![Page 1: Operations security - SyPy Dec 2014 (Sydney Python users)](https://reader033.vdocuments.mx/reader033/viewer/2022060203/559e01be1a28ab366a8b45ff/html5/thumbnails/1.jpg)
OPSEC - operations security
Mikko Ohtamaa SyPy / Sydney / Dec 2014
opensourcehacker.com
moo9000
![Page 2: Operations security - SyPy Dec 2014 (Sydney Python users)](https://reader033.vdocuments.mx/reader033/viewer/2022060203/559e01be1a28ab366a8b45ff/html5/thumbnails/2.jpg)
Agenda
Background Team security User security Infrastructure security
![Page 3: Operations security - SyPy Dec 2014 (Sydney Python users)](https://reader033.vdocuments.mx/reader033/viewer/2022060203/559e01be1a28ab366a8b45ff/html5/thumbnails/3.jpg)
Person-to-person Bitcoin exchange
Bitcoin users are high value targets
![Page 4: Operations security - SyPy Dec 2014 (Sydney Python users)](https://reader033.vdocuments.mx/reader033/viewer/2022060203/559e01be1a28ab366a8b45ff/html5/thumbnails/4.jpg)
Team security
![Page 5: Operations security - SyPy Dec 2014 (Sydney Python users)](https://reader033.vdocuments.mx/reader033/viewer/2022060203/559e01be1a28ab366a8b45ff/html5/thumbnails/5.jpg)
Encrypt devices: computers AND phones !
Two-factor authentication on inbox and site admin !
Google 2FA account incidents: https://ello.co/gb/post/knOWk-qeTqfSpJ6f8-arCQ
http://opensourcehacker.com/2012/10/24/ssh-key-and-passwordless-login-basics-for-developers/
![Page 6: Operations security - SyPy Dec 2014 (Sydney Python users)](https://reader033.vdocuments.mx/reader033/viewer/2022060203/559e01be1a28ab366a8b45ff/html5/thumbnails/6.jpg)
http://opensourcehacker.com/2012/10/24/ssh-key-and-passwordless-login-basics-for-developers/
Password manager (KeePassX) SSH keys, tied to your computer login
![Page 7: Operations security - SyPy Dec 2014 (Sydney Python users)](https://reader033.vdocuments.mx/reader033/viewer/2022060203/559e01be1a28ab366a8b45ff/html5/thumbnails/7.jpg)
User security
![Page 8: Operations security - SyPy Dec 2014 (Sydney Python users)](https://reader033.vdocuments.mx/reader033/viewer/2022060203/559e01be1a28ab366a8b45ff/html5/thumbnails/8.jpg)
Passwords are dead
Password stealing attacks by keylogging and cache reading malware
Strong passwords give only limited additional protection
![Page 9: Operations security - SyPy Dec 2014 (Sydney Python users)](https://reader033.vdocuments.mx/reader033/viewer/2022060203/559e01be1a28ab366a8b45ff/html5/thumbnails/9.jpg)
Login attempt throttling
Threshold logins per IP: script kiddie
Threshold per username: spearhead brute force
Threshold all logins per minute: botnet attack
recaptcha.net
http://opensourcehacker.com/2014/07/09/rolling-time-window-counters-with-redis-and-mitigating-botnet-driven-login-attacks/
![Page 10: Operations security - SyPy Dec 2014 (Sydney Python users)](https://reader033.vdocuments.mx/reader033/viewer/2022060203/559e01be1a28ab366a8b45ff/html5/thumbnails/10.jpg)
Two-factor authentication for your users
![Page 11: Operations security - SyPy Dec 2014 (Sydney Python users)](https://reader033.vdocuments.mx/reader033/viewer/2022060203/559e01be1a28ab366a8b45ff/html5/thumbnails/11.jpg)
Time-Based One-Time Password Algorithm
TOTP a.k.a Google Authenticator, RFC 6238 Does not require Google account.!OSS apps available
Tic toc keycodes generated by a mobile app
![Page 12: Operations security - SyPy Dec 2014 (Sydney Python users)](https://reader033.vdocuments.mx/reader033/viewer/2022060203/559e01be1a28ab366a8b45ff/html5/thumbnails/12.jpg)
HMAC-Based One-Time Password Algorithm
HOTP, RFC 4226 a.k.a. paper codes, one time pad
Common in EU banking, unheard in some countries
![Page 13: Operations security - SyPy Dec 2014 (Sydney Python users)](https://reader033.vdocuments.mx/reader033/viewer/2022060203/559e01be1a28ab366a8b45ff/html5/thumbnails/13.jpg)
SMS Yubikey
As a service: authy.org
For Django: https://github.com/miohtama/
django-twofactor
![Page 14: Operations security - SyPy Dec 2014 (Sydney Python users)](https://reader033.vdocuments.mx/reader033/viewer/2022060203/559e01be1a28ab366a8b45ff/html5/thumbnails/14.jpg)
Third factor
![Page 15: Operations security - SyPy Dec 2014 (Sydney Python users)](https://reader033.vdocuments.mx/reader033/viewer/2022060203/559e01be1a28ab366a8b45ff/html5/thumbnails/15.jpg)
Users accidentally give out their credentials
Recycled passwords (blackmarket) Phishing (Google Adwords first link stealing) !
Phishers may get two-factor codes too
![Page 16: Operations security - SyPy Dec 2014 (Sydney Python users)](https://reader033.vdocuments.mx/reader033/viewer/2022060203/559e01be1a28ab366a8b45ff/html5/thumbnails/16.jpg)
Third factor parameters
Identify web browser (permacookie)
Identify the country of IP address
The reputation of IP address (botnet, Tor, VPS)
IP address whitelist
!
![Page 17: Operations security - SyPy Dec 2014 (Sydney Python users)](https://reader033.vdocuments.mx/reader033/viewer/2022060203/559e01be1a28ab366a8b45ff/html5/thumbnails/17.jpg)
"Tinfoil never too tight" attacks
Trojan kits with Bitcoin sites "autosteal"
Browser add-ons modifying payment data in-fly
Android and iOS malware
SMS capture attacks
Malicious Tor exit nodes
!http://thedroidguy.com/2014/06/popular-chinese-android-smartphone-malware-pre-installed-93764
http://www.reddit.com/r/Bitcoin/comments/2573rw/bitcoin_is_secure_because_it_solves_the_byzantine/
![Page 18: Operations security - SyPy Dec 2014 (Sydney Python users)](https://reader033.vdocuments.mx/reader033/viewer/2022060203/559e01be1a28ab366a8b45ff/html5/thumbnails/18.jpg)
Infrastructure security
![Page 19: Operations security - SyPy Dec 2014 (Sydney Python users)](https://reader033.vdocuments.mx/reader033/viewer/2022060203/559e01be1a28ab366a8b45ff/html5/thumbnails/19.jpg)
fail2banDaemon blocking IPs by continuous log file analysis
(e.g. Apache, SSH, custom application logs)
![Page 20: Operations security - SyPy Dec 2014 (Sydney Python users)](https://reader033.vdocuments.mx/reader033/viewer/2022060203/559e01be1a28ab366a8b45ff/html5/thumbnails/20.jpg)
Attack mitigation as a service proxies: cloudflare.net Whitehat bounty programs: crowdcurity.com Known bad IPs: projecthoneypot.org !
![Page 21: Operations security - SyPy Dec 2014 (Sydney Python users)](https://reader033.vdocuments.mx/reader033/viewer/2022060203/559e01be1a28ab366a8b45ff/html5/thumbnails/21.jpg)
Hosting provider and physical attacks
Store databases and logs on encrypted partition (LUKS)
Backups as encrypted only: duplicity, GPG
Server-to-server connections: SSH, VPN
Virtual machines are always unsafe
http://blog.bitly.com/#85169217199
![Page 22: Operations security - SyPy Dec 2014 (Sydney Python users)](https://reader033.vdocuments.mx/reader033/viewer/2022060203/559e01be1a28ab366a8b45ff/html5/thumbnails/22.jpg)
Server security monitoring
Log server, FSS (forward secure sealed) logs Intrusion detection (OSSEC)
Firewalling !
http://louwrentius.com/systemd-forward-secure-sealing-of-system-logs-makes-little-sense.html
![Page 23: Operations security - SyPy Dec 2014 (Sydney Python users)](https://reader033.vdocuments.mx/reader033/viewer/2022060203/559e01be1a28ab366a8b45ff/html5/thumbnails/23.jpg)
THANK YOU
opensourcehacker.com Open Source Hacker
linkedin.com/in/ohtis