European Cyber Security Month week 4: Insights from Strathclyde's Cyber specialist William MacLeod

For week 4 of European Cyber Security Month we have a guest blog post by University of Strathclyde's Senior Cyber Security Specialist William MacLeod who will introduce us to a couple of hot topics: Honeypots, Fraud Protection, Internet of Things.  

HONEYPOTS

Tired of hiding behind your layers of cyber security? Want to go bad guy hunting instead?

Then you want to set up a honeypot. 

A honeypot is an ancient technique, where honey or something sweet was used to lure animals into a trap. The concept of a honeypot in computers is very similar, you dangle something tempting and see who takes a bite.

There are programs available that simulate an open computer on the internet, and record the interactions with it. It is useful for researching traffic on the internet. HoneyBot is one such program that has a free version for students, click here. 

https://ransomfree.cybereason.com/

Cybereason have taken this concept and built a rather nice free anti-ransomware tool around it. They deploy fake files to your computer, files that should never be touched and if a process interacts with them, then it is a good indication of ransomware activity and that process is blocked.

https://community.cymmetria.com/ 

The kings of honeypots are Cymmetria with their MazeRunner product. This drops highly crafted pieces of information (deception tokens) across multiple machines, in high target locations. They have a free community edition too, click here to view.

Remember the general concept, as it does not need to be difficult or require any specialised tools. Set something up and see if it has been tampered with.

FRAUD PROTECTION

When it comes to personal information, most cyber criminals are looking to gather as much info as possible on you, with the end game of using that info to clone your identity and take out a loan or a credit card in your name.  They then run off with the money and leave you with the debt. That is why it is important to keep an eye on your credit rating. Any change that you were not expecting is an indication of fraud and early detection can help you before it is too late. You should regularly review your credit rating or sign up for a service that notifies you on changes. Your bank may provide this service for you. 

(https://www.actionfraud.police.uk/individual-protection)

INTERNET OF THINGS

Your TV is now a little computer. It sits on the internet and can play YouTube videos and stream Netflix.

Your speaker is now a little computer. It sits on the internet and can play music from your Spotify account.

Your doorbell is now a little computer. It sits on the internet and allows you to communicate with the visitor when you are away.

Your light bulb is now a little computer. It sits on the internet and allows you to turn it on or off remotely or change the colour.

But how secure are all these little computers? They sit on the same network that your laptop sits on, that holds all your passwords for banking and other important accounts. Could those devices be compromised and used to attack your laptop? Yes they could. 

One of the best things to do for a home network is to setup two different networks, one for untrusted devices and one for important devices. This doesn’t mean you need two internet connections, but simply two wi-fi networks. Your wi-fi router may support this if not you just need to buy another wi-fi access point.

If you have any questions or clarifications please comment below or send us a private message and we will ask William Macleod to answer your questions. 

About the Author of this guest blog post:

William Macleod is the Senior Cyber Security Specialist at University of Strathclyde and is a certified Security Information Risk Advisor by CESG, an arm of GCHQ, the UK government’s cyber intelligence agency. William has 20 years’ experience working across the IT industry, including development, infrastructure and of course security. In a previous security role, William was a certifier for the UK government's Cyber Essentials scheme and across his career has won numerous awards from the likes of IBM, the British Computer Society and Microsoft.