Jakub Melichar
2
o 95 % incidents involve human mistake
o Insufficient experience and training
o Two layers of resilience
o Secure environment
o Secure behaviour
3
o Confidentiality breach
o Data theft
o Impersonation
o Malware infection
o Backdoor, long-term access
4
o Risk examples
o Eavesdropping
o Unintentional publish
o Protection means
o Access restriction
o Caution with transfer/publishing
o Encryption
5
o Risk examples
o Files manipulation
o Alteration of data in transit
o Protection means
o Authentication of data and parties
o Checksums
o Reliable communication channels
6
o Risk examples
o Data removal
o Denial of access
o Protection means
o Accurate access control
o Secure access restoration
o Secondary access (communications, device)
o Backups
7
o Memorable, but hard to guess
o password vs. passphrase
o Sufficiently long (13+ symbols)
o Do not use same passwords for multiple services!
o Password manager
o 2 Factor Authentication (2FA)
8
o Check URL in links
o Do not visit untrustworthy sites
o Do not open unknown downloads
o Careful with plugins
o Careful with URL shorteners (https://goo.gl/GJ7gd)
o https:// (SSL/TLS security)
o Domain authentication
o Encrypted channel
o Necessity for private activities
9
o Do not use open WiFi networks
o Not-encrypted data transmission
o Anyone in your vicinity can see your traffic
o Careful with public WiFi networks
o Secure personal hotspot - WPA2-PSK/AES (WPA3 late 2018)
o Remove unused networks
10
11
o Sever personal and work communication
o Do not open unwanted emails
o Do not open suspicious attachments
o Always make sure you logged out of webmail
o For sensitive matters use encryption
o Reliable origin only with digital signature
12
o Protect user with authentication
o Lock your screen
o Do not use privileged account
o Update system & apps
o Storage encryption
o Security software
o Regular backups
o Disable interfaces
o Do not plug in unknown devices
o Regular security revision
o Change your passwords
o Check security settings
o Create backups
o Think through the situation when…
o You forget your password
o Lose your means of authentication (phone, token, certificate)
o Someone else is controlling your account
o CHALLANGE EVERYTHING THAT IS BEING SERVED TO YOU
13
14
15
o How does HTTPS provide Encryption? | The Curious Engineer. YouTube
[online]. https://www.youtube.com/watch?v=w0QbnxKRD0w
o Your deleted file still exists | The Curious Engineer. YouTube [online].
https://www.youtube.com/watch?v=bKaT5B9Qgzw
o How Safe is Your Password? - Brit Lab. YouTube [online].
https://www.youtube.com/watch?v=z25UlNNHGTw
o Key Exchange. YouTube [online].
https://www.youtube.com/watch?v=U62S8SchxX4