web 2.0 technology by gtug-addis march 5,2011. contents introductions gtug-addis who am i ? what is...
Post on 20-Dec-2015
221 views
TRANSCRIPT
Web 2.0 Technology
by
GTUG-Addis
March 5,2011
Contents Introductions
Gtug-addis Who am I ? What is this presentation about ?
What is Web 2.0 ? Advanced searches
Real Time Comparative/computational searches
Social networking tools Securing your wordpress blog Using public internet/computers and security Basic online and offline security measures Links
GTUG-Addis GTUG - Google Technology Users Group GTUG-addis is a group dedicated for Addis
technology enthusiasts and professionals to come together and share their knowledge. All of the moderators of this site come from different walks of the technology life – software, hardware, network and security, so feel free to ask questions and make suggestions.
GTUG-addis will contribute to the society: students,professionals or anyone in technology trainings and consultings
Monthly meeting held @ iHub
Who Am I ? Fitsum Assalif Electrical Engineering + CCNA +SCNA +
MCITP+ GPEN Enterprise systems ( Windows, Linux/Unix)
and Security (Ethical hacking and penetration testing)
I like to participate in groups/associations for sharing knowledge and contributing what I know
I am not always correct ! so let me know if I make any mistakes
What is this presentation about ?
It is about Introducing GTUG-addis Basic online security, social networking and web
2.0 tools and tips Chance to discuss/request any type of technical
collaboration with/from GTUG-addis
It is not about Coding /web design
What is web 2.0 ?“ The term Web 2.0 is associated with web applications that facilitate
participatory information sharing, interoperability, user-centered design, and collaboration on the World Wide Web. A Web 2.0 site allows users to interact and collaborate with each other in a social media dialogue as creators (prosumers) of user-generated content in a virtual community, in contrast to websites where users (consumers) are limited to the passive viewing of content that was created for them. Examples of Web 2.0 include social networking sites, blogs, wikis, video sharing sites, hosted services, web applications, mashups and folksonomies. “ Wikipedia
Advanced Searches
Real Time Search
Searching real time update from public tweets and facebook posts
Using the normal web searches Google ( Use Realtime option ) Bing ( social search and twitter maps )
Social networking searches Openbook - http://openbook.org/ Tweetmeme - http://tweetmeme.com/ Picfog - http://picfog.com/ Socialmention - http://socialmention.com/
Comparative/computation searches
Statistical, comparative and trends Comparative/computational
Wolfram Alpha ( http://www.wolframalpha.com/ ) Google trends ( http://www.google.com/trends ) Google squared … (in labs and a little complicated
currently )
Public Data Google public data explorer
( http://www.google.com/publicdata/directory )
Social networking tools
If you want to see all your social network account updates,notifications and messages on one window like me !
TweetDeck ( https://www.tweetdeck.com/ ) Desktop,Android,Chrome... Coming to iphone and
ipad
Yoono ( http://yoono.com/ ) Chrome,Firefox,iphone,ipod touch,ipad Windows,Mac and Linux
Securing your wordpress blog
Why would anyone want to attack my blog ?
There is nothing valuable on my blog ! I only have very few visitors ! I turned off comments, I am secure ! Not necessarily, hacker will upload or inject
spam urls Malware files DOS (hacking 100 small blogs and inserting a link
to launch 10 instances = 1000)
1- DO NOT USE ADMIN ACCOUNT
Create a new account Make the username very unique Assign the new account an Administrator role Log out and log back in with new account Delete original admin account
2- USE STRONG PASSWORDS
alphanumeric+symbols+upper and lower cases Create random passwords
goodpassword.com
Convert existing ones to complex password P@55w0rd Ilovemom 1L0v3M0m
3- KEEP WP and PLUGINS UPDATED
Update WP Core Code
Keep theme files current
Keep all plugins current
4- REMOVE WP VERSION FROM HEADERS
Viewing source on most WP sites reveal the version they are running <meta name="generator" content="WordPress 2.8" /> <!-- leave this for stats -->
This helps attackers find vulnerabilities on the current version easily
Themes and plugins might also display versions in your
header.
5-USE SECURITY PLUGINS
WordPress Security Scan WordPress Exploit Scanner WordPress File Monitor Login Lockdown Plugin
6 - ...
Use Secret Keys Hide your plugin directory Edit configuration files to change default
names/values before installation eg. table prefix wp_ to something unique axc_
Check Google Web Master tools to see if your site has been compromised and it will tell you why
BACKUP … BACKUP and BACKUP
And If you still get HACKED ?
Give up and Join the Circus !
Using Public Internet/Computers
and Security
...is to scare the wp_crap out of you!
Purpose of this topic
Using Public Internet
Public Internet: Open and shared by anyone (mostly Wi-Fi)
Cafes, Internet Cafes, Hotels,Libraries, and open spaces
Advantage Open access to anyone Don't have to carry your dongle anywhere Increases internet access coverage for the public
Risks Wi-Fi : Open Wi-Fi, MITM, Rogue Access Point Who is running the network ? reputable and well-
known entity ?
Using Public Internet
Open Wi-Fi Problem : Anyone with basic internet and
computer knowledge can access your account if you working on the same connection
Solution : Use full SSL communication with every service you use online
Account Settings > Use SSL (gmail,hotmail,facebook … )
Firefox Users: HTTPS Everywhere Chrome Users: Prefer HTTPS, SSL Enforcer IE Users : :(
MITM (Man/Monkey in The Middle) attacks: If you are using a Wi-Fi and the wifi gets disconnected many times and comes with different channels
Firesheep
MITM
Using Public Computers
Risks Key Loggers : software recording every keystroke
you made Cookies left on the computer
Solutions: If you have to use internet in a place where are not
sure about the reputation; use your own browser on USB drive with keyscramblers
Firefox Addon: “keyscrambler”
Basic Online and Offline Security measures
DATA Types Data in Use Data in Motion Data at Rest
Security Online security Data leak protection (DLP) Lost data prevention (LDP)
Online Security
Protecting your credentials as well as data while you are online
OS Hardening Disable unnecessary services Updates and patches must be applied Anti-Malware Systems (anti-virus, anti-spam,firewall,HIDS)
Browser security Latest updates Firefox: No Script, WOT – Web Of Trust,Better Privacy,
Adblock, Flashblock, Ghostery
Offline Security
OS Hardening Encryption:
Partition: encrypt a separate partition for secure data storage
File Container: folder like file holding files. Can be created on a computer or removable media
Full Disk: Encrypt the whole computer disk
Questions ?
Thank You !