April 2023 Technology Update: Protect Yourself Online

PROTECT YOURSELF ONLINE 

By Kyle Gustafson and Joe Grimes 

Version #4

 

The suggested solutions provided in this document are good, but there may be others that exist that could be better for you as an individual.

1. The Internet is composed of three parts: open web, deep web, and dark web. All three can be thought of as good and bad, depending on how it is being used. The open Web contains sites that you can search for using standard browser such as chrome. Many people use the terms, deep web and dark web interchangeably, but they are not the same. It is not possible to search for locations on either, but the biggest difference is that activity on the dark web is encrypted. The search engine called “The Onion Router” (TOR) can be used for privacy and on the dark web. I (Joe) have no plans to use it and don’t know much about it because of the dangers of the dark web. The dark web may be used positively for communication between individuals or groups that want to keep it private, but it is also used for nefarious things like the sale of illegal drugs.

2. A virtual private network (VPN) will provide security for everything that you do on the network.  Many companies require their employees to use one in order to better protect their intellectual property. Other than access to the Cal Poly portal, Cal Poly requires us to use their VPN to access work on computers on the campus. If I (Joe) want privacy when I’m using the web, I use their VPN because when I turn it on, it will be used when I go to any website. There are numerous free and use-for-a-cost versions of VPN available, but I (Joe) don’t want to recommend one.

3. To maintain good security on your technology devices, you should keep all software current by installing updates. Many updates provide fixes of security problems that existed in the previous version of the software. The following are some devices that have software that should be updated regularly. It is best to keep all software up-to-date, but it is most important to keep your device’s operating system and browsers current. It is recommended that you enable the receipt of software update notifications so you will receive notification of updates when they become available. Also, it is recommended that after the installation you check to be sure the update was actually installed when you tried to do it. 

•      Computer, With applications (Office, Chrome, Firefox, etc.)
•      Mobile Devices, With similar applications to those of a computer 
•      Other possible devices, e.g. router 

4. There are several ways to provide antivirus software security for your technology devices. These are some of the possibilities, but others are available. 

•      The latest versions of Windows and Apple operating systems provide good security protection. 
•      Some Internet Service Providers offer various forms of security support. 

             If you have Spectrum Internet service, information about Spectrum security support may be found at the following websites. Scroll to the bottom of the page for Mac security support. (You may also call them.)

Windows:        https://www.spectrum.net/support/internet/security-suite-windows-installation.  

Mac:                https://www.spectrum.net/support/internet/security-suite-mac-installation

•      Sophos Home Free is available for your computer at the following website. When you access the website, you will have to scroll down to find the free version. 

https://www.sophos.com/en-us/free-tools  

5. Paraphrases (Passphrases) as passwords. The following website provides information about the two types of security and the trade-offs between the two methods. https://www.okta.com/identity-101/password-vs-passphrase/  

6. Because of the many passwords that we use today, it is good to use password management.  

•      Apple: iCloud Keychain. Initially, this was only available for Safari on an Apple product, but we understand it is now available for Windows with a Chrome extension. You have to be on iCloud in order to use this. The following website provides information about how to set up this password manager.

https://support.apple.com/en-us/HT204085

•       Apple or Windows: 1password is another password manager that you may obtain for yourself individually or as a family. There is a charge for this product ($2.99 for an individual or $4.99 for a family of five) and the following is the website for it.

https://1password.com/  

• 1password University contains a set of courses on security.

7. Do not share sensitive data (passwords, credit cards, etc.). There is NEVER a valid reason for anyone to ask you for your password. 

In the future, we anticipate credit card companies will use sophisticated tools to protect your cards. We have not used one of these tools, but Capital One has one that allows you to use a virtual credit card instead of the real one for online transactions using a tool called Eno. You must be a Capital One customer and there are a lot of positive and negative comments in the reviews of this product.  This tool helps protect you from giving your credit card information to the wrong people.

https://www.capitalone.com/digital/eno/virtual-card-numbers/ 

8. Back up important material: 

•      For Apple and Windows computers and some devices you may use either iCloud or Microsoft OneDrive. The following are the websites for these resources information. 

iCloud:https://www.imore.com/icloud-everything-you-need-know 

OneDrive:https://www.microsoft.com/en-us/microsoft-365/onedrive/online-cloud-storage

https://www.backblaze.com/ 

•      Backblaze is a cloud-based back up service for a fee.
•      Because the above services could possibly be unavailable when needed, it is good and easy to back up everything on an external hard drive in your home/office. Apple Macintosh computers have “time machine” capability available that may be used to create automatic backups. Windows computers have their own time machine resource. This method of backing up would be problematic if a fire or a theft occurs in your home and it is recommended that one or more of the above backups also be used.

9. Secure your phone:

•      Use a 6-digit pin code for accessing your smart phone. 
•      Use automatic backups in case something happens to your phone. 
•      Remove applications from your phone that are not being used. Old applications may be illegally accessed to spy on the information stored on your phone.

10. Watch out for phishing and other scams. The following are key warning signs that may be contained in the message you receive: 

•      Urgency. For example, you may receive an email from what appears to be a friend asking you for immediate assistance. Most likely, it will not be their real email address and if you respond to it, they will ask you to buy something like $500 worth of bitcoins because they are in a meeting and need the bitcoins immediately. Some of these phishing emails are rather sophisticated and provide information about other people associated with you.
•      Consequence. For example, the phisher may claim that your email account will be deleted if you don’t act.
•      Trust/help. These messages often try to make it look like it’s a very trusting situation and that you are going to be a big help.

11. You can check the security of websites using SSL Trust at the website, https://www.ssltrust.com/ssl-tools/website-security-check. When asked for a domain name, enter the website name such as amazon.com. It will generate the following two reports. 

•      SSL/TLS Report. This report will tell you whether it is reasonable to assume that you are safe in sending information such as credit card numbers, passwords, etc. to this website. If the report provides any issues, then it is probably not safe to send private information to that site.
•      Malware, Spam, Trust Report. If any positives are found, you can check what they mean but most likely you will not want to go to that particular website.>

12. You may add extra protection using MFA with Authy resource found at the following websites.  

•      This will allow you to implement multi-factor authentication like the one that is used for the portal at Cal Poly and some banks for websites when you want to have more secure access.  https://authy.com/download/. 
•      Set up a backup password: https://authy.com/features/backup/  

13. On the Internet, Domain Name Service (DNS) translates a name that is easy to remember by a human being to a number that is associated with that name on the internet. For example, calpoly.edu is translated by DNS to a website number that is associated with it at that numeric location and will take you to that location when you are browsing. What this means is that every website has a numeric value associated with it and that is the only way that the location can be accessed. So, DNS translation makes it possible for us to access a location using an easy-to-remember name rather than a numeric number. 

• Windows:https://quad9.net/support/set-up-guides/windows
• Mac:https://quad9.net/support/set-up-guides/mac-os  

You may add extra protection for DNS by adding the setting of 9.9.9.9 and optional 149.112.112.112 if your network is IPV4, or 2620:fe::fe and optional 2620:fe::9 if your network is IPV6. Most likely your network will be IPV4. If you enter the above numbers as indicated at the websites below for Windows or Mac, this protects you from accessing the overwhelming majority of malware, malicious domains, botnet infrastructure, and more.

The above provides only directions for implementation. If you want further information about the details of this service, you may google “why should we use 9.9.9.9 as a DNS settings”. Your use of this service may prevent a ransomware attack, prevent your bank account from being compromised, or protect your laptop from being used as part of an illicit criminal attack on others.