European Cyber Security Month week 4: Insights from Strathclyde's Cyber specialist William MacLeod
For week 4 of European Cyber Security Month we have a guest blog post by University of Strathclyde's Senior Cyber Security Specialist William MacLeod who will introduce us to a couple of hot topics: Honeypots, Fraud Protection, Internet of Things.
HONEYPOTS
Tired of hiding behind your layers of cyber security? Want
to go bad guy hunting instead?
Then you want to set up a honeypot.
A honeypot is an ancient
technique, where honey or something sweet was used to lure animals into a trap.
The concept of a honeypot in computers is very similar, you dangle something
tempting and see who takes a bite.
There are programs available that simulate an open computer
on the internet, and record the interactions with it. It is useful for
researching traffic on the internet. HoneyBot is one such program that has a
free version for students, click here.
https://ransomfree.cybereason.com/ |
Cybereason have taken this concept and built a rather nice
free anti-ransomware tool around it. They deploy fake files to your computer,
files that should never be touched and if a process interacts with them, then
it is a good indication of ransomware activity and that process is blocked.
https://community.cymmetria.com/ |
The kings of honeypots are Cymmetria with their MazeRunner
product. This drops highly crafted pieces of information (deception tokens)
across multiple machines, in high target locations. They have a free community
edition too, click here to view.
Remember the general concept, as it does not need to be
difficult or require any specialised tools. Set something up and see if it has
been tampered with.
FRAUD PROTECTION
When it comes to personal information, most cyber criminals
are looking to gather as much info as possible on you, with the end game of
using that info to clone your identity and take out a loan or a credit card in
your name. They then run off with the money and leave you with the debt.
That is why it is important to keep an eye on your credit rating. Any change
that you were not expecting is an indication of fraud and early detection can
help you before it is too late. You should regularly review your credit rating
or sign up for a service that notifies you on changes. Your bank may provide
this service for you.
INTERNET OF THINGS
Your TV is now a little computer. It sits on the internet
and can play YouTube videos and stream Netflix.
Your speaker is now a little computer. It sits on the
internet and can play music from your Spotify account.
Your doorbell is now a little computer. It sits on the
internet and allows you to communicate with the visitor when you are away.
Your light bulb is now a little computer. It sits on the
internet and allows you to turn it on or off remotely or change the colour.
But how secure are all these little computers? They sit on
the same network that your laptop sits on, that holds all your passwords for
banking and other important accounts. Could those devices be compromised and
used to attack your laptop? Yes they could.
One of the best things to do for a
home network is to setup two different networks, one for untrusted devices and
one for important devices. This doesn’t mean you need two internet connections,
but simply two wi-fi networks. Your wi-fi router may support this if not you just need to buy another wi-fi access point.
If you have any questions or clarifications please comment below or send us a private message and we will ask William Macleod to answer your questions.
About the Author of this guest blog post:
William Macleod is the Senior Cyber Security Specialist at University of
Strathclyde and is a certified Security Information Risk Advisor by CESG, an
arm of GCHQ, the UK government’s cyber intelligence agency. William has 20
years’ experience working across the IT industry, including development,
infrastructure and of course security. In a previous security role, William was
a certifier for the UK government's Cyber Essentials scheme and across his
career has won numerous awards from the likes of IBM, the British Computer
Society and Microsoft.
Comments
Post a Comment
Hi, thank you for leaving a comment. We will get back to you as soon as we can.