3. Security Quick Win!
3. Security Quick Win!
I want to give you a super easy, quick security win that you can set it right now as small practical exercise, before we dig into the theory.
So you have an immediate security capability to detect malware and hackers that you can set up in about 10 minutes and you don't even have to install anything this way.
If you forget to do the rest of the course, at least you'll have got some security capability out of it, so here goes, wouldn't it be cool if we could set up security trip wires to tell us if someone or something was poking around in our files on a laptop, on a phone tablet, in our email and our online accounts, basically everywhere.
Wouldn't it be good if we could have some trip wires that alerted is when somebody was doing things that we don't want them to do?
Well, we can set those things up.
So let me show you how to set the security trip wire, using a service called Canarytokens.
They have made available just for you guys on this course.
So you can have some quick and easy security wins.
So, if you make your way to www.stationx.net/canarytokens/ you can follow along with what I'm doing and create your own tokens at the same time.
So here we have our little Canary friend and his token.
We see a rather obvious red button here, and this is what we need to click on to take us to the domain that will provide us with the tokens.
So here we are, this is a domain here that will rotate.
So don't worry about what that is at the moment, so here we are, this is the main thing that you need to interact with.
And I'm going to show you five different ways of setting up traps.
These traps are also called tokens or Canarytokens, and we're going to keep it simple that the early stages of this course.
So first thing we need to do is read to put in an email address.
Now this is the email address, which you want to get sent alerts to so this needs to be an email address that you monitor.
I slightly email address that you have on your phone or something like that, so that you get notified immediately when there's a security problem, you don't want to set up a secondary email address that you never look at.
That's pointless has to be an email address that you monitor, even if you set up a new email address, as long as it's one that you monitor.
So let me put one in here.
So that's the email address I want to get sent alerts to, and then I need to put in here some sort of common that lets me know which token, which trap has been triggered.
So I'm going to put word document in password folder on laptop. That's going to make more sense in a second. Ignore all this for now, just to have it on DNS and hate CDPs and generate total. And if we go down here, the first one that I want you to look at is the Ms. Word token or trap. So what this has done is this has generated a unique word document for you that we can download.
I'll give you a demo of it.
So a download that now, and if you see this here, this is the word document that we've just downloaded.
Now, if I click on that and that's just opened up there.
You can see where little time is going on there in the background.
Now you see there, we've been alerted now, anytime anyone opens this document, you're going to get alerted.
It's a little trap.
And this little trap should work on most operating systems, most versions of word.
There's no a hundred percent guarantee that it's going to work on every system and with every version of word.
So if it doesn't work for you, then try one of the other tokens that I'm going to show you in a second.
So let me close that, now I've created another example here.
You can change the file name of this document, by the way, to anything that you like, make it entice Amazon to click on, by open this one a second.
Just open this fully now in this one apple valuable and juicy information in it that hacker or other type of threat would be interested in finding PayPal usernames and passwords, stock trading information, social media accounts, etc, etc.
Those are the sort of things that a threat is going to be searching for, if he's on your laptop, your device, your phone within your email is going to be searching for key words.
And if you want an idea of the sort of things that you want to put in these traps, and I've put some examples here, we can see personal information, financial information, file hosting accounts.
And if we go further down here are provided an example file.
Then we just copy this, but you can use it as just an example of the sort of information you can see, social security numbers, credit card details.
I've put them in the right sorts of formats, Bitcoin wallet IDs.
You get the idea.
So we can imagine now the hacker was snooping around in an area that we've specifically put aside just for the hacker defined and we've put in that word document and he's now clicked on it.
And this is the alert we get.
So we know he's snooping around and only do we know he's snooping around.
We know what he's doing because we've set up that comment there, and if we click here, we can look to see where he's come from.
We can track him down and this provides further information on how he triggered the alert.
But what is important is that you react to the alert.
And later on in the course, we're going to talk more about response and recovery strategies as you get through to the more advanced sections.
And if we look at the second type of token that we can create or trap a PDF, so we can download this PDF version and it works pretty much exactly the same as a word document, we opened this PDF document.
And we will get alerted that someone has opened it and boom, there we go.
Another alert, PDF trap.
So I think you're getting the idea now.
So you want to sprinkle as many of these tokens, these traps throughout your laptop, your phone, your tablet in your email, on your online accounts.
So for example, you could put it in your Dropbox and maybe the staff at Dropbox are looking through your documents.
They open the word document, boom, you know, someone snooping in there.
And as I say, they need to be interesting and enticing and you can get that sort of information from here.
Now, let me show you another sneaky way of setting up a trap.
Fake email of passwords.
Number 1 oh, by the way, if you put it on that one, you'll get more information in the alert about who the hacker was with this type of trapping about set up now.
So choose that one.
So generate.
Have you popped down here, we're going to go to web bug and we're going to use two web bugs here.
So let's just grab that URL.
So that is a clickable link.
If the hacker clicks on, you're going to be alerted, that's opened up her email here, right let's just pop that in there for now.
Then we're going to send this to ourselves.
We could send it from a different account, but all that matters is that the two email addresses the account that you're wanting to be monitored.
You wanting to know if a hacker is in there, we need to create an enticing subject.
So, and then just as an example for this one, we're going to go here and I'm going to copy all of this stuff here into this email.
Obviously, you're going to put your own sort of information in here and things related to you.
So you notice I've just taken that link there.
Now, putting that link here, I can actually change this to anything that I want after this.
Here.
I can change this to whatever I want so I can put a login.
If I want .HTML and see what I'm doing is I'm creating an enticement here by private file store backup of everything.
Username and password.
So if the person opens this email and then clicks on this link, it will trigger the alert, but we're going to do something even more tricky here because we want to definitely catch this hacker.
So within Thunderbird, there is a feature by which you can insert a link to an image.
Now, we don't want to attach an image.
We want to insert a link to an image.
So if we've gone insert an image and we unclick this, so we don't want it to attach.
We go on there and then we can put image or GIF and see we're already alerted that's our quick their services is and we do not want to use any alternative text, add that there.
And you'll see you can't see that image because that is a one by one pixel invisible gif.
And let me show you how this works.
So we're going to send that to ourselves.
So there we go.
That's our little trap there, now we can choose to open it, leave it as an open email, or we can leave it as an unopen email, but no matter what, if someone's in our email and they're searching for whatever it is that they want to be searching for, maybe they're interested in PayPal accounts.
Well, there we go that comes up the searching for bank information, credit card information that's going to come up and all they need to do is just open it.
You don't want me to click on a link who caught them you know, they're poking around in there, but let's say that doesn't work for whatever reason it should.
Then there's still things like that to entic them, click on that boom caught them again.
Now in order for us to have inserted that image, I went on this insert image.
Now you may not have this functionality available in the email client that you use.
It may not even be available to do this, but it doesn't matter.
You can still download Thunderbird if you like, it's free and just send an email or emails using Thunderbird just for this one task.
If you can't work out how to embed that invisible web bug into your email.
So, as I said, you want to sprinkle these tokens throughout your laptop, on your laptop, phone tablet and your email and your accounts, make them enticing, make them valuable.
And then when you get an alert, respond to that alert and respond in the ways that I recommend throughout this course changing your password and other, such sort of things disconnecting from the network.
So there you go that's your security quick win.
Go ahead and set those up right now you will have, after you set this up better security detection capabilities than most companies do, you might not believe that if you're not in the security industry, but that is a sad and true analysis of the state of most organizations, detection, capabilities.
Just think of Edward Snowden.
He was poking around in the NSA for months as an insider threat and nothing like this alerted the NSA.
Pretty crazy later on in the course, we will discuss Canarytokens at a more advanced level.
When you get there, you'll understand more about how they work and we'll understand about the importance of detection controls, which these are.
Versus preventative controls, which are used to stop the hacker, getting it in the first place.
But preventative controls are very important.
We use a defense in depth approach, all of which we're going to go into.
So hope that was formed so now let's dig into the theory and the basics and start our journey into cybersecurity.