330 likes | 438 Vues
Web 2.0 Technology by GTUG-Addis March 5,2011. Contents. Introductions Gtug-addis Who am I ? What is this presentation about ? What is Web 2.0 ? Advanced searches Real Time Comparative/computational searches Social networking tools Securing your wordpress blog
 
                
                E N D
Web 2.0 Technology by GTUG-Addis March 5,2011
Contents Introductions Gtug-addis Who am I ? What is this presentation about ? What is Web 2.0 ? Advanced searches Real Time Comparative/computational searches Social networking tools Securing your wordpress blog Using public internet/computers and security Basic online and offline security measures Links
GTUG-Addis GTUG - Google Technology Users Group GTUG-addis is a group dedicated for Addis technology enthusiasts and professionals to come together and share their knowledge. All of the moderators of this site come from different walks of the technology life – software, hardware, network and security, so feel free to ask questions and make suggestions. GTUG-addis will contribute to the society: students,professionals or anyone in technology trainings and consultings Monthly meeting held @ iHub
Who Am I ? Fitsum Assalif Electrical Engineering + CCNA +SCNA + MCITP+ GPEN Enterprise systems ( Windows, Linux/Unix) and Security (Ethical hacking and penetration testing) I like to participate in groups/associations for sharing knowledge and contributing what I know I am not always correct ! so let me know if I make any mistakes
What is this presentation about ? It is about Introducing GTUG-addis Basic online security, social networking and web 2.0 tools and tips Chance to discuss/request any type of technical collaboration with/from GTUG-addis It is not about Coding /web design
What is web 2.0 ? “ The term Web 2.0 is associated with web applications that facilitate participatory information sharing, interoperability, user-centered design, and collaboration on the World Wide Web. A Web 2.0 site allows users to interact and collaborate with each other in a social media dialogue as creators (prosumers) of user-generated content in a virtual community, in contrast to websites where users (consumers) are limited to the passive viewing of content that was created for them. Examples of Web 2.0 include social networking sites, blogs, wikis, video sharing sites, hosted services, web applications, mashups and folksonomies. “ Wikipedia
Real Time Search Searching real time update from public tweets and facebook posts Using the normal web searches Google ( Use Realtime option ) Bing ( social search and twitter maps ) Social networking searches Openbook - http://openbook.org/ Tweetmeme - http://tweetmeme.com/ Picfog - http://picfog.com/ Socialmention - http://socialmention.com/
Comparative/computation searches Statistical, comparative and trends Comparative/computational Wolfram Alpha ( http://www.wolframalpha.com/ ) Google trends ( http://www.google.com/trends ) Google squared … (in labs and a little complicated currently ) Public Data Google public data explorer ( http://www.google.com/publicdata/directory )
Social networking tools If you want to see all your social network account updates,notifications and messages on one window like me ! TweetDeck (https://www.tweetdeck.com/ ) Desktop,Android,Chrome... Coming to iphone and ipad Yoono ( http://yoono.com/) Chrome,Firefox,iphone,ipod touch,ipad Windows,Mac and Linux
Why would anyone want to attack my blog ? There is nothing valuable on my blog ! I only have very few visitors ! I turned off comments, I am secure ! Not necessarily, hacker will upload or inject spam urls Malware files DOS (hacking 100 small blogs and inserting a link to launch 10 instances = 1000)
1- DO NOT USE ADMIN ACCOUNT Create a new account Make the username very unique Assign the new account an Administrator role Log out and log back in with new account Delete original admin account
2- USE STRONG PASSWORDS alphanumeric+symbols+upper and lower cases Create random passwords goodpassword.com Convert existing ones to complex password P@55w0rd Ilovemom 1L0v3M0m
3- KEEP WP and PLUGINS UPDATED Update WP Core Code Keep theme files current Keep all plugins current
4- REMOVE WP VERSION FROM HEADERS Viewing source on most WP sites reveal the version they are running <meta name="generator" content="WordPress 2.8" /> <!-- leave this for stats --> This helps attackers find vulnerabilities on the current version easily Themes and plugins might also display versions in your header.
5-USE SECURITY PLUGINS WordPress Security Scan WordPress Exploit Scanner WordPress File Monitor Login Lockdown Plugin
6 - ... Use Secret Keys Hide your plugin directory Edit configuration files to change default names/values before installation eg. table prefix wp_ to something unique axc_ Check Google Web Master tools to see if your site has been compromised and it will tell you why BACKUP … BACKUP and BACKUP
And If you still get HACKED ? Give up and Join the Circus !
Using Public Internet/Computers and Security
...is to scare the wp_crap out of you! Purpose of this topic
Using Public Internet Public Internet: Open and shared by anyone (mostly Wi-Fi) Cafes, Internet Cafes, Hotels,Libraries, and open spaces Advantage Open access to anyone Don't have to carry your dongle anywhere Increases internet access coverage for the public Risks Wi-Fi : Open Wi-Fi, MITM, Rogue Access Point Who is running the network ? reputable and well-known entity ?
Using Public Internet Open Wi-Fi Problem : Anyone with basic internet and computer knowledge can access your account if you working on the same connection Solution : Use full SSL communication with every service you use online Account Settings > Use SSL (gmail,hotmail,facebook … ) Firefox Users: HTTPS Everywhere Chrome Users: Prefer HTTPS, SSL Enforcer IE Users : :( MITM (Man/Monkey in The Middle) attacks: If you are using a Wi-Fi and the wifi gets disconnected many times and comes with different channels
Using Public Computers Risks Key Loggers : software recording every keystroke you made Cookies left on the computer Solutions: If you have to use internet in a place where are not sure about the reputation; use your own browser on USB drive with keyscramblers Firefox Addon: “keyscrambler”
Basic Online and Offline Security measures DATA Types Data in Use Data in Motion Data at Rest Security Online security Data leak protection (DLP) Lost data prevention (LDP)
Online Security Protecting your credentials as well as data while you are online OS Hardening Disable unnecessary services Updates and patches must be applied Anti-Malware Systems (anti-virus, anti-spam,firewall,HIDS) Browser security Latest updates Firefox: No Script, WOT – Web Of Trust,Better Privacy, Adblock, Flashblock, Ghostery
Offline Security OS Hardening Encryption: Partition: encrypt a separate partition for secure data storage File Container: folder like file holding files. Can be created on a computer or removable media Full Disk: Encrypt the whole computer disk