Category Archives: Personal Security

Staying up to date with the updates, update smart with Microsoft and Secunia

Its been a busy year already Oracle’s Java, Adobe’s Flash, and so many Updates to Windows. Most users by how have heard they should keep their Windows PCs up to date to avoid infection. Unfortunately, our adversaries have heard the same speech and are trying to deceive through fake updates for your computer. First reliable companies will not notify you by email, instant message, or advertisement that your computer is out of date and needs an update. You may see email or advertisements for new versions or upgrades, and subscription renewals. Some leading software companies are helping us stay secure through automatic or seamless updates such as Google’s Chrome browser, the FireFox Browser, and Adobe’s Flash. Security updates for these productions will simply install in the backgroud without needing your help. You can keep yourself safer by taking a few steps to secure your computer.

Lets take care of our operating system first.

  • Open “Computer” on Windows 7 or “This PC” on Windows 8.1
  • Click on Control Panel in the menu bar.
    2015-01-25_17-05-51
    image-73
  • Search for “Windows Update” (1) in control panel then select “Turn automatic updating on or off” (2)

2015-01-25_17-07-24
image-74

  • Setup the options (1) (2) (3) as shown below then click ok (4)
    2015-01-25_17-09-13
    image-75

Windows will now check all Microsoft Products daily for updates and install them as needed. You will be asked to reboot your computer to finish applying updates this is very important don’t put it off. Now what about non Microsoft programs? Secunia provides a product called PSI to help us with this task.

Update the rest of our software with Secuina

First download and install Secuina PSI it is very important for you to download from this link. There are a number of sites offering versions modified to include malware.

  • http://secunia.com/vulnerability_scanning/personal/ you will need to provide your name and email address.
  • Then look for the big “Download Now” button. “Try Now” is for a separate business grade product.

2015-01-25_17-24-09
image-76

  • Run and install PSISetup.Exe, this is a simple next, next, finish, default choices will be best.
  • After you click finish the software will start to update your computer. I installed an old version of Java to demonstrate the process below:
    2015-01-25_17-29-31
    image-77
  • After the updates complete you will see an updated list of software and your are done.
    2015-01-25_17-33-08
    image-78

PSI will not upgrade software however, for example Adobe Acrobat XII (Future software) or the new Java JRE 1.8 will require you to visit the software vendor to download or purchase an upgrade at some point in the future.

Getting Started with KeePass Part 1

KeePass is a Open Source Information manager. KeePass is simple to install and has a wide variety of options of personal security however it does not directly integrate with any web browser. The significant plus with this solution is the cost. Free

Get started by downloading and installing the software from this site. 

http://sourceforge.net/projects/keepass/?source=navbar 

  • Open KeyPass by clicking on your start menu then all programs then “Key Pass 2”
  • The first time you run the program you will be asked if  can automatically check for updates. Enable this option KeePass
  • KeePass will open up and look like this to start

Keepass1
image-37

  • We would like KeePass to start with windows so from the Tools Menu click Options
  • Click the integration tab and check “Run KeyPass at Windows Startup”
  • Click Ok
    Keepass2
    image-38

Now we are ready to create our first password database. For most users one database will be enough however it may make sense to create separate databases for information associated with a specific organization with a separate database for personal information.

  • From the file menu click “New”
  • Create a folder in documents “KeePass”
  • Name the database with a meaningful name such as “PersonalAccounts”
    Keepass3
    image-39
  • Create a master pass phrase with at least 12 total characters, using two words 1 or more upper case letters 1 or more symbols and 1 or more numbers.
    Keepass4
    image-40
  • 1-Enter a descriptive name for this database
  • 2-Enter a default username that is either a username or email address that you will typically use for your accounts
  • 3-Optional Pick a color
    Keepass5
    image-41
  • Click the Security Tab
  • Change the iterations value to 15000
    Keepass6
    image-42
  • Click OK
  • First lets Add a Group under our Internet identities for social media right click on “Internet” click social group then “Add Group”
  • Keepass7
    image-43
  • Name the group “Social Media” and Click OK
    Keepass8
    image-44
  • Click Add Entry
  • keepass9
    image-45
  • Fill out the entry with all of the information you have
    • 1- Title of the entry
    • 2- Your Username on this site
    • 3- Your password on this site (x2) if the password is less than 50 bit a strong password is advisable
    • 4- The URL to this site i.e. http://www.facebook.com
    • 5- Click OK
  • The entry will now be listed under the social media group
  • keepass10
    image-46
  • The entry will not be listed under the social media group
    keepass11
    image-47
  • Congratulations on creating your first entry! Open a webrowser for the site you just created
  • Return to KeePass and select your entry then choose copy username (green arrow or Control +B)
  • Go to your web browser and past in the username field
  • Return to KeePass and select your entry then choose copy password (red arrow or control +C)
  • Note you have 15 seconds to past the value in to the  correct location last pass will clear the clip board to protect your information
  • keepass12
    image-48

Repeat the steps above for each web site or system you will use. When you are done with a work session choose “Lock Workspace” from the file menu to protect your information. Also don’t forget to save your database from the file menu after important changes.

 

 

Getting Started with Last Pass (Premium)

Last Pass Premium has been my personal choice in password managers for over two years now.  The premium license take care of a few requirements that are above and beyond what most users required yet remains user friendly enough for most users.

  • Plug-ins for all major browsers
  • Support for Ubuntu Linux and Mac OS X
  • Support for iPhone, iPad, and Android devies
  • No limit on the number of in use devices.

Watch this video to get started with last pass.

You can elect to use my referral link for a free month service https://lastpass.com/f?1127646

The three videos in this play list will give you a quick introduction into  making use of Last Pass day to day.

 

Many of you will ask how secure is Last Pass. I’m glad you ask! Thinking about how secure something is means you are taking your personal security seriously. A better question to ask though is what are my risks with using this software.  The risk is if someone can obtain our master password then all of your accounts would be compromised. That can happen if someone is able to observe or guess your master password.

  • Reduce this risk by using a strong  pass phrase to secure your account.
  • Only access your last pass account from devices you can trust. A device you can trust is a device you own and control, with no other users..
  • If you must access your last pass account from shared devices Do not save your master password on devices shared others, including friends family or co-works.

We can make a few small changes to make our information more secure. On your desktop double click the Last Pass icon and log then click on settings.

  • First restrict login to only those countries in which you may travel frequently. This list can be changed at any time be sure visit this setting before traveling.

LastPassSettings1
image-25

 

 

  • The second thing we will change is requiring the entry of our master password before a password can be “shared”. This is a feature that is security sensitive. It can be a great feature for families allowing you to securely share passwords for financial sites with family members. It should not be used for enterprise credentials.
  • We also want to enter a “security” email address which can be used to notify you of concerns with your account. A family member or work email is frequently used here.

LastPassSettings2
image-26

 

  • The last thing we should do is restrict login from mobile devices. After you have installed Last Pass on all of your devices, come to this screen to “restrict” and then enable each of your devices.

LastPassSettings3
image-27

 

Lass Pass supports the use of two factor authentication selecting and enabling is beyond the scope of this article.

 

Getting Started with DashLane 3 Premium

Dashlane 3 Premium is an alternative to LastPass, Dashlane is generally a less technical program and does not support the Linux operating system.  The biggest pro for Dashlane over others is its simplicity there is no configuration required to use this software securely. The con for dashlane is that lack of advanced features

  • No ability to restrict usage by contry
  • No ability to restrict login to certain devices
  • No ability to required two factor authentication such as smart token or sms message.
  • Higher cost $30 per year compared to $12 for lastpass

To get started last pass for six months free use my referral link below

https://www.dashlane.com/en/cs/3bc3a1c6

Watch this getting started video.