Andrew Yeomans, Infosecurity.nl, 3 november 2010, Jaarbeurs Utrecht
Paul James Adams, InfoSecurity.nl 2010, 3 november, Jaarbeurs Utrecht
1. Can You Keep A Secret?
Dr. Paul J. Adams
4 November, 2010
2. Can You Keep
A Secret?
Dr. Paul J. Adams
Introduction
Keeping Secrets
Who Is This Guy?
What Is Kolab?
Perspectives
Security By Design
Proprietary
Technology
Valuable Targets
No Single Point Of
Failure
Beyond Groupware
The Challenges
The Solutions
What Next?
We All Have Secrets
But We Don’t All Have Secretaries
Someone to whom you share your secrets.
You understand them
You respect them
You trust them
3. Can You Keep
A Secret?
Dr. Paul J. Adams
Introduction
Keeping Secrets
Who Is This Guy?
What Is Kolab?
Perspectives
Security By Design
Proprietary
Technology
Valuable Targets
No Single Point Of
Failure
Beyond Groupware
The Challenges
The Solutions
What Next?
Jacqui Smith MP
Home Secretary: June 2007 – June 2009
4. Can You Keep
A Secret?
Dr. Paul J. Adams
Introduction
Keeping Secrets
Who Is This Guy?
What Is Kolab?
Perspectives
Security By Design
Proprietary
Technology
Valuable Targets
No Single Point Of
Failure
Beyond Groupware
The Challenges
The Solutions
What Next?
What About Software?
Security Is Not A Feature
Secure by design
Avoid proprietary technology
Use well-tested code
Avoid creating a valuable target
Privacy by design
Layered defence
Avoid single point of failure
5. Can You Keep
A Secret?
Dr. Paul J. Adams
Introduction
Keeping Secrets
Who Is This Guy?
What Is Kolab?
Perspectives
Security By Design
Proprietary
Technology
Valuable Targets
No Single Point Of
Failure
Beyond Groupware
The Challenges
The Solutions
What Next?
My Name Is Paul...
... And I Am Not A Security Expert
COO of Kolab Systems
PhD in Software
Engineering
Member of KDE eV,
Fellow of FSFE, MBCS,
MIEEE
6. Can You Keep
A Secret?
Dr. Paul J. Adams
Introduction
Keeping Secrets
Who Is This Guy?
What Is Kolab?
Perspectives
Security By Design
Proprietary
Technology
Valuable Targets
No Single Point Of
Failure
Beyond Groupware
The Challenges
The Solutions
What Next?
Groupware
Software For Supporting Groups
7. Can You Keep
A Secret?
Dr. Paul J. Adams
Introduction
Keeping Secrets
Who Is This Guy?
What Is Kolab?
Perspectives
Security By Design
Proprietary
Technology
Valuable Targets
No Single Point Of
Failure
Beyond Groupware
The Challenges
The Solutions
What Next?
Groupware For PIM
Personal Information Management
8. Can You Keep
A Secret?
Dr. Paul J. Adams
Introduction
Keeping Secrets
Who Is This Guy?
What Is Kolab?
Perspectives
Security By Design
Proprietary
Technology
Valuable Targets
No Single Point Of
Failure
Beyond Groupware
The Challenges
The Solutions
What Next?
9. Can You Keep
A Secret?
Dr. Paul J. Adams
Introduction
Keeping Secrets
Who Is This Guy?
What Is Kolab?
Perspectives
Security By Design
Proprietary
Technology
Valuable Targets
No Single Point Of
Failure
Beyond Groupware
The Challenges
The Solutions
What Next?
Security By Design
A Whole Industry Can Be Born Of Design Decisions
Ask Yourself, “Why Do We Need...?”
Norton
Kaspersky
Symantec
10. Can You Keep
A Secret?
Dr. Paul J. Adams
Introduction
Keeping Secrets
Who Is This Guy?
What Is Kolab?
Perspectives
Security By Design
Proprietary
Technology
Valuable Targets
No Single Point Of
Failure
Beyond Groupware
The Challenges
The Solutions
What Next?
Proprietary Technology
Where Trust Becomes Faith
What Kolab Does...
Based upon Free
Software Components
Developed As Free
Software
No “Open Core”
11. Can You Keep
A Secret?
Dr. Paul J. Adams
Introduction
Keeping Secrets
Who Is This Guy?
What Is Kolab?
Perspectives
Security By Design
Proprietary
Technology
Valuable Targets
No Single Point Of
Failure
Beyond Groupware
The Challenges
The Solutions
What Next?
Valuable Targets
One Box Is Convenient For The Thieves, Too
What Kolab Does...
Distribute content over
many boxes
Content on boxes
restricted to individual
users
Root and physical access
required
12. Can You Keep
A Secret?
Dr. Paul J. Adams
Introduction
Keeping Secrets
Who Is This Guy?
What Is Kolab?
Perspectives
Security By Design
Proprietary
Technology
Valuable Targets
No Single Point Of
Failure
Beyond Groupware
The Challenges
The Solutions
What Next?
No Single Point Of Failure
Not Even Your Root User!
http://xkcd.com/538/
What Kolab Does
Nothing unencrypted passes between clients if you don’t
want
13. Can You Keep
A Secret?
Dr. Paul J. Adams
Introduction
Keeping Secrets
Who Is This Guy?
What Is Kolab?
Perspectives
Security By Design
Proprietary
Technology
Valuable Targets
No Single Point Of
Failure
Beyond Groupware
The Challenges
The Solutions
What Next?
PIM Isn’t What It Use To Be?
So Neither Should Groupware Be
14. Can You Keep
A Secret?
Dr. Paul J. Adams
Introduction
Keeping Secrets
Who Is This Guy?
What Is Kolab?
Perspectives
Security By Design
Proprietary
Technology
Valuable Targets
No Single Point Of
Failure
Beyond Groupware
The Challenges
The Solutions
What Next?
It Is Not Just Different Data
It Is Different Devices, Too
15. Can You Keep
A Secret?
Dr. Paul J. Adams
Introduction
Keeping Secrets
Who Is This Guy?
What Is Kolab?
Perspectives
Security By Design
Proprietary
Technology
Valuable Targets
No Single Point Of
Failure
Beyond Groupware
The Challenges
The Solutions
What Next?
Moving Beyond Groupware
Giving You All Your Stuff. Now.
Client-side cache of
“stuff”
“Usual” PIM data
Also microblogging or
Jabber
Fully indexed for fast
search
Free Software
implementation of
ActiveSync
Development:
Collaboration with
Zarafa
Funded by NLnet
16. Can You Keep
A Secret?
Dr. Paul J. Adams
Introduction
Keeping Secrets
Who Is This Guy?
What Is Kolab?
Perspectives
Security By Design
Proprietary
Technology
Valuable Targets
No Single Point Of
Failure
Beyond Groupware
The Challenges
The Solutions
What Next?
And Finally...
... What’s Next?
Kolab 3.0 under discussion!
Things to talk about:
Web client
Web admin
LDAP
Chat
Focus on creating a
well-integrated experience from
installation to usage
Get Involved
#kolab on freenode
kolab-
devel@kolab.org
www.kolab.org
17. Can You Keep
A Secret?
Dr. Paul J. Adams
Introduction
Keeping Secrets
Who Is This Guy?
What Is Kolab?
Perspectives
Security By Design
Proprietary
Technology
Valuable Targets
No Single Point Of
Failure
Beyond Groupware
The Challenges
The Solutions
What Next?
Paul Adams, Kolab Systems AG
adams@kolabsys.com
+41 43 501 66 91
http://kolabsys.com