Nihad A. Hassan and

Rami Hijazi

Digital Privacy and Security Using Windows

A Practical Guide

Nihad A. Hassan

New York, USA

Rami Hijazi

Toronto, Canada

Any source code or other supplementary material referenced by the author in this book is available to readers on GitHub via the book's product page, located at www.apress.com/9781484227985 . For more detailed information, please visit www.apress.com/source-code .

ISBN 978-1-4842-2798-5

e-ISBN 978-1-4842-2799-2

DOI 10.1007/978-1-4842-2799-2

Library of Congress Control Number: 2017947159

© Nihad A. Hassan and Rami Hijazi 2017

This work is subject to copyright. All rights are reserved by the Publisher, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission or information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now known or hereafter developed.

Trademarked names, logos, and images may appear in this book. Rather than use a trademark symbol with every occurrence of a trademarked name, logo, or image we use the names, logos, and images only in an editorial fashion and to the benefit of the trademark owner, with no intention of infringement of the trademark. The use in this publication of trade names, trademarks, service marks, and similar terms, even if they are not identified as such, is not to be taken as an expression of opinion as to whether or not they are subject to proprietary rights.

While the advice and information in this book are believed to be true and accurate at the date of publication, neither the authors nor the editors nor the publisher can accept any legal responsibility for any errors or omissions that may be made. The publisher makes no warranty, express or implied, with respect to the material contained herein.

Printed on acid-free paper

Distributed to the book trade worldwide by Springer Science+Business Media New York, 233 Spring Street, 6th Floor, New York, NY 10013. Phone 1-800-SPRINGER, fax (201) 348-4505, e-mail [email protected], or visit www.springeronline.com. Apress Media, LLC is a California LLC and the sole member (owner) is Springer Science + Business Media Finance Inc (SSBM Finance Inc). SSBM Finance Inc is a Delaware corporation.

To my mom, Samiha, thank you for everything. Without you, I’m nothing.

—Nihad A. Hassan

Introduction

Digital Privacy and Security Using Windows is about the skills you need to survive in today’s digital age. This book presents you with a wide array of methods and techniques to fight digital crime, protect your privacy, and prevent others from tracking you when you are online.

The Internet is full of risks! Cybersecurity threats and incidents have increased lately, leading to significant economic and social consequences for business organizations and individuals. We know that global mass surveillance is now a reality after the continued revelations of secret documents via WikiLeaks. We live in the golden age of government and corporate surveillance, where everyone spies on everyone else. As our society moves to become more digitally dependent and devices get increasingly connected, we are being exposed to greater cybersecurity threats, which are expected to intensify in the future.

Digital Privacy and Security Using Windows is an important tool in the arsenal of any computer user who values privacy. This book provides useful information for people who know a little about cybersecurity risks but want to know more; it teaches them in a practical way how to secure their communications and data in the virtual world through a plethora of security tools and protective measures. Professional users will also find this book useful because it will draw their attention to current and future cyber-threats and how to mitigate them properly.

This unique book will teach you in a practical step-by-step manner how to become digitally invisible. You will learn how to secure your online communications and become anonymous online. You will learn how to secure your online identity, encrypt your digital data at rest and in transit, secure personal devices, secure your online presence, secure cloud data and the Internet of Things (IoT), mitigate social engineering attacks, keep your purchases secret, and conceal your digital footprint. You also will learn best practices to harden your operating system and delete digital traces using the most widely used operating system, Windows.

In the ever-changing online world, acquiring cybersecurity knowledge is a must for any computer user, and this book will teach you everything you need to know to feel confident when going online.

Target Audience

The following people will benefit from this book:

  • End users

  • Journalists and human rights activists

  • Management staff in different industries

  • Information security professionals

  • Information security students

  • Any user seeking privacy

Summary of Contents

Here is a brief description of each chapter’s contents:

  • Chapter 1 , “Introduction to the Current Status of Online Privacy” : This chapter discusses the status of online privacy in today’s world; it talks about different parties that are interested in having your personal data and the motivation behind that. It also differentiates between the two types of private information available online and how each one can be exploited to track users’ online activities. This chapter also explains how web tracking technologies work to connect users’ web browsing behavior to their real identity and finally concludes with talking about the different regulations that exist worldwide for dealing with digital privacy and handling users’ personal data across national borders.

  • Chapter 2 , “Essential Privacy Tips” : This chapter gives you important advice to assure your privacy when going online. It begins by talking about cybersecurity risks and then moves on to give suggestions to mitigate those risks. Protecting kids’ privacy and handling data in the cloud are also covered within this chapter.

  • Chapter 3 , “Windows Security” : In this chapter, we present ways to harden the Windows OS so it becomes more privacy friendly. Data destruction techniques and Windows 10 privacy settings are also covered in detail.

  • Chapter 4 , “Online Anonymity” : This chapter teaches you everything you need to know to become invisible online, including web browsing using TOR, using virtual private networks and proxies, configuring web browsers to cover your digital footprint, and using anonymous payments via bitcoins. This chapter is your ultimate guide for disappearing online.

  • Chapter 5 , “Cryptography and Secure Communication” : This chapter teaches you how to protect your private data using cryptography, which includes two major subcategories: encryption and steganography. In the encryption section, we discuss how to obscure your data at rest and in transit by scrambling it; in the second section, we briefly cover steganography and give examples on how to use some of its techniques to hide your private data in plain sight.

  • Chapter 6 , “What’s Next?” : This is the final chapter, where we talk about future trends and advancements in computing technology and how they will affect your privacy.

Comments and Questions

To comment or ask technical questions about this book, send an e-mail to [email protected] .

For additional references about the subject, computer security tools, tutorials, and other related matters, check out www.DarknessGate.com .

Acknowledgments

I start by thanking God for giving me the gift to write and convert my ideas into something useful. Without God’s blessing, I would not be able to achieve anything.

I want to thank Rami Hijazi for always being there; his precious feedback has always enlightened my road. Even after years of working together, I am constantly surprised by his amazing intelligence, innate humility, and genuine friendship.

I’d also like to thank John Walker, the book’s technical editor. It was a great honor to work with such an experienced cybersecurity mind. John is an encyclopedia of cybersecurity; he put decades of pure cybersecurity experience in our hands while authoring this book. I consider him the best man in the field. His valuable feedback, fast response, and dedicated work helped us to shape this book. Thank you, John, you are simply the best.

Now, I want to thank the ladies at Apress: Susan, Rita, and Laura. I was pleased to work with you and very much appreciate your valuable feedback and suggestions. I hope I have the chance to work with you again.

Specifically, to book acquisitions editor Susan McDermott, thank you for believing in my book’s idea and for your honest encouragement before and during the writing process. I hope I have the chance to work with you again. To book project editor Rita Fernando, you’ve been very supportive during the writing process. You made authoring this book a joyful journey. To book development editor Laura Berendson, thank you very much for your diligent and professional work in producing this book.

I also want to thank all the Apress staff who worked behind the scenes to make this book possible and ready for launch. I hope you will continue your excellent work in creating highly valued computing books. Your work is greatly appreciated.

Finally, I want to thank Jodi L. Colburn for her help at the start of my career as an information security professional. I will always remember your encouragement and faithful advice.

—Nihad A. Hassan

Contents

  1. Chapter 1:​ Introduction to the Current Status of Online Privacy
    1. Types of Attacks
      1. Passive Attack
      2. Active Attack
    2. We Live in a Dangerous World
      1. Historical Background
      2. Five Eyes’ Global Surveillance
      3. Most Recent Surveillance Laws
      4. Internet of Things Security
    3. What Is Digital Privacy?​
      1. Classification of Personal Information
      2. Things You Want to Keep Private
      3. Who Needs Your Personal Information?​
      4. Invading Personal Privacy Through Online Tracking and Behavioral Profiling
      5. The Danger of Online Tracking
      6. Benefits of Online Tracking
    4. How Online Tracking Works Technically
      1. The Concept of an IP Address and Its Role in Tracking Users Online
      2. Online Tracking Techniques
      3. Open Source Intelligence
    5. Regulatory and Legislative Approaches Concerning Online Privacy
      1. Privacy Laws in the European Union
      2. Privacy Laws in the United States
      3. Privacy Laws in Other Countries
      4. Privacy Policies of Web Sites
      5. Do Not Track
      6. Opt Out
    6. What Is Anonymity?​
    7. What Is the Difference Between Privacy and Anonymity?​
    8. Entities That Promote and Help People Retain Privacy Online
    9. Summary
    10. Bibliography
    11. Notes
  2. Chapter 2:​ Essential Privacy Tips
    1. Types of Computer Security Risks
      1. Malware
      2. Hacking
      3. Pharming
      4. Phishing
      5. Ransomware
      6. Adware and Spyware
      7. Trojan
      8. Virus
      9. Worms
      10. Wi-Fi Eavesdropping
      11. Scareware
      12. Distributed Denial-of-Service Attacks
      13. Rootkits
      14. Juice Jacking
    2. Install Antivirus and Other Security Solutions
      1. How to Select Your Antivirus Program
      2. Anti-exploit
      3. Anti-spyware
      4. Anti-malware
      5. Firewalls
      6. Tips to Use Antivirus Software Efficiently
    3. Passwords
      1. Create Secure Passwords
      2. Password Generation Tools
      3. Password Managers
    4. Secure Your Online Browsing
      1. Turn On Private Browsing
      2. Read Web Site Privacy Policies
      3. Disable Location Information
      4. Remove Metadata from Digital Files
      5. Make Sure to Log Out
      6. How to Know Whether a Web Site Is Secure
      7. Do Not Install Pirated Software
      8. Update Everything
    5. E-mail Security
    6. Social Engineering
      1. Phishing
      2. What Does a Phishing E-mail Message Look Like?​
      3. Other Social Engineering Attack Types
    7. Secure Home Wi-Fi Settings
      1. Change the Network SSID Name
      2. Enable Wi-Fi Encryption
      3. Filter MAC Addresses
      4. Update Firmware
    8. Cover Your Laptop Webcam
    9. Do Not Post Your Selfie Pictures
    10. Back Up Your Data
    11. Web Sites That Create a False Identity
    12. Best Practices When Using Social Networking Sites
      1. Security Section
      2. Privacy Section
    13. Protect Your Children Online
      1. Internet Dangers for Kids
      2. Teach Your Kid About Internet Dangers
      3. Parental Control Software
      4. Set Up a Family-Safe DNS
    14. Track Yourself Online
      1. Google Alerts
      2. Auditing Facebook Profile
      3. Check Whether Someone Has Taken Your Personal Picture
      4. Check Your Data Breach Status
      5. Delete All Your Online Profiles
      6. Remove the Offending Content
    15. Cloud Storage Security
    16. Internet of Things Security
    17. Physical Security Threats and Countermeasures
      1. Disposing of Old Computers
    18. Educate Yourself About Cybersecurity
    19. Use Free and Open Source Software
    20. Summary
    21. Bibliography
    22. Notes
  3. Chapter 3:​ Windows Security
    1. Harden Your OS
      1. Lock Your PC Using a USB Drive
      2. Turn On Automatic Updates
      3. Use a Less-Privileged User Account
      4. Configure Windows Backup
      5. Disallow Remote Assistance
      6. Manage Restore Points
      7. Make Hidden Files Visible
      8. Set a Screen Saver Password
      9. Freeze the Hard Disk
      10. Set a Password for BIOS/​UEFI
      11. Disable Unnecessary Ports/​Protocols
      12. Disable Unnecessary Services
    2. Data Destruction Techniques
      1. Disable the Recycle Bin
      2. Disable UserAssist
      3. Delete Previously Connected USB Devices
      4. Disable the Windows Prefetch Feature
      5. Disable the Windows Thumbnail Cache
      6. Other Areas You Need to Consider
    3. Windows 10 Security
      1. Windows Biometric Authentication
      2. Use Local Account
      3. Windows Update
      4. Windows Defender
      5. Windows Backup
      6. Recovery
      7. Find My Device
      8. Privacy Settings
    4. Additional Security Measures
      1. Use a Virtual Keyboard
      2. Automatic Program Updates
      3. Virtual Machines and Portable Apps
      4. Windows To Go (Windows 10)
    5. Summary
  4. Chapter 4:​ Online Anonymity
    1. Anonymous Networks
      1. Tor Network
      2. I2P Network
      3. Freenet
    2. Darknet
      1. How to Access the Darknet
    3. Anonymous OS
      1. Tails
      2. Warning When Using the Tails OS
    4. Secure File Sharing
      1. OnionShare
      2. FileTea
    5. VPN
      1. Criteria to Select the Best VPN
      2. Opera Browser’s Built-in VPN Service
      3. Combine Tor with VPN
    6. Proxy Servers
    7. Connection Leak Testing
      1. Check for DNS Leak
      2. Fix DNS Leak
    8. Secure Search Engine
      1. Configure Your Google Account to Stop Saving Your Activity
      2. Privacy at Microsoft
      3. Anonymous Search Engines
    9. Web Browser Privacy Configuration
      1. Check the Browser Fingerprint
      2. Hardening Firefox for Privacy
      3. Browser Extensions for Privacy
      4. Disable Flash Cookies and Java Plug-In
      5. Countermeasures for Browser Fingerprinting
    10. Anonymous Payment
      1. Prepaid Gift Cards
      2. Virtual Credit Card
      3. Cryptocurrency
    11. Summary
    12. Bibliography
    13. Notes
  5. Chapter 5:​ Cryptography and Secure Communication
    1. The Difference Between Encryption and Cryptography
    2. Cryptographic Functions
      1. Authentication
      2. Nonrepudiation
      3. Confidentiality
      4. Integrity
    3. Cryptographic Types
      1. Symmetric Cryptography
      2. Asymmetric Cryptography
      3. Cryptographic Hash
      4. Key Exchange Algorithms
    4. Digital Signature
      1. The Difference Between Digital Signatures and Electronic Signatures
    5. Cryptographic Systems Trust Models
      1. Web of Trust
      2. Kerberos
      3. Certificates and Certificate Authorities
    6. Cryptographic Algorithm Selection Criteria
    7. Create a Cryptographic Key Pair Using Gpg4Win
    8. Disk Encryption Using Windows BitLocker
      1. Encrypting Windows/​Fixed Data Drives
      2. Encrypting Removable Disk Drives
      3. Best Practices When Using BitLocker
    9. Disk Encryption Using Open Source Tools
      1. Encryption Using VeraCrypt
    10. Multitask Encryption Tools
      1. 7-Zip
      2. AES Crypt
      3. Protect Microsoft Office Files
      4. Protect PDF Files
    11. Attacking Cryptographic Systems
      1. Harvest-Then-Decrypt Attack
      2. The DROWN Attack
      3. Man-in-the-Middle (MITM) Attack
      4. Brute-Force Attack
      5. Bootkit
      6. Rootkit
      7. Operating System Leak
      8. Evil Maid Attack
      9. Cold Boot Attack
      10. Direct Memory Access
      11. Hardware Keyloggers
      12. Hardware Backdoor
    12. Countermeasures Against Cryptography Attacks
      1. Mitigate Future Attacks Against Encrypted Data
      2. Mitigate Brute-Force Attack
      3. OS Leak
      4. Mitigation Strategies Against Physical Attacks
    13. Securing Data in Transit
    14. Cloud Storage Encryption
      1. Duplicati
      2. Cryptomator
    15. Encrypt DNS Traffic
    16. Encrypt E-mail Communications
      1. Encrypt Files/​Folders Using Gpg4win
    17. Secure Webmail Providers
      1. ProtonMail
      2. Disposable Temporary E-mail Address
    18. Secure IM and Video Calls
      1. Tor Messenger
      2. Cryptocat
      3. Signal
      4. Ghost Call
      5. Gruveo
    19. Steganography
      1. What Is Digital Steganography?​
      2. Differences Between Steganography and Encryption
      3. Digital Steganography Techniques
      4. Digital Steganography Types
    20. Summary
    21. Notes
  6. Chapter 6:​ What’s Next?​
    1. The Future of Computing Technology
    2. The Future of Cryptographic Algorithms
    3. Legal Issues
    4. Social Networking Sites and Users’ Privacy
    5. The War on Terror
    6. Summary
    7. Notes
  7. Index

About the Authors and About the Technical Reviewer

About the Authors

A439978_1_En_BookFrontmatter_Figb_HTML.jpg

Nihad A. Hassan is an independent information security consultant, digital forensics and cybersecurity expert, online blogger, and book author. He has been actively conducting research on different areas of information security for more than a decade and has developed numerous cybersecurity education courses and technical guides.

Nihad focuses on computer forensics and anti-forensics techniques on the Windows OS. He has completed numerous technical security consulting engagements involving security architectures, penetration testing, computer crime investigation, and anti-forensics techniques. Recently, he has shifted his focus toward digital privacy and security.

Nihad has authored two books and scores of information security articles in various global publications. He also enjoys being involved in security training, education, and motivation. His current work focuses on digital forensics, anti-forensics techniques, digital privacy, and web security assessment. He covers different information security topics and related matters on his blog at www.DarknessGate.com . Nihad has a BSc honors degree in computer science from the University of Greenwich in the United Kingdom.

Nihad can be reached through his web site, www.ThunderWeaver.com , and you can connect to him via LinkedIn at https://www.linkedin.com/in/darknessgate/ .

A439978_1_En_BookFrontmatter_Figc_HTML.jpg

Rami Hijazi is the general manager of MERICLER Inc., an education and corporate training firm in Toronto, Canada. He is an experienced IT professional who lectures on a wide array of topics, including object-oriented programming, Java, e-commerce, agile development, database design, and data handling analysis. Rami also works as a consultant to Cyber Boundaries Inc., where he is involved in the design of encryption systems and wireless networks, intrusion detection and data breach tracking, and planning and development advice for IT departments concerning contingency planning.

About the Technical Reviewer

John Walker CFIP, FRSA, served 22 years in the Royal Air Force in security, investigations, and counterintelligence operations (both overt and covert), working with Government Communications Headquarters (GCHQ), Communications-Electronics Security Group (CESG), and other British intelligence agencies, as well as U.S. agencies. He is a visiting professor at the School of Science and Technology at Nottingham Trent University and has been a visiting professor/lecturer at the University of Slavonia, a visiting lecturer at Warwick University, and a visiting lecturer of digital forensics at the National Defence University of Malaysia. John is a registered expert witness, certified forensics investigator practitioner, editorial member at MedCrave Research for forensics and criminology, ENISA CEI expert, editorial member of the Cyber Security Research Institute, digital forensics/cybersecurity trainer at Meirc in Dubai, and fellow of the Royal Society of Arts.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.189.178.237