Keep it safe agm13
Upcoming SlideShare
Loading in...5
×
 

Keep it safe agm13

on

  • 263 views

 

Statistics

Views

Total Views
263
Views on SlideShare
263
Embed Views
0

Actions

Likes
0
Downloads
0
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Keep it safe agm13 Keep it safe agm13 Presentation Transcript

  • Keep IT safe! AGM Maribor workshop Damian Bulira IT Committee
  • Identify a sensitive data • What do you want to protect Identify applications that you store information in • Where do you want to store it Identify parties that have access to the data • Who do you want to share it with Secure and constrain access • How do you want to protect it IT security in a nutshell AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
  • IT security in a nutshell Identify a sensitive data • Personal data • Financial data • Photos ;) • Password file AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
  • IT security in a nutshell Identify applications that you store information in • Local files • Locally stored on your hard drive • How not to loose them? • Mobile devices • Laptops, smartphones, USB drives • What if you loose them? • Cloud services • Google docs, Facebook, e-mail AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
  • Identify parties that have access to the data • Family • Friends • Co-workers • Internet provider • Service providers • Public Secure and constrain access • Access only to people that needs it • Protect your passwords, tokens, digital IDs AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl IT security in a nutshell
  • How would you store and share it? ESN case AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
  • Protecting local files Password protection • Office / OpenOffice -> embdedd function • Password archive protection • TrueCrypt protection Remote copy • Dropbox folders • Scheduled backups AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
  • Backups Avoid single point of failure • Store sensitive data in more than 1 place • Archive data (you never know when you want to bring back some of it) Dropbox, Google Drive • Store but remember about encryption • Easy sharing AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
  • AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
  • AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
  • CORRECT! AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
  • Sharing is caring Similar stuff with Google Drive (docs) • Even better – more detailed control Why? • Control over the contributors • Someone leaves the organization • A „black sheep” problem • Version control – change tracking • You share with the people that you explicitly invite AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
  • Mobile devices problem Common scenario – lost smartphone: • Stored passwords to FB, Google etc. • All accounts and data have been took over! • Always lock your phone – pattern lock, password Laptop • Hard disk fully encrypted USB drive • Vault partition on flash drive with sensitive data AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
  • Password protection How easy is to crack your password • Strong password policy Never don’t share your password • No shared accounts! Don’t repeat the password in different applications • Password system • PIN codes AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
  • AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
  • How to pick a good password Bad ideas • Dates • Names • Common words • „Pallomeri” ;) Good ideas • First letters of a poem, song • P4770.m3r1 • Don’t reuse the passwords TOP 2012 1. password 2. 123456 3. 12345678 4. abc123 5. qwerty 6. monkey 7. letmein 8. dragon 9. 111111 10. baseball AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
  • How to share passwords Password shall be a private and unique Share passwords only when it is necessary DON’Ts • Send whole passwords by e-mail • Never send website, login and password together DOs • Share wisely – you share the responsibility • Store passwords encrypted! • Share passwords on a regular basis AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
  • The biggest EVIL! AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
  • Plaintext passwords Thank you for signing up to Our Webpage, we hope that you will have a great time here! Please click the link below to authorise your username and password for use on the Our site. http://www.site.com/register.php?action=auth&email=damian@b ulira.pl&auth=dnyhxn ***IF THIS LINK DOES NOT WORK, LOGIN AS NORMAL AND ENTER THE DETAILS BELOW*** Your username that you used to sign up with is: dbulira Your password you used to sign up with is: password12# The email that you signed up with is: damian@bulira.pl AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
  • PGP mail encryption AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
  • Single Site Login Being able to log in to any website through existing proxy account AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
  • The security question Helps with the password recovery, mostly to e- mail boxes Extremely important thing! Treat it as the second password Cool story… http://www.foxnews.com/entertainment/2012/12/17/hollywood-hacker-honed-his- skills-for-years/ AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
  • Identity dependency ESN use case ;) • A jealous geeky boyfriend wants to spy on her girfriend, he captures a google password (how?) • Later on he discovers some fishy e-mails so he goes deeper • He changes the Google password and using lost password feature generates a new password to Facebook (SSO!), Twitter, etc. • He discovers even more… :> • Imagine what happens later… AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
  • Other day-to-day ESN security cases PC in the ESN office • Private user accounts • Guest account ESN Office key access • A case similar to password handling • Track usage • Access list (checked regularly) AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
  • Internet privacy When you upload something to the Internet, it stays there forever Think before you post! Restrict you privacy in social media • Application access Respect others privacy and don’t let people to desrespect yours AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
  • AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
  • Exercise Sending credit card credentials • You’ve forgot a credit card from your apartment and urgently need to book a flight, fortunately your trustful roommate can send you all the necessary data, how do you proceed? AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
  • Join the IT Committee! We always look for: • Programmers • Designers • Documentation Writers • Tutorial Makers • System Administrators • Linux Experts • Drupal Developers AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
  • AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl