Technology Training
Special Training - Session #13
Heartbleed Explained
Getting Your Digital Security in Order with LastPa...
Securing Your Digital Life
What is Heartbleed?
The Heartbleed Bug is a serious vulnerability in the popular OpenSSL
cryptographic software library. T...
What is Heartbleed?
The Heartbleed bug allows anyone on the Internet to read the memory of the
systems protected by the vu...
What is Heartbleed?
With a Heartbleed
infected
server, information
like you see here can
be captured by an
attacker. This ...
What is Heartbleed?
Why it is called the Heartbleed Bug?
The Bug is in the OpenSSL's implementation of the TLS/DTLS (trans...
Explaining Heartbleed
First the girl asks the server to indicate whether it’s still
online by telling it to say “Potato,” ...
Protecting Your Information
Heartbleed is a reminder that securing your information is more important then ever
before.
An...
Password Management
Password Management is becoming one of the best defenses for security flaws. Passwords
today need to b...
Password Management with LastPass
Last Pass has both a free account and a paid account.
The paid account is $12 / year and...
Introducing LastPass
What I really like about LastPass is that you actually do not need to know all those
passwords and th...
Introducing LastPass
With this in mind, even before you sign up for LastPass be sure to think about a
good, secure passwor...
Simple Passwords are so Yesterday
Passwords as we know them are going to
change in a big way very soon. Gone will be the
t...
Passwords are Changing
Here are a couple of examples of using
“phrases” for your password.
Ex: 1 is “Captain Kirk and Mr. ...
Embrace Password Management
This is important before we continue. Make sure you pick a
good password or phrase that you wi...
Signing up with LastPass
Go to www.lastpass.com to sign up. Either choose “Download Free” or “Go Premium”.
Passwords are v...
Creating Your LastPass Account
I recommend that when you sign up
with LastPass you use your primary
computer or laptop. Wh...
Getting to Know Your LastPass Vault
The LastPass Vault is where you will
store, organize and manage all of your
passwords....
Organizing Your LastPass Vault
I recommend organzing all of your
accounts into folders.
You can see by my example I have a...
Organizing Your LastPass Vault
By creating an organized folder structure for your
accounts you quickly realize....
Creating Strong Passwords with LastPass
With LastPass installed you will now
notice an (*) next to all of you logon
fields...
Creating Strong Passwords with LastPass
Creating secure & unique passwords for
each account is the point here so you
will ...
Creating Strong Passwords with LastPass
If you use the default settings you will
see it will generate for you a strong 12
...
Going Mobile with LastPass
On your mobile device you will open
the LastPass app first, copy the
password and then paste it...
How Does LastPass Work?
LastPass uses AES 256-bit encryption. The Advanced Encryption Standard (AES) is a
specification fo...
LastPass Demo
Now we will walk through how to use LastPass. Please ask questions as we go along.
www.lastpass.com
Upcoming SlideShare
Loading in...5
×

Heartbleed Explained & LastPass Demo

407

Published on

As a result of the recent "Heartbleed" security flaw discovered a two part special training was offered to the staff which first explained what heartbleed was and second tried to emphasize the importance of having a good password management plan. in this case "LastPass" was demonstrated.

Published in: Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
407
On Slideshare
0
From Embeds
0
Number of Embeds
5
Actions
Shares
0
Downloads
9
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

Heartbleed Explained & LastPass Demo

  1. 1. Technology Training Special Training - Session #13 Heartbleed Explained Getting Your Digital Security in Order with LastPass May 8, 2014 William Mann, Borough of West Chester - CIO
  2. 2. Securing Your Digital Life
  3. 3. What is Heartbleed? The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs). SSL = Secure Sockets Layer TLS = Transport Layer Security definitions
  4. 4. What is Heartbleed? The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.
  5. 5. What is Heartbleed? With a Heartbleed infected server, information like you see here can be captured by an attacker. This may not look like much, but if your logon or account information is exposed in this way are data is at risk.
  6. 6. What is Heartbleed? Why it is called the Heartbleed Bug? The Bug is in the OpenSSL's implementation of the TLS/DTLS (transport layer security protocols) heartbeat extension (RFC6520). When it is exploited it leads to the leak of memory contents from the server to the client and from the client to the server.
  7. 7. Explaining Heartbleed First the girl asks the server to indicate whether it’s still online by telling it to say “Potato,” and indicates the length of the word. The server responds with “Potato,” while withholding all of the information surrounding “Potato,” written out in a lighter hue in the server’s speech bubbles. The hacker then asks the server to repeat the same task, but instead replaces “Potato” with “Bird,” and indicates the length of the word. The server complies. Then, the hacker asks the server to say “Hat,” but instead of noting that it’s a three-character word, she states that it’s 500 letters long. The server responds not only by saying “Hat,” but also by leaking out the information around the word. By doing so, it reveals sensitive server information, including a “master key,” which the hacker begins to jot down.
  8. 8. Protecting Your Information Heartbleed is a reminder that securing your information is more important then ever before. And it’s going to get worse. As we continue relying on technology for conducting business, communicating through email, social media and shopping online cybercriminals are going to continue getting smarter and more aggressive in how they try to steal personal information. So we need to be even smarter….
  9. 9. Password Management Password Management is becoming one of the best defenses for security flaws. Passwords today need to be taken very seriously. This means having a good, efficient password management plan for every account you have online. Password Management in days past could be very complicated, time consuming and difficult. However today there are many solutions out there that are easy to use, secure and either free or very inexpensive. Each of your accounts should have a strong and unique password.
  10. 10. Password Management with LastPass Last Pass has both a free account and a paid account. The paid account is $12 / year and provided mobile app support which is alone is well worth the cost. With this password management tool you will be able to organize, manage and use unique secure passwords easily. In fact I use LastPass and I actually do not even know what the majority passwords are. Now – that’s security!
  11. 11. Introducing LastPass What I really like about LastPass is that you actually do not need to know all those passwords and their app is available on every device you may choose to use. You just need to know one password…. Your LastPass password.
  12. 12. Introducing LastPass With this in mind, even before you sign up for LastPass be sure to think about a good, secure password that you will never – ever forget.
  13. 13. Simple Passwords are so Yesterday Passwords as we know them are going to change in a big way very soon. Gone will be the time when simple words like… “password” will be used or accepted. Now I may be getting ahead of myself but… A better password strategy is using key phrases that only you would know and no one else could guess or that a cyber criminal could hack.
  14. 14. Passwords are Changing Here are a couple of examples of using “phrases” for your password. Ex: 1 is “Captain Kirk and Mr. Spock are best friends!” Your typed password would be: Captain_Kirk_&_Mr._Spock_are_best_freinds! Ex: 2 is “My favorite Place on Earth is Disney World!” Your typed password would be: My_Favorite_Place_on_Earth_is_Disney_World! Passwords using phrases can be long, complex and easily remembered!
  15. 15. Embrace Password Management This is important before we continue. Make sure you pick a good password or phrase that you will not forget. It will also be a good idea to print and save this password is a secure location like a safe in your home or another secure location. This will be the only password you will need if you use LastPass (or similar password managers) regularly. If you forget your LastPass password there is NO reset mechanism.
  16. 16. Signing up with LastPass Go to www.lastpass.com to sign up. Either choose “Download Free” or “Go Premium”. Passwords are very important and your security is probably worth $12 / year.
  17. 17. Creating Your LastPass Account I recommend that when you sign up with LastPass you use your primary computer or laptop. When you go to create an account you will be prompted to “Download LastPass”. Do this. You will then enter your email address, a master password (the really – really good one you already decided on) and a Password Reminder that will only help you remember it – just in case.
  18. 18. Getting to Know Your LastPass Vault The LastPass Vault is where you will store, organize and manage all of your passwords. This vault will be also available to you on all of your mobile devices if you sign up for the Premium account ($12/year).
  19. 19. Organizing Your LastPass Vault I recommend organzing all of your accounts into folders. You can see by my example I have all of my accounts in catergorized folders that I created. Within each folder are my specific accounts.
  20. 20. Organizing Your LastPass Vault By creating an organized folder structure for your accounts you quickly realize....
  21. 21. Creating Strong Passwords with LastPass With LastPass installed you will now notice an (*) next to all of you logon fields for websites. If an account has already been setup you can simply select login because all of the fields will be completed for you. You can also setup an account for “autologin” which will of course automatically log you in. I recommend this only a secured PC that is passworded to access you Windows account or one that only you have access to. Make sure that when you install LastPass on your PC that you install the “plug in” for all of the browsers that you use.
  22. 22. Creating Strong Passwords with LastPass Creating secure & unique passwords for each account is the point here so you will want to take the time to change any passwords you have. LastPass makes this very easy with the “password generator”. You can do this by selecting the * and the “Generate” button.
  23. 23. Creating Strong Passwords with LastPass If you use the default settings you will see it will generate for you a strong 12 character password using several types of characters. Select Use Password then “Yes, Use for this Site”.
  24. 24. Going Mobile with LastPass On your mobile device you will open the LastPass app first, copy the password and then paste it into account the that you want to access. Although there is a physical – additional step here – you only need one password to remember – and use. However, and this is important, all of your passwords are complex and unique.
  25. 25. How Does LastPass Work? LastPass uses AES 256-bit encryption. The Advanced Encryption Standard (AES) is a specification for the encryption of electronic data established by the U.S.National Institute of Standards and Technology (NIST) in 2001 All sensitive data is encrypted and decrypted locally before syncing with LastPass. Your key never leaves your device, and is never shared with LastPass. Your data stays accessible only to you. MQ9=5khD<YWZ&+5 This is how each of your passwords should look. With LastPass you can actually do this – and it’s easy.
  26. 26. LastPass Demo Now we will walk through how to use LastPass. Please ask questions as we go along. www.lastpass.com
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×