Security, you are also part of the game

Open solutions, smarter people

Security

You are also part of the game

This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.

Open solutions, smarter people

Who is that guy?

• Bert Desmet• 23 years old• Fedora – Ambassador, mentor, packager• Loadays – Co organizer • Numius – System Engineer, Consultant • Devnox – Developer, System Engineer

Open solutions, smarter people

Today's topics

• I'm a good hacker.• Why I love USB sticks.• Remember your password? • Shhhhhhht!

Open solutions, smarter people

I am a good hacker.

Open solutions, smarter people

No tech hacking?

Open solutions, smarter people

Shoulder surfing

Open solutions, smarter people

Dumpster diving

Open solutions, smarter people

Social engineering

Open solutions, smarter people

Taking pictures

Open solutions, smarter people

Why I love USB sticks.

Open solutions, smarter people

They are easy

Open solutions, smarter people

And small

Open solutions, smarter people

They are easily..

• Forgotten • Stolen

Open solutions, smarter people

Some thoughts about it

• Encrypt your sensitive data• Never put passwords on your system• Use the intranet • Never leave your portable gear alone• Never forget your gear

Open solutions, smarter people

Some statistics

• 53% of UK workers lost portable devices– >50% at a drinking venue

• Taxis and public transport

• 1 lost data record cost more than $187– 70% indirect cost

• Lost costumers

Open solutions, smarter people

Remember your password?

Open solutions, smarter people

How to choose a password

• Avoid using dictionary words• Use special characters and numbers• Change your password every month • Blah blah blah

Open solutions, smarter people

How to choose a password

• Avoid using dictionary words• Use special characters and numbers• Change your password every month • Blah blah blah

Open solutions, smarter people

Entropy

• H : Entropy• N : Possible symbols• Length of string

H=L∗log2 N

Open solutions, smarter people

Example time!

• This is.obviously a.bad passw0rd:-(– L : 35– W : 94 – H : ±230

• PrXyc.N(n4k77#L!eVdAfp9– L : 23– W : 94– H : ±151

Open solutions, smarter people

Time to crack a password

• [[Guesses before string is found = 2H]]• This is.obviously a.bad passw0rd:-(

– 2230 = 1.72543659 × 1069– 1000 guesses /s = 5.5 x 1058 years

• PrXyc.N(n4k77#L!eVdAfp9– 2151 = 2.85449539 × 1045– 1000 guesses /s = 9 × 1034 years

Open solutions, smarter people

Password Strenght

Open solutions, smarter people

Lastpass

• Fully encrypted • Generate extremely hard passwords • Choose a good master password!

Open solutions, smarter people

Some tips

• Never store passwords on pc • Never use autologin

Open solutions, smarter people

Shhhhhhhht!

Open solutions, smarter people

I want you to shut up!

Open solutions, smarter people

Security through obscurity

• Don't tell anyone • Security based on secrecy

Open solutions, smarter people

Kerckhoffs' doctrine

• Security can't depend on secrecy

Open solutions, smarter people

Reality

• There are always leaks – By accident – Deliberately

• Try to keep 'secrets'

Open solutions, smarter people

Wait! There is more!

Open solutions, smarter people

In a perfect world..

Open solutions, smarter people

There is always a hole.

Open solutions, smarter people

I like onions

Open solutions, smarter people

Multi Level Security

• Multiple systems • Building fort Knox • You are the first line of defense

Open solutions, smarter people

Extra! Extra!

Open solutions, smarter people

Something you have..

Open solutions, smarter people

Yubikey

Open solutions, smarter people

I preach.And I practice.

Open solutions, smarter people

Questions?

• Bert Desmet• Security, you are also part of the game

• Mail: Bert@devnox.eu• Twitter: @bdesmet_• Website: http://blog.bdesmet.be• Website: http://www.devnox.eu • This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.

Open solutions, smarter people

Sources• Chess game: http://www.flickr.com/photos/seeminglee/1479932683/

• Closed vault: http://www.flickr.com/photos/mstyne/3654056683/

• Open vault: http://www.flickr.com/photos/spotsgot/156025944/

• Onion: http://www.flickr.com/photos/inferis/107293622/

• Laptop + usb stick: http://www.flickr.com/photos/wstryder/2780310027/

• New York Public Library: http://www.flickr.com/photos/paul_lowry/2616820493/

• Statistics on loosing gear: http://www.securestix.com/bad_news.php

• Shoulder surfing: http://www.flickr.com/photos/bonzoesc/209474964/

• Dumpster: http://www.flickr.com/photos/urbanjacksonville/1803065217/

• Telephone call: http://www.flickr.com/photos/lst1984/994531885/

• Taking pictures: http://www.flickr.com/photos/glenpooh/708845839/

• Xkcd joke: http://xkcd.com/936/

• Shut up: http://www.flickr.com/photos/lorenia/934705558/

• 3way handhake: http://media.photobucket.com/image/3%20way%20handshake/Haley_Bug/Mission%20Trip%20Choir%20Tour%202006/100_0087.jpg?o=1

• Yubikey: http://www.flickr.com/photos/thofle/3206443137/

• Special thanks to: Johnny Long

Open solutions, smarter people