Save 37% off PRO during our Black Friday Sale! »

ropsec: a package for easing operations security for the R user

D43a2505af873d7e10a7d5477fd46586?s=47 Ildikó Czeller
July 11, 2019
Programming
2
200

ropsec: a package for easing operations security for the R user

D43a2505af873d7e10a7d5477fd46586?s=128

Ildikó Czeller

July 11, 2019
Tweet

More Decks by Ildikó Czeller

See All by Ildikó Czeller
D43a2505af873d7e10a7d5477fd46586?s=48 czeildi
0
140
D43a2505af873d7e10a7d5477fd46586?s=48 czeildi
0
13
D43a2505af873d7e10a7d5477fd46586?s=48 czeildi
0
17
D43a2505af873d7e10a7d5477fd46586?s=48 czeildi
0
110

Other Decks in Programming

See All in Programming
0157a830bfaa0c5426422c45aa0b2637?s=48 bo0km4n
2
420
933291444e456bfb511a66a2fa9c6929?s=48 j5ik2o
12
2.6k
15934fa2aa7b2ce21f091e9b7cffa856?s=48 manfredsteyer
PRO
0
230
A0aae1297a0593c1316abdcdb4131e3a?s=48 toedter
0
3.9k
19d7ae634445d4bd9b10c7961a462260?s=48 shu223
1
420
E3c2bac7a4a04823dda122cf243edd01?s=48 claudioed
0
280
C832fe4470555df3cf7ac6fa2f389261?s=48 tak_iwamoto
2
1.5k
971ed28afdc89340ebbf2114ed4ef538?s=48 txkxyx
1
140
E990ee82706811d4fa5bcafa1b4eafbf?s=48 techtekt
0
300
867984762e82fd75629359fc52d5f3b3?s=48 flum1025
0
220
020199527cde1a8a9b7a11890894f442?s=48 dordieux
3
250
04df7340898eac3a0536d3b47c55501c?s=48 hirotokirimaru
0
230

Featured

See All Featured
Eb8975af8e49e19e3dd6b6b84a542e26?s=48 qrush
288
19k
027d1ebf66cc039a0bd3b55eeadbe75d?s=48 sachag
270
17k
C0390e8b11079f8761c0cd3274ed61cb?s=48 productmarketing
11
1.2k
96270e4c3e5e9806cf7245475c00b275?s=48 addyosmani
497
110k
7cbd3f5f922d798cc312eaf596de7ae6?s=48 iamctodd
33
3.1k
1ce0eb06fd6a9e9566a0cb310cfee635?s=48 jrick
PRO
1
19k
C44e1f7e22c3f23cff7bc130871047ef?s=48 eileencodes
118
27k
Ba530e786553390f3fb271848485681c?s=48 3n
169
23k
A415db3ac9e9668acbc1fb36eead84ac?s=48 mthomps
45
2.6k
95d9f37115fbb0d13135d0f77132f856?s=48 morganepeng
100
15k
A9a491b0fcbe0fbce3d64063a37add99?s=48 rmw
17
1.2k
96270e4c3e5e9806cf7245475c00b275?s=48 addyosmani
1352
200k

Transcript

  1. {ropsec}: R OPerations SECurity unconf ‘18 project on GitHub

  2. ... but unnecessarily hard @czeildi Data Scientist @Emarsys security is

    important ...

  3. Are you who you say you are? verify authenticity of

    commits @czeildi Data Scientist @Emarsys

  4. without signing @czeildi Data Scientist @Emarsys

  5. with signing @czeildi Data Scientist @Emarsys

  6. • Person 1 as person 1: good commit • Person

    2 as person 2: good commit • Person 3 as person 1: evil commit @czeildi Data Scientist @Emarsys

  7. @czeildi Data Scientist @Emarsys GitHub / web of trust sign

    with , GitHub verifies with

  8. @czeildi Data Scientist @Emarsys GitHub / web of trust sign

    with , GitHub verifies with

  9. specific technology • OpenPGP: standard • gpg : low-level •

    ropsec : end2end @czeildi Data Scientist @Emarsys

  10. ropsec::sign_commits_with_key() Do you want to sign future commits with `9958986BA31B2E1E`?

    This will set your user.email from example@gmail.com to test@test.com. 1: Yes 2: No reduce risk of mistake @czeildi Data Scientist @Emarsys

  11. ropsec::store_public_key() Public GPG key is uploaded to GitHub. Unauthorized request.

    Check your token. Uploaded key is unverified, emails do not match. Delete the key (https://github.com/settings/keys) and try again. communicate status @czeildi Data Scientist @Emarsys

  12. • askYesNo, getPass::getPass • git2r::config • gpg::gpg_keygen testing global changes

    @czeildi Data Scientist @Emarsys

  13. #throws error if password prompt cancelled: stub(generate_key, "getPass::getPass", NULL) expect_error(

    generate_key("John Doe", "jd@example.com"), "GPG key generation cancelled by user" ) testing global changes @czeildi Data Scientist @Emarsys

  14. ropsec::full_on_audit()$suggestions • Use SSH key of size at least 2048

    • Install a PAM module for password strength testing like pam_cracklib audit your computer in detail @czeildi Data Scientist @Emarsys

  15. {ropsec}: available on GitHub • sign your commits • audit

    your computer