keep it safe agm13
DESCRIPTION
TRANSCRIPT
Keep IT safe!
AGM Mariborworkshop
Damian BuliraIT Committee
Identify a sensitive data• What do you want to protect
Identify applications that you store information in• Where do you want to store it
Identify parties that have access to the data• Who do you want to share it with
Secure and constrain access • How do you want to protect it
IT security in a nutshell
AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | [email protected]
IT security in a nutshell
Identify a sensitive data• Personal data• Financial data• Photos ;)• Password file
AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | [email protected]
IT security in a nutshell
Identify applications that you store information in• Local files
• Locally stored on your hard drive• How not to loose them?
• Mobile devices• Laptops, smartphones, USB drives• What if you loose them?
• Cloud services• Google docs, Facebook, e-mail
AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | [email protected]
Identify parties that have access to the data• Family• Friends• Co-workers• Internet provider• Service providers• Public
Secure and constrain access • Access only to people that needs it• Protect your passwords, tokens, digital IDs
AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | [email protected]
IT security in a nutshell
How would you store and share it?
ESN case
AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | [email protected]
Protecting local files
Password protection• Office / OpenOffice -> embdedd function• Password archive protection• TrueCrypt protection
Remote copy• Dropbox folders• Scheduled backups
AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | [email protected]
Backups
Avoid single point of failure• Store sensitive data in more than 1 place• Archive data (you never know when you want to bring
back some of it)
Dropbox, Google Drive• Store but remember about encryption• Easy sharing
AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | [email protected]
AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | [email protected]
AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | [email protected]
CORRECT!
AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | [email protected]
Sharing is caring
Similar stuff with Google Drive (docs)• Even better – more detailed control
Why?• Control over the contributors
• Someone leaves the organization• A „black sheep” problem• Version control – change tracking
• You share with the people that you explicitly invite
AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | [email protected]
Mobile devices problem
Common scenario – lost smartphone:• Stored passwords to FB, Google etc.• All accounts and data have been took over!• Always lock your phone – pattern lock, password
Laptop • Hard disk fully encrypted
USB drive• Vault partition on flash drive with sensitive data
AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | [email protected]
Password protection
How easy is to crack your password• Strong password policy
Never don’t share your password• No shared accounts!
Don’t repeat the password in different applications• Password system
• PIN codes
AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | [email protected]
AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | [email protected]
How to pick a good password
Bad ideas• Dates• Names• Common words• „Pallomeri” ;)
Good ideas• First letters of a poem, song• P4770.m3r1• Don’t reuse the passwords
TOP 2012
1. password 2. 1234563. 123456784. abc1235. qwerty6. monkey7. letmein8. dragon9. 11111110. baseball
AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | [email protected]
How to share passwords
Password shall be a private and unique Share passwords only when it is necessary
DON’Ts• Send whole passwords by e-mail• Never send website, login and password together
DOs• Share wisely – you share the responsibility• Store passwords encrypted!• Share passwords on a regular basis
AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | [email protected]
The biggest EVIL!
AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | [email protected]
Plaintext passwordsThank you for signing up to Our Webpage, we hope that you will have a great time here! Please click the link below to authorise your username and password for use on the Our site. http://www.site.com/register.php?action=auth&[email protected]&auth=dnyhxn ***IF THIS LINK DOES NOT WORK, LOGIN AS NORMAL AND ENTER THE DETAILS BELOW*** Your username that you used to sign up with is: dbulira Your password you used to sign up with is: password12# The email that you signed up with is: [email protected]
AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | [email protected]
PGP mail encryption
AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | [email protected]
Single Site Login
Being able to log in to any website through existing proxy account
AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | [email protected]
The security question
Helps with the password recovery, mostly to e-mail boxesExtremely important thing!Treat it as the second password
Cool story… http://www.foxnews.com/entertainment/2012/12/17/hollywood-hacker-honed-his-skills-for-years/
AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | [email protected]
Identity dependency
ESN use case ;)• A jealous geeky boyfriend wants to spy on her
girfriend, he captures a google password (how?)• Later on he discovers some fishy e-mails so he goes
deeper• He changes the Google password and using lost
password feature generates a new password to Facebook (SSO!), Twitter, etc.
• He discovers even more… :>• Imagine what happens later…
AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | [email protected]
Other day-to-day ESN security cases
PC in the ESN office• Private user accounts• Guest account
ESN Office key access• A case similar to password handling
• Track usage• Access list (checked regularly)
AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | [email protected]
Internet privacy
When you upload something to the Internet, it stays there foreverThink before you post!Restrict you privacy in social media• Application access
Respect others privacy and don’t let people to desrespect yours
AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | [email protected]
AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | [email protected]
Exercise
Sending credit card credentials• You’ve forgot a credit card from your apartment and
urgently need to book a flight, fortunately your trustful roommate can send you all the necessary data, how do you proceed?
AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | [email protected]
Join the IT Committee!
We always look for:• Programmers• Designers• Documentation Writers• Tutorial Makers• System Administrators• Linux Experts• Drupal Developers
AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | [email protected]
AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | [email protected]