apps, methods, practices · 2018. 9. 8. · 2 factor authentication back up everything use a...

Frank Chen | Spring 2017Frank Chen | Spring 2017

CS 88S

Protecting yourself: apps, methods, practicesWeek 6

Yubikey, a physical key that provides 2-factor authentication

Frank Chen | Spring 2017

Agenda● WireShark Demo, Final Project● Review last week’s material● HTTPS, Safe Practices Online● 2 Factor Authentication● Back up everything● Use a Password Manager

Frank Chen | Spring 2017

Agenda● WireShark Demo, Final Project● Review last week’s material● HTTPS, Safe Practices Online● 2 Factor Authentication● Back up everything● Use a Password Manager

Frank Chen | Spring 2017

YouTube Phish

Source: http://bit.ly/2pIoWQW

Frank Chen | Spring 2017

Google Docs Phish

Source: http://bit.ly/2pIoWQW

Frank Chen | Spring 2017

Google Docs Phish

Source: http://bit.ly/2pIoWQW

Frank Chen | Spring 2017

Wireshark Demo

Frank Chen | Spring 2017

Final Project

Image Source: http://bit.ly/2pIoWQW

kfrankc.me/cs88s/final_project.pdf

Frank Chen | Spring 2017

Agenda● WireShark Demo, Final Project● Review last week’s material● HTTPS, Safe Practices Online● 2 Factor Authentication● Back up everything● Use a Password Manager

Frank Chen | Spring 2017

1 2 3 4 5 6 7

What happens when you type www.google.com?

Frank Chen | Spring 2017

Symmetric Key

Source: http://bit.ly/1I2YUeS

Key used to unlock and

lock the drawer

Frank Chen | Spring 2017

Public/Private Key

Image Source: http://bit.ly/1I2YUeS

Private Key turns only clockwise

Public Key turns only counter-clockwise

Frank Chen | Spring 2017

Virtual Private Network (VPN)

YouInternet Service

Provider (ISP)Websites, Resources

VPN TunnelSource: http://bit.ly/2qBrNZh

Frank Chen | Spring 2017

cybersecurity ✔

protect myself ✘

hack ✔

privacy ✘

money, personal contact, identification ✔

extra (security in IoT devices) ✘

So Far...

Frank Chen | Spring 2017

Agenda● WireShark Demo, Final Project● Review last week’s material● HTTPS, Safe Practices Online● 2 Factor Authentication● Back up everything● Use a Password Manager

Frank Chen | Spring 2017

HTTPDef: HTTP (Hypertext Transfer Protocol) is

the procedure for exchanging information on the Internet

It is easy to intercept

Frank Chen | Spring 2017

How secure is HTTP?✘

✘

✘

Authentication

Integrity

Privacy

Frank Chen | Spring 2017

HTTPS, abridged

Source: http://bit.ly/2qEPNyc

Frank Chen | Spring 2017

HTTPS, abridgedDef: HTTPS is HTTP over Secure Socket Layer.

HTTPS encrypts an HTTP message prior to transmission and decrypts a message upon arrival

via SSL Transaction.

Frank Chen | Spring 2017

SSL Transaction

***Note: To further understand the relationship between SSL and HTTP, you'll first need to understand the OSI model of Computer Networks, which is out of the scope of this class.

BrowserGenerate Public Key using RSA Algorithm

ServerEncrypt data using

Browser's public keyGive Server Public Key

Send back to Browser

BrowserDecrypt data using its

own private key

Source: http://bit.ly/2pTzoTY

Frank Chen | Spring 2017

SSL Transaction

Image Source: http://bit.ly/2qoE6w9

Frank Chen | Spring 2017

How secure is HTTPS?✔

✔

✔

Authentication

Integrity

Privacy

Frank Chen | Spring 2017

HTTPS Everywhere● Browser Extension● Automatically redirect HTTP webpage

into HTTPS webpage if possible● Open Source

Source: http://bit.ly/2qcu3df

Frank Chen | Spring 2017

Be Wary of Public Wi-Fi

Frank Chen | Spring 2017

Be Wary of Email Links

Frank Chen | Spring 2017

Agenda● WireShark Demo, Final Project● Review last week’s material● HTTPS, Safe Practices Online● 2 Factor Authentication● Back up everything● Use a Password Manager

Frank Chen | Spring 2017

AuthenticationWhat you know

What you own

Who you are

Frank Chen | Spring 2017

AuthenticationWhat you know

What you own

Who you are

Frank Chen | Spring 2017

Which Password is more secure?monkey-ocean-superior-pillow

3058472038475

Frank Chen | Spring 2017

They are about the same

Source: http://bit.ly/2pmNOuB

Frank Chen | Spring 2017

Which Password is more secure?

4 common words: 20004 ~ 243.9 combinations

13 random digits: 1013 ~ 243.2 combinations

monkey-ocean-superior-pillow

3058472038475

Source: http://bit.ly/2pmNOuB

Frank Chen | Spring 2017

AuthenticationWhat you know

What you own

Who you are

Frank Chen | Spring 2017

Yubikey● Physical 2-Factor Authentication Device● Generates One-Time-Passwords (OTPs)

Frank Chen | Spring 2017

Yubikey's OTPcccjgjgkhcbb irdrfdnlnghhfgrtnnlgedjlftrbdeut

cccjgjgkhcbb gefdkbbditfjrlniggevfhenublfnrev

cccjgjgkhcbb cvchfkfhiiuunbtnvgihdfiktncvlhck

Frank Chen | Spring 2017Source: http://bit.ly/2qP6yUb

Frank Chen | Spring 2017

Yubikey Demonstration

Frank Chen | Spring 2017

2-Factor OTP Generators

Frank Chen | Spring 2017

AuthenticationWhat you know

What you own

Who you are

Frank Chen | Spring 2017

Fingerprint Scanner

Source: http://apple.co/1En9Tz7

Frank Chen | Spring 2017

Single Sign-On

Source: https://shibboleth.net/ Source:https://www.okta.com/

Frank Chen | Spring 2017

Agenda● WireShark Demo, Final Project● Review last week’s material● HTTPS, Safe Practices Online● 2 Factor Authentication● Back up everything● Use a Password Manager

Frank Chen | Spring 2017

Cloud Storage

Frank Chen | Spring 2017

External Hard Drive

Frank Chen | Spring 2017

Agenda● WireShark Demo, Final Project● Review last week’s material● HTTPS, Safe Practices Online● 2 Factor Authentication● Back up everything● Use a Password Manager

Frank Chen | Spring 2017

Password Managers

Frank Chen | Spring 2017

S f C T

Follow at least one of

the Practices listed today!

Frank Chen | Spring 2017

Facebook's massive data center in Luleå

Next Week...