Ready to Start Your Career?
By: Solene Gabellec
October 25, 2019
CyberSecurity Quick Guide for Students
By: Solene Gabellec
October 25, 2019
This blog was originally posted on Knogin blog by author Anna Codina. Reposted with permission.(By the way! If you'd like to keep a hard copy of this guide, you can also download the Ultimate Cybersecurity Quick Guide for Students for ease of use.)
Different Ways You Could be CompromisedIn the digital world, data is the most valuable commodity out there. Depending on the type of information that has been gathered about you, you can see customized ads based on your preferences or have accounts opened in your name without your knowledge. One is less harmful than the other, but through phishing, social engineering, and malware, hackers can get a hold of your most sensitive data.For example, let’s say your computer is suddenly running very slowly. It could be due to a software update, or because it has been compromised and is being used as part of a network of compromised computers to attack another victim and extort money from them, or because spyware is tracking your every move. It’s hard to know what the problem is without implementing proper Cyber Security software.Technology is not the same as it was 10 or 20 years ago, we interact with a lot more devices that are connected to the internet. These devices could serve as an open gate for malicious people to gain access to a network and gather data or steal data about you. The good news is there are ways to protect yourself against these attacks just by having good practices and habits.
Easy Ways to Protect YourselfIt is important to establish good habits to reduce the likelihood of an attack. Here are some things to consider:
- Lock your computer every time you leave it unattended.
- Have a strong password.
- Passwords should not have identifying characteristics like your pet's name or birthday. Passphrases are generally easier to remember and harder to compromise. For instance, using four random words such as “Funny Monkeys Riding Bikes” is very easy to remember and one of the strongest passwords you can use.
- Replace the default passwords.
- If you received something that already has a password in place, like a wireless router or a nanny cam, take the time to change it.
- Have 2-factor authentication enabled.
- When you sign into a website or app, you provide two or more pieces of evidence that you are the authorized person.
- Be aware of phishing methods.
- Phishing is the preferred method for cybercriminals. Always verify who the sender is in the email by looking at their address. Does it look fishy? Do they want money or are they urging you to log in to something to change your password?
- Get a tool to monitor all of your devices.
- Ideally you want a tool that will look for unexpected behaviors and patterns, like unknown processes running or errors in the security logs. You can monitor them for free from our consolidated tool, CyberEasy, and it will alert you if something suspicious occurs.
- Don't trust public wifi.
- There are tools out there that will monitor or even steal data from devices connected to it. Only connect to wifi sources you trust, but even then, be aware that it’s easy to create a fake access point to steal someone’s data. If you have a good data plan with your cell phone, prefer using that over public wifi.
- Disable your webcam when not in use.
- Webcam security is very poor and can easily be accessed by criminals and stalkers. If you are able to unplug it or when you're not using it, you should do so. In cases like with a laptop or an integrated camera in tablets, smartphones and some monitors, you can go into settings to disable it or place black tape over the camera lens when not in use.
- Read the terms and conditions carefully.
- It's important to take the time to read company policies when downloading an app or signing up for a website.
- Some apps are collecting data about you in the background and selling it to third parties. You actually might be giving these apps permission to publish to your social media on your behalf, which opens you up to more problems, such as extortion or inadvertently spamming all of your friends.
- Check your default settings.
- Review the default settings you have in both the tools and the apps you use. Some apps, like email, offer useful security features that need to be manually turned on, and other apps might have harmful tracking on you like 'location-enabled' when it shouldn’t.
- Disabling/blocking ports that you are not going to use.
- You can create rules in your computer's firewall and block all ports that you're not going to use. If your router has a built-in firewall, you can also apply the same process.
- Sometimes, it can be difficult to correctly configure what ports to leave open vs. closed, as some apps use uncommon ports. You can easily verify this by installing the tool CurrPorts, a port monitor that displays all open ports on a computer.
- Whitelist your IP address
- You might have a project where you need to access your computer or a virtual server remotely, but it's not very safe to leave it open to a world where anybody can access it, even if it's user and password protected.
- By whitelisting your IP address, you let your computer or server know that you are authorized. This method is not fool-proof, but it gives a criminal less chance of a successful compromise.
- Verify the checksum
- Verifying the checksum of a program you are attempting to install helps ensure that the file keeps its integrity and was not corrupted during the download or modified with malware by a malicious person.
- Be aware of current vulnerabilities
- It is important to keep a passive eye on when a vulnerability has been discovered. This way you can do something to reduce the risk while an update is being released. For example, with the WannaCry ransomware attack in 2017, the quickest way to disable it before the update was through the SMBv1 and/or blocking port 445.
- Websites like Cvedetails.com, Nvd.nist.gov, and Microsoft’s Security Update Guide are all great resources to use.
“This Won't Happen to Me” MentalityIt's easy to subscribe to this mentality when our whole lives revolve around technology and nothing bad ever seems to happen. Technology safety will often fall toward the bottom of the list of priorities, especially when there are more pressing issues like having food on the table and enough money to last through the month. It is easy to feel overwhelmed by everyday life that the last thing you want to be cautious about is whether you're being spied on for just watching YouTube videos.However, you do not have to look far (Hackers Access Student Data at Top Australian University Going Back 19 Years & Recent Hacks Show That Even Tech-Savvy Universities Are Still Very Vulnerable to Cyber Attacks) to understand the consequences of being too relaxed about your data. By having a new generation become much more aware, picky, and sensitive as to who we're giving our data to, we will have a much better and stronger cybersecurity industry.
How to Get Started in CybersecurityThere are many different paths you can take in cybersecurity, so the best way to start is to see what area or niche you'd like to focus on. You can see a road map of the different cybersecurity fields in the below graph and what types of certifications you will need to pursue that career path. (Graph provided by SANS)However, the downside is that these certifications can be quite expensive. If you're not sure what field to invest your time, energy, and money in, then it is best to get your feet wet through Cybrary. We also have our own course on Cybrary where you can learn how to use our free CyberEasy product. Students are currently using our product to get hands-on cybersecurity experience that they can later put on their resumes and get internships or jobs.If at any time you feel lost or confused and do not understand the vast terminology, Cybrary also has a glossary of terms you can reference.After you've tried out some of the courses on there and you've found a field that you'd like to focus on, the next step is to get real-life experience. CyberEasy is a great gateway to this, and contacting local cybersecurity experts in your area can also be beneficial to you. Reach out to these experts and ask if you can shadow them or if they would be interested in becoming your mentor or tutor.Cybrary also has a large network of professionals already in the field that you can connect with and ask them questions. There are also events where you can participate in boot camps and 'capture the flag' style games and exercises. As a student, it's important to be proactive with gaining experience as well as pursuing your education. Never stop being curious!
Events to AttendThere are plenty of cybersecurity events around the world, so check your local area to see what's nearest to you. You can also use Infosec-conferences.com to search for upcoming events that you could travel to. If you happen to live in a small or very rural town, don't worry, many events these days have the option to join live via webinar.There are also free international events that you can attend like the Cybersecurity Summer Boot Camp, which is hosted by Incibe in Spain. They collaborate with the Organization of American States (OAS) and other organizations to make this event possible. There is also OWASP and Bsides, which usually have some local or national conferences that you can attend for free.
Free Tools You Can Use for Hands-On ExperienceSome tools and sites we recommend are:
- NoMoreRansom.org - A site to help you recover from ransomware attacks
- Knogin.com - Security software (SIEM) to tell you if you're being quietly targeted by online criminals
- HaveIbeenPwned.com - Tells you if your username and password have been breached
- Url2png.com - Lets you see a screenshot of a website without having to visit it
- WhereGoes.com - Lets you see where a shortened URL is taking you without having to click on it
- Opswat.com - Lets you upload files and check them against multiple antivirus products
- VirusTotal.com - To check for viruses, hashes, IPs, or URLs that antivirus may have missed.
- URLscan.io – A sandbox for websites where you can have information about it without visiting it.
- WireShark.org – A packet/network traffic analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education.
- Owasp.org/OWASP Security Shepherd – A web and mobile application security training platform that you can set yourself. You can use it with your friends and host some capture the flag challenges.