Security Quick Win!

Security Quick win v3

This course takes you on a journey that starts with the basics and theory of security, and then builds upon it with practical exercises and onto more advanced topics in the latest sections and other volumes, you have to know the basics so that you can make your own informed choices about security.

I don't want to give you just a, to do list.

I want you to understand both the why and the how, so we start with the theory and basics of security and then build on that later with practical exercises and onto more advanced topics.

But before we start an Ethereum basics, I want to give you a super easy, quick security win that you can set up right now as small practical exercise, before we dig into the theory.

So you have an immediate security capability to detect malware and hackers that you can set up in about 10 minutes and you don't even have to install anything this way.

If you forget to do the rest of the course, at least you'll have got some security capability out of it.

So here goes, wouldn't it be cool if we could set up security trip wires to tell us if someone or something was poking around in our files on a laptop, on a phone tablet, in our email and our online accounts, basically everywhere.

Wouldn't it be good if we could have some trip wires that alerted is when somebody was doing things that we don't want them to do.

Well, we can set those things up so let me show you how to set the security trip wires using a service called Canary tokens.

They have made available just for you guys on this course.

So you can have some quick and easy security wins.

So, if you make your way to www.stationx.net/canary tokens slash you can follow along with what I'm doing and create your own tokens at the same time.

So here we have our little Canary friend and his token.

We see a rather obvious red button here, and this is what we need to click on to take us to the domain that will provide us with the tokens.

So here we are, this is a domain here that will rotate.

So don't worry about what that is at the moment.

So here we are.

This is the main thing that you need to interact with and I'm going to show you five different ways of setting up traps.

These traps are also called tokens or Canary tokens, and we're going to keep it simple that the early stages of this course.

So first thing we do is we need to put in an email address.

Now this is the email address, which you want to get sent alerts.

So this needs to be an email address that you monitor.

I slightly email address that you have on your phone or something like that, so that you get notified immediately.

When there's a security problem, you don't want to set up a secondary email address that you never look at.

That's pointless as to be an email address that you monitor.

Even if you set up a new email address, as long as it's one that you monitor.

So let me put one in here so that's the email address I want to get sent alerts to and then I need to put in here some sort of common that lets me know which token, which trap has been triggered.

So I'm going to put word document in password folder on laptop.

That's going to make more sense in a second.

Ignore all this for now, just to have it on DNS and https and generate total.

And if we go down here, the first one that I want you to look at is the Ms. Word token or trap.

So what this has done is this has generated a unique word document for you that we can download.

I'll give you a demo of it, so download that now, and if you see this here, this is the word document that we've just downloaded.

Now, if I click on that, and that's just opened up there, You can see where a little time is going on there in the background.

You see there, we've been alerted now, anytime anyone opens this document, you're going to get alerted.

It's a little trap, and this little trap should work on most operating systems, most versions of word. There's no a hundred percent guarantee that it's going to work on every system and with every version of word.

So if it doesn't work for you, then try one of the other tokens that I'm going to show you in a second.

Let me close that, now I've created another example, here, you can change the file name of this document, by the way, to anything that you like make it enticive.

As I want to click on buy, open this one a second.

Just open this fully now in this one apple valuable and juicy information in it that hacker or other type of threat would be interested in finding PayPal, usernames and passwords, stock trading information, social media accounts, etc.

Those are the sorts of things that our threat is going to be searching for.

If he's on your laptop, your device, your phone within your email is going to be searching for key words.

And if you want an idea of the sort of things that you want to put in these traps, and I've put some examples here, we can see personal information, financial information file hosting accounts.

And if we go further down here are provided an example file.

Then we just copy this, but you can use it as just an example of the sort of information you can see, social security numbers, credit card details.

I've put them in the right sorts of formats, Bitcoin wallet, IDs.

You get the idea so we can imagine now a hacker was snooping around in an area that we specifically put aside just for the hacker defined and we've put in that word document and he's now clicked on it.

And this is the alert we get.

So we know he's snooping around and only do we know he's snooping around. We know what he's doing because we've set up that comment there, and if we click here, we can look to see where he's come from.

We can track him down, and this provides further information on how he triggered the alert.

But what is important is that you react to the alert.

And later on in the course, we're going to talk more about response and recovery strategies as you get through to the more advanced sections.

And if you look at the second type of token that we can create or trap a PDF, so we can download this PDF version and it works pretty much exactly the same as a word document, we opened this PDF document.

And we will get alerted that someone has opened it and boom, there we go, another alert, PDF trap, so I think you're getting the idea now.

So you want to sprinkle as many of these tokens, these traps throughout your laptop, your phone, your tablet in your email, on your online accounts.

So for example, you could put it in your Dropbox and maybe the staff at Dropbox are looking through your documents.

They open the word document, boom, you know, someone snooping in there, and as I say, they need to be interesting enticing and valuable.

And you can get that sort of information from here.

Now, let me show you another sneaky way of setting up a trap. Fake email of passwords.

Number one oh, by the way, if you put it on that one, you'll get more information in the alert about who the hacker was with this type of trapping about set up now.

So choose that one so generate and if you popped down here, we're going to go to web books and we're going to use two web books here.

So let's just grab that URL so that is a clickable link that the hacker clicks on.

You're going to be alerted.

That's open up her email here, right?

Let's just pop that in there for now.

Then we're going to send this to our self.

We could send it from a different account, but all that matters is that the two email addresses the account that you're wanting to be monitored.

You wanting to know if a hacker is in there, we need to create an enticing subject.

So, and then just as an example for this one, we're going to go here and I'm going to copy all of this stuff here into this email.

Obviously, you're going to put your own sort of information in here and things related to you.

So you notice I've just taken that link there.

Now, putting that link here, I can actually change this to anything that I want after this, here.

I can change this to whatever I want so I can put a log in, If I want dot HTML and see what I'm doing is I'm creating an enticement here by private store backup everything.

Username and password.

So if the person opens this email and then clicks on this link, it will trigger the alert, but we're going to do something even more tricky here because we want to definitely catch this hacker.

So within Thunderbird, there is a feature by which you can insert a link to an image.

Now, we don't want to attach an image.

We want to insert a link to an image. So if we gone insert an image, and we unclick this, so we don't want it to attach.

We go on there and then we can put image or GIF and see we're already alerted that's our quick their services, and we do not want to use any alternative text, add that there.

And you'll see you can't see that image because that is a one by one pixel invisible gift.

And let me show you how this works, So we're going to send that to ourselves.

So there we go.

That's our little trap there and we can choose to open it, leave it as an open email, or we can leave it as an unopen email, but no matter what, if someone's in our email and they're searching for whatever it is that they want to be searching for, maybe they're interested in PayPal accounts.

Well, there we go.

That comes up the searching for bank information, credit card information that's going to come up and all they need to do is just open.

You don't want me to click on a link?

Boom.

Caught them, No, they're poking around in there, but let's say that doesn't work for whatever reason it should.

Then there's still things like that to entice them, click on that.

Boom caught them again.

Now in order for us to have inserted that image, I went on this insert image.

Now you may not have this functionality available in the email client that you use.

It may not even be available to do this, but it doesn't matter.

You can still download Thunderbird if you like, it's free and just send an email or emails using Thunderbird just for this one task.

If you can't work out how to embed that invisible web book into your email.

So, as I said, you want to sprinkle these tokens throughout your laptop, on your laptop, phone tablet, and your email and your accounts, make them enticing, make them valuable.

And then when you get an alert, respond to that little.

And respond in the ways that I recommend throughout this course, Janie your password and other such sort of things disconnecting from the network.

So there you go.

That's your security quick win.

Go ahead and set those up right now.

You will have, after you set this up better security detection capabilities than most companies do, you might not believe.

If you're not in the security industry, but that is a sound and true analysis of the state of most organizations, detection, capabilities.

Just think of Edward Snowden.

He was poking around in the NSA for months as an insider threat and nothing like this alerted the NSA pretty crazy later on in the course, we will discuss Canary tokens at a more advanced level.

When you get there, you'll understand more about how they work.

I will understand about the importance of detection controls, which these are versus preventative controls, which are used to stop the hacker, getting it in the first place.

But preventative controls are very important where we use a defense in depth approach, all of which we're going to go into.

So hope that was formed as outlist.

Let's dig into the theory and the basics and start our journey into cyber security.

Complete and Continue  

Become a Member and Get Unlimited Access to 340+ Top Cyber Security Courses.