2. Identify a sensitive data
• What do you want to protect
Identify applications that you store information
in
• Where do you want to store it
Identify parties that have access to the data
• Who do you want to share it with
Secure and constrain access
• How do you want to protect it
IT security in a nutshell
AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
3. IT security in a nutshell
Identify a sensitive data
• Personal data
• Financial data
• Photos ;)
• Password file
AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
4. IT security in a nutshell
Identify applications that you store information
in
• Local files
• Locally stored on your hard drive
• How not to loose them?
• Mobile devices
• Laptops, smartphones, USB drives
• What if you loose them?
• Cloud services
• Google docs, Facebook, e-mail
AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
5. Identify parties that have access to the data
• Family
• Friends
• Co-workers
• Internet provider
• Service providers
• Public
Secure and constrain access
• Access only to people that needs it
• Protect your passwords, tokens, digital IDs
AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
IT security in a nutshell
6. How would you store and share it?
ESN case
AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
8. Backups
Avoid single point of failure
• Store sensitive data in more than 1 place
• Archive data (you never know when you want to bring
back some of it)
Dropbox, Google Drive
• Store but remember about encryption
• Easy sharing
AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
9. AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
10. AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
11. CORRECT!
AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
12. Sharing is caring
Similar stuff with Google Drive (docs)
• Even better – more detailed control
Why?
• Control over the contributors
• Someone leaves the organization
• A „black sheep” problem
• Version control – change tracking
• You share with the people that you explicitly invite
AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
13. Mobile devices problem
Common scenario – lost smartphone:
• Stored passwords to FB, Google etc.
• All accounts and data have been took over!
• Always lock your phone – pattern lock, password
Laptop
• Hard disk fully encrypted
USB drive
• Vault partition on flash drive with sensitive data
AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
14. Password protection
How easy is to crack your password
• Strong password policy
Never don’t share your password
• No shared accounts!
Don’t repeat the password in different
applications
• Password system
• PIN codes
AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
15. AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
16. How to pick a good password
Bad ideas
• Dates
• Names
• Common words
• „Pallomeri” ;)
Good ideas
• First letters of a poem, song
• P4770.m3r1
• Don’t reuse the passwords
TOP 2012
1. password
2. 123456
3. 12345678
4. abc123
5. qwerty
6. monkey
7. letmein
8. dragon
9. 111111
10. baseball
AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
17. How to share passwords
Password shall be a private and unique
Share passwords only when it is necessary
DON’Ts
• Send whole passwords by e-mail
• Never send website, login and password together
DOs
• Share wisely – you share the responsibility
• Store passwords encrypted!
• Share passwords on a regular basis
AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
18. The biggest EVIL!
AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
19. Plaintext passwords
Thank you for signing up to Our Webpage, we hope that you
will have a great time here! Please click the link below to
authorise your username and password for use on the Our
site.
http://www.site.com/register.php?action=auth&email=damian@b
ulira.pl&auth=dnyhxn
***IF THIS LINK DOES NOT WORK, LOGIN AS NORMAL AND ENTER
THE DETAILS BELOW***
Your username that you used to sign up with is: dbulira
Your password you used to sign up with is: password12#
The email that you signed up with is: damian@bulira.pl
AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
20. PGP mail encryption
AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
21. Single Site Login
Being able to log in to any website through
existing proxy account
AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
22. The security question
Helps with the password recovery, mostly to e-
mail boxes
Extremely important thing!
Treat it as the second password
Cool story…
http://www.foxnews.com/entertainment/2012/12/17/hollywood-hacker-honed-his-
skills-for-years/
AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
23. Identity dependency
ESN use case ;)
• A jealous geeky boyfriend wants to spy on her
girfriend, he captures a google password (how?)
• Later on he discovers some fishy e-mails so he goes
deeper
• He changes the Google password and using lost
password feature generates a new password to
Facebook (SSO!), Twitter, etc.
• He discovers even more… :>
• Imagine what happens later…
AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
24. Other day-to-day ESN security
cases
PC in the ESN office
• Private user accounts
• Guest account
ESN Office key access
• A case similar to password handling
• Track usage
• Access list (checked regularly)
AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
25. Internet privacy
When you upload something to the Internet, it
stays there forever
Think before you post!
Restrict you privacy in social media
• Application access
Respect others privacy and don’t let people to
desrespect yours
AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
26. AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
27. Exercise
Sending credit card credentials
• You’ve forgot a credit card from your apartment and
urgently need to book a flight, fortunately your trustful
roommate can send you all the necessary data, how do
you proceed?
AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
28. Join the IT Committee!
We always look for:
• Programmers
• Designers
• Documentation Writers
• Tutorial Makers
• System Administrators
• Linux Experts
• Drupal Developers
AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
29. AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl