Keep it safe agm13

Keep IT safe!

AGM Mariborworkshop

Damian BuliraIT Committee

Identify a sensitive data• What do you want to protect

Identify applications that you store information in• Where do you want to store it

Identify parties that have access to the data• Who do you want to share it with

Secure and constrain access • How do you want to protect it

IT security in a nutshell

AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl

Identify a sensitive data• Personal data• Financial data• Photos ;)• Password file

Identify applications that you store information in• Local files

• Locally stored on your hard drive• How not to loose them?

• Mobile devices• Laptops, smartphones, USB drives• What if you loose them?

• Cloud services• Google docs, Facebook, e-mail

Identify parties that have access to the data• Family• Friends• Co-workers• Internet provider• Service providers• Public

Secure and constrain access • Access only to people that needs it• Protect your passwords, tokens, digital IDs

How would you store and share it?

ESN case

Protecting local files

Password protection• Office / OpenOffice -> embdedd function• Password archive protection• TrueCrypt protection

Remote copy• Dropbox folders• Scheduled backups

Backups

Avoid single point of failure• Store sensitive data in more than 1 place• Archive data (you never know when you want to bring

back some of it)

Dropbox, Google Drive• Store but remember about encryption• Easy sharing

CORRECT!

Sharing is caring

Similar stuff with Google Drive (docs)• Even better – more detailed control

Why?• Control over the contributors

• Someone leaves the organization• A „black sheep” problem• Version control – change tracking

• You share with the people that you explicitly invite

Mobile devices problem

Common scenario – lost smartphone:• Stored passwords to FB, Google etc.• All accounts and data have been took over!• Always lock your phone – pattern lock, password

Laptop • Hard disk fully encrypted

USB drive• Vault partition on flash drive with sensitive data

Password protection

How easy is to crack your password• Strong password policy

Never don’t share your password• No shared accounts!

Don’t repeat the password in different applications• Password system

• PIN codes

How to pick a good password

Bad ideas• Dates• Names• Common words• „Pallomeri” ;)

Good ideas• First letters of a poem, song• P4770.m3r1• Don’t reuse the passwords

TOP 2012

1. password 2. 1234563. 123456784. abc1235. qwerty6. monkey7. letmein8. dragon9. 11111110. baseball

How to share passwords

Password shall be a private and unique Share passwords only when it is necessary

DON’Ts• Send whole passwords by e-mail• Never send website, login and password together

DOs• Share wisely – you share the responsibility• Store passwords encrypted!• Share passwords on a regular basis

The biggest EVIL!

Plaintext passwordsThank you for signing up to Our Webpage, we hope that you will have a great time here! Please click the link below to authorise your username and password for use on the Our site. http://www.site.com/register.php?action=auth&email=damian@bulira.pl&auth=dnyhxn ***IF THIS LINK DOES NOT WORK, LOGIN AS NORMAL AND ENTER THE DETAILS BELOW*** Your username that you used to sign up with is: dbulira Your password you used to sign up with is: password12# The email that you signed up with is: damian@bulira.pl

PGP mail encryption

Single Site Login

Being able to log in to any website through existing proxy account

The security question

Helps with the password recovery, mostly to e-mail boxesExtremely important thing!Treat it as the second password

Cool story… http://www.foxnews.com/entertainment/2012/12/17/hollywood-hacker-honed-his-skills-for-years/

Identity dependency

ESN use case ;)• A jealous geeky boyfriend wants to spy on her

girfriend, he captures a google password (how?)• Later on he discovers some fishy e-mails so he goes

deeper• He changes the Google password and using lost

password feature generates a new password to Facebook (SSO!), Twitter, etc.

• He discovers even more… :>• Imagine what happens later…

Other day-to-day ESN security cases

PC in the ESN office• Private user accounts• Guest account

ESN Office key access• A case similar to password handling

• Track usage• Access list (checked regularly)

Internet privacy

When you upload something to the Internet, it stays there foreverThink before you post!Restrict you privacy in social media• Application access

Respect others privacy and don’t let people to desrespect yours

Exercise

Sending credit card credentials• You’ve forgot a credit card from your apartment and

urgently need to book a flight, fortunately your trustful roommate can send you all the necessary data, how do you proceed?

Join the IT Committee!

We always look for:• Programmers• Designers• Documentation Writers• Tutorial Makers• System Administrators• Linux Experts• Drupal Developers

Keep it safe agm13

Technology

KEEP YOUR VAN SAFE. - Daken

Keep Dairy Safe

Medway’s Keep Safe Day Feedback

Keep Safe This Thanksgiving

Keep Your Food Safe - English

1 STAY SAFE, KEEP OTHERS SAFE - WordPress.com

SCOPE Ditto’s Keep Safe

Keep Your Food Safe- Bosnian

Keep Your Food Safe - Spanish

Keep Food Safe

Keep it safe

Keep Your Healthy Food Safe

Keep Safe Indoors

Keep Your Child Safe

BIRD HABITATS Birds build nests. Nests keep eggs safe. Nests keep birds safe. Nests provide shelter

Keep you and your car safe

How to Keep Your Password Safe

Esn satellite agm13

Keep Your Computers Safe And Secure

KEEP COVID SAFE