Securing chat apps with multi factor authentication.
This slide details out the loopholes in chat ops and how they can be managed with multi factor authentication (2fa) luke yubikey and google authentication.
2. Introduction
⢠Arun Narayanaswamy
⢠14 years in Dev & Ops
⢠Worked at large enterprises including Fortune 1
⢠Entrepreneur, Student, Photographer and TravelerâŚ
⢠Disclaimer:
⢠âThe opinions expressed, software references and any content in this
presentation are solely mine and they do not represent my employer.â
3. How many of you use Chat @ Work?
techcrunch.com
5. Chat Apps â Big Players!
⢠Instant messaging on steroids
⢠Your âwhatsappâ for business!
⢠Collaboration
⢠Integrated workspace - Text, audio, video
⢠All alerting and messaging in one place
⢠Share, Search & Integrate
⢠Chat-ops!
⢠Fun
7. Hubot â Why?
⢠CoffeeScript on Node.js based
⢠Active development - Github
⢠Easy integration with third part apiâs
⢠Deployable on Heroku, AWS
⢠Works with Slack and HipChat (and more)
⢠Whatâs chat without Hubot?
8. Typical CD Workflow
⢠Revolves around the orchestrator
⢠Data need to be consolidated into Splunk/ELK/Jenkins etc.
⢠Now better with
⢠Containers
⢠New-gen monitoring
12. Plugging in the loopholes
2FA
Hardware
Tokens
Software
Tokens
Roles
â˘Custom
Code
â˘Hubot Auth
2FA
Multiple
Rooms
AWS IAM
Policies
13. Plugging in the loopholes : Hardware keys
2FA
Hardware
Tokens
Software
Tokens
Roles
â˘Custom
Code
â˘Hubot Auth
2FA
Multiple
Rooms
AWS IAM
Policies
14. Plugging in the loopholes : Hardware keys
⢠Demo
[ https://devseccon.hipchat.com/chat ]
[ https://id.heroku.com/login ]
[ https://www.yubico.com ]
15. Plugging in the loopholes : Soft keys
2FA
Hardware
Tokens
Software
Tokens
Roles
â˘Custom
Code
â˘Hubot Auth
2FA
Multiple
Rooms
AWS IAM
Policies
16. Plugging in the loopholes : Roles
2FA
Hardware
Tokens
Software
Tokens
Roles
â˘Custom
Code
â˘Hubot Auth
2FA
Multiple
Rooms
AWS IAM
Policies
17. Plugging in the loopholes : Rooms
2FA
Multiple
Rooms
AWS IAM
Policies
⢠Restricted Channels
⢠Private Channels
⢠Different Instance of Chat
System
⢠2FA on Chat system itself
18. Plugging in the loopholes : IAM (AWS)
2FA
Multiple
Rooms
AWS IAM
Policies
⢠Policies on what each system can run
⢠Better control on AWS/Heroku where the bots run