SlideShare ist ein Scribd-Unternehmen logo

Github PowerPoint Final

Als PPTX, PDF herunterladen
E
Elizabeth Walden
1 von 24
Elizabeth Walden University of Saint Mary An Analysis on Open Sourcing Athena on GitHub
Outline: Introduction Background Github Major components Advantages Disadvantages Security Configuration Management Recommendations Summary
Purpose of the Analysis:  The purpose of this project was to determine the security risks posed by allowing Athena to remain open sourced.  In coordination with TRADOC G-27 Modeling and Simulation Branch (M&SB) Fort Leavenworth, KS, Elizabeth Walden, a student enrolled in the IT Internship course at the University of Saint Mary in Leavenworth, Kansas, reviewed the security and configuration management aspects of open sourcing TRADOC G- 27’s Athena simulation on GitHub.
Background  Athena originally hosted on GitHub Enterprise at Jet Propulsion Lab  Fall 2015: decision made to offer Athena as an open source tool on GitHub due to termination of funds  Athena is a software application that enables analysts and commanders to simulate the Political, Military, Economic, Social, Infrastructure, and Information (PMESII) entities and processes within the context of a battlefield environment, a wide-area security operation, or in support of a country study to evaluate social evolution dynamics.
Major Components: Git and GitHub Widely used source code management system for a collaborative software development environment Provide a reliable and versatile version control and configuration management process Git repository hosting service Web-based graphical interface Hosted: online, local, enterprise GitHub.com free personal accounts Provides access control and collaboration features
Git
GitHub
Advantages and Disadvantages  Price effective  Revision control services  Bug tracking services  Task management features  Wikis for every project  Online collaboration capability  Although this is a great collaborating concept, like anything hosted on the Internet, it is at risk for malicious activity.  Once the external developers have access to the source code, they potentially have control of that version of Athena and there is no means to retrieving it completely back once people start making local copies.  GitHub.com is a public repository; anyone with an account can gain access to Athena’s source code.  It costs to have a versioning repository on GitHub
Security  Access Permission  Safeguards  Hackers  DDoS  Uber  Vulnerability Prevention  Activity Log
Access Permissions: Administrator Owner = Full Control = Administrator Add collaborators Change visibility Delete the repo
Access Permission: Collaborator Administrator grants access to:  Push to (write), pull from (read), and fork (copy) the repository  Apply labels and milestones  Open, close, re-open, and assign issues  Edit and delete comments on commits, pull requests, and issues  Merge and close pull requests  Send pull requests from forks of the repository  Create and edit Wikis  Create and edit Releases  Remove themselves as collaborators on the repository
GitHub Safeguards System Security  System installation using hardened, patched Operating System  Dedicated firewall and VPN services to help block unauthorized system access  Distributed Denial of Service (DDoS) mitigation services powered by industry-leading solutions Maintaining Security  All passwords are filtered from all our logs and are one-way encrypted in the database using bcrypt. Info sent over Secure Sockets Layer  Two-Factor Authentication when accessing account  We have full time security staff to help identify and prevent new attack vectors  Perform regular penetration tests and ongoing audits of GitHub and its code
Hackers DDoS Attack 2015  Distributed Denial of Service  Shutdown GitHub for over 24 hours  Device at the border of China’s inner network and the Internet has hijacked the HTTP connections went into China, replaced some JavaScript files from Baidu with malicious ones Uber Breach 2014  50,000 drivers’ personal info breach  leak of database administrator credentials and private keys  Uber developers mistakenly put database key on public GitHub site
Vulnerability Prevention: Bug Bounty
Activity Log: Pulse
Activity Log: Members
Activity Log: Contributors Graph
Configuration Management Version Control  Bug Tracking
Version Control
Pull Request
Issue Tracker
Recommendation  Redesign home page  Determine ongoing ownership  Developer vs User Portal design  Establish requirements for collaborators
Summary The purpose of this project was to review the security and configuration management aspects of open sourcing TRADOC G-28’s Athena simulation on GitHub. Athena has been an open- source tool hosted on GitHub since Fall 2o15. GitHub offers efficient configuration management features such as version control and bug tracking. By keeping Athena on GitHub, Athena will gain more exposure and maintain its integrity with the processes already in place by GitHub.
Questions?

Empfohlen

A prentation on github
A prentation on githubA prentation on github
A prentation on githubVeronica Ojochona Michael (MCP)
 
GitHub Basics - Derek Bable
GitHub Basics - Derek BableGitHub Basics - Derek Bable
GitHub Basics - Derek Bable"FENG "GEORGE"" YU
 
Introduction to Version Control
Introduction to Version ControlIntroduction to Version Control
Introduction to Version ControlJeremy Coates
 
Git 101 for Beginners
Git 101 for Beginners Git 101 for Beginners
Git 101 for Beginners Anurag Upadhaya
 
Git
GitGit
GitShinu Suresh
 
Version control
Version controlVersion control
Version controlvisual28
 
Introduction to Git
Introduction to GitIntroduction to Git
Introduction to GitYan Vugenfirer
 
Gitlab ci-cd
Gitlab ci-cdGitlab ci-cd
Gitlab ci-cdDan MAGIER
 

Empfohlen

A prentation on github
A prentation on githubA prentation on github
A prentation on githubVeronica Ojochona Michael (MCP)
 
GitHub Basics - Derek Bable
GitHub Basics - Derek BableGitHub Basics - Derek Bable
GitHub Basics - Derek Bable"FENG "GEORGE"" YU
 
Introduction to Version Control
Introduction to Version ControlIntroduction to Version Control
Introduction to Version ControlJeremy Coates
 
Git 101 for Beginners
Git 101 for Beginners Git 101 for Beginners
Git 101 for Beginners Anurag Upadhaya
 
Git
GitGit
GitShinu Suresh
 
Version control
Version controlVersion control
Version controlvisual28
 
Introduction to Git
Introduction to GitIntroduction to Git
Introduction to GitYan Vugenfirer
 
Gitlab ci-cd
Gitlab ci-cdGitlab ci-cd
Gitlab ci-cdDan MAGIER
 
Introduction to github slideshare
Introduction to github slideshareIntroduction to github slideshare
Introduction to github slideshareRakesh Sukumar
 
BitBucket presentation
BitBucket presentationBitBucket presentation
BitBucket presentationJonathan Lawerh
 
Git real slides
Git real slidesGit real slides
Git real slidesLucas Couto
 
Git 101: Git and GitHub for Beginners
Git 101: Git and GitHub for Beginners Git 101: Git and GitHub for Beginners
Git 101: Git and GitHub for Beginners HubSpot
 
Git and git flow
Git and git flowGit and git flow
Git and git flowFran García
 
Introduction to Git and Github
Introduction to Git and GithubIntroduction to Git and Github
Introduction to Git and GithubRoland Emmanuel Salunga
 
Git and GitHub | Concept about Git and GitHub Process | Git Process overview
Git and GitHub | Concept about Git and GitHub Process | Git Process overviewGit and GitHub | Concept about Git and GitHub Process | Git Process overview
Git and GitHub | Concept about Git and GitHub Process | Git Process overviewRueful Robin
 
Git and Github slides.pdf
Git and Github slides.pdfGit and Github slides.pdf
Git and Github slides.pdfTilton2
 
Github
GithubGithub
GithubNikhil Baby
 
Introduction to Git and Github
Introduction to Git and GithubIntroduction to Git and Github
Introduction to Git and GithubSomkiat Puisungnoen
 
Git Tutorial For Beginners | What is Git and GitHub? | DevOps Tools | DevOps ...
Git Tutorial For Beginners | What is Git and GitHub? | DevOps Tools | DevOps ...Git Tutorial For Beginners | What is Git and GitHub? | DevOps Tools | DevOps ...
Git Tutorial For Beginners | What is Git and GitHub? | DevOps Tools | DevOps ...Simplilearn
 
Git
GitGit
GitGayan Kalanamith Mannapperuma
 
Git Lab Introduction
Git Lab IntroductionGit Lab Introduction
Git Lab IntroductionKrunal Doshi
 
Introduction to GitHub Actions
Introduction to GitHub ActionsIntroduction to GitHub Actions
Introduction to GitHub ActionsKnoldus Inc.
 
Understanding GIT and Version Control
Understanding GIT and Version ControlUnderstanding GIT and Version Control
Understanding GIT and Version ControlSourabh Sahu
 
Github basics
Github basicsGithub basics
Github basicsRadoslav Georgiev
 
Git & GitHub WorkShop
Git & GitHub WorkShopGit & GitHub WorkShop
Git & GitHub WorkShopSheilaJimenezMorejon
 
Git for beginners
Git for beginnersGit for beginners
Git for beginnersArulmurugan Rajaraman
 
Gitlab flow solo
Gitlab flow soloGitlab flow solo
Gitlab flow soloviniciusban
 
Learning git
Learning gitLearning git
Learning gitSid Anand
 
Increase the Velocity of Your Software Releases Using GitHub and DeployHub
Increase the Velocity of Your Software Releases Using GitHub and DeployHubIncrease the Velocity of Your Software Releases Using GitHub and DeployHub
Increase the Velocity of Your Software Releases Using GitHub and DeployHubDevOps.com
 
GitHub for partners
GitHub for partnersGitHub for partners
GitHub for partnersLorenzo Barbieri
 

Weitere ähnliche Inhalte

Was ist angesagt?

Introduction to github slideshare
Introduction to github slideshareIntroduction to github slideshare
Introduction to github slideshareRakesh Sukumar
 
Git 101: Git and GitHub for Beginners
Git 101: Git and GitHub for Beginners Git 101: Git and GitHub for Beginners
Git 101: Git and GitHub for Beginners HubSpot
 
Git and GitHub | Concept about Git and GitHub Process | Git Process overview
Git and GitHub | Concept about Git and GitHub Process | Git Process overviewGit and GitHub | Concept about Git and GitHub Process | Git Process overview
Git and GitHub | Concept about Git and GitHub Process | Git Process overviewRueful Robin
 
Git and Github slides.pdf
Git and Github slides.pdfGit and Github slides.pdf
Git and Github slides.pdfTilton2
 
Git Tutorial For Beginners | What is Git and GitHub? | DevOps Tools | DevOps ...
Git Tutorial For Beginners | What is Git and GitHub? | DevOps Tools | DevOps ...Git Tutorial For Beginners | What is Git and GitHub? | DevOps Tools | DevOps ...
Git Tutorial For Beginners | What is Git and GitHub? | DevOps Tools | DevOps ...Simplilearn
 
Git Lab Introduction
Git Lab IntroductionGit Lab Introduction
Git Lab IntroductionKrunal Doshi
 
Introduction to GitHub Actions
Introduction to GitHub ActionsIntroduction to GitHub Actions
Introduction to GitHub ActionsKnoldus Inc.
 
Understanding GIT and Version Control
Understanding GIT and Version ControlUnderstanding GIT and Version Control
Understanding GIT and Version ControlSourabh Sahu
 
Gitlab flow solo
Gitlab flow soloGitlab flow solo
Gitlab flow soloviniciusban
 
Learning git
Learning gitLearning git
Learning gitSid Anand
 

Was ist angesagt? (20)

Introduction to github slideshare
Introduction to github slideshareIntroduction to github slideshare
Introduction to github slideshare
 
BitBucket presentation
BitBucket presentationBitBucket presentation
BitBucket presentation
 
Git real slides
Git real slidesGit real slides
Git real slides
 
Git 101: Git and GitHub for Beginners
Git 101: Git and GitHub for Beginners Git 101: Git and GitHub for Beginners
Git 101: Git and GitHub for Beginners
 
Git and git flow
Git and git flowGit and git flow
Git and git flow
 
Introduction to Git and Github
Introduction to Git and GithubIntroduction to Git and Github
Introduction to Git and Github
 
Git and GitHub | Concept about Git and GitHub Process | Git Process overview
Git and GitHub | Concept about Git and GitHub Process | Git Process overviewGit and GitHub | Concept about Git and GitHub Process | Git Process overview
Git and GitHub | Concept about Git and GitHub Process | Git Process overview
 
Git and Github slides.pdf
Git and Github slides.pdfGit and Github slides.pdf
Git and Github slides.pdf
 
Github
GithubGithub
Github
 
Introduction to Git and Github
Introduction to Git and GithubIntroduction to Git and Github
Introduction to Git and Github
 
Git Tutorial For Beginners | What is Git and GitHub? | DevOps Tools | DevOps ...
Git Tutorial For Beginners | What is Git and GitHub? | DevOps Tools | DevOps ...Git Tutorial For Beginners | What is Git and GitHub? | DevOps Tools | DevOps ...
Git Tutorial For Beginners | What is Git and GitHub? | DevOps Tools | DevOps ...
 
Git
GitGit
Git
 
Git Lab Introduction
Git Lab IntroductionGit Lab Introduction
Git Lab Introduction
 
Introduction to GitHub Actions
Introduction to GitHub ActionsIntroduction to GitHub Actions
Introduction to GitHub Actions
 
Understanding GIT and Version Control
Understanding GIT and Version ControlUnderstanding GIT and Version Control
Understanding GIT and Version Control
 
Github basics
Github basicsGithub basics
Github basics
 
Git & GitHub WorkShop
Git & GitHub WorkShopGit & GitHub WorkShop
Git & GitHub WorkShop
 
Git for beginners
Git for beginnersGit for beginners
Git for beginners
 
Gitlab flow solo
Gitlab flow soloGitlab flow solo
Gitlab flow solo
 
Learning git
Learning gitLearning git
Learning git
 

Ähnlich wie Github PowerPoint Final

Increase the Velocity of Your Software Releases Using GitHub and DeployHub
Increase the Velocity of Your Software Releases Using GitHub and DeployHubIncrease the Velocity of Your Software Releases Using GitHub and DeployHub
Increase the Velocity of Your Software Releases Using GitHub and DeployHubDevOps.com
 
The (r)evolution of CI/CD on GitHub
The (r)evolution of CI/CD on GitHub The (r)evolution of CI/CD on GitHub
The (r)evolution of CI/CD on GitHubTom Mens
 
DevOps Service | Mindtree
DevOps Service | MindtreeDevOps Service | Mindtree
DevOps Service | MindtreeAnikeyRoy
 
Difference between Github vs Gitlab vs Bitbucket
Difference between Github vs Gitlab vs BitbucketDifference between Github vs Gitlab vs Bitbucket
Difference between Github vs Gitlab vs Bitbucketjeetendra mandal
 
Getting Started with GitHub Security.pptx
Getting Started with GitHub Security.pptxGetting Started with GitHub Security.pptx
Getting Started with GitHub Security.pptxBarakBrudo1
 
Spring Projects Infrastructure
Spring Projects InfrastructureSpring Projects Infrastructure
Spring Projects InfrastructureRoy Clarkson
 
Spring Projects Infrastructure
Spring Projects InfrastructureSpring Projects Infrastructure
Spring Projects InfrastructureGunnar Hillert
 
concordia hacktoberfest.pptx
concordia hacktoberfest.pptxconcordia hacktoberfest.pptx
concordia hacktoberfest.pptxAnkurVerma95745
 
How We Learned To Stop Worrying And Love (or at least live with) GitHub
How We Learned To Stop Worrying And Love (or at least live with) GitHubHow We Learned To Stop Worrying And Love (or at least live with) GitHub
How We Learned To Stop Worrying And Love (or at least live with) GitHubdreamwidth
 
Git Gerrit Mit Teamforge
Git Gerrit Mit TeamforgeGit Gerrit Mit Teamforge
Git Gerrit Mit TeamforgeCollabNet
 
Azure DevOps & GitHub... Better Together!
Azure DevOps & GitHub... Better Together!Azure DevOps & GitHub... Better Together!
Azure DevOps & GitHub... Better Together!Lorenzo Barbieri
 
Git/Gerrit with TeamForge
Git/Gerrit with TeamForgeGit/Gerrit with TeamForge
Git/Gerrit with TeamForgeCollabNet
 
GitHub Vs GitLab | What Are The Major Difference?
GitHub Vs GitLab | What Are The Major Difference?GitHub Vs GitLab | What Are The Major Difference?
GitHub Vs GitLab | What Are The Major Difference?GrapesTech Solutions
 
The Future is Here. The Future is Code.
The Future is Here. The Future is Code.The Future is Here. The Future is Code.
The Future is Here. The Future is Code.Amazon Web Services
 

Ähnlich wie Github PowerPoint Final (20)

Increase the Velocity of Your Software Releases Using GitHub and DeployHub
Increase the Velocity of Your Software Releases Using GitHub and DeployHubIncrease the Velocity of Your Software Releases Using GitHub and DeployHub
Increase the Velocity of Your Software Releases Using GitHub and DeployHub
 
GitHub for partners
GitHub for partnersGitHub for partners
GitHub for partners
 
Git tech
Git techGit tech
Git tech
 
The (r)evolution of CI/CD on GitHub
The (r)evolution of CI/CD on GitHub The (r)evolution of CI/CD on GitHub
The (r)evolution of CI/CD on GitHub
 
DevOps Service | Mindtree
DevOps Service | MindtreeDevOps Service | Mindtree
DevOps Service | Mindtree
 
Difference between Github vs Gitlab vs Bitbucket
Difference between Github vs Gitlab vs BitbucketDifference between Github vs Gitlab vs Bitbucket
Difference between Github vs Gitlab vs Bitbucket
 
GitHub.docx
GitHub.docxGitHub.docx
GitHub.docx
 
Getting Started with GitHub Security.pptx
Getting Started with GitHub Security.pptxGetting Started with GitHub Security.pptx
Getting Started with GitHub Security.pptx
 
Spring Projects Infrastructure
Spring Projects InfrastructureSpring Projects Infrastructure
Spring Projects Infrastructure
 
Spring Projects Infrastructure
Spring Projects InfrastructureSpring Projects Infrastructure
Spring Projects Infrastructure
 
concordia hacktoberfest.pptx
concordia hacktoberfest.pptxconcordia hacktoberfest.pptx
concordia hacktoberfest.pptx
 
How We Learned To Stop Worrying And Love (or at least live with) GitHub
How We Learned To Stop Worrying And Love (or at least live with) GitHubHow We Learned To Stop Worrying And Love (or at least live with) GitHub
How We Learned To Stop Worrying And Love (or at least live with) GitHub
 
Git Gerrit Mit Teamforge
Git Gerrit Mit TeamforgeGit Gerrit Mit Teamforge
Git Gerrit Mit Teamforge
 
OSB15
OSB15OSB15
OSB15
 
Git and Github First-Time Users
Git and Github First-Time UsersGit and Github First-Time Users
Git and Github First-Time Users
 
Azure DevOps & GitHub... Better Together!
Azure DevOps & GitHub... Better Together!Azure DevOps & GitHub... Better Together!
Azure DevOps & GitHub... Better Together!
 
Git/Gerrit with TeamForge
Git/Gerrit with TeamForgeGit/Gerrit with TeamForge
Git/Gerrit with TeamForge
 
GitHub Vs GitLab | What Are The Major Difference?
GitHub Vs GitLab | What Are The Major Difference?GitHub Vs GitLab | What Are The Major Difference?
GitHub Vs GitLab | What Are The Major Difference?
 
Git & GitHub N00bs
Git & GitHub N00bsGit & GitHub N00bs
Git & GitHub N00bs
 
The Future is Here. The Future is Code.
The Future is Here. The Future is Code.The Future is Here. The Future is Code.
The Future is Here. The Future is Code.
 

Github PowerPoint Final

  • 1. Elizabeth Walden University of Saint Mary An Analysis on Open Sourcing Athena on GitHub
  • 3. Purpose of the Analysis:  The purpose of this project was to determine the security risks posed by allowing Athena to remain open sourced.  In coordination with TRADOC G-27 Modeling and Simulation Branch (M&SB) Fort Leavenworth, KS, Elizabeth Walden, a student enrolled in the IT Internship course at the University of Saint Mary in Leavenworth, Kansas, reviewed the security and configuration management aspects of open sourcing TRADOC G- 27’s Athena simulation on GitHub.
  • 4. Background  Athena originally hosted on GitHub Enterprise at Jet Propulsion Lab  Fall 2015: decision made to offer Athena as an open source tool on GitHub due to termination of funds  Athena is a software application that enables analysts and commanders to simulate the Political, Military, Economic, Social, Infrastructure, and Information (PMESII) entities and processes within the context of a battlefield environment, a wide-area security operation, or in support of a country study to evaluate social evolution dynamics.
  • 5. Major Components: Git and GitHub Widely used source code management system for a collaborative software development environment Provide a reliable and versatile version control and configuration management process Git repository hosting service Web-based graphical interface Hosted: online, local, enterprise GitHub.com free personal accounts Provides access control and collaboration features
  • 6. Git
  • 8. Advantages and Disadvantages  Price effective  Revision control services  Bug tracking services  Task management features  Wikis for every project  Online collaboration capability  Although this is a great collaborating concept, like anything hosted on the Internet, it is at risk for malicious activity.  Once the external developers have access to the source code, they potentially have control of that version of Athena and there is no means to retrieving it completely back once people start making local copies.  GitHub.com is a public repository; anyone with an account can gain access to Athena’s source code.  It costs to have a versioning repository on GitHub
  • 9. Security  Access Permission  Safeguards  Hackers  DDoS  Uber  Vulnerability Prevention  Activity Log
  • 10. Access Permissions: Administrator Owner = Full Control = Administrator Add collaborators Change visibility Delete the repo
  • 11. Access Permission: Collaborator Administrator grants access to:  Push to (write), pull from (read), and fork (copy) the repository  Apply labels and milestones  Open, close, re-open, and assign issues  Edit and delete comments on commits, pull requests, and issues  Merge and close pull requests  Send pull requests from forks of the repository  Create and edit Wikis  Create and edit Releases  Remove themselves as collaborators on the repository
  • 12. GitHub Safeguards System Security  System installation using hardened, patched Operating System  Dedicated firewall and VPN services to help block unauthorized system access  Distributed Denial of Service (DDoS) mitigation services powered by industry-leading solutions Maintaining Security  All passwords are filtered from all our logs and are one-way encrypted in the database using bcrypt. Info sent over Secure Sockets Layer  Two-Factor Authentication when accessing account  We have full time security staff to help identify and prevent new attack vectors  Perform regular penetration tests and ongoing audits of GitHub and its code
  • 13. Hackers DDoS Attack 2015  Distributed Denial of Service  Shutdown GitHub for over 24 hours  Device at the border of China’s inner network and the Internet has hijacked the HTTP connections went into China, replaced some JavaScript files from Baidu with malicious ones Uber Breach 2014  50,000 drivers’ personal info breach  leak of database administrator credentials and private keys  Uber developers mistakenly put database key on public GitHub site
  • 22. Recommendation  Redesign home page  Determine ongoing ownership  Developer vs User Portal design  Establish requirements for collaborators
  • 23. Summary The purpose of this project was to review the security and configuration management aspects of open sourcing TRADOC G-28’s Athena simulation on GitHub. Athena has been an open- source tool hosted on GitHub since Fall 2o15. GitHub offers efficient configuration management features such as version control and bug tracking. By keeping Athena on GitHub, Athena will gain more exposure and maintain its integrity with the processes already in place by GitHub.