apps, methods, practices · 2018. 9. 8. · 2 factor authentication back up everything use a...
TRANSCRIPT
Frank Chen | Spring 2017Frank Chen | Spring 2017
CS 88S
Protecting yourself: apps, methods, practicesWeek 6
Yubikey, a physical key that provides 2-factor authentication
Frank Chen | Spring 2017
Agenda● WireShark Demo, Final Project● Review last week’s material● HTTPS, Safe Practices Online● 2 Factor Authentication● Back up everything● Use a Password Manager
Frank Chen | Spring 2017
Agenda● WireShark Demo, Final Project● Review last week’s material● HTTPS, Safe Practices Online● 2 Factor Authentication● Back up everything● Use a Password Manager
Frank Chen | Spring 2017
YouTube Phish
Source: http://bit.ly/2pIoWQW
Frank Chen | Spring 2017
Google Docs Phish
Source: http://bit.ly/2pIoWQW
Frank Chen | Spring 2017
Google Docs Phish
Source: http://bit.ly/2pIoWQW
Frank Chen | Spring 2017
Wireshark Demo
Frank Chen | Spring 2017
Final Project
Image Source: http://bit.ly/2pIoWQW
kfrankc.me/cs88s/final_project.pdf
Frank Chen | Spring 2017
Agenda● WireShark Demo, Final Project● Review last week’s material● HTTPS, Safe Practices Online● 2 Factor Authentication● Back up everything● Use a Password Manager
Frank Chen | Spring 2017
1 2 3 4 5 6 7
What happens when you type www.google.com?
Frank Chen | Spring 2017
Symmetric Key
Source: http://bit.ly/1I2YUeS
Key used to unlock and
lock the drawer
Frank Chen | Spring 2017
Public/Private Key
Image Source: http://bit.ly/1I2YUeS
Private Key turns only clockwise
Public Key turns only counter-clockwise
Frank Chen | Spring 2017
Virtual Private Network (VPN)
YouInternet Service
Provider (ISP)Websites, Resources
VPN TunnelSource: http://bit.ly/2qBrNZh
Frank Chen | Spring 2017
cybersecurity ✔
protect myself ✘
hack ✔
privacy ✘
money, personal contact, identification ✔
extra (security in IoT devices) ✘
So Far...
Frank Chen | Spring 2017
Agenda● WireShark Demo, Final Project● Review last week’s material● HTTPS, Safe Practices Online● 2 Factor Authentication● Back up everything● Use a Password Manager
Frank Chen | Spring 2017
HTTPDef: HTTP (Hypertext Transfer Protocol) is
the procedure for exchanging information on the Internet
It is easy to intercept
Frank Chen | Spring 2017
How secure is HTTP?✘
✘
✘
Authentication
Integrity
Privacy
Frank Chen | Spring 2017
HTTPS, abridged
Source: http://bit.ly/2qEPNyc
Frank Chen | Spring 2017
HTTPS, abridgedDef: HTTPS is HTTP over Secure Socket Layer.
HTTPS encrypts an HTTP message prior to transmission and decrypts a message upon arrival
via SSL Transaction.
Frank Chen | Spring 2017
SSL Transaction
***Note: To further understand the relationship between SSL and HTTP, you'll first need to understand the OSI model of Computer Networks, which is out of the scope of this class.
BrowserGenerate Public Key using RSA Algorithm
ServerEncrypt data using
Browser's public keyGive Server Public Key
Send back to Browser
BrowserDecrypt data using its
own private key
Source: http://bit.ly/2pTzoTY
Frank Chen | Spring 2017
SSL Transaction
Image Source: http://bit.ly/2qoE6w9
Frank Chen | Spring 2017
How secure is HTTPS?✔
✔
✔
Authentication
Integrity
Privacy
Frank Chen | Spring 2017
HTTPS Everywhere● Browser Extension● Automatically redirect HTTP webpage
into HTTPS webpage if possible● Open Source
Source: http://bit.ly/2qcu3df
Frank Chen | Spring 2017
Be Wary of Public Wi-Fi
Frank Chen | Spring 2017
Be Wary of Email Links
Frank Chen | Spring 2017
Agenda● WireShark Demo, Final Project● Review last week’s material● HTTPS, Safe Practices Online● 2 Factor Authentication● Back up everything● Use a Password Manager
Frank Chen | Spring 2017
AuthenticationWhat you know
What you own
Who you are
Frank Chen | Spring 2017
AuthenticationWhat you know
What you own
Who you are
Frank Chen | Spring 2017
Which Password is more secure?monkey-ocean-superior-pillow
3058472038475
Frank Chen | Spring 2017
They are about the same
Source: http://bit.ly/2pmNOuB
Frank Chen | Spring 2017
Which Password is more secure?
4 common words: 20004 ~ 243.9 combinations
13 random digits: 1013 ~ 243.2 combinations
monkey-ocean-superior-pillow
3058472038475
Source: http://bit.ly/2pmNOuB
Frank Chen | Spring 2017
AuthenticationWhat you know
What you own
Who you are
Frank Chen | Spring 2017
Yubikey● Physical 2-Factor Authentication Device● Generates One-Time-Passwords (OTPs)
Frank Chen | Spring 2017
Yubikey's OTPcccjgjgkhcbb irdrfdnlnghhfgrtnnlgedjlftrbdeut
cccjgjgkhcbb gefdkbbditfjrlniggevfhenublfnrev
cccjgjgkhcbb cvchfkfhiiuunbtnvgihdfiktncvlhck
Frank Chen | Spring 2017Source: http://bit.ly/2qP6yUb
Frank Chen | Spring 2017
Yubikey Demonstration
Frank Chen | Spring 2017
2-Factor OTP Generators
Frank Chen | Spring 2017
AuthenticationWhat you know
What you own
Who you are
Frank Chen | Spring 2017
Fingerprint Scanner
Source: http://apple.co/1En9Tz7
Frank Chen | Spring 2017
Single Sign-On
Source: https://shibboleth.net/ Source:https://www.okta.com/
Frank Chen | Spring 2017
Agenda● WireShark Demo, Final Project● Review last week’s material● HTTPS, Safe Practices Online● 2 Factor Authentication● Back up everything● Use a Password Manager
Frank Chen | Spring 2017
Cloud Storage
Frank Chen | Spring 2017
External Hard Drive
Frank Chen | Spring 2017
Agenda● WireShark Demo, Final Project● Review last week’s material● HTTPS, Safe Practices Online● 2 Factor Authentication● Back up everything● Use a Password Manager
Frank Chen | Spring 2017
Password Managers
Frank Chen | Spring 2017
S f C T
Follow at least one of
the Practices listed today!
Frank Chen | Spring 2017
Facebook's massive data center in Luleå
Next Week...