Beruflich Dokumente
Kultur Dokumente
Cyber-Security Toolbox
CYBER-SECURITY TOOLBOX
Compiled by: Michael Chesbro June 2011 Edition-3
The Cyber-Security Toolbox contains several security techniques and programs that can be employed by the individual user to make his or her electronic information and electronic communications more secure. The Cyber-Security Toolbox is compiled from multiple open sources, and system help files. This document is a compilation of data obtained from the links given herein, and is intended to aid users in establishing a more secure cyber-environment.
Every bit of cyber-security we use makes it that much more difficult for hackers, spies, criminals and other adversaries to access our electronic systems, steal our information, or disrupt our operations.
Michael Chesbro
Cyber-Security Toolbox
Table of Contents
Encrypt an e-mail message in Microsoft Office Outlook 2007 Digital Certificates Use Safe Access File Exchange (SAFE) to Securely Exchange Large Files Use Encryption Wizard (EW) to Secure Your Files JavaScrypt: Browser-Based Cryptography Pretty Good Privacy (PGP) Hushmail Ironkey Create a Secure Computing Environment with Lightweight Portable Security Puppy Linux TrueCrypt - Free open-source disk encryption software Install Anti-Virus Software on Your Home Computer Participate in IA Education, Training and Awareness Programs Use Your DoD CAC At Home Use the Password Function in Microsoft Office to Protect Your Documents Use a Secure Erase Utility to Destroy Electronic Data Use Strong Passwords Store Your Passwords in a Password Safe Protect Data-At-Rest (DAR) Enable Microsoft Encrypting File System United States Postal Service Electronic Postmark Use AKO/DKO IM & Chat Enable Secure Logon (CTRL+ALT+DELETE ) Cellular Telephones and PDAs Zfone Vumber - Virtual Phone Number Google Voice Whisper Systems (Encrypted voice and texts for your Android Smartphone) TOR Google Encrypted Search Google Account 2-step verification Temporary / Disposable E-mail Addresses EPIC Online Guide to Practical Privacy Tools NIST Computer Security Division - Computer Security Resource Center US CERT Cyber Security Tips NSA - CSS Cyber Security Factsheets Report Cyber-Crime
Michael Chesbro
Cyber-Security Toolbox
1. In the message, on the Message tab, in the Options group, click the Encrypt Message Contents and Attachments button. 2. Compose your message and send it. Encrypt all messages
1. On the Tools menu, click Trust Center, and then click E-mail Security. 2. Under Encrypted e-mail, select the Encrypt contents and attachments for outgoing messages check box.
Michael Chesbro
Cyber-Security Toolbox
3. To change additional settings, such as choosing a specific certificate to use, click Settings. 4. Click OK twice. In order to send encrypted messages over the Internet, you need to exchange certificate files (.cer file) with the recipient. You can do this in a number of ways. For example: Send a digitally signed message. The recipient adds your e-mail name to Contacts and in doing so, also adds your certificate. Send an e-mail message with your .cer file attached or send the .cer file on a disk / CD-ROM. The recipient can import the .cer file into your contact card. Create a contact card with your .cer file, and send the contact card. Publish your certificate to an LDAP (Lightweight Directory Access Protocol (LDAP): A protocol that provides access to Internet Directories.) directory or another directory that is available to the other person. Post the certificate on a share that is available to the other person.
If your system administrator has set up security for your network using Microsoft Exchange, it is not necessary to swap certificates. 3DES is the default encryption algorithm. Encryption strength is no longer restricted by the United States government. Outlook uses the RC2 algorithm by default when running on a 40-bit operating system that does not have 128-bit encryption capabilities.
Digital Certificates
Digital ID A Brief Overview http://www.verisign.com/static/005326.pdf VeriSignTM Class 1 Digital IDSM for Microsoft Internet Explorer https://digitalid.verisign.com/client/class1MS.htm Comodo Digital Certificate http://www.instantssl.com/ssl-certificate-products/free-email-certificate.html Comodo's Free Email certificates allow you to use the digitally sign and encrypt features built into your personal email client to authenticate and secure your email communications. This allows recipients of your emails to confirm your identity and ensure that the email you sent was not modified during transmission. It is also simple to fully encrypt your communications to prevent unauthorized viewing.
Michael Chesbro
Cyber-Security Toolbox
GlobalSign Digital ID http://www.globalsign.com/authentication-secure-email/digital-id/ GlobalSign offers a range of PersonalSign (Digital IDs issued to people) with varying trust levels. Digital IDs can be used to access online Government services to submit declarations electronically, authenticate you to SSL VPNs, and secure email by digitally signing and encrypting email using applications such as Microsoft Outlook or other S/MIME email software. The same Digital ID can also digitally sign Microsoft Office documents. By digitally signing a document or email, you can confirm that you are the originator of the document / email and help prove that the document / email has not changed since the time you signed it.
Use Safe Access File Exchange (SAFE) to Securely Exchange Large Files
The AMRDEC Safe Access File Exchange (SAFE) application is for securely exchanging UNCLASSIFIED / FOUO files. Files of up to 2GB in size may be transferred through SAFE but the actual size is dependent of various factors such as connection speed, the network's congestion, and various other determinates. Since many organizations that do business within the Army limit the size of attachments that can be sent via email, the SAFE applications were created as alternative file-sharing methods to email and FTP. How Secure is SAFE? SAFE uses the SSL (Secure Socket Layer) protocol--128-bit encryption--when a file is uploaded and downloaded. Users should be aware however that the limited use PIN that the users receive to access a file in SAFE is sent via email. Therefore the PIN is only as safe as your email system. Since this system was designed as an alternative to simply attaching the file to an email anyway, this is acceptable. The SAFE server uses Department of Defense PKI certificates for identification and encryption. Any format of file(s), including a .zip file, may be sent to anyone with a valid email address Virus protection provided SAFE servers are less susceptible to worms or other email viruses
Michael Chesbro
Cyber-Security Toolbox
EW is an SPC implementation of the Advanced Encryption Standard (AES)(Rijndael) augmented with a file manager Graphical User Interface (GUI) for ease of use. The 128-bit encryption/decryption algorithm used by Encryption Wizard is considered cryptographically strong and is routinely used in National Security Agency (NSA) and National Institute of Standards and Technology (NIST) certified products. Encryption Wizard is designed to protect data at rest and in transit (such as email attachments). Fast, Easy-to-Use Protection Quickly and easily protect your important data inside and outside your organization. Encryption Wizard (EW) provides a user-friendly, drag-and-drop, single window interface to encrypt any type of file on nearly any computer or media. To encrypt files or directories, simply drag them into the EW window, press Encrypt, and enter a passphrase and/or use a PKI certificate. EW can also create encrypted (and optionally compressed) archives of files and directories. Free Public Version -- Download now from http://spi.dod.mil/ewizard.htm . Free FIPS Version This restricted version uses a FIPS 140-2 validated encryption module from RSA for use by the federal government and its contractors. Encrypted files are compatible with the public version. Escrow keys can be embedded for use in your enterprise. To obtain the FIPS version or customize for your enterprise, contact the Software Protection Initiative.
Michael Chesbro
Cyber-Security Toolbox
Cryptographically Strong Encryption Wizard protects data on your network, while stored on media, and during transmission across the Internet using a FIPS 140-2 validated module. 128-bit AES encryption, SHA-256 hashes, and RSA digital signatures meet DoD requirements for transmitting and storing critical unclassified information. Enterprise Ready Encryption Wizard aims to protect data wherever stored and however transmitted between dissimilar networks, platforms, and operating systems for a broad range of users. Listed on the Air Force Enterprise Products List, EW complements Data-at-Rest products for defense-in-depth and granular control. Optional command line interface permits scripting of data protection. Installation packages available for common enterprise software distribution systems. System Requirements Java Runtime Environment SE, v1.5 (or newer) Administrator access not required for installation
Michael Chesbro
Cyber-Security Toolbox
Pretty Good Privacy or PGP is an encryption program developed by Phil Zimmermann and published in 1991. It was one of the first public-key encryption programs available to the general public, and has today become the "unofficial standard" for encryption of e-mail and personal communication on the Internet. PGP uses public key encryption. It has one key (a public key) for encryption and a second key (a private key) for decryption. With PGP installed on your computer you can encrypt a message to any person whose public key you possess. However, the only way to then decrypt that message is to possess the associated private key. Thus when using PGP you give your public key to everyone, add it to key servers, and maybe even publish it on the Internet, but you keep your private key secret and secure, thereby ensuring that while anyone can encrypt a message and send it to you, only you can decrypt and read that message. People who use PGP on a regular basis will often publish their PGP public key to a "key server". A key server is simply a site where you can search for a person's public key and post your own public key for others to use. PGP key servers are run by several groups and organizations, but some of the major key servers can be found on-line at: MIT PGP Public Key Server - http://pgp.mit.edu/ PGP Corporation Public Key Server - http://keyserver.pgp.com/ University of Mainz (Germany) Public Key Server - http://pgp.uni-mainz.de/
If you use PGP you could visit anyone of these PGP key servers and locate the author's PGP public key. This would give you a way to securely contact the author of this book without first having met him or otherwise exchanged any type of encryption key. If you included a copy of your own PGP public key in your e-mail, or if your PGP public key was posted to the key server you could receive an encrypted reply to your e-mail... a reply that only you could read.
Michael Chesbro
Cyber-Security Toolbox
PGP is available for most operating platforms and systems, and is available as freeware from the PGP International site at: http://www.pgpi.org/ . Gnu Privacy Guard (GnuPG) is a PGP compatible free implementation of the OpenPGP standard. GnuPG is available on-line at: http://www.gnupg.org/ .
Hushmail
https://www.hushmail.com/ Hushmail is a secure web-based free email service, developed 1999. Hushmail looks and feels just like any other web-mail site, but adds strong encryption to your emails to protect your secrets from prying eyes. Key features Easy-to-use web-based email Standards-compliant encryption Works on iPhone and BlackBerry Optional Outlook integration
The free Hushmail account is limited to 2MB of storage space. Storage of up to 10GB is available for $49.98 per year.
Ironkey
https://www.ironkey.com
Michael Chesbro
Cyber-Security Toolbox
Your identity and personal data are too valuable to risk. IronKey Personal keeps you protected with military-grade encryption and easy-to-use identity management. The result of extensive R&D and the collaboration of some of the world's leading experts in cryptography and the Internet, IronKey is the world's most secure flash drive. IronKey Personal comes loaded with a secure private browser that lets you surf anonymously and protects your passwords whenever you go online. IronKey Personal simplifies your digital lifestyle while giving you added peace of mind. Ironkey Datasheet: https://www.ironkey.com/files/datasheets/ironkey-personal-s200.pdf
http://spi.dod.mil/lipose.htm Lightweight Portable Security (LPS) creates a secure end node from trusted media on almost any Intelbased computer (PC or Mac). LPS boots a thin Linux operating system from a CD without mounting a local hard drive. Administrator privileges are not required; nothing is installed. SPI created the LPS family to address particular use cases. LPS-Public is a safer, general-purpose solution for using web-based applications. The accredited LPS-Remote Access is only for accessing your organization's private network. LPS-Public allows general web browsing and connecting to remote networks. It includes a CAC-enabled Firefox browser, a PDF and text viewer, Java, and Encryption Wizard - Public. (http://www.spi.dod.mil/ewizard_down.htm)
Michael Chesbro
10
Cyber-Security Toolbox
LPS-Public turns an un-trusted system (such as a home computer) into a trusted network client. No trace of work activity (or malware) can be written to the local computer. Simply plug in your USB CAC-reader to access CAC-restricted DoD websites. To get started, download the LPS-Public ISO image and burn it to a CD.
Puppy Linux
Linux is a free operating system, and Puppy Linux http://puppylinux.org is a special build of Linux meant to make computing easy and fast. Puppy Linux also enables you to save money while doing more work, even allowing you to do magic by recovering data from destroyed PCs or by removing malware from Windows. With Puppy Linux, you can carry your programs and data anywhere. Easy - Just use a CD or USB flash to boot a PC. Puppy Linux is downloadable as ISO, an image that can be burned to CD or DVD. Fast - Because Puppy is small, it can live in your PC's memory and be ready to quickly execute your commands, whereas in other systems, programs are first read from drive storage before being executed. Save Money - Even if your PC has no hard disk (ex, broken hard disk), you can still boot Puppy via CD or USB and continue working. Old PCs that no longer work with new systems will still work good-as-new with Puppy. Do More - Puppy boots in less than a minute, even in old PCs, and it does not require antivirus software. Administering Puppy is quick and minimal. With Puppy, you just have to take care of your data, which you can easily save to USB flash (Then forget about your operating system!). Your data can be read by other computers. Do Magic -Help your friends suffering from computer malware by booting Puppy and removing malware from their PC (use antivirus that is built-in or can be installed in Puppy). Example - bad
Michael Chesbro
11
Cyber-Security Toolbox
Autorun.inf is easily removed by Puppy (Just delete it as well as its companion exe program). If your friend thinks that she has lost data from her corrupted hard disk, boot Puppy and try saving her data! Carry Anywhere (Portable) - Because Puppy is able to live in CD/DVD or USB flash, as well as save data to these same devices, you can carry your programs and data with you.
Are you now ready for Puppy? Keep these important reminders before using Puppy: You don't have to install Puppy (to hard disk) to use it. Simply burn the ISO to CD/DVD and boot the PC or laptop with it. Once booted, you can then install it to USB flash (see the Setup menu), so you can use it for booting the PC when a CD is not available. You don't have to save data to hard drive to work with Puppy. You can save data to USB flash or even to Internet storage (like www.drop.io ). When installed to USB flash, Puppy consumes only a little over 100 MB, or about 256 MB with OpenOffice. You can use the same USB flash (where Puppy is installed) for saving data.
Free open-source disk encryption software for Windows 7/Vista/XP, Mac OS X, and Linux
TrueCrypt http://www.truecrypt.org is a software system for establishing and maintaining an on-thefly-encrypted volume (data storage device). On-the-fly encryption means that data is automatically encrypted or decrypted right before it is loaded or saved, without any user intervention. No data stored on an encrypted volume can be read (decrypted) without using the correct password/keyfile(s) or correct encryption keys. Entire file system is encrypted (e.g., file names, folder names, contents of every file, free space, meta data, etc).
Michael Chesbro
12
Cyber-Security Toolbox
Files can be copied to and from a mounted TrueCrypt volume just like they are copied to/from any normal disk (for example, by simple drag-and-drop operations). Files are automatically being decrypted on the fly (in memory/RAM) while they are being read or copied from an encrypted TrueCrypt volume. Similarly, files that are being written or copied to the TrueCrypt volume are automatically being encrypted on the fly (right before they are written to the disk) in RAM. Note that this does not mean that the whole file that is to be encrypted/decrypted must be stored in RAM before it can be encrypted/decrypted. There are no extra memory (RAM) requirements for TrueCrypt. For an illustration of how this is accomplished, see the following paragraph. Let's suppose that there is an .avi video file stored on a TrueCrypt volume (therefore, the video file is entirely encrypted). The user provides the correct password (and/or keyfile) and mounts (opens) the TrueCrypt volume. When the user double clicks the icon of the video file, the operating system launches the application associated with the file type typically a media player. The media player then begins loading a small initial portion of the video file from the TrueCrypt-encrypted volume to RAM (memory) in order to play it. While the portion is being loaded, TrueCrypt is automatically decrypting it (in RAM). The decrypted portion of the video (stored in RAM) is then played by the media player. While this portion is being played, the media player begins loading next small portion of the video file from the TrueCrypt-encrypted volume to RAM (memory) and the process repeats. This process is called on-the-fly encryption/decryption and it works for all file types, not only for video files. Note that TrueCrypt never saves any decrypted data to a disk it only stores them temporarily in RAM (memory). Even when the volume is mounted, data stored in the volume is still encrypted. When you restart Windows or turn off your computer, the volume will be dismounted and files stored in it will be inaccessible (and encrypted). Even when power supply is suddenly interrupted (without proper system shut down), files stored in the volume are inaccessible (and encrypted). To make them accessible again, you have to mount the volume (and provide the correct password and/or keyfile). A beginner's tutorial to TrueCrypt is available here: http://www.truecrypt.org/docs/tutorial
Michael Chesbro
13
Cyber-Security Toolbox
To help protect your home and personal computers the DoD Antivirus Software License Agreement with McAfee and Symantec allows active DoD employees to utilize the antivirus software for home use. Home use of the antivirus products will not only protect personal PCs at home, but will also potentially lessen the threat of employees bringing malicious logic into work and compromising DoD networks. To obtain a copy of the free anti-virus software provided by the DOD, visit https://www.cert.mil. (DoD PKI CAC Card Required) For individuals who do not have DoD PKI to access the above software, there are other free anti-virus programs available: AVG Free Anti-Virus Software - http://free.avg.com/us-en/homepage Avast Free Anti-Virus Software - http://www.avast.com/free-antivirus-download Microsoft Security Essentials - http://www.microsoft.com/security_essentials/ Panda Cloud Antivirus Free Edition - http://www.cloudantivirus.com/en/ Trend Micro HouseCall - http://housecall.trendmicro.com/
Michael Chesbro
14
Cyber-Security Toolbox
The DISA Information Assurance Support Environment http://iase.disa.mil/eta/ provides a variety of free, on-line IA education, training, and awareness programs. IA training helps to ensure that the privacy, reliability, and integrity of our information systems remain intact and secure.
Information Assurance Fundamentals Training - https://ia.signal.army.mil/IAF/default.asp This course provides individuals an understanding of the information systems security policies, roles, responsibilities, practices, procedures, and concepts necessary to perform the functions of an Information Assurance Security Officer (IASO). The lessons presented will aid the IASO in developing an effective security approach and in selecting cost-effective controls to meet the requirements of laws, directives, and regulations. Lesson 1 - Army Information Assurance Program (AIAP) Lesson 2 - Federal Laws, DoD Regulations and Policies Lesson 3 - Army Regulations and Policies Lesson 4 - Army Information Assurance Training Program Lesson 5 - Network/Hacker Threats
Michael Chesbro
15
Cyber-Security Toolbox
Lesson 6 - Malware Lesson 7 - Physical Security Lesson 8 - Risk Assessment and Management Lesson 9 - Security Incident and Response Planning Lesson 10 - Continuity of Operations (COOP) Lesson 11 - DoD Information Assurance Certification and Accreditation Process (DIACAP) Lesson 12 - Wireless Security Lesson 13 - Intrusion Detection Systems (IDS) and Auditing Lesson 14 - Firewalls and Perimeter Defense Lesson 15 - Encryption and Common Access Cards (CAC) Lesson 16 - Legal
InfraGard Awareness Information Security Awareness Course https://www.infragardawareness.com/index.php The InfraGard Awareness Information Security Awareness course is FREE to all individuals and small businesses with 50 or fewer employees. This training will help you and your employees understand how you to help make your workplace more secure. It will also teach you vital skills to protect yourself and your family from cybercrime and identity theft. The course is divided into 13 lessons. The time of each lesson ranges from approximately three to nine minutes long. The total time for the entire course is approximately 90 minutes. The first part of the course focuses on the key behavioral challenges including; helping employees make a personal connection with cybercrime and workplace security understanding who commits these crimes and what their motives are understanding why exploiting predictable employee behavior is critical to committing these crimes why modifying personal behavior can be so powerful in preventing these crimes.
The second part of the course focuses on security best practices and policies, and on how they contribute to behavioral change and better workplace security. It addresses all the key security vulnerabilities, including web and e-mail use, passwords, data protection, social engineering, virus management, security outside the office, personal workspace security and more. Standard lessons include:
Michael Chesbro
16
Cyber-Security Toolbox
Pre-Lesson Course Welcome and Overview Lesson 1: The Impact of Cybercrime and Identity Fraud Lesson 2: Todays Threats Lesson 3: How Employee Behavior is Exploited Lesson 4: Strong Passwords Increase Security Lesson 5: Understanding and Recognizing Social Engineering Lesson 6: Email Best Practices Lesson 7: Protecting Against Viruses, Spyware and Spam Lesson 8: Protecting Your Personal Workspace Lesson 9: Security You Can Live With Lesson 11: Protecting the Workplace from Identity Fraud Lesson 12: Risks and Acceptable Uses of Electronic Resources Lesson 13: Secure Use of Networks
DHS/FEMA Certified Cyber Security Training is available through the TEEX Domestic Preparedness Campus at: http://www.teexwmdcampus.com/index.k2
Michael Chesbro
17
Cyber-Security Toolbox
Software Engineering Institute's Virtual Training Environment (VTE)! https://www.vte.cert.org VTE provides high-fidelity e-learning delivered right to your Web browser, which means that VTE combines three unique capabilities: On-demand lecture in the form of video, audio presentations, and demonstrations Hands-on lab environments A learning management system to manage enrollments and track progress
Step - 1 You will need to obtain a CAC Reader. This can be issued, or you may choose to buy one. The following links are for CAC readers available from Amazon.Com: SCM SCR3310 USB Smart Card Reader Common Access CAC ID DOD SCM SCR331 - SMART card reader - USB Step - 2 Go to http://militarycac.com and follow the instructions to download DoD Certificates and ActivClient.
Michael Chesbro
18
Cyber-Security Toolbox
Using your DOD CAC from home allows you to quickly log in to AKO / DKO, change your password, add or sponsor guests, and avoid the KBA questions. Be sure your CAC is registered with AKO / DKO. http://help.dr1.us.army.mil/cgibin/akohd.cfg/php/enduser/std_adp.php?p_faqid=264&p_sid=f1lawh*j&p_lva=95 Once you have your CAC set up at home, go to https://rw5.army.mil to access your office e-mail.
To password protect a Microsoft document, workbook, or presentation (MS Word, Excel, or PowerPoint): Click the Microsoft Office Button, point to Prepare, and then click Encrypt Document. In the Encrypt Document dialog box, in the Password box, type a password, and then click OK. You can type up to 255 characters. By default, this feature uses AES 128-bit advanced encryption. In the Confirm Password dialog box, in the Reenter password box, type the password again, and then click OK. To save the password, save the file.
Michael Chesbro
19
Cyber-Security Toolbox
The default encryption algorithm is AES 128-bit. This value can be increased to AES 256-bit via a Registry entry, local security policy, or domain Group Policy. AES encryption is supported for Open XML formats used in previous versions of Microsoft Office when those documents are created in a Microsoft 2007 Office system application. However, documents saved in the older Office binary formats can only be encrypted using RC4 to maintain compatibility with older versions of Microsoft Office. The level of protection provided by the AES encryption is related to the strength of the password used to protect the document. You should use complex passwords that include upper and lower case letters, numbers and symbols and that are at least 10 characters long. Its important to note that there are two options to add a password in Microsoft 2007 Office system documents. One option enables you to encrypt the document using a password; this is referred to as a Password to open. The second option does not use any encryption. It is designed so you can collaborate with content reviewers you trust, but is not designed to help make the file more secure. This is referred to as the Password to modify.
Michael Chesbro
20
Cyber-Security Toolbox
overwrite passes gave no additional erasure. [http://cmrr.ucsd.edu/people/Hughes/DataSanitizationTutorial.pdf] "Secure erase" is a utility built into modern ATA hard drives that overwrites all data on a disk, including remapped (error) sectors. Center for Magnetic Recording Research - University of California, San Diego. Secure Erase Utility http://cmrr.ucsd.edu/people/Hughes/SecureErase.shtml Darik's Boot And Nuke | Hard Drive Disk Wipe and Data Clearing http://www.dban.org/ Eraser http://eraser.heidi.ie/ http://www.tolvanen.com/eraser/
Michael Chesbro
21
Cyber-Security Toolbox
http://passwordsafe.sourceforge.net/. Another password safe is the Keepass Password Safe, available on-line at: http://keepass.info/.
Microsoft Encrypting File System (EFS) is installed as part of the Windows operating system.(http://technet.microsoft.com/en-us/library/bb457116.aspx) Microsoft Windows Encrypting File System (EFS) enables users to encrypt individual files, folders, or entire data drives. Because EFS provides strong encryption through industry-standard algorithms and public key cryptography, encrypted files are confidential even if an attacker bypasses system security. EFS users can share encrypted files with other users on file shares and in Web folders. Security features such as logon authentication or file permissions protect network resources from unauthorized access. However, anyone with physical access to a computer such as a stolen laptop can install a new operating system on that computer and bypass the existing operating systems security. In this way, sensitive data can be exposed. Encrypting sensitive files by means of EFS adds another layer of security. When files are encrypted, their data is protected even if an attacker has full access to the computers data storage. EFS allows users to store confidential information about a computer when people who have physical access to your computer could otherwise compromise that information, intentionally or unintentionally. EFS is especially useful for securing sensitive data on portable computers or on computers shared by several users. Both kinds of systems are susceptible to attack by techniques that circumvent the restrictions of access control lists (ACLs). In a shared system, an attacker can gain access by starting up a different operating system. An attacker can also steal a computer, remove the hard drives, place the drives in another system, and gain access to the stored files. Files encrypted by EFS, however, appear as unintelligible characters when the attacker does not have the decryption key.
Michael Chesbro
22
Cyber-Security Toolbox
Because EFS is tightly integrated with NTFS, file encryption and decryption are transparent. When users open a file, it is decrypted by EFS as data is read from disk. When they save the file, EFS encrypts the data as it is written to disk. Authorized users might not even realize that the files are encrypted because they can work with the files as they normally do. In its default configuration, EFS enables users to start encrypting files from My Computer with no administrative effort. From the users point of view, encrypting a file is simply a matter of setting a file attribute. The encryption attribute can also be set for a file folder. This means that any file created in or added to the folder is automatically encrypted. To create an EFS Encrypted folder: 1. Choose a folder in your My Documents folder to be EFS protected. 2. Right-click and choose Properties. 3. Click the Advanced button. 4. Check the checkbox labeled Encrypt contents to secure data. 5. Click OK. 6. Click Apply. 7. If the Confirm Attribute Changes dialog appears, select the Apply changes to this folder, subfolders and files radio button. 8. Click OK. 9. Click OK on Folder Properties. 10. Windows Explorer shows different colors for the following: a. Black normal files on the file system. b. Green files and/or folders are EFS encrypted. c. Blue files and/or folders are compressed. 11. Move or copy at least one file or record into the EFS protected folder.
Data-At-Rest (DAR) Protection - Enable EFS on USB Media 1. To run EFS on a USB device (thumb drive) it needs to be formatted with the NTFS files system. However, by default, only FAT32 and FAT are selectable.
Michael Chesbro
23
Cyber-Security Toolbox
2. Using Windows Explorer, format the USB device with FAT32. 3. Once the formatting is complete, right click the device and check properties. Verify that the file format is FAT32. 4. At a command prompt, run the CONVERT command. Example: CONVERT E: /FS:NTFS (Where E: represents the USB device drive) 5. Once the CONVERT command finishes, the USB device will have a NTFS file system on it which can now accept EFS protected data. Using Windows Explorer, select Properties of the USB device to validate that file format is NTFS. Further details on Data-At-Rest protection can be found here: http://www.gordon.army.mil/NEC/documents/BBP%20Data%20at%20Rest.pdf Note: The EFS Encrypt feature is only available in the Vista Business, Ultimate, and Enterprise editions. It will remain grayed out in the Vista Home Basic and Home Premium editions.
Protect the integrity of your content - https://www.uspsepm.com/ The USPS Electronic Postmark (EPM)* is an auditable time-and-date stamp service offered by authorized service providers, under license by the United States Postal Service. The EPM can be used to verify the authenticity of a document or file sent electronically, and provides trusted proof of content as of a specific point in time. EPMs issued by an authorized EPM service provider are stored in their repositories and available for verification for a period of up to seven years from the date of issuance. The USPS serves as the backup verifier for all EPMs issued by any of the authorized providers of the USPS EPM service.
Michael Chesbro
24
Cyber-Security Toolbox Many of us use IM & Chat program to talk with friends and colleagues on-line. When chatting on-line with military members (or any other person with AKO/DKO access) you can secure your conversation by using the AKO/DKO IM Client. All IM communications via AKO/DKO IM are made via an encrypted channel (SSL). This includes IM's between AKO/DKO users and IM's between AKO/DKO and Navy and Air Force IM users also. You can access IM from the AKO/DKO homepage by clicking the IM button. You can also download the AKO/DKO IM Client and install it on your home computer running it as a standalone program.
Michael Chesbro
25
Cyber-Security Toolbox
The Advanced tab is not available under certain conditions. For example, if you are a restricted user, the Advanced tab is not available. For more information, click the following article number to view the article in the Microsoft Knowledge Base: 306992 (http://support.microsoft.com/kb/306992/ ) How to manage stored user names and passwords on a computer in a domain in Windows XP * Disabling the CTRL+ALT+DELETE sequence creates a "security hole." The CTRL+ALT+DELETE sequence can be read only by Windows, ensuring that the information in the ensuing logon dialog box can be read only by Windows. This can prevent rogue programs from gaining access to the computer. * If a Windows XP-based computer is part of a domain, domain-wide policies may have been set that override the settings you make on the local computer. * On MS-DOS-based computers (and some older UNIX-based systems), pressing CTRL+ALT+DELETE gains the attention of the BIOS, causing a "warm" reboot. You can use the keyboard to shut down the operating system. On Windows-based computers (starting with Microsoft Windows NT), the CTRL+ALT+DELETE sequence is intercepted by Windows. The advantage of the keystroke-intercept technique is to help prevent Windows from being shut down by someone who does not have access to do so.
Cell-Phone Security Tips: 1 - Protect your phone like the valuable item it is. Even if the cost of the phone itself is relatively inexpensive, the value of the information stored on the phone can be considerable. 2 - Restrict access to your phone with a PIN or password. There are three types of value associated with your phone: the cost of the physical device itself, the value of the cell-phone service (i.e. making calls), and the value of the information stored on the phone (all of your contacts and personal information). Requiring a PIN or password to access your phone helps protect against theft of your cell-phone service and personal information. 3 - Write down the make and model of your phone, your phone number, SIM number and/or IMEI number, and the contact information for your service provider. If your phone is ever lost or stolen you will need this information to quickly deactivate the phone and report it stolen to the police.
Michael Chesbro
26
Cyber-Security Toolbox
4 - Make a back-up of the information stored on your phone. If your phone allows you to easily save your data to your home computer, great! If not, at least write down your most important contact numbers and similar information and store it safely away from your phone. 5 - Be sure you understand what liability you face if someone steals your phone and starts running up a bill. Arrange with your cellular service provider for a maximum bill amount, after which they decline service until the bill is paid. Perhaps you will set the limit at double your average monthly bill. This will allow you to increase your usage when necessary, but will prevent a $20,000.00+ cell-phone bill if someone runs up unauthorized charges. (Huffington Post, 2009) 6 - Consider anti-theft and recovery software for your phone. Services such as iHound https://www.ihoundsoftware.com/, Theft Aware http://www.theftaware.com/, and Gadget Trak http://www.gadgettrak.com/provide software that can help you recover a lost phone. ===== Guidelines on Cell Phone and PDA Security: Recommendations of the National Institute of Standards and Technology (October 2008) - http://csrc.nist.gov/publications/nistpubs/800-124/SP800-124.pdf Cell phones and personal digital assistants (PDAs) have become indispensable tools for today's highly mobile workforce. Small and relatively inexpensive, these devices can be used for many functions, including sending and receiving electronic mail, storing documents, delivering presentations, and remotely accessing data. While these devices provide productivity benefits, they also pose new risks to organizations. This document provides an overview of cell phone and PDA devices in use today and offers insights into making informed information technology security decisions on their treatment. The document gives details about the threats and technology risks associated with the use of these devices and the available safeguards to mitigate them. Organizations can use this information to enhance security and reduce incidents involving cell phone and PDA devices. US CERT Cyber Security Tip ST06-007 - Defending Cell Phones and PDAs Against Attack http://www.us-cert.gov/cas/tips/ST06-007.html Cyber Security Tip ST05-017 - Cybersecurity for Electronic Devices http://www.us-cert.gov/cas/tips/ST05-017.html Cyber Security Tip ST04-020 - Protecting Portable Devices: Data Security http://www.us-cert.gov/cas/tips/ST04-020.html
Michael Chesbro
27
Cyber-Security Toolbox
Zfone
Zfone http://zfoneproject.com/ is a new secure VoIP phone software product which lets you make encrypted phone calls over the Internet. Its principal designer is Phil Zimmermann, the creator of PGP, the most widely used email encryption software in the world. Zfone uses a new protocol called ZRTP, which is better than the other approaches to secure VoIP, because it achieves security without reliance on a PKI, key certification, trust models, certificate authorities, or key management complexity that bedevils the email encryption world. It also does not rely on SIP signaling for the key management, and in fact does not rely on any servers at all. It performs its key agreements and key management in a purely peer-to-peer manner over the RTP media stream. It interoperates with any standard SIP phone, but naturally only encrypts the call if you are calling another ZRTP client. This new protocol has been submitted to the IETF as a proposal for a public standard, to enable interoperability of SIP endpoints from different vendors. Zfone is available as a universal "plugin" for a wide variety of existing VoIP clients, effectively converting them into secure phones. It's also available as an SDK to allow VoIP product vendors to integrate encryption into their products. Zfone: Doesn't depend on signaling protocols, PKI, or any servers at all. Key negotiations are purely peer-to-peer through the media stream Interoperates with any SIP/RTP phone, auto-detects if encryption is supported by other endpoint Available as a "plugin" for existing soft VoIP clients, effectively converting them into secure phones Available as an SDK for developers to integrate into their VoIP applications Submitted to IETF as a proposal for a public standard, and source code is published
A public beta release of the Zfone software is available for download for Windows, Mac OS X, or Linux.
Michael Chesbro
28
Cyber-Security Toolbox
Google Voice
Google Voice http://www.google.com/voiceis a telecommunications service by Google launched on March 11, 2009. The service provides a US phone number, chosen by the user from available numbers in selected area codes, free of charge to each user account. Inbound calls to this number are forwarded to other phone numbers of the subscriber. Outbound calls may be placed to domestic and international destinations by dialing the Google Voice number or from a web-based application. Inbound and outbound calls to US (including Alaska and Hawaii) and Canada are free of charge. International calls are billed according to a schedule posted on the Google Voice website. Google Voice with a Google number
Michael Chesbro
29
Cyber-Security Toolbox
Use one number to manage all your phones; your Google Voice number is tied to you, not to a particular device or location. Voicemail like email: Save voicemail messages for as long as you'd like, star important ones, and search through them Voicemail transcription: Voicemail messages will be automatically transcribed to text and sent to you via email and/or SMS. Customize your callers' experience (custom voicemail greetings, decide which of your phones ring based on who's calling, send some callers straight to voicemail, etc.) Define which phones ring, based on who's calling, and even ListenInTM on voicemail before answering the call. We use smart technology to route your calls. So, if you're already on a Google Voice call, we'll recognize it and use call waiting to reach you on the phone you're on. Works with mobile phones, desk phones, and work phones. There's nothing to download, upload, or install, and you don't have to make or take calls using a computer. International calling: Make low priced international calls from the web or from your phone.
Google Voice with your non-Google phone number: With this option you won't get some features (i.e. call forwarding, screening, and call recording), but you'll still get plenty of others, including: Voicemail like email: Save voicemail messages for as long as you'd like, star important ones, and search through them Voicemail transcription: Voicemail messages will be automatically transcribed to text and sent to you via email and/or SMS. Custom voicemail greetings: Customize your voicemail greeting based on who is calling. International calling: Make low priced international calls from the web or from your phone.
Michael Chesbro
30
Cyber-Security Toolbox
Encrypted texts for your smartphone. TextSecure is a drop-in replacement for the standard text messaging application, allowing you to send and receive text messages as normal. All text messages sent or received with TextSecure are stored in an encrypted database on your phone, and text messages are encrypted during transmission when communicating with someone else also using TextSecure.
TOR
http://www.torproject.org/ Tor is an encryption tool that can help you protect the confidentiality of your communications. Tor is a free, relatively easy to use tool primarily designed to protect your anonymity online. But it also has the side benefit of encrypting your communications for some of their journey across the Internet. Tor protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, and it prevents the sites you visit from learning your physical location. Tor works with many of your existing applications, including web browsers, instant messaging clients, remote login, and other applications based on the TCP protocol.
https://encrypted.google.com/ With Google search over SSL, you can have an end-to-end encrypted search solution between your computer and Google. This secured channel helps protect your search terms and your search results pages from being intercepted by a third party. This provides you with a more secure and private search experience.
Michael Chesbro
31
Cyber-Security Toolbox
To use search over SSL, visit https://encrypted.google.com each time you perform a search. Note that only Google web search is available over SSL, so other search products like Google Images and Google Maps are not currently available over SSL. When you're searching over SSL, these properties may not appear in the left panel. Here's how searching over SSL is different from regular Google search: SSL encrypts the communication channel between Google and a searcher's computer. When search traffic is encrypted, it can't be read by third parties trying to access the connection between a searcher's computer and Google's servers. Note that the SSL protocol does have some limitations more details are below. As another layer of privacy, SSL search turns off a browser's referrers . Web browsers typically turn off referrers when going from HTTPS to HTTP mode to provide extra privacy. By clicking on a search result that takes you to an HTTP site, you could disable any customizations that the website provides based on the referrer information. At this time, search over SSL is supported only on Google web search. We will continue to work to support other products like Images and Maps. All features that are not supported have been removed from the left panel and the row of links at the top. You'll continue to see integrated results like images and maps, and clicking those results will take you out of encrypted search mode. Your Google experience using SSL search might be slightly slower than you're used to because your computer needs to first establish a secure connection with Google.
Note that SSL search does not reduce the data that Google receives and logs when you search, or change the listing of these terms in your Web History How will SSL search affect content filtering services? When searches are conducted using https://encrypted.google.com, those searches will bypass any content filters that are in place on your network.
Using 2-step verification will help prevent strangers from accessing your account with just a stolen password. When you sign in with 2-step verification, you'll verify your identity using both a password and a code that you receive on your phone. 2-step verification adds an extra layer of security to your Google Account by requiring you to have access to your phone as well as your username and password when you sign in. This means that if someone steals or guesses your password, the potential hijacker still can't sign in to your account because they don't have your phone.
Michael Chesbro
32
Cyber-Security Toolbox
33
Cyber-Security Toolbox
Report Cyber-Crime
Report Phishing - http://www.us-cert.gov/nav/report_phishing.html Report A Computer Security Incident - https://forms.us-cert.gov/report/ File a Cyber-Complaint On-line - http://www.onguardonline.gov/file-complaint.aspx Internet Crime Complaint Center - http://www.ic3.gov/complaint/default.aspx Federal Trade Commission Complaint Assistant - https://www.ftccomplaintassistant.gov/
Michael Chesbro, CPO, CSS, CCIA, CFC, CAS, CHS-III, SSI, IAC Criminal Intelligence Specialist / Certified Crime & Intelligence Analyst DES OPSEC Officer / DES Security Manager / DES COMSEC Officer Joint Base Lewis-McChord Fusion Center - Directorate of Emergency Services Joint Base Lewis-McChord, Washington 98433 Tel: 253-966-7303 / DSN: 347-7303 Fax: 253-966-7318 AKO: michael.chesbro@us.army.mil LEO: michael.chesbro@leo.gov
Michael Chesbro
34