Social-Engineer Newsletter Vol 06 – Issue 87

 

Vol 06 Issue 87
December 2016

In This Issue

  • How to Stay Secure Traveling in a Global Market
  • Social-Engineer News
  • Upcoming classes

THE NEWS


As a member of the newsletter you have the option to OPT-IN for special offers. You can click here to do that.


Check out the schedule of upcoming training on Social-Engineer.com

2016 Schedule

If you want to ensure your spot on the list register now – Classes are filling up fast and early!


The DEF CON 24 SECTF Report has been released and is FREE for download!
http://www.social-engineer.org/ctf/sectf-def-con-24-report-release/You can also view our breakdown and thoughts of the report in our DEF CON 24 SECTF Report Webninar
http://www.social-engineer.org/resources/def-con-24-sectf-webinar/

Do you like FREE Stuff?

How about the first chapter of ALL OF Chris Hadnagy’s Best Selling Books

If you do, you can register to get the first chapter completely free just go over to http://www.social-engineer.com to download now!


To contribute your ideas or writing send an email to contribute@social-engineer.org


Special Thanks and Notices:

If you want to listen to our past podcasts hit up our Podcasts Page and download the latest episodes.



Our good friends at CSI Tech just put their RAM ANALYSIS COURSE ONLINE – FINALLY.

The course is designed for Hi-Tech Crime Units and other digital investigators who want to leverage RAM to acquire evidence or intelligence which may be difficult or even impossible to acquire from disk. The course does not focus on the complex structures and technology behind how RAM works but rather how an investigator can extract what they need for an investigation quickly and simply.

Interested in this course? Enter the code SEORG and get an amazing 15% off!
http://www.csitech.co.uk/training/online-ram-analysis-for-investigators/

Chris Hadnagy’s new book is out and available:
Unmasking The Social Engineer: The Human Side of Security
is an effort that took over 2 years to write with help from Dr. Paul Ekman and Paul Kelly.


Check it out and order today!


A Special Thanks to:

Ace Hackware for their support in very cool schwag and hacker tools

The EFF for supporting freedom of Speech

Check out Robin Dreeke’s amazing book called “Its Not All About Me” packed with the top 10 techniques to building rapport fast. It is an awesome book!

Keep Up With Us

Friend on Facebook Facebook
Follow on Twitter Twitter

How to Stay Secure Traveling in a Global Market

The global economy requires executives and other corporate employees to travel around the world with more frequency. They bounce from one Wi-Fi network, airport and hotel to another, so how can they stay secure when traveling?

Safety begins with proper planning. With the increase in travel comes an increase in opportunities for would-be thieves. First identify what needs to be protected and who it needs to be protected from. This is referred to as threat modeling and should be the first step in any security analysis as a Source article brings out. In addition, the article brought out the goal is to construct a picture of what you’re up against and to answer these questions to make your security plan:

  • What do you want to keep private?

  • Who wants to know?

  • What can they do to find out?

  • What happens if they succeed?

Among many things, company data needs to be kept private. But is that it? No; would-be thieves are also looking to get your personal data. Especially for the executive.

If you’re visiting a country where corporate espionage is common, think about the ways rival firms or how countries could access your system. For example, in countries like Russia and China, they examine all the data traversing their communications network.

Then think about how a would-be attacker might try to get the data. Would they try a phishing attack? Slip malware onto your system? Or would they try to steal your laptop at a coffee shop as you’re adding sugar and cream to your coffee (because we still drink coffee at coffee shops, right?)?

What can be done to secure the data?

What can be done, then? Let me illustrate it this way; when you leave your house, where’s your wallet? Do you leave it out in the open for someone to take, or do you have it securely tucked away? Treat company and personal data as you would your wallet.

When it comes to the digital devices you need on a trip — do you really need to bring the company laptop that is filled with proprietary documents? If not, consider travel-only devices that you won’t use when you return home or that you can completely wipe clean. While it may not be the most cost-effective way to travel, it’s one way to avoid bringing unnecessary information into an insecure setting. Some business executives on trips to countries that are known for dangerous networks will only bring blank laptops and burner cellphones.

Some other ways to keep data secure is to use strong passwords (and make sure when you are entering your password there isn’t someone around shoulder surfing you), use a VPN to your corporate network, use encrypted email, and anonymous browsing systems. When looking for an anonymous browser or what plugin to use in your current browser check out what the professional reviews say about them and make sure they are safe to use on your system.

It is always recommended that if you’re traveling and you must access your corporate network, to always use the corporate VPN. If you are a small business, before you travel you should invest in setting up a VPN server or a VPN router at your business location. That way you can access your company data securely and not have to travel with any company data on a laptop. When looking for VPN software or remote access applications or VPN services, make sure they are recommended by security professionals and meet the level of security you are needing.

I found these tips on the CUNY site useful as well as the ones on the SecurityMagazine.com site. Some of the tips they provide are:

  • If you are bringing private data, not on a computer, copy the data onto an encrypted USB memory device.

  • Install a host-based firewall, and configure it to deny all inbound connections.

  • Disable file and printer sharing.

  • Disable Bluetooth.

  • Password protect the login, and require the password after screen-saver.

  • Apply full disk encryption, picking a long, complex password. This will provide a substantial layer of protection should the workstation or medium become lost or stolen. The user should memorize the password, or keep it in a secure location on his/her person.

  • Untrusted location = untrusted network.

  • Be cautious when clicking on update pop-ups, especially while using untrusted hotel Internet connections. Some pop-ups are scams designed to trick people into installing malicious software. Update your software by going directly to the vendor’s website.

  • When you return, you should reset your passwords.

  • You have no reasonable expectation of privacy in some countries.

  • Connections in cyber cafes, public areas and hotels can be safe with a VPN, but should otherwise be considered insecure and probably monitored by unsavory agents. Physical PCs in such places may contain keystroke logging or other malicious methods to gather your information.

  • Do not loan your device to anyone, or attach unknown devices such as thumb drives. Thumb drives are notorious for computer infections.

  • Disable device illicit access via wireless technologies by:

  • Using airplane mode to disable or suspend all connectivity.

  • Disabling Wi-Fi when not in use. Wi-Fi ad-hoc mode or insecure file sharing enables direct access to devices.

  • Disabling Bluetooth when not in use (or set it to “hidden,” not “discoverable”). Be aware that rental car Bluetooth PBAP (Phone Book Access Profile) functionality loads your entire address book, while Bluetooth (Personal Area Network) functionality enables connections with other Bluetooth devices.

By following these tips your company and personal data will be more secure.

Of course, if you feel you’ve been attacked and compromised, call your IT department and change your passwords immediately (this should go without saying, but, I’m going to say it anyway; change them in a secure area).

Traveling can be done in a way that will minimize the risk of data compromise, so, plan your security as well as your travel arrangements. Use the recommend tips above, guard your data as you would your wallet and remember this: minimize the opportunity, minimize the chances for an attack. By applying the recommendations, you will be able to travel and keep both the company’s and your personal data secure in this global economy.

Safe travels.

Written by: Mike Hadnagy
Twitter: @mikehadnagy

Source:

As part of the newsletter group, you will be the first to receive special offers to services and products by Social-Engineer.Com.


 

 

Leave A Reply