WEBVTT

0
00:01.230 --> 00:07.860
We've seen in the last lectures that there are so many attacks that can be launched even by script kiddies

1
00:08.190 --> 00:16.410
that you may feel that the Internet is a very dangerous place. With hacks, scams, malware, ransomware and 


2
00:16.590 --> 00:21.990
many more, surfing the web has opened us up to many risks.

3
00:21.990 --> 00:29.700
The good news is that by taking just a small handful of security measures we can considerably reduce

4
00:29.700 --> 00:33.120
our exposure to all of these threats.

5
00:33.120 --> 00:40.420
With some good tips you can greatly minimize the risk and the impact. As a network admin

6
00:40.500 --> 00:45.330
you could take a lot of countermeasures to mitigate the attacks.

7
00:45.330 --> 00:48.470
For each hack there is also a countermeasure

8
00:48.510 --> 00:51.650
so please take a look again at the countermeasures

9
00:51.660 --> 01:01.020
I've already explained for CDP, STP, DHCP or ARP attacks. Try to implement all of them!


10
01:01.260 --> 01:02.530
As for an end user

11
01:02.670 --> 01:05.600
here are some tips to get started.

12
01:05.670 --> 01:13.950
Use the latest version of your browser and install all security updates of your operating system.

13
01:14.140 --> 01:14.910
Never,

14
01:14.950 --> 01:22.150
and by mean never, install  cracked software or tools that crack commercial software. There could be 

15
01:22.150 --> 01:28.100
backdoors installed by the hackers.Stick with open source software

16
01:28.130 --> 01:37.300
If you don't want to pay for commercial software; do not connect to websites using HTTP,

17
01:37.360 --> 01:40.040
use only encrypted connections.

18
01:40.180 --> 01:49.550
Never, but never, sent sensitive information over an unencrypted connection take seriously any security

19
01:49.550 --> 01:53.630
warning your browser displays and don't continue on

20
01:53.690 --> 01:58.580
if you get such a warning; it's much better to be safe than sorry.

21
01:59.630 --> 02:07.410
There is also a browser extension called HTTPS everywhere that prevents HTTPS downgrade.

22
02:07.520 --> 02:16.710
Install this extension; note that the DNS spoofing is still available and hackers see visited domains.

23
02:18.290 --> 02:19.420
Set up two way

24
02:19.420 --> 02:22.310
authentication for important websites.

25
02:22.360 --> 02:28.760
If you have the possibility to use an application like Google Authenticator do prefer it over codes

26
02:28.840 --> 02:38.830
sent by sms. Phone sims can be easily swapped. Do not search for important websites you want to visit

27
02:38.890 --> 02:50.360
on Google; access those websites directly via your bookmarks! Google results you see can be easily faked

28
02:50.450 --> 02:56.360
by a client site injection and you'll go to a fake website instead of the original one.

29
02:57.280 --> 03:05.690
Do not visit weird websites, they can install trackers or other malware on your system. Switch your

30
03:05.690 --> 03:11.720
internet providers DNS servers to a service like Open DNS.

31
03:11.720 --> 03:16.420
It will make your internet faster, safer and more reliable.

32
03:16.490 --> 03:20.020
It comes with domain filtering or pre configured

33
03:20.030 --> 03:23.090
protection against malicious domains.

34
03:23.090 --> 03:31.130
If you set it on your router to give  these IPs of dns servers to all the hosts in your network,  

35
03:31.130 --> 03:39.990
it’s the easiest way to add parental and content filtering controls to every device in your home or your LAN.


36
03:40.010 --> 03:47.630
You don't have to configure anything ,just to use the IPs they provide you as your DNS servers and you've

37
03:47.720 --> 03:51.660
instantly activated domain filtering in our LAN. Let's

38
03:51.680 --> 04:02.100
do it! On my windows machine I'll change the DNS server the WiFi interface uses and instead of the default

39
04:02.130 --> 04:08.630
DNS server I'll put here an IP of a DNS server from Open DNS.

40
04:09.280 --> 04:17.860
This one 208.67.222.220 and

41
04:17.890 --> 04:30.120
OK; and close. And I'll visit a website like The Pirate Bay and we see that the site is blocked due to

42
04:30.120 --> 04:40.900
content filtering; you, or a user of your network, cannot accidentally access a malicious website. Do

43
04:40.900 --> 04:48.560
not install software by clicking on the links received in emails; install only official updates that

44
04:48.570 --> 04:56.350
are digitally signed; even better do not respond to emails if they are not directly sent to you and they

45
04:56.350 --> 05:05.070
seem weird. And if possible switch Windows to Linux and use it as your main operating system.

46
05:05.070 --> 05:12.890
I've been using Linux as my main operating system for the last 15 years and I'm proud of it.

47
05:12.900 --> 05:19.540
Linux Mint for example is a user friendly distribution that's similar to Windows.

48
05:19.680 --> 05:20.290
Okay.

49
05:20.340 --> 05:25.350
These were just a few tips to stay safe while browsing the web.

50
05:27.070 --> 05:30.440
Let's go ahead and talk about anonymity.

51
05:30.490 --> 05:35.300
Use Tor when you want to remain anonymous while surfing the web.

52
05:35.900 --> 05:41.030
There is the Brave browser available that is a good choice when using Tor.

53
05:41.110 --> 05:46.320
It has tor built in; this is Brave browser.

54
05:46.320 --> 05:51.750
You create a new Tor connection in just a few seconds and remain anonymous.

55
05:59.820 --> 06:05.640
Your source IP address will be hidden and all traffic encrypted in the Tor network.

56
06:11.810 --> 06:15.250
Another solution is to use a VPN service.

57
06:15.290 --> 06:18.380
There are a lot of VPNs available

58
06:18.380 --> 06:20.790
just be sure to choose a good one.

59
06:20.810 --> 06:25.270
Read the reviews and the other users' opinions.

60
06:25.280 --> 06:33.020
Note that the VPN gateway can decrypt and read the traffic so it's important to be trustful and not

61
06:33.020 --> 06:35.610
to save any logs.

62
06:35.690 --> 06:39.370
And if you want to take anonymity to the next level

63
06:39.470 --> 06:48.430
use a Linux distro like Tails, started live from a USB stick or run on it in a VM.

64
06:48.560 --> 06:57.350
It aims at preserving your privacy and anonymity and helps you to use the Internet anonymously and circumvent

65
06:57.410 --> 06:58.550
censorship.

66
06:58.550 --> 07:03.390
All connections to the Internet are forced to go through the Tor network.

67
07:03.440 --> 07:06.530
It will leave no trace on your computer

68
07:06.560 --> 07:15.650
you are using, unless you ask it explicitly. Tails uses state of the art cryptographic tools to encrypt

69
07:15.650 --> 07:19.310
your files, emails and messages.

70
07:19.350 --> 07:27.090
Keep in mind that there is no such thing as 100 percent security and no matter what you do there is

71
07:27.150 --> 07:34.000
always a low risk to be hacked; and to mitigate the impact of such an event.

72
07:34.020 --> 07:37.200
Keep backups of your important files.