SlideShare uma empresa Scribd logo

Heartbleed Explained & LastPass Demo

Transferir como PPSX, PDF
William Mann
William Mann

The document discusses the Heartbleed vulnerability and explains how password management tools like LastPass can help improve online security. It describes what the Heartbleed bug is, how it allows theft of sensitive information, and why unique, strong passwords are important to prevent attacks. The bulk of the document demonstrates how to set up a LastPass account and vault, generate secure passwords, organize accounts into folders, and access passwords across devices for a more secure digital life.

Tecnologia
1 de 26
Technology Training Special Training - Session #13 Heartbleed Explained Getting Your Digital Security in Order with LastPass May 8, 2014 William Mann, Borough of West Chester - CIO
Securing Your Digital Life
What is Heartbleed? The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs). SSL = Secure Sockets Layer TLS = Transport Layer Security definitions
What is Heartbleed? The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.
What is Heartbleed? With a Heartbleed infected server, information like you see here can be captured by an attacker. This may not look like much, but if your logon or account information is exposed in this way are data is at risk.
What is Heartbleed? Why it is called the Heartbleed Bug? The Bug is in the OpenSSL's implementation of the TLS/DTLS (transport layer security protocols) heartbeat extension (RFC6520). When it is exploited it leads to the leak of memory contents from the server to the client and from the client to the server.
Explaining Heartbleed First the girl asks the server to indicate whether it’s still online by telling it to say “Potato,” and indicates the length of the word. The server responds with “Potato,” while withholding all of the information surrounding “Potato,” written out in a lighter hue in the server’s speech bubbles. The hacker then asks the server to repeat the same task, but instead replaces “Potato” with “Bird,” and indicates the length of the word. The server complies. Then, the hacker asks the server to say “Hat,” but instead of noting that it’s a three-character word, she states that it’s 500 letters long. The server responds not only by saying “Hat,” but also by leaking out the information around the word. By doing so, it reveals sensitive server information, including a “master key,” which the hacker begins to jot down.
Protecting Your Information Heartbleed is a reminder that securing your information is more important then ever before. And it’s going to get worse. As we continue relying on technology for conducting business, communicating through email, social media and shopping online cybercriminals are going to continue getting smarter and more aggressive in how they try to steal personal information. So we need to be even smarter….
Password Management Password Management is becoming one of the best defenses for security flaws. Passwords today need to be taken very seriously. This means having a good, efficient password management plan for every account you have online. Password Management in days past could be very complicated, time consuming and difficult. However today there are many solutions out there that are easy to use, secure and either free or very inexpensive. Each of your accounts should have a strong and unique password.
Password Management with LastPass Last Pass has both a free account and a paid account. The paid account is $12 / year and provided mobile app support which is alone is well worth the cost. With this password management tool you will be able to organize, manage and use unique secure passwords easily. In fact I use LastPass and I actually do not even know what the majority passwords are. Now – that’s security!
Introducing LastPass What I really like about LastPass is that you actually do not need to know all those passwords and their app is available on every device you may choose to use. You just need to know one password…. Your LastPass password.
Introducing LastPass With this in mind, even before you sign up for LastPass be sure to think about a good, secure password that you will never – ever forget.
Simple Passwords are so Yesterday Passwords as we know them are going to change in a big way very soon. Gone will be the time when simple words like… “password” will be used or accepted. Now I may be getting ahead of myself but… A better password strategy is using key phrases that only you would know and no one else could guess or that a cyber criminal could hack.
Passwords are Changing Here are a couple of examples of using “phrases” for your password. Ex: 1 is “Captain Kirk and Mr. Spock are best friends!” Your typed password would be: Captain_Kirk_&_Mr._Spock_are_best_freinds! Ex: 2 is “My favorite Place on Earth is Disney World!” Your typed password would be: My_Favorite_Place_on_Earth_is_Disney_World! Passwords using phrases can be long, complex and easily remembered!
Embrace Password Management This is important before we continue. Make sure you pick a good password or phrase that you will not forget. It will also be a good idea to print and save this password is a secure location like a safe in your home or another secure location. This will be the only password you will need if you use LastPass (or similar password managers) regularly. If you forget your LastPass password there is NO reset mechanism.
Signing up with LastPass Go to www.lastpass.com to sign up. Either choose “Download Free” or “Go Premium”. Passwords are very important and your security is probably worth $12 / year.
Creating Your LastPass Account I recommend that when you sign up with LastPass you use your primary computer or laptop. When you go to create an account you will be prompted to “Download LastPass”. Do this. You will then enter your email address, a master password (the really – really good one you already decided on) and a Password Reminder that will only help you remember it – just in case.
Getting to Know Your LastPass Vault The LastPass Vault is where you will store, organize and manage all of your passwords. This vault will be also available to you on all of your mobile devices if you sign up for the Premium account ($12/year).
Organizing Your LastPass Vault I recommend organzing all of your accounts into folders. You can see by my example I have all of my accounts in catergorized folders that I created. Within each folder are my specific accounts.
Organizing Your LastPass Vault By creating an organized folder structure for your accounts you quickly realize....
Creating Strong Passwords with LastPass With LastPass installed you will now notice an (*) next to all of you logon fields for websites. If an account has already been setup you can simply select login because all of the fields will be completed for you. You can also setup an account for “autologin” which will of course automatically log you in. I recommend this only a secured PC that is passworded to access you Windows account or one that only you have access to. Make sure that when you install LastPass on your PC that you install the “plug in” for all of the browsers that you use.
Creating Strong Passwords with LastPass Creating secure & unique passwords for each account is the point here so you will want to take the time to change any passwords you have. LastPass makes this very easy with the “password generator”. You can do this by selecting the * and the “Generate” button.
Creating Strong Passwords with LastPass If you use the default settings you will see it will generate for you a strong 12 character password using several types of characters. Select Use Password then “Yes, Use for this Site”.
Going Mobile with LastPass On your mobile device you will open the LastPass app first, copy the password and then paste it into account the that you want to access. Although there is a physical – additional step here – you only need one password to remember – and use. However, and this is important, all of your passwords are complex and unique.
How Does LastPass Work? LastPass uses AES 256-bit encryption. The Advanced Encryption Standard (AES) is a specification for the encryption of electronic data established by the U.S.National Institute of Standards and Technology (NIST) in 2001 All sensitive data is encrypted and decrypted locally before syncing with LastPass. Your key never leaves your device, and is never shared with LastPass. Your data stays accessible only to you. MQ9=5khD<YWZ&+5 This is how each of your passwords should look. With LastPass you can actually do this – and it’s easy.
LastPass Demo Now we will walk through how to use LastPass. Please ask questions as we go along. www.lastpass.com

Recomendados

I forgot my password – what a secure password reset needs to have and why
I forgot my password – what a secure password reset needs to have and whyI forgot my password – what a secure password reset needs to have and why
I forgot my password – what a secure password reset needs to have and whyMichal Špaček
 
Disclosing password hashing policies
Disclosing password hashing policiesDisclosing password hashing policies
Disclosing password hashing policiesMichal Špaček
 
P@ssw0rds
P@ssw0rdsP@ssw0rds
P@ssw0rdsWill Alexander
 
Network Security 1st Lecture
Network Security 1st LectureNetwork Security 1st Lecture
Network Security 1st Lecturebabak danyal
 
West Chester Staff Technology Training - Website,LastPass and Tips!
West Chester Staff Technology Training - Website,LastPass and Tips!West Chester Staff Technology Training - Website,LastPass and Tips!
West Chester Staff Technology Training - Website,LastPass and Tips!William Mann
 
Network Security
Network SecurityNetwork Security
Network SecuritySOBXTECH
 
5 tips for an unbreakable password
5 tips for an unbreakable password5 tips for an unbreakable password
5 tips for an unbreakable passwordSafeSpaceOnline
 
Why is password protection a fallacy a point of view
Why is password protection a fallacy a point of viewWhy is password protection a fallacy a point of view
Why is password protection a fallacy a point of viewSTO STRATEGY
 

Recomendados

I forgot my password – what a secure password reset needs to have and why
I forgot my password – what a secure password reset needs to have and whyI forgot my password – what a secure password reset needs to have and why
I forgot my password – what a secure password reset needs to have and whyMichal Špaček
 
Disclosing password hashing policies
Disclosing password hashing policiesDisclosing password hashing policies
Disclosing password hashing policiesMichal Špaček
 
P@ssw0rds
P@ssw0rdsP@ssw0rds
P@ssw0rdsWill Alexander
 
Network Security 1st Lecture
Network Security 1st LectureNetwork Security 1st Lecture
Network Security 1st Lecturebabak danyal
 
West Chester Staff Technology Training - Website,LastPass and Tips!
West Chester Staff Technology Training - Website,LastPass and Tips!West Chester Staff Technology Training - Website,LastPass and Tips!
West Chester Staff Technology Training - Website,LastPass and Tips!William Mann
 
Network Security
Network SecurityNetwork Security
Network SecuritySOBXTECH
 
5 tips for an unbreakable password
5 tips for an unbreakable password5 tips for an unbreakable password
5 tips for an unbreakable passwordSafeSpaceOnline
 
Why is password protection a fallacy a point of view
Why is password protection a fallacy a point of viewWhy is password protection a fallacy a point of view
Why is password protection a fallacy a point of viewSTO STRATEGY
 
Password Storage Explained
Password Storage ExplainedPassword Storage Explained
Password Storage Explainedjeetendra mandal
 
Why is password protection a fallacy a point of view
Why is password protection a fallacy a point of viewWhy is password protection a fallacy a point of view
Why is password protection a fallacy a point of viewYury Chemerkin
 
Password Strength Policy Query
Password Strength Policy QueryPassword Strength Policy Query
Password Strength Policy QueryGloria Stoilova
 
How to choose a password that’s hard to crack
How to choose a password that’s hard to crackHow to choose a password that’s hard to crack
How to choose a password that’s hard to crackKlaus Drosch
 
Password craking techniques
Password craking techniques Password craking techniques
Password craking techniques أحلام انصارى
 
Passwords in the Internet Age - Jim Salter
Passwords in the Internet Age - Jim SalterPasswords in the Internet Age - Jim Salter
Passwords in the Internet Age - Jim SalterIT-oLogy
 
Password Management
Password ManagementPassword Management
Password ManagementDavon Smart
 
Technology Training - Security, Passwords & More
Technology Training - Security, Passwords & MoreTechnology Training - Security, Passwords & More
Technology Training - Security, Passwords & MoreWilliam Mann
 
Password Cracking
Password CrackingPassword Cracking
Password CrackingHajer alriyami
 
Passwords, Passwords and more Passwords
Passwords, Passwords and more PasswordsPasswords, Passwords and more Passwords
Passwords, Passwords and more Passwordsclcewing
 
Protect Your Business With Web Security
Protect Your Business With Web SecurityProtect Your Business With Web Security
Protect Your Business With Web SecurityHarrison Kenyon Marketing
 
Encryption by fastech
Encryption by fastechEncryption by fastech
Encryption by fastechAbdulafeez Fasasi
 
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITE
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITERUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITE
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITEAcodez IT Solutions
 
W make107
W make107W make107
W make107Greg in SD
 
Hashing vs Encryption vs Encoding
Hashing vs Encryption vs EncodingHashing vs Encryption vs Encoding
Hashing vs Encryption vs EncodingCheapSSLsecurity
 
Password management
Password managementPassword management
Password managementWilmington University
 
Cybersecurity Awareness E-Book - WeSecureApp
Cybersecurity Awareness E-Book - WeSecureAppCybersecurity Awareness E-Book - WeSecureApp
Cybersecurity Awareness E-Book - WeSecureAppWeSecureApp
 
Personal Internet Security System
Personal Internet Security SystemPersonal Internet Security System
Personal Internet Security SystemMatthew Bricker
 
Improving Password Based Security
Improving Password Based SecurityImproving Password Based Security
Improving Password Based SecurityRare Input
 
Sept 2014 cloud security presentation
Sept 2014 cloud security presentationSept 2014 cloud security presentation
Sept 2014 cloud security presentationJoan Dembowski
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingWilliam Mann
 
Ransomware 101
Ransomware 101Ransomware 101
Ransomware 101William Mann
 

Mais conteúdo relacionado

Semelhante a Heartbleed Explained & LastPass Demo

Password Storage Explained
Password Storage ExplainedPassword Storage Explained
Password Storage Explainedjeetendra mandal
 
Why is password protection a fallacy a point of view
Why is password protection a fallacy a point of viewWhy is password protection a fallacy a point of view
Why is password protection a fallacy a point of viewYury Chemerkin
 
Password Strength Policy Query
Password Strength Policy QueryPassword Strength Policy Query
Password Strength Policy QueryGloria Stoilova
 
How to choose a password that’s hard to crack
How to choose a password that’s hard to crackHow to choose a password that’s hard to crack
How to choose a password that’s hard to crackKlaus Drosch
 
Passwords in the Internet Age - Jim Salter
Passwords in the Internet Age - Jim SalterPasswords in the Internet Age - Jim Salter
Passwords in the Internet Age - Jim SalterIT-oLogy
 
Password Management
Password ManagementPassword Management
Password ManagementDavon Smart
 
Technology Training - Security, Passwords & More
Technology Training - Security, Passwords & MoreTechnology Training - Security, Passwords & More
Technology Training - Security, Passwords & MoreWilliam Mann
 
Passwords, Passwords and more Passwords
Passwords, Passwords and more PasswordsPasswords, Passwords and more Passwords
Passwords, Passwords and more Passwordsclcewing
 
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITE
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITERUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITE
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITEAcodez IT Solutions
 
Hashing vs Encryption vs Encoding
Hashing vs Encryption vs EncodingHashing vs Encryption vs Encoding
Hashing vs Encryption vs EncodingCheapSSLsecurity
 
Cybersecurity Awareness E-Book - WeSecureApp
Cybersecurity Awareness E-Book - WeSecureAppCybersecurity Awareness E-Book - WeSecureApp
Cybersecurity Awareness E-Book - WeSecureAppWeSecureApp
 
Personal Internet Security System
Personal Internet Security SystemPersonal Internet Security System
Personal Internet Security SystemMatthew Bricker
 
Improving Password Based Security
Improving Password Based SecurityImproving Password Based Security
Improving Password Based SecurityRare Input
 
Sept 2014 cloud security presentation
Sept 2014 cloud security presentationSept 2014 cloud security presentation
Sept 2014 cloud security presentationJoan Dembowski
 

Semelhante a Heartbleed Explained & LastPass Demo (20)

Password Storage Explained
Password Storage ExplainedPassword Storage Explained
Password Storage Explained
 
Why is password protection a fallacy a point of view
Why is password protection a fallacy a point of viewWhy is password protection a fallacy a point of view
Why is password protection a fallacy a point of view
 
Password Strength Policy Query
Password Strength Policy QueryPassword Strength Policy Query
Password Strength Policy Query
 
How to choose a password that’s hard to crack
How to choose a password that’s hard to crackHow to choose a password that’s hard to crack
How to choose a password that’s hard to crack
 
Password craking techniques
Password craking techniques Password craking techniques
Password craking techniques
 
Passwords in the Internet Age - Jim Salter
Passwords in the Internet Age - Jim SalterPasswords in the Internet Age - Jim Salter
Passwords in the Internet Age - Jim Salter
 
Password Management
Password ManagementPassword Management
Password Management
 
Technology Training - Security, Passwords & More
Technology Training - Security, Passwords & MoreTechnology Training - Security, Passwords & More
Technology Training - Security, Passwords & More
 
Password Cracking
Password CrackingPassword Cracking
Password Cracking
 
Passwords, Passwords and more Passwords
Passwords, Passwords and more PasswordsPasswords, Passwords and more Passwords
Passwords, Passwords and more Passwords
 
Protect Your Business With Web Security
Protect Your Business With Web SecurityProtect Your Business With Web Security
Protect Your Business With Web Security
 
Encryption by fastech
Encryption by fastechEncryption by fastech
Encryption by fastech
 
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITE
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITERUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITE
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITE
 
W make107
W make107W make107
W make107
 
Hashing vs Encryption vs Encoding
Hashing vs Encryption vs EncodingHashing vs Encryption vs Encoding
Hashing vs Encryption vs Encoding
 
Password management
Password managementPassword management
Password management
 
Cybersecurity Awareness E-Book - WeSecureApp
Cybersecurity Awareness E-Book - WeSecureAppCybersecurity Awareness E-Book - WeSecureApp
Cybersecurity Awareness E-Book - WeSecureApp
 
Personal Internet Security System
Personal Internet Security SystemPersonal Internet Security System
Personal Internet Security System
 
Improving Password Based Security
Improving Password Based SecurityImproving Password Based Security
Improving Password Based Security
 
Sept 2014 cloud security presentation
Sept 2014 cloud security presentationSept 2014 cloud security presentation
Sept 2014 cloud security presentation
 

Mais de William Mann

Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingWilliam Mann
 
Technology Training for Staff - April 6, 2017
Technology Training for Staff - April 6, 2017Technology Training for Staff - April 6, 2017
Technology Training for Staff - April 6, 2017William Mann
 
Why Digital Document Management?
Why Digital Document Management?Why Digital Document Management?
Why Digital Document Management?William Mann
 
Technology Training 11-10-2016
Technology Training 11-10-2016Technology Training 11-10-2016
Technology Training 11-10-2016William Mann
 
Tech training 19 Skype for Business
Tech training 19 Skype for BusinessTech training 19 Skype for Business
Tech training 19 Skype for BusinessWilliam Mann
 
Introducing Microsoft's Cloud - Session 16
Introducing Microsoft's Cloud - Session 16Introducing Microsoft's Cloud - Session 16
Introducing Microsoft's Cloud - Session 16William Mann
 
Technology Training - Session 15
Technology Training - Session 15Technology Training - Session 15
Technology Training - Session 15William Mann
 
West Chester - Tech Training Session 11
West Chester - Tech Training Session 11West Chester - Tech Training Session 11
West Chester - Tech Training Session 11William Mann
 
What is West Chester Connect?
What is West Chester Connect?What is West Chester Connect?
What is West Chester Connect?William Mann
 
West Chester Tech Blog - Training Class - Session 10
West Chester Tech Blog - Training Class - Session 10West Chester Tech Blog - Training Class - Session 10
West Chester Tech Blog - Training Class - Session 10William Mann
 
Tech Training - Session 9
Tech Training - Session 9Tech Training - Session 9
Tech Training - Session 9William Mann
 
Tech Training - Session 8
Tech Training - Session 8Tech Training - Session 8
Tech Training - Session 8William Mann
 
Session 5 - Managing Microsoft Outlook and More
Session 5 - Managing Microsoft Outlook and MoreSession 5 - Managing Microsoft Outlook and More
Session 5 - Managing Microsoft Outlook and MoreWilliam Mann
 
Cloud computing 102711 - ccap
Cloud computing 102711 - ccapCloud computing 102711 - ccap
Cloud computing 102711 - ccapWilliam Mann
 
Cloud computing presentation
Cloud computing presentationCloud computing presentation
Cloud computing presentationWilliam Mann
 
Email &amp; Social Media Training
Email &amp; Social Media TrainingEmail &amp; Social Media Training
Email &amp; Social Media TrainingWilliam Mann
 

Mais de William Mann (20)

Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
 
Ransomware 101
Ransomware 101Ransomware 101
Ransomware 101
 
Technology Training for Staff - April 6, 2017
Technology Training for Staff - April 6, 2017Technology Training for Staff - April 6, 2017
Technology Training for Staff - April 6, 2017
 
Why Digital Document Management?
Why Digital Document Management?Why Digital Document Management?
Why Digital Document Management?
 
Technology Training 11-10-2016
Technology Training 11-10-2016Technology Training 11-10-2016
Technology Training 11-10-2016
 
Tech training 19 Skype for Business
Tech training 19 Skype for BusinessTech training 19 Skype for Business
Tech training 19 Skype for Business
 
Introducing Microsoft's Cloud - Session 16
Introducing Microsoft's Cloud - Session 16Introducing Microsoft's Cloud - Session 16
Introducing Microsoft's Cloud - Session 16
 
Technology Training - Session 15
Technology Training - Session 15Technology Training - Session 15
Technology Training - Session 15
 
West Chester - Tech Training Session 11
West Chester - Tech Training Session 11West Chester - Tech Training Session 11
West Chester - Tech Training Session 11
 
What is West Chester Connect?
What is West Chester Connect?What is West Chester Connect?
What is West Chester Connect?
 
West Chester Tech Blog - Training Class - Session 10
West Chester Tech Blog - Training Class - Session 10West Chester Tech Blog - Training Class - Session 10
West Chester Tech Blog - Training Class - Session 10
 
Tech Training - Session 9
Tech Training - Session 9Tech Training - Session 9
Tech Training - Session 9
 
Tech Training - Session 8
Tech Training - Session 8Tech Training - Session 8
Tech Training - Session 8
 
SharePoint & More
SharePoint & MoreSharePoint & More
SharePoint & More
 
Session 5 - Managing Microsoft Outlook and More
Session 5 - Managing Microsoft Outlook and MoreSession 5 - Managing Microsoft Outlook and More
Session 5 - Managing Microsoft Outlook and More
 
Holiday scams
Holiday scamsHoliday scams
Holiday scams
 
Cloud computing 102711 - ccap
Cloud computing 102711 - ccapCloud computing 102711 - ccap
Cloud computing 102711 - ccap
 
Cloud computing presentation
Cloud computing presentationCloud computing presentation
Cloud computing presentation
 
Email &amp; Social Media Training
Email &amp; Social Media TrainingEmail &amp; Social Media Training
Email &amp; Social Media Training
 
Computer Security
Computer SecurityComputer Security
Computer Security
 

Último

Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfSeasiaInfotech2
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 

Último (20)

Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 

Heartbleed Explained & LastPass Demo

  • 1. Technology Training Special Training - Session #13 Heartbleed Explained Getting Your Digital Security in Order with LastPass May 8, 2014 William Mann, Borough of West Chester - CIO
  • 3. What is Heartbleed? The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs). SSL = Secure Sockets Layer TLS = Transport Layer Security definitions
  • 4. What is Heartbleed? The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.
  • 5. What is Heartbleed? With a Heartbleed infected server, information like you see here can be captured by an attacker. This may not look like much, but if your logon or account information is exposed in this way are data is at risk.
  • 6. What is Heartbleed? Why it is called the Heartbleed Bug? The Bug is in the OpenSSL's implementation of the TLS/DTLS (transport layer security protocols) heartbeat extension (RFC6520). When it is exploited it leads to the leak of memory contents from the server to the client and from the client to the server.
  • 7. Explaining Heartbleed First the girl asks the server to indicate whether it’s still online by telling it to say “Potato,” and indicates the length of the word. The server responds with “Potato,” while withholding all of the information surrounding “Potato,” written out in a lighter hue in the server’s speech bubbles. The hacker then asks the server to repeat the same task, but instead replaces “Potato” with “Bird,” and indicates the length of the word. The server complies. Then, the hacker asks the server to say “Hat,” but instead of noting that it’s a three-character word, she states that it’s 500 letters long. The server responds not only by saying “Hat,” but also by leaking out the information around the word. By doing so, it reveals sensitive server information, including a “master key,” which the hacker begins to jot down.
  • 8. Protecting Your Information Heartbleed is a reminder that securing your information is more important then ever before. And it’s going to get worse. As we continue relying on technology for conducting business, communicating through email, social media and shopping online cybercriminals are going to continue getting smarter and more aggressive in how they try to steal personal information. So we need to be even smarter….
  • 9. Password Management Password Management is becoming one of the best defenses for security flaws. Passwords today need to be taken very seriously. This means having a good, efficient password management plan for every account you have online. Password Management in days past could be very complicated, time consuming and difficult. However today there are many solutions out there that are easy to use, secure and either free or very inexpensive. Each of your accounts should have a strong and unique password.
  • 10. Password Management with LastPass Last Pass has both a free account and a paid account. The paid account is $12 / year and provided mobile app support which is alone is well worth the cost. With this password management tool you will be able to organize, manage and use unique secure passwords easily. In fact I use LastPass and I actually do not even know what the majority passwords are. Now – that’s security!
  • 11. Introducing LastPass What I really like about LastPass is that you actually do not need to know all those passwords and their app is available on every device you may choose to use. You just need to know one password…. Your LastPass password.
  • 12. Introducing LastPass With this in mind, even before you sign up for LastPass be sure to think about a good, secure password that you will never – ever forget.
  • 13. Simple Passwords are so Yesterday Passwords as we know them are going to change in a big way very soon. Gone will be the time when simple words like… “password” will be used or accepted. Now I may be getting ahead of myself but… A better password strategy is using key phrases that only you would know and no one else could guess or that a cyber criminal could hack.
  • 14. Passwords are Changing Here are a couple of examples of using “phrases” for your password. Ex: 1 is “Captain Kirk and Mr. Spock are best friends!” Your typed password would be: Captain_Kirk_&_Mr._Spock_are_best_freinds! Ex: 2 is “My favorite Place on Earth is Disney World!” Your typed password would be: My_Favorite_Place_on_Earth_is_Disney_World! Passwords using phrases can be long, complex and easily remembered!
  • 15. Embrace Password Management This is important before we continue. Make sure you pick a good password or phrase that you will not forget. It will also be a good idea to print and save this password is a secure location like a safe in your home or another secure location. This will be the only password you will need if you use LastPass (or similar password managers) regularly. If you forget your LastPass password there is NO reset mechanism.
  • 16. Signing up with LastPass Go to www.lastpass.com to sign up. Either choose “Download Free” or “Go Premium”. Passwords are very important and your security is probably worth $12 / year.
  • 17. Creating Your LastPass Account I recommend that when you sign up with LastPass you use your primary computer or laptop. When you go to create an account you will be prompted to “Download LastPass”. Do this. You will then enter your email address, a master password (the really – really good one you already decided on) and a Password Reminder that will only help you remember it – just in case.
  • 18. Getting to Know Your LastPass Vault The LastPass Vault is where you will store, organize and manage all of your passwords. This vault will be also available to you on all of your mobile devices if you sign up for the Premium account ($12/year).
  • 19. Organizing Your LastPass Vault I recommend organzing all of your accounts into folders. You can see by my example I have all of my accounts in catergorized folders that I created. Within each folder are my specific accounts.
  • 20. Organizing Your LastPass Vault By creating an organized folder structure for your accounts you quickly realize....
  • 21. Creating Strong Passwords with LastPass With LastPass installed you will now notice an (*) next to all of you logon fields for websites. If an account has already been setup you can simply select login because all of the fields will be completed for you. You can also setup an account for “autologin” which will of course automatically log you in. I recommend this only a secured PC that is passworded to access you Windows account or one that only you have access to. Make sure that when you install LastPass on your PC that you install the “plug in” for all of the browsers that you use.
  • 22. Creating Strong Passwords with LastPass Creating secure & unique passwords for each account is the point here so you will want to take the time to change any passwords you have. LastPass makes this very easy with the “password generator”. You can do this by selecting the * and the “Generate” button.
  • 23. Creating Strong Passwords with LastPass If you use the default settings you will see it will generate for you a strong 12 character password using several types of characters. Select Use Password then “Yes, Use for this Site”.
  • 24. Going Mobile with LastPass On your mobile device you will open the LastPass app first, copy the password and then paste it into account the that you want to access. Although there is a physical – additional step here – you only need one password to remember – and use. However, and this is important, all of your passwords are complex and unique.
  • 25. How Does LastPass Work? LastPass uses AES 256-bit encryption. The Advanced Encryption Standard (AES) is a specification for the encryption of electronic data established by the U.S.National Institute of Standards and Technology (NIST) in 2001 All sensitive data is encrypted and decrypted locally before syncing with LastPass. Your key never leaves your device, and is never shared with LastPass. Your data stays accessible only to you. MQ9=5khD<YWZ&+5 This is how each of your passwords should look. With LastPass you can actually do this – and it’s easy.
  • 26. LastPass Demo Now we will walk through how to use LastPass. Please ask questions as we go along. www.lastpass.com