyber-aOacks-in-2016/)
•  Grr...Notethefear-basedaOemptatcybersecurityselling.
•  Personally,IthinkhighereducaFontakescybersecurityVERY
seriously.That'sreflectedindatabreachstatsforMThighered.
46
TheBreachProblembyTheNumbersforMontana
•  Montana'sDepartmentofJusFcewebsitelists472databreach
incidentsaffecFngMontanans,seehSps://dojmt.gov/
consumer/consumers-known-data-breach-incidents/
•  Ifweusetheformonthatpage,wecanseeincidentsperyear:
–  2017(throughApril9th):54
–  2016:305
–  2015:91
–  2014:11
–  2013:3
•  Searchingfor"university"thesitereturns12lisFngs,affecFnga
totalof517Montanans(nonefromauniversityactuallylocated
inMontana).Searchingfor"college",wefindanother9lisFngs
affecFng27Montanans(nonefromaMontanacollege).That's
preSygood.
47
KeepingYourPIIBreach-FreeStreakIntact
•  OutsourceinsFtuFonalpaymentcardprocessingifyouhaven't
already.
•  Categorizeandinventoryyourdata.KnowwhereyouhavePII,and
rememberthatPIImaybeonresearchsystemsaswellas
administraFvesystems.
•  ManageyourPII--don'tjustbeadatapackrat.Deleteanyrecords
containingPIIconsistentwithyourins8tu8on'srecordreten8on
schedule,anddon'tcollectPIIinthefirstplaceifyoucanavoidit!
•  UsefulldiskencrypFononalldevices
•  RequiretwofactorauthwhenaccessingsystemswithPII
•  RuntoolstodoPIIdiscovery;onelistofsuchproductsisavailable
athOps://cuit.columbia.edu/cuit/it-security-resources/handlingpersonally-iden8fying-informa8on/pii-scanning-so_ware
•  UseDBANtonukeallharddrivesbeforesaleorotherdisposal
48
V.Spam,Phishing,DNSandTheWeb
OutboundSpamandMTHigherEdInsFtuFons
•  Spamcanocenbealeadingindicatorofotherlatentissues.
•  SenderBase
--hOps://www.senderbase.org/lookup/?
search_string=university%20of%20montananoindica@onofissues
--hOps://www.senderbase.org/lookup/org/?
search_string=Montana%20State%20Universityalsookay
•  MulFrbl.valli.org
--hOp://mul8rbl.valli.org/lookup/umt.edu.html– looksgood.
--hOp://mul8rbl.valli.org/lookup/montana.edu.html– looksgood.
50
SPF,DKIMandDMARC
•  Threetechnologies--SPF,DKIMandDMARC--arekeystonesin
thefightagainstspamandphishing,allowingsitestolimitwhocan
sendusingtheirdomain,whiletakingresponsibilityforwhatthey
DIDsend,seehOp://www.openspf.org/,
hOp://www.dkim.org/andhOps://dmarc.org/forbackground.
•  SPF,DKIMandDMARCaren'ttoolsthatenduserscanindividually
use,butthosewhorunyourmailserverscanusethemtoprotect
allusers.Theyaren'tcompletelypainless,butthepainofusing
themisgenerallyworthwhile.
•  umt.eduisn'tusinganyoftheseprotec8ons(asfarasIcantell).
•  montana.eduisusingSPF,albeitratherloosely(e.g.permiWng
sendingfromallof153.90.0.0/16plussomeothersources).
•  Maybeconsideraddingthesetechnologiesifyougetachance?
•  Helpfultool:hOps://dmarcguide.globalcyberalliance.org/#/
51
Phishing
•  Phishingschemestypicallytrytousesocialengineeringtoconnive
usersintorevealingtheirusernameandpassword,orperhaps
paymentcardinforma8on.
•  Insomeextremecases,malwareonasystemmayautomaFcally
interceptandforwardcredenFalsasthey'rebeingentered.
•  ThebestdefenseagainstphishingisaskepFcalandeducated
userbase.Neverallowyourselftoberushedorpanickedinto
doingsomething"urgent."MontanaandMontanaStatebothhave
preOygoodphishingadvicepages,too,inmyopinion.
--hOps://www.umt.edu/it/security/phishing/default.php
--hOp://www.montana.edu/uit/malware/phishing.html
52
DefeaFngPhishingWithMulFfactorAuth
•  Thenextan8-phishingstepismulFfactorauthenFcaFon.Ifabad
guy/badgalneedstousea2ndfactortoauthen8cateas"you,"
you'vejusterecteda*major*roadblockagainstphishing.
•  Ino8cethatbothMontanaandMontanaStatearemembersof
InCommon.org,seehOps://www.incommon.org/par8cipants/,
andtheysubscribetotheInCommonCertServicethatIusedto
run(hOps://www.incommon.org/cer8ficates/subscribers.html).
•  Howeveritlookslikeneitherschoolhasyetelectedtotake
advantageofInCommon'sDuoSecurityMulFfactoroffering
(whichIalsousedtorun)(Youcanseethe128collegesor
universi8esthatAREdoingsoathOp://www.incommon.org/duo/
subscribers.html).Thismightbesomethingworthconsidering...
53
AnotherVeryCoolAnF-PhishingTechnique
•  Anotheran8-phishing/an8-malwaretechnologyop8ontoknow
about:considercrea8ngaDNS"firewall"viayourrecursive
resolversbyusingDNSRPZ(ResponsePolicyZones).
•  Inanutshell,RPZteachesyourrecursiveresolver(suchasBIND)to
"lie"aboutevildomains(suchasthoseknowntobeinvolvedwith
malwareorphishing).YoucanuseRPZtomakethosedomainsnot
resolve,oryoucouldredirectuserstoaneduca8onalwebsite
insteadoftherealone.SeehSps://dnsrpz.info/formoreinfo.
•  Fulldisclosure:PaulVixieandVernonSchryverofFarsightSecurity
wrotetheIETFdra_fortheDNSRPZprotocol,see
hOps://tools.ier.org/html/dra_-vixie-dns-rpz-04howeveryoucan
useanyone'sRPZfeedyouwant,orevencreateyourownifyou
feelsoinclined(thisisNOTa"Farsightonly"solu8on).Youcanuse
RPZandwe'dnotnecessarilyeverseeadimefromanyone.
54
WebCryptoConfiguraFons?
•  OneoftheotherthingsIliketocheckwhenItalkwithfolksistheir
webcryptoconfigura8on.Thecryptographicconfigura8onofweb
serverscanbequitecomplex,andeasytogetwrong,soit'salways
worthwhiletodoublecheckouthowthingshavebeensetup.
•  Myfavoritetoolforthisis:hOps://www.ssllabs.com/ssltest/
•  Checkingwww.umt.edu,itearnsan"A"raFng,goodjob!
•  Checkingwww.montana.edu,itonlygetsa"B"raFngduetousing
weak(1024bit)DiffieHellmanEphemeral(DHE)keyexchange.
(BTW,seehOps://weakdh.org/sysadmin.htmlforinforma8onon
howtofixthatissue)
•  Note:mostuniversi8eshaveLOTSofhOpswebservers,notjust
www.[domainname].StaffshouldtestEACHsuchsystemtoensure
thatallsystemshavetheirSSL/TLSseWngsappropriately
configured.
55
DNSConfiguraFon
•  Atthesame8meIcheckwebcryptoconfigura8on,Ialsonormally
checkasite'sDNSconfigura8on.Myfavoritetoolforthatis
thefreesitehOp://dnscheck.iis.se/
•  Checkingumt.edu,Isee"AlltestsareOK"(good!)althoughI'mnot
seeingIPv6orDNSsupportatthispoint.
•  Checkingmontana.edu,Isee"AlltestsareOK"(good!)although
I'mnotseeingIPv6orDNSSECatthispoint.
•  AddingIPv6andDNSSECwouldbetwomoregreatprojectsto
considertacklingwhenyouhavethechance.Inthemean8me,
goodjobontherestofyourDNSinfrastructure!
56
ContributeDataToSIE?
•  Whilewe'retalkingaboutDNS,Ishouldmen8onthatFarsightis
alwaysseekingaddi8onalDNSdatacontribu8onsfortheSecurity
Informa8onExchange(seehOps://www.farsightsecurity.com/
solu8ons/security-informa8on-exchange/).SIEfeedsmany
projects,includingFarsight'sownpassiveDNSdatabase,DNSDB
(seehOps://dnsdb.info/)
•  Becauseofhowwecollectthatdata(e.g.,abovelargesharedDNS
recursiveresolvers),noPIIgetscollectedanduserprivacyis
carefullypreserved.Contribu8ngdataensuresthatifasecurity
incidentdoesariseatyoursite,there'sanexcellentchancethat
thepassiveDNSdataneededtoworkitwillbeavailableinDNSDB.
Contribu8ngdataalsohelpsthean8-abusecommunityfightcyber
crime,andsupportsacademicresearch.
•  Formoreinforma8on,[email protected]
57
VI.Backups
"Ifyou'vegottwo,you'vegotone."
Aphorismreportedlyfromthemilitaryspecialopera8ons
community,recommendingbackupsforeverything
Backups
•  BackupsaretheMOSTBORINGTHINGINTHEWORLD,UNTIL
youneedthem,whetherwe'retalkingabouta2ndmotoron
youroldfishingboatorabackupcopyofyourharddrive.
•  Historically,hardwarefailuresusedtobetheprimereasonwhy
we'dencouragepeopletobackuptheirsystems:driveswould
rou8nelyfailthen,andtheys8llfailtoday(althoughnotaso_en).
•  Nowadays,however,backupsalsomakeahugedifferenceifyour
systemislostorstolen.
•  Andbackupsthesedayscanbeanabsolutelifesaverifyougethit
with"ransomware"(encryp8ngmalwaresuchasCryptolocker).
•  WITHcleanbackups,ransomwarecanbejustanuisance.
•  WITHOUTcleanbackups,yourpainwillbealotgreateralthough
some8mesyoumaybeluckyandhavetheabilitytouseafree
decryptor,seeforexamplehOps://noransom.kaspersky.com/
59
RAIDMirror,PlusLocalBackup,PlusCloudBackup
•  Ifyou'reabeltandsuspenderssortofpersonconsiderhaving
mul8pleapproachestobackingupyoursystem.
•  Forexample,ifyouhaveroomforapairofdrives,consider
mirroringthem.Thisisthemostpainlesssortofprotec8onagainst
harddrivefailure.
•  MirroringwillNOTprotectyouagainstlossofdataifyoursystemis
lost,stolen,destroyedorsubjecttodatacorrup8on–bothdrives
willprobablysufferthesamefate.
•  That'swhyyouALSOwanttoensurethatyouhaveaddi8onal
backups.Maybeyou'lldecidetobuyamul8-terabyteexternalhard
driveforahundredbucksorso,anddobackupstothat–justdon't
leaveithookedrightnexttoyoursystem–itmightburndown
rightalongwiththesystemit'sbackingup!
•  Asinsuranceagainstthatsortoffailure,youmightwanttohave
yetanotherbackuponline,"inthecloud."
60
EncrypFon;MulFpleGeneraFons;DoATestRestore
•  Backupscancontainhighlysensi8veinforma8on.Youneedto
protectthemfromunauthorizeddisclosureUNLESSthey'vebeen
protectedwithstrongencryp8on.Westronglyencourageyouto
encryptyourbackups,justbesuretosafeguardthekeyyou'll
needtodecryptthem!
•  Whentakingbackups,keepmulFplegeneraFons.Why?Well,
imaginethatyouonlykeeponegenera8on,andyoufindthatyour
systemhasbecomeinfestedwithsomethingnasty.Yougotoroll
backtoyourmostrecentbackup,butyoufindthatITTOOhasthe
sameproblem.Wouldn'titbenicetobeabletogoFURTHER
BACK?Doyourbesttokeepmul8plegenera8onsofyourbackups!
•  TESTyourbackups!Tryrestoringsomefiles,andmakesurethat
theychecksumiden8callytoyouroriginals.
•  Spreadthebackup"gospel"toyourfriendsandfamily,too.
Ipredictthey'llthankyouforitsomeday.
61
V.OTHERPersonalSteps
Everythingisperfectand
thereisalwaysroomforimprovement.
ShunryuSuzuki
AnFvirus
•  Weallknowthatan8virusisstruggling(ando_enfailing)tokeep
upwiththe8deofmalwarethat'sincircula8on.
•  Nonetheless,itWILLcatchsomemalware,andthat'sbeOerthan
nothing,soyouSHOULDs8lltypicallyrunanan8virusproduct.This
ispar8cularlytrueforWindowsandAndroidmobiledevices,but
allsystemscanooten8allybenefit.
•  Ifyourschooldoesn'tprovideanan8virusproductforyouatno
charge,youmaywanttoseethereviewthat'sat
--"TheBestAn8virusProtec8onof2017"(April11,2017)
hOp://www.pcmag.com/ar8cle2/0,2817,2372364,00.aspor
--"TheBestFreeAn8virusProtec8onof2017"(April17,2017)
hOp://www.pcmag.com/ar8cle2/0,2817,2388652,00.asp
63
PersonalFirewalls
•  MyaWtudetowardpersonalfirewallshasevolvedover8me.
•  Atthispointin8me,itDOESprobablymakessenseforyoutohave
somesortofso_warepacketfilterthatblocksincoming
connec8onsbydefault.TheintegratedWindows10firewall,and
theintegratedMacOSSierrafirewallsarefine,butifyoudon'tlike
them,pickanalterna8ve,justrunSOMEsortofso_warefirewall.
•  Hardwarefirewalldeviceshavealsocomealongway.Whileyou
shouldNOTstandupyourownwirelessaccesspointwithout
coordina8ngwith/receivingpermissionfromyourlocalnetworking
staff,youSHOULDconsiderinstallingahardwarefirewallinfront
ofyourhardwiredsystemsifthisisallowedatyourschool(and
certainlydeployoneifyou'relivinginahouseoroff-campus
apartment)withcommercialISPconnec8vity.
64
FirewallTesFngWithShieldsUP!(AllGreen==Good)
hOps://www.grc.com/x/ne.dll?bh0bkyd2
65
PasswordsandPasswordManagers
•  Oneoftheotherbestthingsyoucandotoimproveyoursecurity
istouseapasswordmanager.M3AAWGagrees,see
hOps://www.m3aawg.org/sites/default/files/m3aawg-passwordmanagers-bps-2017-03.pdf).Passwordmanagershelpyoutouse
long-and-strongpasswordswithoutgoingcrazy,evenifyouhave
dozensanddozensofdifferentaccounts.Ifyoudon'talreadyuse
one,Istronglyencourageyoutoconsiderdoingso.
•  Normallythisisthepointwhensomeoneasks,"SowhichONEdo
yourecommendIuse?"Iencourageyoutoreadsomeofthe
reviewsthatareavailablefrompopularcomputerandnetworking
magazines–mostofthemshouldworkfine,butdoyourowndue
diligence.Onestar8ngpoint:
"TheBestPasswordManagersof2017,"April17,2017
hOp://www.pcmag.com/ar8cle2/0,2817,2407168,00.asp
66
AdBlocking/BlockingOnlineTrackers
•  ManyoftheInternet'smustpopularfreesitesaresupportedby
onlineads.Unfortunately,onlineadscanalsoserveasan"express
lane"fordroppingmalwareonyoursystem.TakingadsonyourPC
isgenerallytotallydiscre8onary.
•  ThereforeI'dencourageyoutorou8nelyblockthemwithanad
blockingtool.Itwillhelpyoursecurity,andreducedistrac8ons,
too.
•  ItisperhapsnoteworthythatAdblockPlusisthe#1add-onfor
Firefox,usedbynearly17millionusers,see
hOps://addons.mozilla.org/en-US/firefox/extensions/?sort=users
•  Whileyou'resani8zingyourbrowsingexperience,youmayalso
wanttoconsiderrunningGhostery.Itblocksmanyofthetrackers
andothertoolsadver8sersdeployinanefforttotrackyou.Again,
thosetrackersarenotneeded,soblock'em!
67
UseWholeDiskEncrypFon
•  Wholediskencryp8onhasbecomeastaplerecommenda8onat
manysites.
•  DoesMontanaorMontanaStateencourageorrequireuseof
wholediskencryp8on?
•  Ifnot,I'dencouragey'alltoconsiderdoingso...
•  Somestar8ngpoints:
"TheBestEncryp8onSo_wareof2017"
hOp://www.pcmag.com/ar8cle/347066/the-best-encryp8onso_ware-of-2016
68
VII.Conclusion
CyberSecurityHasGoSenALOTBeSer
•  NomaOerhowmanyfear-inducingspielsyoumayhear,don'tlet
thepessimistsscareyou.
•  IfyoupayaOen8ontobasiccybersecuritychores,yourchancesof
stayingsafeonlinearereallyquitegood(althoughobviouslyIcan't
guaranteeyouwon'tgethitbyaboltoutoftheblue,evenif
you'vedoneeverythingareasonableandprudentpersonmight)
•  IfthingsDOgoawryforyou,somebasicsteps(likebackingupyour
system,andusingwholediskencryp8on)canmakethe
consequencesalotlessdirethantheyotherwisemightbe.
•  Atthesame8methatendusersneedtodotheirbit,centralIT
staffneedtodotheirpart,too.InmyopiniontheUMTand
MontanaStateteamshavedoneapreOygoodjobtodate,
althoughtherearealwaysnewop8onstoexplore.
•  Thanksforthechancetotalktoday!ArethereanyquesFons?
70

 Download  Report

Paperzz.com

Your Paperzz

© Copyright 2026 Paperzz