Keep it safe agm13

218 views
151 views

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
218
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
2
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Keep it safe agm13

  1. 1. Keep IT safe! AGM Maribor workshop Damian Bulira IT Committee
  2. 2. Identify a sensitive data • What do you want to protect Identify applications that you store information in • Where do you want to store it Identify parties that have access to the data • Who do you want to share it with Secure and constrain access • How do you want to protect it IT security in a nutshell AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
  3. 3. IT security in a nutshell Identify a sensitive data • Personal data • Financial data • Photos ;) • Password file AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
  4. 4. IT security in a nutshell Identify applications that you store information in • Local files • Locally stored on your hard drive • How not to loose them? • Mobile devices • Laptops, smartphones, USB drives • What if you loose them? • Cloud services • Google docs, Facebook, e-mail AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
  5. 5. Identify parties that have access to the data • Family • Friends • Co-workers • Internet provider • Service providers • Public Secure and constrain access • Access only to people that needs it • Protect your passwords, tokens, digital IDs AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl IT security in a nutshell
  6. 6. How would you store and share it? ESN case AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
  7. 7. Protecting local files Password protection • Office / OpenOffice -> embdedd function • Password archive protection • TrueCrypt protection Remote copy • Dropbox folders • Scheduled backups AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
  8. 8. Backups Avoid single point of failure • Store sensitive data in more than 1 place • Archive data (you never know when you want to bring back some of it) Dropbox, Google Drive • Store but remember about encryption • Easy sharing AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
  9. 9. AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
  10. 10. AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
  11. 11. CORRECT! AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
  12. 12. Sharing is caring Similar stuff with Google Drive (docs) • Even better – more detailed control Why? • Control over the contributors • Someone leaves the organization • A „black sheep” problem • Version control – change tracking • You share with the people that you explicitly invite AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
  13. 13. Mobile devices problem Common scenario – lost smartphone: • Stored passwords to FB, Google etc. • All accounts and data have been took over! • Always lock your phone – pattern lock, password Laptop • Hard disk fully encrypted USB drive • Vault partition on flash drive with sensitive data AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
  14. 14. Password protection How easy is to crack your password • Strong password policy Never don’t share your password • No shared accounts! Don’t repeat the password in different applications • Password system • PIN codes AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
  15. 15. AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
  16. 16. How to pick a good password Bad ideas • Dates • Names • Common words • „Pallomeri” ;) Good ideas • First letters of a poem, song • P4770.m3r1 • Don’t reuse the passwords TOP 2012 1. password 2. 123456 3. 12345678 4. abc123 5. qwerty 6. monkey 7. letmein 8. dragon 9. 111111 10. baseball AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
  17. 17. How to share passwords Password shall be a private and unique Share passwords only when it is necessary DON’Ts • Send whole passwords by e-mail • Never send website, login and password together DOs • Share wisely – you share the responsibility • Store passwords encrypted! • Share passwords on a regular basis AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
  18. 18. The biggest EVIL! AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
  19. 19. Plaintext passwords Thank you for signing up to Our Webpage, we hope that you will have a great time here! Please click the link below to authorise your username and password for use on the Our site. http://www.site.com/register.php?action=auth&email=damian@b ulira.pl&auth=dnyhxn ***IF THIS LINK DOES NOT WORK, LOGIN AS NORMAL AND ENTER THE DETAILS BELOW*** Your username that you used to sign up with is: dbulira Your password you used to sign up with is: password12# The email that you signed up with is: damian@bulira.pl AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
  20. 20. PGP mail encryption AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
  21. 21. Single Site Login Being able to log in to any website through existing proxy account AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
  22. 22. The security question Helps with the password recovery, mostly to e- mail boxes Extremely important thing! Treat it as the second password Cool story… http://www.foxnews.com/entertainment/2012/12/17/hollywood-hacker-honed-his- skills-for-years/ AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
  23. 23. Identity dependency ESN use case ;) • A jealous geeky boyfriend wants to spy on her girfriend, he captures a google password (how?) • Later on he discovers some fishy e-mails so he goes deeper • He changes the Google password and using lost password feature generates a new password to Facebook (SSO!), Twitter, etc. • He discovers even more… :> • Imagine what happens later… AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
  24. 24. Other day-to-day ESN security cases PC in the ESN office • Private user accounts • Guest account ESN Office key access • A case similar to password handling • Track usage • Access list (checked regularly) AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
  25. 25. Internet privacy When you upload something to the Internet, it stays there forever Think before you post! Restrict you privacy in social media • Application access Respect others privacy and don’t let people to desrespect yours AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
  26. 26. AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
  27. 27. Exercise Sending credit card credentials • You’ve forgot a credit card from your apartment and urgently need to book a flight, fortunately your trustful roommate can send you all the necessary data, how do you proceed? AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
  28. 28. Join the IT Committee! We always look for: • Programmers • Designers • Documentation Writers • Tutorial Makers • System Administrators • Linux Experts • Drupal Developers AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
  29. 29. AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl

×