SlideShare une entreprise Scribd logo

Keep it safe agm13

Télécharger en tant que PPTX, PDF
Salih Odabasi
Salih Odabasi
Technologie
1  sur  29
Keep IT safe! AGM Maribor workshop Damian Bulira IT Committee
Identify a sensitive data • What do you want to protect Identify applications that you store information in • Where do you want to store it Identify parties that have access to the data • Who do you want to share it with Secure and constrain access • How do you want to protect it IT security in a nutshell AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
IT security in a nutshell Identify a sensitive data • Personal data • Financial data • Photos ;) • Password file AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
IT security in a nutshell Identify applications that you store information in • Local files • Locally stored on your hard drive • How not to loose them? • Mobile devices • Laptops, smartphones, USB drives • What if you loose them? • Cloud services • Google docs, Facebook, e-mail AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
Identify parties that have access to the data • Family • Friends • Co-workers • Internet provider • Service providers • Public Secure and constrain access • Access only to people that needs it • Protect your passwords, tokens, digital IDs AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl IT security in a nutshell
How would you store and share it? ESN case AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
Protecting local files Password protection • Office / OpenOffice -> embdedd function • Password archive protection • TrueCrypt protection Remote copy • Dropbox folders • Scheduled backups AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
Backups Avoid single point of failure • Store sensitive data in more than 1 place • Archive data (you never know when you want to bring back some of it) Dropbox, Google Drive • Store but remember about encryption • Easy sharing AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
CORRECT! AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
Sharing is caring Similar stuff with Google Drive (docs) • Even better – more detailed control Why? • Control over the contributors • Someone leaves the organization • A „black sheep” problem • Version control – change tracking • You share with the people that you explicitly invite AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
Mobile devices problem Common scenario – lost smartphone: • Stored passwords to FB, Google etc. • All accounts and data have been took over! • Always lock your phone – pattern lock, password Laptop • Hard disk fully encrypted USB drive • Vault partition on flash drive with sensitive data AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
Password protection How easy is to crack your password • Strong password policy Never don’t share your password • No shared accounts! Don’t repeat the password in different applications • Password system • PIN codes AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
How to pick a good password Bad ideas • Dates • Names • Common words • „Pallomeri” ;) Good ideas • First letters of a poem, song • P4770.m3r1 • Don’t reuse the passwords TOP 2012 1. password 2. 123456 3. 12345678 4. abc123 5. qwerty 6. monkey 7. letmein 8. dragon 9. 111111 10. baseball AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
How to share passwords Password shall be a private and unique Share passwords only when it is necessary DON’Ts • Send whole passwords by e-mail • Never send website, login and password together DOs • Share wisely – you share the responsibility • Store passwords encrypted! • Share passwords on a regular basis AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
The biggest EVIL! AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
Plaintext passwords Thank you for signing up to Our Webpage, we hope that you will have a great time here! Please click the link below to authorise your username and password for use on the Our site. http://www.site.com/register.php?action=auth&email=damian@b ulira.pl&auth=dnyhxn ***IF THIS LINK DOES NOT WORK, LOGIN AS NORMAL AND ENTER THE DETAILS BELOW*** Your username that you used to sign up with is: dbulira Your password you used to sign up with is: password12# The email that you signed up with is: damian@bulira.pl AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
PGP mail encryption AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
Single Site Login Being able to log in to any website through existing proxy account AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
The security question Helps with the password recovery, mostly to e- mail boxes Extremely important thing! Treat it as the second password Cool story… http://www.foxnews.com/entertainment/2012/12/17/hollywood-hacker-honed-his- skills-for-years/ AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
Identity dependency ESN use case ;) • A jealous geeky boyfriend wants to spy on her girfriend, he captures a google password (how?) • Later on he discovers some fishy e-mails so he goes deeper • He changes the Google password and using lost password feature generates a new password to Facebook (SSO!), Twitter, etc. • He discovers even more… :> • Imagine what happens later… AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
Other day-to-day ESN security cases PC in the ESN office • Private user accounts • Guest account ESN Office key access • A case similar to password handling • Track usage • Access list (checked regularly) AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
Internet privacy When you upload something to the Internet, it stays there forever Think before you post! Restrict you privacy in social media • Application access Respect others privacy and don’t let people to desrespect yours AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
Exercise Sending credit card credentials • You’ve forgot a credit card from your apartment and urgently need to book a flight, fortunately your trustful roommate can send you all the necessary data, how do you proceed? AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
Join the IT Committee! We always look for: • Programmers • Designers • Documentation Writers • Tutorial Makers • System Administrators • Linux Experts • Drupal Developers AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl

Recommandé

Esn wiki agm13
Esn wiki agm13Esn wiki agm13
Esn wiki agm13Salih Odabasi
 
General presentation fi co september 2011
General presentation fi co september 2011General presentation fi co september 2011
General presentation fi co september 2011Salih Odabasi
 
Esn webprojects 2013
Esn webprojects 2013Esn webprojects 2013
Esn webprojects 2013Salih Odabasi
 
It committee updates april2011
It committee updates april2011It committee updates april2011
It committee updates april2011Salih Odabasi
 
Esn generalpresentation mar2013
Esn generalpresentation mar2013Esn generalpresentation mar2013
Esn generalpresentation mar2013Salih Odabasi
 
Fo x presentation cnr oct12
Fo x presentation cnr oct12Fo x presentation cnr oct12
Fo x presentation cnr oct12Salih Odabasi
 
National platform esn uksw esn uj
National platform esn uksw esn ujNational platform esn uksw esn uj
National platform esn uksw esn ujSalih Odabasi
 
Esn as a brand
Esn as a brandEsn as a brand
Esn as a brandSalih Odabasi
 

Recommandé

Esn wiki agm13
Esn wiki agm13Esn wiki agm13
Esn wiki agm13Salih Odabasi
 
General presentation fi co september 2011
General presentation fi co september 2011General presentation fi co september 2011
General presentation fi co september 2011Salih Odabasi
 
Esn webprojects 2013
Esn webprojects 2013Esn webprojects 2013
Esn webprojects 2013Salih Odabasi
 
It committee updates april2011
It committee updates april2011It committee updates april2011
It committee updates april2011Salih Odabasi
 
Esn generalpresentation mar2013
Esn generalpresentation mar2013Esn generalpresentation mar2013
Esn generalpresentation mar2013Salih Odabasi
 
Fo x presentation cnr oct12
Fo x presentation cnr oct12Fo x presentation cnr oct12
Fo x presentation cnr oct12Salih Odabasi
 
National platform esn uksw esn uj
National platform esn uksw esn ujNational platform esn uksw esn uj
National platform esn uksw esn ujSalih Odabasi
 
Esn as a brand
Esn as a brandEsn as a brand
Esn as a brandSalih Odabasi
 
Knowledge transfer nbm 2013
Knowledge transfer nbm 2013Knowledge transfer nbm 2013
Knowledge transfer nbm 2013Salih Odabasi
 
Esn galaxy agm13
Esn galaxy agm13Esn galaxy agm13
Esn galaxy agm13Salih Odabasi
 
Se cs rp12
Se cs rp12Se cs rp12
Se cs rp12Salih Odabasi
 
Italian social erasmusweek seep12
Italian social erasmusweek seep12Italian social erasmusweek seep12
Italian social erasmusweek seep12Salih Odabasi
 
mediterranean international event
mediterranean international eventmediterranean international event
mediterranean international eventSalih Odabasi
 
Exchange ability gr seep12
Exchange ability gr seep12Exchange ability gr seep12
Exchange ability gr seep12Salih Odabasi
 
Esn greece general info for es_ners
Esn greece general info for es_nersEsn greece general info for es_ners
Esn greece general info for es_nersSalih Odabasi
 
Esn house istanbul 2009
Esn house istanbul 2009Esn house istanbul 2009
Esn house istanbul 2009Salih Odabasi
 
Esn yeditepe tanıtım
Esn yeditepe tanıtımEsn yeditepe tanıtım
Esn yeditepe tanıtımSalih Odabasi
 
Erasmus tanıtım bim
Erasmus tanıtım bimErasmus tanıtım bim
Erasmus tanıtım bimSalih Odabasi
 
Esn tanitim 2009
Esn tanitim 2009Esn tanitim 2009
Esn tanitim 2009Salih Odabasi
 
Esn turkey sunumu isparta - april 2013
Esn turkey sunumu isparta - april 2013Esn turkey sunumu isparta - april 2013
Esn turkey sunumu isparta - april 2013Salih Odabasi
 
Section partnership seep12
Section partnership seep12Section partnership seep12
Section partnership seep12Salih Odabasi
 
It tools rp12
It tools rp12It tools rp12
It tools rp12Salih Odabasi
 
Social erasmus seep11
Social erasmus seep11Social erasmus seep11
Social erasmus seep11Salih Odabasi
 
It committee mar12
It committee mar12It committee mar12
It committee mar12Salih Odabasi
 
It committee agm budapest2011
It committee agm budapest2011It committee agm budapest2011
It committee agm budapest2011Salih Odabasi
 
Nbm standing orders esn finland cnr zagreb
Nbm standing orders esn finland cnr zagrebNbm standing orders esn finland cnr zagreb
Nbm standing orders esn finland cnr zagrebSalih Odabasi
 
Co meet utrecht
Co meet utrechtCo meet utrecht
Co meet utrechtSalih Odabasi
 
Galaxy satellite rp 2012
Galaxy satellite rp 2012Galaxy satellite rp 2012
Galaxy satellite rp 2012Salih Odabasi
 
Google Partners - Certification
Google Partners - CertificationGoogle Partners - Certification
Google Partners - CertificationSalih Odabasi
 
AGM Ankara Update_CNRKrakow20140608
AGM Ankara Update_CNRKrakow20140608AGM Ankara Update_CNRKrakow20140608
AGM Ankara Update_CNRKrakow20140608Salih Odabasi
 

Contenu connexe

En vedette

Knowledge transfer nbm 2013
Knowledge transfer nbm 2013Knowledge transfer nbm 2013
Knowledge transfer nbm 2013Salih Odabasi
 
Italian social erasmusweek seep12
Italian social erasmusweek seep12Italian social erasmusweek seep12
Italian social erasmusweek seep12Salih Odabasi
 
mediterranean international event
mediterranean international eventmediterranean international event
mediterranean international eventSalih Odabasi
 
Exchange ability gr seep12
Exchange ability gr seep12Exchange ability gr seep12
Exchange ability gr seep12Salih Odabasi
 
Esn greece general info for es_ners
Esn greece general info for es_nersEsn greece general info for es_ners
Esn greece general info for es_nersSalih Odabasi
 
Esn house istanbul 2009
Esn house istanbul 2009Esn house istanbul 2009
Esn house istanbul 2009Salih Odabasi
 
Esn yeditepe tanıtım
Esn yeditepe tanıtımEsn yeditepe tanıtım
Esn yeditepe tanıtımSalih Odabasi
 
Erasmus tanıtım bim
Erasmus tanıtım bimErasmus tanıtım bim
Erasmus tanıtım bimSalih Odabasi
 
Esn turkey sunumu isparta - april 2013
Esn turkey sunumu isparta - april 2013Esn turkey sunumu isparta - april 2013
Esn turkey sunumu isparta - april 2013Salih Odabasi
 
Section partnership seep12
Section partnership seep12Section partnership seep12
Section partnership seep12Salih Odabasi
 
Social erasmus seep11
Social erasmus seep11Social erasmus seep11
Social erasmus seep11Salih Odabasi
 
It committee agm budapest2011
It committee agm budapest2011It committee agm budapest2011
It committee agm budapest2011Salih Odabasi
 
Nbm standing orders esn finland cnr zagreb
Nbm standing orders esn finland cnr zagrebNbm standing orders esn finland cnr zagreb
Nbm standing orders esn finland cnr zagrebSalih Odabasi
 
Galaxy satellite rp 2012
Galaxy satellite rp 2012Galaxy satellite rp 2012
Galaxy satellite rp 2012Salih Odabasi
 

En vedette (20)

Knowledge transfer nbm 2013
Knowledge transfer nbm 2013Knowledge transfer nbm 2013
Knowledge transfer nbm 2013
 
Esn galaxy agm13
Esn galaxy agm13Esn galaxy agm13
Esn galaxy agm13
 
Se cs rp12
Se cs rp12Se cs rp12
Se cs rp12
 
Italian social erasmusweek seep12
Italian social erasmusweek seep12Italian social erasmusweek seep12
Italian social erasmusweek seep12
 
mediterranean international event
mediterranean international eventmediterranean international event
mediterranean international event
 
Exchange ability gr seep12
Exchange ability gr seep12Exchange ability gr seep12
Exchange ability gr seep12
 
Esn greece general info for es_ners
Esn greece general info for es_nersEsn greece general info for es_ners
Esn greece general info for es_ners
 
Esn house istanbul 2009
Esn house istanbul 2009Esn house istanbul 2009
Esn house istanbul 2009
 
Esn yeditepe tanıtım
Esn yeditepe tanıtımEsn yeditepe tanıtım
Esn yeditepe tanıtım
 
Erasmus tanıtım bim
Erasmus tanıtım bimErasmus tanıtım bim
Erasmus tanıtım bim
 
Esn tanitim 2009
Esn tanitim 2009Esn tanitim 2009
Esn tanitim 2009
 
Esn turkey sunumu isparta - april 2013
Esn turkey sunumu isparta - april 2013Esn turkey sunumu isparta - april 2013
Esn turkey sunumu isparta - april 2013
 
Section partnership seep12
Section partnership seep12Section partnership seep12
Section partnership seep12
 
It tools rp12
It tools rp12It tools rp12
It tools rp12
 
Social erasmus seep11
Social erasmus seep11Social erasmus seep11
Social erasmus seep11
 
It committee mar12
It committee mar12It committee mar12
It committee mar12
 
It committee agm budapest2011
It committee agm budapest2011It committee agm budapest2011
It committee agm budapest2011
 
Nbm standing orders esn finland cnr zagreb
Nbm standing orders esn finland cnr zagrebNbm standing orders esn finland cnr zagreb
Nbm standing orders esn finland cnr zagreb
 
Co meet utrecht
Co meet utrechtCo meet utrecht
Co meet utrecht
 
Galaxy satellite rp 2012
Galaxy satellite rp 2012Galaxy satellite rp 2012
Galaxy satellite rp 2012
 

Plus de Salih Odabasi

Google Partners - Certification
Google Partners - CertificationGoogle Partners - Certification
Google Partners - CertificationSalih Odabasi
 
AGM Ankara Update_CNRKrakow20140608
AGM Ankara Update_CNRKrakow20140608AGM Ankara Update_CNRKrakow20140608
AGM Ankara Update_CNRKrakow20140608Salih Odabasi
 
Workshop how to apply for an int event-updated
Workshop how to apply for an int event-updatedWorkshop how to apply for an int event-updated
Workshop how to apply for an int event-updatedSalih Odabasi
 
Mediterranean international event
Mediterranean international eventMediterranean international event
Mediterranean international eventSalih Odabasi
 
mediterran international event
mediterran international eventmediterran international event
mediterran international eventSalih Odabasi
 
Responsible Party Assailly
Responsible Party AssaillyResponsible Party Assailly
Responsible Party AssaillySalih Odabasi
 
Uluslar arası etkinlikler, toplantılar, komiteler np yeditepe2011
Uluslar arası etkinlikler, toplantılar, komiteler np yeditepe2011Uluslar arası etkinlikler, toplantılar, komiteler np yeditepe2011
Uluslar arası etkinlikler, toplantılar, komiteler np yeditepe2011Salih Odabasi
 
Ulusal web projeleri update spm2012
Ulusal web projeleri update spm2012Ulusal web projeleri update spm2012
Ulusal web projeleri update spm2012Salih Odabasi
 
Treasurers session nbm12
Treasurers session nbm12Treasurers session nbm12
Treasurers session nbm12Salih Odabasi
 
Strategic priorities cnr may2012
Strategic priorities cnr may2012Strategic priorities cnr may2012
Strategic priorities cnr may2012Salih Odabasi
 
Social erasmus turkey_eesc_sept2012
Social erasmus turkey_eesc_sept2012Social erasmus turkey_eesc_sept2012
Social erasmus turkey_eesc_sept2012Salih Odabasi
 
Social erasmus esn_maribor seep12
Social erasmus esn_maribor seep12Social erasmus esn_maribor seep12
Social erasmus esn_maribor seep12Salih Odabasi
 
Social erasmus esn_bilkent_spm11
Social erasmus esn_bilkent_spm11Social erasmus esn_bilkent_spm11
Social erasmus esn_bilkent_spm11Salih Odabasi
 
Social erasmus esn_bilkent_eng
Social erasmus esn_bilkent_engSocial erasmus esn_bilkent_eng
Social erasmus esn_bilkent_engSalih Odabasi
 

Plus de Salih Odabasi (20)

Google Partners - Certification
Google Partners - CertificationGoogle Partners - Certification
Google Partners - Certification
 
AGM Ankara Update_CNRKrakow20140608
AGM Ankara Update_CNRKrakow20140608AGM Ankara Update_CNRKrakow20140608
AGM Ankara Update_CNRKrakow20140608
 
Esn quiz
Esn quizEsn quiz
Esn quiz
 
Story r ps
Story r psStory r ps
Story r ps
 
Workshop how to apply for an int event-updated
Workshop how to apply for an int event-updatedWorkshop how to apply for an int event-updated
Workshop how to apply for an int event-updated
 
Culturalawareness
CulturalawarenessCulturalawareness
Culturalawareness
 
Mediterranean international event
Mediterranean international eventMediterranean international event
Mediterranean international event
 
mediterran international event
mediterran international eventmediterran international event
mediterran international event
 
Garagerasmus
GaragerasmusGaragerasmus
Garagerasmus
 
Responsible Party Assailly
Responsible Party AssaillyResponsible Party Assailly
Responsible Party Assailly
 
Uluslar arası etkinlikler, toplantılar, komiteler np yeditepe2011
Uluslar arası etkinlikler, toplantılar, komiteler np yeditepe2011Uluslar arası etkinlikler, toplantılar, komiteler np yeditepe2011
Uluslar arası etkinlikler, toplantılar, komiteler np yeditepe2011
 
Ulusal web projeleri update spm2012
Ulusal web projeleri update spm2012Ulusal web projeleri update spm2012
Ulusal web projeleri update spm2012
 
Treasurers session nbm12
Treasurers session nbm12Treasurers session nbm12
Treasurers session nbm12
 
To be it cnr zagreb
To be it cnr zagrebTo be it cnr zagreb
To be it cnr zagreb
 
Strategic priorities cnr may2012
Strategic priorities cnr may2012Strategic priorities cnr may2012
Strategic priorities cnr may2012
 
Squid oct12
Squid oct12Squid oct12
Squid oct12
 
Social erasmus turkey_eesc_sept2012
Social erasmus turkey_eesc_sept2012Social erasmus turkey_eesc_sept2012
Social erasmus turkey_eesc_sept2012
 
Social erasmus esn_maribor seep12
Social erasmus esn_maribor seep12Social erasmus esn_maribor seep12
Social erasmus esn_maribor seep12
 
Social erasmus esn_bilkent_spm11
Social erasmus esn_bilkent_spm11Social erasmus esn_bilkent_spm11
Social erasmus esn_bilkent_spm11
 
Social erasmus esn_bilkent_eng
Social erasmus esn_bilkent_engSocial erasmus esn_bilkent_eng
Social erasmus esn_bilkent_eng
 

Dernier

Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 

Dernier (20)

Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 

Keep it safe agm13

  • 1. Keep IT safe! AGM Maribor workshop Damian Bulira IT Committee
  • 2. Identify a sensitive data • What do you want to protect Identify applications that you store information in • Where do you want to store it Identify parties that have access to the data • Who do you want to share it with Secure and constrain access • How do you want to protect it IT security in a nutshell AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
  • 3. IT security in a nutshell Identify a sensitive data • Personal data • Financial data • Photos ;) • Password file AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
  • 4. IT security in a nutshell Identify applications that you store information in • Local files • Locally stored on your hard drive • How not to loose them? • Mobile devices • Laptops, smartphones, USB drives • What if you loose them? • Cloud services • Google docs, Facebook, e-mail AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
  • 5. Identify parties that have access to the data • Family • Friends • Co-workers • Internet provider • Service providers • Public Secure and constrain access • Access only to people that needs it • Protect your passwords, tokens, digital IDs AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl IT security in a nutshell
  • 6. How would you store and share it? ESN case AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
  • 7. Protecting local files Password protection • Office / OpenOffice -> embdedd function • Password archive protection • TrueCrypt protection Remote copy • Dropbox folders • Scheduled backups AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
  • 8. Backups Avoid single point of failure • Store sensitive data in more than 1 place • Archive data (you never know when you want to bring back some of it) Dropbox, Google Drive • Store but remember about encryption • Easy sharing AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
  • 9. AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
  • 10. AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
  • 11. CORRECT! AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
  • 12. Sharing is caring Similar stuff with Google Drive (docs) • Even better – more detailed control Why? • Control over the contributors • Someone leaves the organization • A „black sheep” problem • Version control – change tracking • You share with the people that you explicitly invite AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
  • 13. Mobile devices problem Common scenario – lost smartphone: • Stored passwords to FB, Google etc. • All accounts and data have been took over! • Always lock your phone – pattern lock, password Laptop • Hard disk fully encrypted USB drive • Vault partition on flash drive with sensitive data AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
  • 14. Password protection How easy is to crack your password • Strong password policy Never don’t share your password • No shared accounts! Don’t repeat the password in different applications • Password system • PIN codes AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
  • 15. AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
  • 16. How to pick a good password Bad ideas • Dates • Names • Common words • „Pallomeri” ;) Good ideas • First letters of a poem, song • P4770.m3r1 • Don’t reuse the passwords TOP 2012 1. password 2. 123456 3. 12345678 4. abc123 5. qwerty 6. monkey 7. letmein 8. dragon 9. 111111 10. baseball AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
  • 17. How to share passwords Password shall be a private and unique Share passwords only when it is necessary DON’Ts • Send whole passwords by e-mail • Never send website, login and password together DOs • Share wisely – you share the responsibility • Store passwords encrypted! • Share passwords on a regular basis AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
  • 18. The biggest EVIL! AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
  • 19. Plaintext passwords Thank you for signing up to Our Webpage, we hope that you will have a great time here! Please click the link below to authorise your username and password for use on the Our site. http://www.site.com/register.php?action=auth&email=damian@b ulira.pl&auth=dnyhxn ***IF THIS LINK DOES NOT WORK, LOGIN AS NORMAL AND ENTER THE DETAILS BELOW*** Your username that you used to sign up with is: dbulira Your password you used to sign up with is: password12# The email that you signed up with is: damian@bulira.pl AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
  • 20. PGP mail encryption AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
  • 21. Single Site Login Being able to log in to any website through existing proxy account AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
  • 22. The security question Helps with the password recovery, mostly to e- mail boxes Extremely important thing! Treat it as the second password Cool story… http://www.foxnews.com/entertainment/2012/12/17/hollywood-hacker-honed-his- skills-for-years/ AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
  • 23. Identity dependency ESN use case ;) • A jealous geeky boyfriend wants to spy on her girfriend, he captures a google password (how?) • Later on he discovers some fishy e-mails so he goes deeper • He changes the Google password and using lost password feature generates a new password to Facebook (SSO!), Twitter, etc. • He discovers even more… :> • Imagine what happens later… AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
  • 24. Other day-to-day ESN security cases PC in the ESN office • Private user accounts • Guest account ESN Office key access • A case similar to password handling • Track usage • Access list (checked regularly) AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
  • 25. Internet privacy When you upload something to the Internet, it stays there forever Think before you post! Restrict you privacy in social media • Application access Respect others privacy and don’t let people to desrespect yours AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
  • 26. AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
  • 27. Exercise Sending credit card credentials • You’ve forgot a credit card from your apartment and urgently need to book a flight, fortunately your trustful roommate can send you all the necessary data, how do you proceed? AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
  • 28. Join the IT Committee! We always look for: • Programmers • Designers • Documentation Writers • Tutorial Makers • System Administrators • Linux Experts • Drupal Developers AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl
  • 29. AGM Maribor - Security Workshop | Damian Bulira - ESN IT Committee | damian@bulira.pl