Secure Your Amazon Profile

Secure Your Amazon Profile

Did you know you have a public Amazon profile that is automatically created when you sign up for an Amazon account? This profile doesn't provide too much information publicly by default, but it is another data point for 3rd parties. Michael Bazzell from Intel Techniques provided a quick guide in his latest email newsletter on how to take a few easy steps to secure your Amazon profile. The following is an excerpt taken from his email, and is intended only for a quick reference. For the complete guide and his other material, please see his website listed above. I claim no credit for this tutorial. 1) Remove your Amazon public profile Your Amazon profile is created automatically, whether you want it or not, and it contains comments, ratings, public Wish Lists, biographical information, and other site interaction. This profile doesn’t include your purchases or your browsing history, but it’s very informative. If you want to control what activity is visible on your public...
Read More

Packet Threat Analysis

Everyone needs to do some housekeeping at different points, and I figured it was time I did some a basic security sweep of my setup. To get started, I performed a quick packet capture on the very server that hosts this blog. I decided to give one of CloudShark's newer and more distinct features a spin with my recently created account; their Threat Assessment tool. I thought it would be interesting to pit this against PacketTotal as well. These are both great tools with similar, but also different purposes. At the time, I had SSH and web ports open along with a few other unused ports for various common services. The only true security measure in place was a few basic iptables rules. CloudShark What I Liked: Up front, quick severity level rating dashboard Brief descriptions of issues which helps puts everything in laymen's terms World map view Privacy settings External references to source data and additional information Ability to view the...
Read More

Password Management

What's that yellow sticky note poking out from under your keyboard? Is that your password? If you're like many people this may be the case. While this may be practical and convenient, it's not a good idea. It might be ok in the privacy of your own home, but it can still be risky. Privacy and security (online safety) is all about managing your risks and deciding what is right for you. If you would like suggestions on how to better handle your passwords (yes, I used the plural form) and manage your risk read on for my thoughts and experience. I'll start with the risks of poor password management then provide a couple of solutions and resources to check your password strength. Risks Obviously, your passwords are your virtual keys. Unlike traditional keys, though, they aren't safely tucked in your pocket. They are either in your head, written down, or saved electronically. There advantages and disadvantages to each of those methods...
Read More

Online Privacy

A couple of years ago I had the privilege of attending a seminar about electronic privacy and security led by former FBI computer crimes investigator Michael Bazzell. If this is your first time hearing that name or digging into this topic I highly encourage you to visit his websites, listen to his podcasts, and/or read his book. His blog is a great place to start. You can find it here: https://computercrimeinfo.com/wp/. During his presentation he explained the many ways our private information is obtained without our consent; either through social engineering, data mining, or outright hacking. At the end of the presentation, he even gave a live demonstration showing a wifi pineapple device that he setup earlier in the day to spoof the guest wifi of the facility. In doing so, he collected personal information from a handful of smartphones in the room (including pictures, web sites visited during the presentation, and more). Needless to say, I was impressed with his...
Read More

Cisco Meraki Security Appliance

Note: I apologize for the loss of the screen shots. When I transferred my blog host the images were lost and I did not yet have a backup copy. Being that I actually enjoy networking and it's not just a job, I like to explore new and different technologies. I also like to continue to learn and branch into areas where I'm not as comfortable. One of these areas being firewalls. In my personal life, I have typically used my home routers with their built-in firewall capabilities (though I have my eye on Sophos). Professionally, I have had very limited experience with Cisco ASAs and Bluecoat devices. However, I recently became aware of a free trial program provided by Cisco Meraki (more info here). I found that I fulfilled the requirements and decided that a little learning couldn't hurt, so I signed up for the webinar. A short time later the trial appliance arrived. Before I let my coworkers in on...
Read More