Upgrade to Pro — share decks privately, control downloads, hide ads and more …

ropsec: a package for easing operations security for the R user

D43a2505af873d7e10a7d5477fd46586?s=47 Ildikó Czeller
July 11, 2019
Programming
2
170

ropsec: a package for easing operations security for the R user

D43a2505af873d7e10a7d5477fd46586?s=128

Ildikó Czeller

July 11, 2019
Tweet

More Decks by Ildikó Czeller

See All by Ildikó Czeller
D43a2505af873d7e10a7d5477fd46586?s=48 czeildi
0
130
D43a2505af873d7e10a7d5477fd46586?s=48 czeildi
0
13
D43a2505af873d7e10a7d5477fd46586?s=48 czeildi
0
17
D43a2505af873d7e10a7d5477fd46586?s=48 czeildi
0
110

Other Decks in Programming

See All in Programming
4c76f001e0a3d59cc5a269df70940dfd?s=48 lmcinnes
0
230
A1792748885fe8f2555d9c718ee7ae53?s=48 joytomo
9
1.8k
Dd5ce24e9cc88d7a491aec105e558d7e?s=48 bateleurx
10
8.5k
B7424f2bb6afd48c51cf88c2c15c395d?s=48 t2kob
0
130
F86d970e452f844b2849522cf3cc7e5f?s=48 hedgehognoodle
2
220
4fe56d2e6ecf4cbde3ddbf6ef54fc568?s=48 kairiyasumatsu
0
170
7eca3e06edc3c69004aaf57de51900c2?s=48 ajstarks
3
2.5k
098ad475722e3697ec2fba28c8654f9f?s=48 yuhta28
0
530
2c0947c6a28e7f771ebd9859ecf54e5c?s=48 shinyorke
0
120
6885b1c7fe50f4c0a23775b7b94ebd94?s=48 nosuke0926
0
130
5c588fdfe782f92fa6b081903edd82bb?s=48 hr01
0
3.2k
7437b838338581b08ca72340b05475b9?s=48 abt
0
270

Featured

See All Featured
3d6ace9554821d552146413bcdf874f6?s=48 trishagee
35
4k
462dad0dd24c568a32dcdb0ae895ae1b?s=48 rasmusluckow
318
19k
9fa239b3154a0169d99ab7bf1422dd12?s=48 marcelosomers
224
15k
1b8ad785acdd1ce1c99914b1c2a4e10e?s=48 sugarenia
235
930k
9375a9529679f1b42b567a640d775e7d?s=48 schacon
152
6.8k
Aebc2d07a50011e2a30d38435fde564a?s=48 jrom
119
7.3k
91cefdf141106fa10674aae74ce05890?s=48 yeseniaperezcruz
304
32k
Fde6c3a50ca518a909ef35c22c0ee0e4?s=48 destraynor
147
20k
44b54d2ffcb7857004071cc6795dde11?s=48 cassininazir
349
20k
761be20b5ebd271008bcee1244fc5b52?s=48 matthewcrist
73
7.6k
433acaea1012b25d97ae66da9b998dad?s=48 malarkey
121
16k
25c7c18223fb42a4c6ae1c8db6f50f9b?s=48 mojombo
364
63k

Transcript

  1. {ropsec}: R OPerations SECurity unconf ‘18 project on GitHub

  2. ... but unnecessarily hard @czeildi Data Scientist @Emarsys security is

    important ...

  3. Are you who you say you are? verify authenticity of

    commits @czeildi Data Scientist @Emarsys

  4. without signing @czeildi Data Scientist @Emarsys

  5. with signing @czeildi Data Scientist @Emarsys

  6. • Person 1 as person 1: good commit • Person

    2 as person 2: good commit • Person 3 as person 1: evil commit @czeildi Data Scientist @Emarsys

  7. @czeildi Data Scientist @Emarsys GitHub / web of trust sign

    with , GitHub verifies with

  8. @czeildi Data Scientist @Emarsys GitHub / web of trust sign

    with , GitHub verifies with

  9. specific technology • OpenPGP: standard • gpg : low-level •

    ropsec : end2end @czeildi Data Scientist @Emarsys

  10. ropsec::sign_commits_with_key() Do you want to sign future commits with `9958986BA31B2E1E`?

    This will set your user.email from example@gmail.com to test@test.com. 1: Yes 2: No reduce risk of mistake @czeildi Data Scientist @Emarsys

  11. ropsec::store_public_key() Public GPG key is uploaded to GitHub. Unauthorized request.

    Check your token. Uploaded key is unverified, emails do not match. Delete the key (https://github.com/settings/keys) and try again. communicate status @czeildi Data Scientist @Emarsys

  12. • askYesNo, getPass::getPass • git2r::config • gpg::gpg_keygen testing global changes

    @czeildi Data Scientist @Emarsys

  13. #throws error if password prompt cancelled: stub(generate_key, "getPass::getPass", NULL) expect_error(

    generate_key("John Doe", "jd@example.com"), "GPG key generation cancelled by user" ) testing global changes @czeildi Data Scientist @Emarsys

  14. ropsec::full_on_audit()$suggestions • Use SSH key of size at least 2048

    • Install a PAM module for password strength testing like pam_cracklib audit your computer in detail @czeildi Data Scientist @Emarsys

  15. {ropsec}: available on GitHub • sign your commits • audit

    your computer