Upgrade to Pro — share decks privately, control downloads, hide ads and more …

ropsec: a package for easing operations securit...

Ildikó Czeller
July 11, 2019
Programming
2
540

ropsec: a package for easing operations security for the R user

Ildikó Czeller

July 11, 2019
Tweet

More Decks by Ildikó Czeller

See All by Ildikó Czeller
Making Email Campaigns More Effective: Send Time Optimization
czeildi
0
260
belgrade2018_satrday_oop_Ildi_Czeller.pdf
czeildi
0
56
The essentials to work with object-oriented systems in R
czeildi
0
70
Making email campaigns more effective: Send time optimization
czeildi
0
110

Other Decks in Programming

See All in Programming
Webエンジニア主体のモバイルチームの 生産性を高く保つためにやったこと
igreenwood
0
330
ドメインイベント増えすぎ問題
h0r15h0
1
270
ブラウザ単体でmp4書き出すまで - muddy-web - 2024-12
yue4u
2
460
これでLambdaが不要に?!Step FunctionsのJSONata対応について
iwatatomoya
2
3.6k
Stackless и stackful? Корутины и асинхронность в Go
lamodatech
0
720
Refactor your code - refactor yourself
xosofox
1
260
短期間での新規プロダクト開発における「コスパの良い」Goのテスト戦略」 / kamakura.go
n3xem
2
170
menu基盤チームによるGoogle Cloudの活用事例~Application Integration, Cloud Tasks編~
yoshifumi_ishikura
0
110
Keeping it Ruby: Why Your Product Needs a Ruby SDK - RubyWorld 2024
envek
0
180
php-conference-japan-2024
tasuku43
0
240
【re:Growth 2024】 Aurora DSQL をちゃんと話します!
maroon1st
0
770
プロダクトの品質に コミットする / Commit to Product Quality
pekepek
2
770

Featured

See All Featured
Rails Girls Zürich Keynote
gr2m
94
13k
For a Future-Friendly Web
brad_frost
175
9.4k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
26
1.5k
Building a Scalable Design System with Sketch
lauravandoore
460
33k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
32
2.7k
Designing for Performance
lara
604
68k
Six Lessons from altMBA
skipperchong
27
3.5k
Documentation Writing (for coders)
carmenintech
66
4.5k
How to Ace a Technical Interview
jacobian
276
23k
Gamification - CAS2011
davidbonilla
80
5.1k
YesSQL, Process and Tooling at Scale
rocio
169
14k
Adopting Sorbet at Scale
ufuk
73
9.1k

Transcript

  1. {ropsec}: R OPerations SECurity unconf ‘18 project on GitHub

  2. ... but unnecessarily hard @czeildi Data Scientist @Emarsys security is

    important ...

  3. Are you who you say you are? verify authenticity of

    commits @czeildi Data Scientist @Emarsys

  4. without signing @czeildi Data Scientist @Emarsys

  5. with signing @czeildi Data Scientist @Emarsys

  6. • Person 1 as person 1: good commit • Person

    2 as person 2: good commit • Person 3 as person 1: evil commit @czeildi Data Scientist @Emarsys

  7. @czeildi Data Scientist @Emarsys GitHub / web of trust sign

    with , GitHub verifies with

  8. @czeildi Data Scientist @Emarsys GitHub / web of trust sign

    with , GitHub verifies with

  9. specific technology • OpenPGP: standard • gpg : low-level •

    ropsec : end2end @czeildi Data Scientist @Emarsys

  10. ropsec::sign_commits_with_key() Do you want to sign future commits with `9958986BA31B2E1E`?

    This will set your user.email from [email protected] to [email protected]. 1: Yes 2: No reduce risk of mistake @czeildi Data Scientist @Emarsys

  11. ropsec::store_public_key() Public GPG key is uploaded to GitHub. Unauthorized request.

    Check your token. Uploaded key is unverified, emails do not match. Delete the key (https://github.com/settings/keys) and try again. communicate status @czeildi Data Scientist @Emarsys

  12. • askYesNo, getPass::getPass • git2r::config • gpg::gpg_keygen testing global changes

    @czeildi Data Scientist @Emarsys

  13. #throws error if password prompt cancelled: stub(generate_key, "getPass::getPass", NULL) expect_error(

    generate_key("John Doe", "[email protected]"), "GPG key generation cancelled by user" ) testing global changes @czeildi Data Scientist @Emarsys

  14. ropsec::full_on_audit()$suggestions • Use SSH key of size at least 2048

    • Install a PAM module for password strength testing like pam_cracklib audit your computer in detail @czeildi Data Scientist @Emarsys

  15. {ropsec}: available on GitHub • sign your commits • audit

    your computer