Cybersecurity for your personal computer: Difference between revisions

Marked this version for translation
No edit summary
(Marked this version for translation)
Line 3: Line 3:
<translate>
<translate>


== Context ==
== Context == <!--T:1-->


<!--T:2-->
Cyber criminals spend their days trying to deceive us into giving up our information, tamper with our devices and even steal our identities. When cyberattacks like phishing are successful, they can ruin our days, to put it lightly. That’s why, this Cybersecurity Awareness Month, we’re encouraging Members of the Alliance and the Federation to ruin a cybercriminal’s day!
Cyber criminals spend their days trying to deceive us into giving up our information, tamper with our devices and even steal our identities. When cyberattacks like phishing are successful, they can ruin our days, to put it lightly. That’s why, this Cybersecurity Awareness Month, we’re encouraging Members of the Alliance and the Federation to ruin a cybercriminal’s day!


<!--T:3-->
For October Cybersecurity Awareness Month, the National Security Council’s Cybersecurity Training and Awareness Team is sharing resources and planning a series of workshops to help Members of the Alliance and the Federation improve their security knowledge and awareness.
For October Cybersecurity Awareness Month, the National Security Council’s Cybersecurity Training and Awareness Team is sharing resources and planning a series of workshops to help Members of the Alliance and the Federation improve their security knowledge and awareness.






== Our Four Topics ==
== Our Four Topics == <!--T:4-->


<!--T:5-->
We have selected four topics this year:
We have selected four topics this year:


<!--T:6-->
* Basic Computer Hygiene
* Basic Computer Hygiene
* Password Hygiene Habits
* Password Hygiene Habits
Line 20: Line 24:
* Linux Permissions
* Linux Permissions


=== Basic Computer Hygiene ===
=== Basic Computer Hygiene === <!--T:7-->


<!--T:8-->
Don’t know how to keep your computer secure at home?  Want to review the security level of your computer?<br>
Don’t know how to keep your computer secure at home?  Want to review the security level of your computer?<br>
In this section, we have a few tips for you to enhance your computer’s security, and a short quiz for a health check on your computer.
In this section, we have a few tips for you to enhance your computer’s security, and a short quiz for a health check on your computer.


==== Security Updates ====
==== Security Updates ==== <!--T:9-->
Enable “Install Update Automatically” to allow timely installation of security updates on your operating system and software.<br>
Enable “Install Update Automatically” to allow timely installation of security updates on your operating system and software.<br>


For more information, please visit [https://www.getcybersafe.gc.ca/en/blogs/software-updates-why-they-matter-cyber-security Software updates: Why they matter for cybersecurity].
For more information, please visit [https://www.getcybersafe.gc.ca/en/blogs/software-updates-why-they-matter-cyber-security Software updates: Why they matter for cybersecurity].
   
   
==== Passwords ====
==== Passwords ==== <!--T:10-->
Strong passwords are essential to keep your computer and your accounts secured.  Refer to [https://docs.alliancecan.ca/wiki/October_Cybersecurity_Awareness_Month_2022#Password_Hygiene_Habits Password Hygiene Habits] for more tips.
Strong passwords are essential to keep your computer and your accounts secured.  Refer to [https://docs.alliancecan.ca/wiki/October_Cybersecurity_Awareness_Month_2022#Password_Hygiene_Habits Password Hygiene Habits] for more tips.
   
   
Line 40: Line 45:
For more information, please visit [https://www.getcybersafe.gc.ca/en/blogs/signs-phishing-campaign-how-keep-yourself-safe Signs of a phishing campaign: How to keep yourself safe].
For more information, please visit [https://www.getcybersafe.gc.ca/en/blogs/signs-phishing-campaign-how-keep-yourself-safe Signs of a phishing campaign: How to keep yourself safe].


==== Wi-Fi security ====
==== Wi-Fi security ==== <!--T:11-->
To protect the Wi-Fi network at your home, set a strong Wi-Fi password and update your router’s firmware regularly.<br>
To protect the Wi-Fi network at your home, set a strong Wi-Fi password and update your router’s firmware regularly.<br>
   
   
Avoid using public Wi-Fi as much as possible. If you need to use it , consider installing a trustworthy VPN solution and enable it when you connect to a public Wi-Fi spot.<br>
Avoid using public Wi-Fi as much as possible. If you need to use it , consider installing a trustworthy VPN solution and enable it when you connect to a public Wi-Fi spot.<br>


<!--T:12-->
For more information, please visit [https://www.getcybersafe.gc.ca/en/secure-your-connections/private-networks Private networks] and [https://www.getcybersafe.gc.ca/en/secure-your-connections/public-wi-fi Public Wi-Fi].
For more information, please visit [https://www.getcybersafe.gc.ca/en/secure-your-connections/private-networks Private networks] and [https://www.getcybersafe.gc.ca/en/secure-your-connections/public-wi-fi Public Wi-Fi].


==== Important notes ====
==== Important notes ==== <!--T:13-->


<!--T:14-->
The advice above is mainly for individuals to refresh their cybersecurity awareness and improve cyber defense on their personal computers.<br>
The advice above is mainly for individuals to refresh their cybersecurity awareness and improve cyber defense on their personal computers.<br>
Computers at the workplace are typically managed and protected by the organization’s IT services team, different sets of security measures may be applied.  You should follow your organization’s policy to protect computers at the workplace.
Computers at the workplace are typically managed and protected by the organization’s IT services team, different sets of security measures may be applied.  You should follow your organization’s policy to protect computers at the workplace.


==== Health Check ====
==== Health Check ==== <!--T:15-->


<!--T:16-->
The following questions are designed to assess the cybersecurity posture of your computer.  Let’s answer the questions to check whether your computer is secured.
The following questions are designed to assess the cybersecurity posture of your computer.  Let’s answer the questions to check whether your computer is secured.
<br><br>
<br><br>
Line 116: Line 124:
:c. Nice!  It’s a good practice to avoid connecting Wi-Fi spots that may not be secure.
:c. Nice!  It’s a good practice to avoid connecting Wi-Fi spots that may not be secure.


=== Password Hygiene Habits ===
=== Password Hygiene Habits === <!--T:17-->
Despite many solutions that protect information and systems, stolen usernames and passwords (credentials) are still the most common way attackers gain unauthorized access.  While this might be through social engineering or phishing, it is frequently the result of weak, guessable passwords and re-used credentials that have been exposed.
Despite many solutions that protect information and systems, stolen usernames and passwords (credentials) are still the most common way attackers gain unauthorized access.  While this might be through social engineering or phishing, it is frequently the result of weak, guessable passwords and re-used credentials that have been exposed.


<!--T:18-->
Which is most important for keeping your password secure?
Which is most important for keeping your password secure?
# Change it frequently
# Change it frequently
Line 125: Line 134:
   
   


<!--T:19-->
The correct answer is that long and especially unique passwords are the most secure. Password complexity can help, but length is much more important than the characters used. Despite this, many systems still enforce outdated complexity rules, but password length is what’s critical. The most important is that a different password is used for every different service. Why? because breaches happen, eventually some service will mishandle your credentials and they will get exposed. Just have a look at https://haveibeenpwned.com/ - for most people, it's already happened. IF you password isn't unique, and is exposed, it can be used to access any system where that same credential is used. This process (called password stuffing) is usually automated and can happen as quickly as 12 hours after the initial exposure.  
The correct answer is that long and especially unique passwords are the most secure. Password complexity can help, but length is much more important than the characters used. Despite this, many systems still enforce outdated complexity rules, but password length is what’s critical. The most important is that a different password is used for every different service. Why? because breaches happen, eventually some service will mishandle your credentials and they will get exposed. Just have a look at https://haveibeenpwned.com/ - for most people, it's already happened. IF you password isn't unique, and is exposed, it can be used to access any system where that same credential is used. This process (called password stuffing) is usually automated and can happen as quickly as 12 hours after the initial exposure.  


<!--T:20-->
Changing passwords frequently, without cause, can actually degrade security. When forced to change their password frequently, many people choose an easy to remember password based on predictable patterns.
Changing passwords frequently, without cause, can actually degrade security. When forced to change their password frequently, many people choose an easy to remember password based on predictable patterns.




<!--T:21-->
So how can you best protect yourself?
So how can you best protect yourself?


<!--T:22-->
* Use a password manager  
* Use a password manager  
** Regardless if you choose one that is standalone or integrated into your web browser, open source or a commercial product/service. A password manager is essential when it comes to all the other steps below.  
** Regardless if you choose one that is standalone or integrated into your web browser, open source or a commercial product/service. A password manager is essential when it comes to all the other steps below.  
Line 143: Line 156:
** If you believe the password may have been compromised, may be reused, or is weak, you should change it. There is no good reason to change passwords based on a time schedule.  
** If you believe the password may have been compromised, may be reused, or is weak, you should change it. There is no good reason to change passwords based on a time schedule.  


<!--T:23-->
If this is not your current situation: '''Don’t Panic!''' just start making changes today. Every little bit helps. If you have hundreds of passwords you need to change, start with a few of them, do a couple every day at lunch. Every time you make even one set of credentials more secure you’re doing yourself a big favour.
If this is not your current situation: '''Don’t Panic!''' just start making changes today. Every little bit helps. If you have hundreds of passwords you need to change, start with a few of them, do a couple every day at lunch. Every time you make even one set of credentials more secure you’re doing yourself a big favour.


=== Safe Browsing and MFA  ===
=== Safe Browsing and MFA  === <!--T:24-->
We rely on a variety of online resources and accounts to help us in our work and to tackle tasks effectively. How we access these tools and how we behave online can have a significant impact on our personal security and the security of the resources we share as members of the Alliance Federation.
We rely on a variety of online resources and accounts to help us in our work and to tackle tasks effectively. How we access these tools and how we behave online can have a significant impact on our personal security and the security of the resources we share as members of the Alliance Federation.


<!--T:25-->
Taking control of the information we share with online service providers, limiting the extent to which commercial entities can track our activity, and thinking about how we authenticate to online accounts can all have a security benefit.
Taking control of the information we share with online service providers, limiting the extent to which commercial entities can track our activity, and thinking about how we authenticate to online accounts can all have a security benefit.


<!--T:26-->
We can start where we are and start today. We can choose to share less personal information voluntarily when responding to requests, signing up for services, posting on social media, and make the task of connecting the dots about who we are and what we do on and off line more challenging for attackers.
We can start where we are and start today. We can choose to share less personal information voluntarily when responding to requests, signing up for services, posting on social media, and make the task of connecting the dots about who we are and what we do on and off line more challenging for attackers.


<!--T:27-->
We can choose to use privacy-enhancing search tools like DuckDuckGo ([https://duckduckgo.com/ duckduckgo.com]), install browser extensions like Privacy Badger ([https://privacybadger.org/ privacybadger.org]), HTTPS Everywhere ([https://www.eff.org/https-everywhere eff.org/https-everywhere]), uBlock Origin ([https://ublockorigin.com/ ublockorigin.com]). We can limit the use of cookies via browser settings, and turn on features that sandbox the links and tracking tools of social media companies ([https://www.mozilla.org/en-US/firefox/facebookcontainer/ mozilla.org/en-US/firefox/facebookcontainer]).
We can choose to use privacy-enhancing search tools like DuckDuckGo ([https://duckduckgo.com/ duckduckgo.com]), install browser extensions like Privacy Badger ([https://privacybadger.org/ privacybadger.org]), HTTPS Everywhere ([https://www.eff.org/https-everywhere eff.org/https-everywhere]), uBlock Origin ([https://ublockorigin.com/ ublockorigin.com]). We can limit the use of cookies via browser settings, and turn on features that sandbox the links and tracking tools of social media companies ([https://www.mozilla.org/en-US/firefox/facebookcontainer/ mozilla.org/en-US/firefox/facebookcontainer]).


<!--T:28-->
When authenticating to online accounts, we can use different identities/usernames/emails for different services; separate work and personal accounts; practice good password hygiene (see our password tips above); and enroll in the MFA schemes provided by online service providers (join the MFA presentation with Ryan and Pier-luc).
When authenticating to online accounts, we can use different identities/usernames/emails for different services; separate work and personal accounts; practice good password hygiene (see our password tips above); and enroll in the MFA schemes provided by online service providers (join the MFA presentation with Ryan and Pier-luc).


<!--T:29-->
Doing even some of these things will make it more challenging for attackers to target us and our colleagues in phishing attacks, to engage in credential stuffing or password guessing.
Doing even some of these things will make it more challenging for attackers to target us and our colleagues in phishing attacks, to engage in credential stuffing or password guessing.




<!--T:30-->
Join our workshop on October, XXX where we will provide an overview of MFA project!
Join our workshop on October, XXX where we will provide an overview of MFA project!


<!--T:31-->
Session in English: <br/>
Session in English: <br/>
Session in French:  
Session in French:  




=== Linux Permissions ===
=== Linux Permissions === <!--T:32-->


<!--T:33-->
Audience: the content below is intended for a technical audience such as users of our supercomputers.
Audience: the content below is intended for a technical audience such as users of our supercomputers.




<!--T:34-->
Linux permissions are one layer of protection to safeguard your research. Here are three common mistakes to avoid:
Linux permissions are one layer of protection to safeguard your research. Here are three common mistakes to avoid:


<!--T:35-->
'''''Mistake 1''''': Granting access to a file to the world via the command ‘’''chmod 777 name_of_file''’’.
'''''Mistake 1''''': Granting access to a file to the world via the command ‘’''chmod 777 name_of_file''’’.


<!--T:36-->
Make sure you understand [https://docs.alliancecan.ca/wiki/Sharing_data#Filesystem_permissions how Linux permissions work], and restrict access to your files in our supercomputers to only those who need access to them.
Make sure you understand [https://docs.alliancecan.ca/wiki/Sharing_data#Filesystem_permissions how Linux permissions work], and restrict access to your files in our supercomputers to only those who need access to them.




<!--T:37-->
'''''Mistake 2''''': Not using ''sticky bit'', leading to the deletion of your files by someone else.
'''''Mistake 2''''': Not using ''sticky bit'', leading to the deletion of your files by someone else.


<!--T:38-->
When dealing with a shared directory where multiple users have read, write and execute permission, the issue of ensuring that an individual cannot delete the files or directories of another can arise. Make sure you are familiar with [https://docs.alliancecan.ca/wiki/Sharing_data#The_Sticky_Bit the notion of sticky bit] and use it when appropriate.  
When dealing with a shared directory where multiple users have read, write and execute permission, the issue of ensuring that an individual cannot delete the files or directories of another can arise. Make sure you are familiar with [https://docs.alliancecan.ca/wiki/Sharing_data#The_Sticky_Bit the notion of sticky bit] and use it when appropriate.  




<!--T:39-->
'''''Mistake 3''''': Granting access to multiple individuals rather than groups.
'''''Mistake 3''''': Granting access to multiple individuals rather than groups.


<!--T:40-->
[https://docs.alliancecan.ca/wiki/Sharing_data#Access_control_lists_.28ACLs.29 Managing ACLs (Access Control Lists)] can quickly become complex. It is best practice to use groups rather than multiple individual accounts to grant permissions when possible.  
[https://docs.alliancecan.ca/wiki/Sharing_data#Access_control_lists_.28ACLs.29 Managing ACLs (Access Control Lists)] can quickly become complex. It is best practice to use groups rather than multiple individual accounts to grant permissions when possible.  




<!--T:41-->
Interested in learning more on this topic? Join our workshop on October, 27 from 12 p.m. - 2 p.m. ET where we will take a deeper dive into Linux permissions!
Interested in learning more on this topic? Join our workshop on October, 27 from 12 p.m. - 2 p.m. ET where we will take a deeper dive into Linux permissions!


<!--T:42-->
Session in English: <br/>
Session in English: <br/>
Session in French:
Session in French:


</translate>
</translate>
cc_staff
169

edits