5 Tips for Personal Cybersecurity
HTML-код
- Опубликовано: 26 май 2022
- Join Atlas VPN by clicking the link below and get 3 years of VPN service for only $1.99 a month
get.atlasvpn.com/McBeth
Be sure to use code MCBETH when signing up to get your discount.
Join the conversation:
/ discord
Connect with me on Twitter:
@ryanmcbeth
A little bit of effort can greatly increase your cyber security. The five tips are:
#1. Rename your phone to something generic.
#2. Use a VPN, especially when using public networks.
#3. Don't re-use passwords.
#4. Use two form factor authentication (2FA) if available.
#5. Create a machine of high trust. 
Наука
![Sean Rii, Karyon, Sharzkii - Taungule [My Love] (Official Music Video)](http://i.ytimg.com/vi/eJoMuypbSzQ/mqdefault.jpg)
As someone in cyber security, I was really pleased to see a video on the topic from my go to war topic guy! Not only that but it was really well put for a laymen to understand which can be tough with topics like these.
I have to agree. I found this channel during the start of this conflict and really like his analytical approach. Me being a Sr Network Engineer (title only, I do way beyond that), I was surprised to see cybersec stuff too. I was also surprised to see in one of his videos he did programing and from the snippet it looks like C#. Been coding in that for about 10-11 years. Been messing with Golang for the past 2 years. If he had time, it would be cool to see a side channel just talking about projects he is working on or what not to change it up if he feels he needs a change of pace sometime but still want to produce content. Code projects from a military minded individual. 🙂
See, I protect myself, by having extremely outdated equipment that is absolutely archaic and really the connections are so bad that it only works outside when it's raining.
And under a full moon. During a SpaceX launch. In the northern half of south Dakota. In the presence of somebody speaking German.
@@spaceuncharted3278 Hallihallo meine Freunde, wie läuft's mit eurer Internetverbindung?
Yeah, in our wg internet goes out when it rains. I can't figure out how why.
At work we skipped log4shell by using an obsolete version...
'Zactly
I have a cybersecurity tip for those that setup computers for your older parents or grandparents. On windows setup an admin account separate from their own account (set them as standard user). That way you block any unwanted installs and also reduce number of vulnerabilites that usually target privileged accounts (admin, power user..). I did this for my parents and stopped getting calls about strange things happening on their computer.
This is great advice and applies to any computer that supports multiple accounts (admin + standard) such as Windows, Mac, and Linux.
Plus, it's a "set it and forget it" step. You probably want the admin user to have a different password than the standard user.
I came here to tear this video apart as a security professional. Nailed it, nice work. Thanks for actually talking about VPNs correctly.
Feel free to connect with me on LinkedIn. I am full of surprises.
What would one do to speak on vpns incorrectly¿
You still can tear it because even though most of these tips are usable, they apply to the minority of potential incidents while the majority comes from people unable to recognize phishing. And that's something to really focus on for a person who just starts figuring out personal information security. However, it involves learning to think critically and it's not something that could be covered by another "five rules".
@@mandelorean6243 the common one i see is the forever claim that VPNs are the be all end all solution to security. As Ryan properly clarified, they protect your traffic to the VPN provider, no further. One thing about all these new VPN providers is the question of should you trust them as your exit node. They know everything about you...at least all the metadata. As Ryan points out VPNs have a benefit for security on mobile devices that may connect to unsecured/untrustable networks to limit your monitoring or the ability for near peer attackers from performing "in-the-middle" attacks or traffic hijacking, but that assumes you have a preexisting relationship with a VPN provider BEFORE using the untrustable network. Some people don't trust their ISP or they have an issue with the ISP injecting ads. VPNs can help with this. VPNs have the same problem as tools like TOR have - you have to be able to trust your exit node from unmasking you or logging your data and selling it. Additionally, depending on how the VPN is setup it could expose your device more than it would be normally on a home network. VPN providers aren't required to implement firewall rules that protect you and with how the tunnel interface is setup on a host could (in combination with a poorly configured local host firewall) open up Windows services (like NetBIOS or SMB) up to the internet increasing your chances of compromise.
I should also add that VPNs also cause problems for security professionals, especially when used from inside enterprise networks. They restrict indicators of compromise making InfoSec/NOC/SOCs job of defending the company network more difficult.
Yes, password manager and 2FA is absolutely top of the list. The VPN the WiFi thing is a bit overdone, basically everything uses SSL now, so sniffing stuff over WiFi is basically a list of urls. Not exactly the Crown Jewels.
Personal cybersecurity is something that should be taught in every school - even as just a semester - because I guarantee with the right teacher showing the right real world examples, it will stick with whoever is in that class for life. And they will therefore pass that knowledge on to others. Individual people are immense soft targets for hacking and need info like this to protect themselves
Math teacher I grade 7 taught us about w2's, w4's doing income taxes.
Never will forget that.. FINALLY real world knowledge that we all guatanteed will need to do...
...too bad I don't remember anything from it..
..maybe I do but its just common knowledge to me now...
Nothing else from any schooling sticks out like that
That's a low hanging fruit. Some studies show that teenagers do, in fact, know the rules of information security, but they don't give a shit about applying those rules since they see no significant reason for that. And convincing someone that something is important is a different story from teaching the rules.
It was taught in my school, just a guest speaker came in but it was boring as all hell and about half the people either didn't listen or just forgot whatever he said
@@lslslslslslslsl1 which is why it's important WHO is teaching
Which is funny because teachers and schools are the least secure institutions in the planet when it comes to cyber crime.
Good solid tips Ryan, thank you.
My own tip: Lie on as many websites as you can. Don't use your real name, location, DOB, etc etc. Websites get hacked, I don't want hackers having my real info.
And don't respond to data miners, those things that want you to respond such as "Your space alien name is the street name you live on, your mother's maiden name, the name of your first dog, your first car, etc". Those things are data miners that use social fun to get you to give up your data. This data is/was often used as security for websites.
Using a password manager is game changing and probably the best method to protect yourself.
A password manager is a big help for using different credentials for each site you use.
A password manager is imo an amazing tool to prevent reusing passwords without forgetting all of them. It really improved that situation a lot for me.
My second tip is backups, backups, backups. Saves your ass from ransomware and losing all your family photos in a house fire. And backing up to a external hdd attached to your pc helps, but only a little, you're safest if you backup to something on a separate location, like cloud backup or using a nas at a separate location that you can connect to online.
I agree! Don't forget that there are a few key passwords that you want to commit to memory. Such as the master password for the password manager, your Windows account password, your Apple ID password. the passcode on your iPhone/iPad.
Just a few, now!
For aging people like me, it's actually fun to invent a long, strong passphrase ("Four score and seven years ago" or "O Captain, My Captain" or the phone number of your favorite pizza shop when you were a teen + the word "pepperoni pizza"). Every time you remember that passphrase you get a warm fuzzy feeling.
I like deliberately mangling words. "Four score and severn years ago" or "O Caption, My Caption."
As someone who works as custom support at an ISP, this was a pretty good video on the subject. In my experience, it's mostly iPhones that have the name of their owner, I guess it's in its initial configuration setup (I've never used one).
All this was quite reasonable and very well explained. Thank you!
You guessed right. Same for macbooks.
I’m glad you’re getting sponsorships. Well worth their investment in you.
I’m happy to see I’m adhering to these tips. I commend them to everyone!
That was very good advice, wish more companies and govt agencies and institutions would be more vigilant and strict with their staffs digital security. I constantly facepalm when I hear the stories like took DOD laptop out of facility and forgot it on the metro 🤦😂
Very informative and fun video. Not enough kill rings. 3/10.
"Stick to tanks."
Hi Ryan 👋 ,
Why haven’t I found you Channel sooner than later?
Basically, thank you so much for your intel. I found you to be extremely informative and direct.
I have to subscribe to your channel and hit the notification button too.
Have a great day and may God bless you.
Your time and effort hasn’t gone unnoticed.
Thank you for making this video man people really need to know this stuff to stay safe. I know I learned somthing from this video and ill be sending it to my family thank u again.
I also agree with your policy on e-mails. I have my own domain that I use to create a new e-mail for 'every' account I have. That will alert you if there has been a leak of your e-mail to someone in say a phishing attack. You can just quite literaly delete the e-mail address and move on. Also, use unique and different passwords for every site you sign up to; which you touched on too.
Hi Ryan, I'm a veteran student who is looking to get into the cyber security field. If you could make a video giving some tips on how to get into that field I would love to hear about it. Thanks!
That would be an interesting topic for sure.
In the meantime, lookup for a SOC (service operation center, security operation center) or a NOC (network operation center). Tons of IT & security profiles in one all seing, all knowing service. A great place to start (or for an internship) if you don't know what branch of cybersecurity to get into.
I've been using computers for about 35 years and... these were some great tips that I had not thought of before! Yes it really does make sense to use a separate computer for banking stuff. Good idea!
What does not make sense is to use a Chromebook for that since it depends on Google's infrastructure too much.
@@sciloj The borg must grow.
VERY GOOD advice. Thank you very much. And, I really your tactical information. I was PA-33/S USAF 40+ years ago, public affairs. Didn’t have a tactical bone in my body. I’ve learned a lot from your channel.
Thank you for publishing this video.
Already loved your war videos, and love your general content as well. Keep it up boss!
Thank you.
You were right, I am really loving this.
Preachin' the word, as always, RB!!
Thanks Ryan for some great advice.
Enjoying this vid, as I'm studying Network Security on my own. Glad I now know some of the terminology. 👍
Glad it was helpful!
Thank you so much for this!
This is actually a remarkably good video, great job!
I love the knife hand.
I have my devices named as following:
My phone is just called "Unbezahlter Praktikant" translating to "unpaid intern"
My PC is called "Gehilfe" translating to "minion"
My wifi network is called "Bärenhöhle" which is "bear cave" and my router is called "Höhleneingang" translating to "cave entrance"
And I'm using a VPN provider for my phone to make it harder for sniffers.
For passwords I use sentences and only utilise the first letter of each word while my language allows for somewhat irregular capital letters throughout the sentence. That mixed with some words turned into english and then modified to be written in leet it makes nice long random seeming passwords especially with correct interpunctuation.
2FA is a given for any service providing the functionality
Conclusion: I guess I'm fairly well prepared as my bank uses it's own 2FA, it's own login methods and it's internal mail and notification system. And my assigned NSA agent might be suicidal for me literally playing the same horrendously stupid songs for days on loop xD
Well done - I could watch another 10 episodes on this topic
the definition of an hashing algorithm you gave it's simply the best i've ever heard of. cheers!
Very helpful videos thanks!
Awesome - thanks for sharing!
Thank You!
best channel i've found this year, thanks for what you're doing, and thanks for the advice. nice haircut, too.
Thank you very much for this information
Dude! On fire 🔥, nice job 👍
Actually I find these tips quite easy to follow and I was surprised that I already do like 2 or 3 of them. It's a big difference to what cyber-purist hacker characters tell you: step 1: write your own Linux based operating system. Step 2: only use the tor browser, never any apps. Step 3: never use visual surfaces or load pictures. Only type commands into a text editor. Step 4: store all digital devices in a fridge inside a nuclear bunker inside Mount Doom. Step 5: do all transactions on paper.
Great video as always
Thank you so much for this; I’ll make sure my SF brother sees this; AND make sure he knows of YOUR site. AGAIN, THANK YOU!! 👍🏼👍🏼😃👣
Great video!
The first four are suggestions I use or don't worry about (no smartphone). But #5 (a separate computer / email for your financial transactions) is an awesome idea that I'll implement.
I totally understand your argument for a VPN but don't I then risk being spyed upon by the VPN provider?
Or another questionn, you suggested a provider. How can I be sure that this one is good with my data?
Yes. You are at risk being spied on by the VPN provider. If I were a government, I would definitely set up a VPN in the Bahamas and advertise it so I can inspect everything going through my systems. When Atlas VPN reached out to me I did some research on them and I wouldn’t let them advertise with me if They weren’t solid.
Thanx Ryan, you're a cool Kat!
Glad to have found your channel 😉😁
Thank you.
Really excellent presentation!
That potato analogy was good man lol
Thank you for the info, I was able to take advantage of the deal.
Thanks, Ryan, for the great information to help us all secure our online presence. All about the layers and and links in the chain to keep yourself secure.
One question, what are your thoughts on password managers? Any suggestions on favorites or your thoughts on using them. ( for the record, I use one and really like it.)
Best software I ever started using was a password manager. All my passwords are super-complex strings at least 36 characters long.
Great video, especially for folks who are relatively new to the notion of real cybersecurity. I appreciate how well you can break this down to actionable items.
Also: DID YOU JUST KNIFE-HAND ME, MCBETH? ;)
Thanks Ryan, just got myself a VPN.
The problem is as with the PSD2 standard.... a lot of older people get angry when they have to put in two codes and end up calling you and they don't understand that the manager can't help you with that which is your responsibility. And it pisses them off to have to go through more effort like putting the fingerprint or opening a 2PA app for codes ... Hopefully over the years it will be normalised as you say it is a bit uncomfortable but it drastically improves security.
I would be concerned about banking information - but if someone wants to steal my negative balance, go for it! lol
I learned a lot from this.
Learn something new everyday!!!
Okay, everything but the VPN part was good. VPN is only necessary if your logging into stuff usually at an untrustworthy location or doing something shady/important. Other then that your just paying money for lag/slower connection. The password part is a big threat, people hardcore cross reference these days.
Good job, got us to click on an ad and watch for minuuttteeesss
some of these elements are keys points of the comptia security+ certification. I'll be knocking that one out later this year. Thanks for rewording what i've studied
Great video
Hey look an actually informative and interesting ad for a VPN. They struck gold with sponsoring you.
I spoke with them and researched them. They are good guys.
Great info and my dad was on Guadalcanal bronze star purple heart oak leaf Custer
Congrats on the sponsor!
Tip 6. Install your damn patches and updates already
I'm glad you showed us the name. I genuinely thought you were saying *Alice vpn* until I saw it written down. 😂
Regarding passwords: I was told by someone within the cyber security community (and amateur, admittedly) that instead using a pass*word* I should use a pass*phrase.* I was told that this adds a layer of complexity to the hash process, making it more difficult, but not impossible, to illegally require my credentials. Might not be viable for older users, but it could save someone from getting there accounts cracked.
This video is probably the best consumer-understandable explanation I've seen on VPNs and password security. This includes the explanation on hashing and salting. I wish you had mentioned password managers and authenticators, but that would have raised the level of difficulty on understanding the great information you delivered. Thank you for doing this.
Thank you. I appreciate that.
@@RyanMcBethProgramming Maybe password managers and authenticators could beat follow-up video? (Been a network infrastructure product manager since the early 1990s. We need a better security understanding.)
@@memathews I could do one on that.
@@RyanMcBethProgramming It might be a good pairing, especially since you've already set up a storyline that could cover the dangers of aggregation across multiple accounts or through service consolidation into the big providers (Facebook, Google, Apple, etc.).
Another subject few understand is that ALL data goes through the ISP, where it is recorded and some of it is analyzed by government bodies. Not to trigger paranoia at all 😉
Do you recommend password managers? They have helped me immensely as a way to never reuse passwords, but I do worry about having a single point of failure, albeit one with multi factor authentication from a trusted company.
Good info. 🙂
This is why I subscribe
Never thought youd be using hak5 pineapple 🍍
Love it
In your role as a Cybersec Pro, do you have a preference for either ISACA or ISC3, or which certification pathway would you recommend? Also, if you know much about the qualifications system in the UK, how would you go about seeking employment in the industry? I am an older student currently nearing gaining a qualification that is oriented towards 1st line tech support and I have studied CEH, CISA, CCNA and various CompTIA courses, without paying for and passing the actual expensive exams...
How about using a virtual private server as your VPN? Hook up your LAN router so all traffic takes a detour through that virtual machine... It'll not give you all the Netflix in the world, but it can give you an uncensored connection out of China.
Anyway, I do miss the good old days when the internet was rather anonymous. What I don't miss is how I had to make do with 2mbps on ADSL.
In other words, I've given up trying to hide, in return I got 1000 Mbps.
Edit: not many places use MD5 hashes anymore, that's simply too easy to brute force, with dictionaries you have to be rather good at coming up with a password to make it difficult.
Many years ago I was in a group of satellite hackers. Once we found a weakness in the algorithm, we could break several master keys a day... Of course that's not person to person damage, but the 6000 people we were, forced the broadcasters to go for SHA256. So I would claim I know how encryption works quite well, but I was just one of the small ones in that adventure. Pretty sure that the software we used was funded by the Russian mafia tho. There's always something to regret.
Edit 2: I did learn a lot about encryption tho, so it's not all bad.
Edit 3: you're very right about the last point tho. Keep a separate machine for your sensitive stuff. If you can't afford that, consider a virtual machine. Or do it even better and do everything else in a virtual machine.
Isolating your sensitive info does work. If "I" manage to break into your physical machine, it would take a while before I figure out you have virtual machines. If you want to make it really fun, do it with an emulated Amiga or Atari ST. Just kidding, those machines hardly knew what encryption was.
My own choice would be a Linux with the entire set of security stuff enabled in the kernel.. Full "harddisk" encryption and all, perhaps keeping the private key on a USB stick.. but as I said I've given up being anonymous.. I know it's possible, but I trade something in for convenience.
I like that you tier your computer usage, using another email and computer for financial transactions. A bit cumbersome but very secure.
Another thing I would like to add is that in Windows you should create a dedicated administrator account on your pc and and make you normal user just a “user”. Never surf the internet as an administrator. I actually created another live account to use as admin, with its own yubikey, but that might be overkill.
2FA might feel inconvinient at first but once you start using it, and especially if you can use the push notifications it becomes second nature. You just unlock your phone and the code is there.
My only thing is for example, I lost my phone. The only way to find my phone is using the find my phone app on someone else's phone. I have to sign into my account which has the 2FA set to my phone. RIP. (I know I'm supposed to have those backup passwords in my wallet or something but it didn't help in the moment)
@@KJMcLaws Yeah, that is one downside to 2FA. When google authenticator was the most popular one offered by websites I remember what kind of hassle it was to change all of them to new phone. On some websites I had to use the backup master code to even be able to do it.
Well done tips. Just for anyone considering the Chromebook for this purpose, do NOT turn on sync, and even more, use a separate Google account.
Well, if someone needs those tips, they will not be able to set up a Chromebook by themselves to make it secure. If they can make it secure - they don't need these tips.
Good content, Ryan, but something went wrong with the visuals. On my Android Note 8 in landscape, the left half of the screen was a corner of the iPhone screen grab with "Sarah's iPhone 13" at the bottom. Your face is almost entirely obscured. In landscape, the only thing visible is the top part of the screen grab.
+1
Wow. First?!
Thank you! This is a video we all need.
Signed, one weird programmer
Nice 👍
Booyah 👊🏽😁🇺🇸
"Litwo Ojczyzno moja ..." nice list of hash
If sms two factor is the only option a website offers, using a google voice number should reduce the risk of a sim swap attack. A password manager and Yubikey is great when available as an option.
Representing MoCo. I know that metro station very well
Two-factor authentication saved the majority of my accounts after a successful phishing scam on one of my coworkers.
Thank you for this. I need more info on this cuz the only thing I have on my devices is a vpn and Malwarebytes.
A grandpa used to say: “My passwords are protected by dementia.”
I’d say also get a password manager and use the complex randomly generated passwords to change every password you have
Potato>Hashbrown...you win the internet today sir.
I'll never look at potatoes in the same way again. Everytime I buy one I'll ask myself, is that potato secure.
Great - now I will too
i bought the plan lets hope it makes a difference
Ive had two factor authorization save my google account. When my PW was compromised from a phis. My google account is linked to EVERYTHING important.
Be aware!
# A. Mickiewicz # Pan Tadeusz. Nice
My phone's suitably ambiguous name is "Sleeper Service". Thank you Iain.
I'm about to get a new computer specifically for work (well, studies). I'm going to use that as my financial station as well, like your chrome book. And I'll run Linux on it.
You had me at hashbrown.
Just changed my phone name. Thanks for the tips.
I'm older, I just can't get my head wrapped around this crap or even find it remotely interesting. I just want the EMP to hit and level the playing field for me lol. I don't know how you deal with that crap every day. I have a VPN at work and have to use a computer there but hate that it has been creeping into everything in my life at home and need to learn more about it. Even my old Ham radio stuff has computer signals all through the bands now. Thanks for the info.
3:32 I got exposed via someone running a club/website from a home PC and when the person just sold the PC and someone took all the data off the hard drive etc
Good info, thanks!
When using a VPN at Starbucks, many times I can't get access to sites. Any suggestions?
Is there a way to detect of someone is trying use "man in the middle" hack?
For the secure laptop (or any PC), what antivirus/antimalware software do you recommend?
With some companies like Starbucks, you need to sign in without the VPN, then use the VPN.
In general, there is no way of detecting a MITM attack, although you can detect is the fingerprint is correct here : www.grc.com/fingerprints.htm
Honestly, I think Windows Defender is good enough unless you are talking corporate use.