The course is part of this learning path
Course Description
This course provides a strong foundation on the fundamentals of cybersecurity, taking you through cyber risks, how to protect against them, and how cybercriminals can use their target's digital footprint to find exploits.
Learning Objectives
The objectives of this course are to provide you with and understanding of:
- Security Information Event Management (SIEM) processes and architecture, SIEM features, user activity monitoring, real-time event correlation, log retention, file integrity monitoring, security auditing & automation auditing, what to audit, implementation guidelines, what to collect, Windows Event Log, UNIX Syslog, logging at an application level, audit trail analysis, approaches to data analysis
- Cyber exploits, understanding malware, cross-site scripting, SQL Injection, DDOS, input validation, buffer-overflow, targeted attacks and advanced persistent threats (APT)
- Uses of encryption technology, symmetric/asymmetric key encryption, public and private keys, weaknesses, decryption, hashing, digital signatures, PKI, certificates authorities, data at rest and in transit, SSL
- Internet foundations, domain name system, whois (Inc. worked example), Traceroute, Internet analysis, search engines, Tools for finding information on people and companies, username searchers, email lookups, disposable emails, passwords, internet communities and culture, deep web directories and leaking websites
Intended Audience
This course is ideal for members of cybersecurity management teams, IT managers, security and systems managers, information asset owners and employees with legal compliance responsibilities. It acts as a foundation for more advanced managerial or technical qualifications.
Prerequisites
There are no specific pre-requisites to study this course, however, a basic knowledge of IT, an understanding of the general principles of information technology security, and awareness of the issues involved with security control activity would be advantageous.
Feedback
We welcome all feedback and suggestions - please contact us at support@cloudacademy.com if you are unsure about where to start or if would like help getting started.
Welcome to this 2nd video on Digital Footprints.
In it you’ll learn about your personal footprint, spam, strong passwords, two factor authentication, the role devices play, cookies, add-ons, browsers, user agent and HTTP refer headers, web proxies, Wi-Fi and domain name scamming.
Now that you understand the basics of what a Digital Footprint is, and are aware of a number of resources that you can use in cyber-security investigations, it’s time to move onto some of the specific problems that can expand your Digital Footprint.
The one problem-area that we can all easily mitigate is ourselves. We need to give far greater consideration to what we share online, and with whom. Think about the information you disclose to sites, and if they have a legitimate need for that information before you click accept.
One of the most problematic items of personal information we regularly share online is our e-mail address.
Huge lists of e-mail addresses are used to send spam e-mails around the world, which can contain anything from annoying adverts, to solicitations to assist in money laundering and malware.
Malware can often exploit user’s e-mail address books, meaning that one person clicking on the wrong thing can lead to everyone they know also receiving spam.
For these reasons, it can be a good idea to have more than one e-mail account. Have a main one that you use for all of your actual communication needs, and another one that you can use for signing up to websites or discussion forums. Having this separation of function means that your main account can be kept relatively insulated from spam, and you will always know to be extra cautious when opening any e-mails in secondary accounts.
The majority of websites we sign up to will require two items of information from us that will be used to secure the access to our account on that site.
The first will be a username – this can be your e-mail address, or some other form of identifying you. The other will be a password.
It is essential that any password you create is one that cannot be easily guessed by a third party – using your children's or spouses names would be an obvious example of a bad basis for a password.
There are various ways you can create a complex password, but it is important that the password you create is not so complex that you have difficulty in remembering it! This will lead to bad security behaviors such as writing it down, or recycling passwords across many different user accounts.
An easy way to achieve a complex, yet memorable password, is to create a passphrase. Join together three random words – purple squirrel dishwasher, in combination with capitalization of some letters, number substitution and use of punctuation characters. In this instance, the password could look something like the one on screen. This is unlikely to be easily guessable, crack-able or in any of the lists of common passwords that are regularly shared on sites such as Pastebin.
The username and password pairing can be quite weak in protecting information. Passwords are vulnerable to many different attacks, and user names are easily discovered.
A good way to supplement the security of the username and password pairing is to introduce a third item – so called two-factor authentication, or 2FA.
With a 2FA implementation, the user will know their username.
They will then also need to know their password, along with one further piece of information.
This piece of information could be something they are – a fingerprint, iris scan or voice pattern; something they have – access to a specific mobile phone or a physical token; or something they know – a further password or PIN code.
Use of 2FA means that even if your username and password are compromised, the attacker will be unable to make use of them without having to further compromise something else.
As well as considering how you can keep your digital footprint as small as possible, you should also consider the role of the different devices you use in minimizing your digital footprint.
Much of what our devices give away about our activities happens simply because that is just the way that the Internet works, and always has worked. Websites need to know some stuff about the configuration of our device, in order to present the best possible browsing experience to us. Much of this information can be quite personal to us though, and we need to be very conscious of exactly what our device may be giving away, often without our knowledge or consent.
A Cookie is a small text file, placed on our device by the website we are visiting. Often these can contain innocuous information such as browser version or screen resolution, but they can also contain specific information about, for instance, purchases you are making online. This type of information could be abused by a malicious individual looking to interfere with the purchase process.
More importantly for privacy concerns, cookies can be a way of tracking an individual’s activities across multiple websites, as some of the information contained within them can be referenced with each website visited.
It is possible to configure settings within your browser to try and stop tracking cookies being placed onto your machine, but these settings are not always reliable.
It is therefore good practice to use third-party solutions, such as some of the examples listed onscreen to definitively protect yourself from being tracked across multiple websites.
The browser you use to access websites may also be another point of data leakage, and it is important that you understand what your browser’s capabilities are.
You need to have an understanding of how your browser functions, at the basic level, to know what information you may be exposing to the wider online community.
One of the ways in which browsers can disclose information about us is through ‘user agent headers’.
Whenever you make a request for information to a website, that website will request information about your device configuration such as browser version or operating system.
It wants to know this so that it can tailor its response to us, providing the optimal browsing experience.
However, taken in conjunction with other data it is possible to uniquely identify visitors to websites.
It is possible to use tools that will change your user agent, and thus present false information to the websites you visit. However, this may lead to a sub-optimal browsing experience for you.
Another snippet of information that your browser can give away is in the ‘HTTP referrer header’ which informs the website you are visiting, about how you got there.
An example of this is if you searched Google for something, and then clicked on one of the links that Google returned to you.
The HTTP referrer header sent to the website you clicked on, will contain not only the fact that you were on Google immediately prior to your visit, but also the search term that you used in Google.
This information can be recorded in the logs of the visited website.
If you are conducting any sort of investigative work this could potentially expose information to the target website you are looking at. For example, if you opened up your browser and the first page you look at is the webpage for your company, and you then visit your target website, the HTTP Referrer Header for that visit will include the information about your company website.
It is possible to disable this functionality, but it does require some effort on the part of the user.
There are ways you can mitigate the problems caused by your browser.
One way to achieve this has already been partly referenced when we discussed the Dark Web – The Onion Router also known as tor. This technology was developed by the US Navy as a means of anonymous and secure web browsing. It involves routing your internet traffic via a number of nodes, which can be considered as similar to proxy servers.
A proxy server is configured to receive your web requests, which it then stamps with its own identity prior to sending it on to the next link in the chain – either another proxy server, or the website you want to visit.
This effectively disconnects your activity from the website. The website will return the requested information to the proxy server, which will then forward it to you.
Many organizations employ proxy servers within their network to handle connections to the internet, thus disconnecting their internal devices from the wider global network.
If you are not using a proxy owned by your organization, you need to consider whether the owners of the proxy server will be able to see all of your browsing activity.
With the ubiquity of mobile devices, it is now extremely common to find yourself surrounded by Wi-Fi access points, many of which are free to use.
Some may require some sort of sign-up process, but most just require that you know the name of the Wi-Fi network you want to connect to, and the password or key for that network.
As with proxy servers, any traffic that you send over the Wi-Fi network is at risk of being read by the owner of that network. Therefore, it is vitally important that you take steps to mitigate against this.
Always try to use secure methods of accessing websites or other online resources. One way to achieve this is to employ a Virtual Private Network, or VPN. This creates an encrypted tunnel between your device and the resource you have requested, meaning that nobody should be able to read your traffic.
A large number of homes worldwide now have some sort of Wi-Fi enabled router that is handling their connection to the internet.
It is important that these are correctly configured with the highest possible security settings. Many Wi-Fi routers are deployed with default security settings, such as standard usernames and passwords, or lower level communication protocols are in use.
Users should take the time to review these settings, and where possible and applicable, change them.
Finally, a good way to protect yourself online is to be skeptical about what you do, and where you go.
For instance, it is very easy to think that you are visiting a legitimate website. However, if we check the domain name carefully, you might discover the site you are on isn’t the one you intended to visit.
So, as a first step you should take a close look at the domain name in any link on which you are going to click.
Altered spelling of a domain name is an almost certain sign of a scamming attempt. For example, phishers may use something like 1egitimatebank.com instead of legitimatebank.com, transposing the letter ‘l’ with the number ‘1’.
That brings us to the end of this video.
Paul began his career in digital forensics in 2001, joining the Kent Police Computer Crime Unit. In his time with the unit, he dealt with investigations covering the full range of criminality, from fraud to murder, preparing hundreds of expert witness reports and presenting his evidence at Magistrates, Family and Crown Courts. During his time with Kent, Paul gained an MSc in Forensic Computing and CyberCrime Investigation from University College Dublin.
On leaving Kent Police, Paul worked in the private sector, carrying on his digital forensics work but also expanding into eDiscovery work. He also worked for a company that developed forensic software, carrying out Research and Development work as well as training other forensic practitioners in web-browser forensics. Prior to joining QA, Paul worked at the Bank of England as a forensic investigator. Whilst with the Bank, Paul was trained in malware analysis, ethical hacking and incident response, and earned qualifications as a Certified Malware Investigator, Certified Security Testing Associate - Ethical Hacker and GIAC Certified Incident Handler. To assist with the teams malware analysis work, Paul learnt how to program in VB.Net and created a number of utilities to assist with the de-obfuscation and decoding of malware code.