17. Security Best Practice Exercise

Security Best Practice Exercise

Security Best Practice Exercise #1 - Password Managers

Passwords are a poor way to prove a user's identity. They are easily shared, written down, and leaked. Plus, there are so many to remember!
Password managers are encrypted vaults that hold your passwords so you don't need to memorize them or write them down. Besides keeping your identity, credentials, and sensitive data safe, a password manager can generate strong, unique passwords to ensure you aren't reusing them across your devices and services. This way, you can use a much longer, complex, and ultimately more secure password. An additional benefit with many password managers is that you can use Multi-Factor Authentication (MFA) with them.
Common password management applications include:

Some of these are free and some may require a paid subscription.

Reflect on Password Managers

QUESTION:

For this exercise, select a password manager either from the list above or from your own experience or research. Install the application and use it for a few of your accounts.
Answer the following:

  • Which password manager did (or do) you use?
  • How does it help you as a general use? Does it make it easier for you to use other applications that require a user-id and password?
  • Would you recommend it to others? Why or why not?
ANSWER:

The intent of this exercise is to give you the opportunity to test a password manager to understand how it fits as a part of security best practices.
Example answers:

  • I use LastPass to store IDs and passwords used for my education and training websites.
  • With this, I don't need to memorize my password and it's much easier to login to the stored websites. I can also use a much longer and stronger password.
  • I found LastPass very easy to initially configure and use. It automatically asks if I want to store a new account in its password vault/database.

Security Best Practice Exercise #2 - Checking for Viruses

Viruses, worms, trojan horse applications, ransomware, spyware, etc continue to haunt us and be a threat vector according to the Verizon Data Breach Report from a previous lesson. Anti-Virus or EndPoint Protection Programs aren't perfect and may miss zero-day threats.

Virustotal.com inspects uploaded files and website URLs with over 70 antivirus scanners and URL/domain blacklisting services. It's free to end-users for non-commercial use. See their How It Works webpage for more information about it.

Reflect on Virus Scanning

QUESTION:

Now it's your turn to use two VirusTotal features: file scanning and URL scanning.

Step 1: Go to the VirusTotal Website: https://www.virustotal.com/

Step 2: To check a file for viruses against the VirusTotal database, select the File option, and upload a file of your choice to see if it is safe from known viruses. Record your observations. You can answer these questions about your observations: Were any viruses detected in the file you selected? How many virus scanning programs were used?

Step 3: Repeat the process above using the URL Scanning tool.

ANSWER:

The intent of this exercise is for you to explore VirusTotal.com and see how it can supplement a device's anti-virus and end-point protection applications.

Hopefully, the file you uploaded on the site had no viruses detected. You can see the 70+ different programs it uses to detect potential malware in both files and website URLs.

Next Concept