... | @@ -5,7 +5,7 @@ |
... | @@ -5,7 +5,7 @@ |
|
* Duration: 1 hour
|
|
* Duration: 1 hour
|
|
* Description: a discussion about how teams can build, maintain and evaluate their own security policies. We want to hear suggestions in how security policies can be implemented and what they can contain. Goal is to write some templates and recommendations so each team can use to build their own policies.
|
|
* Description: a discussion about how teams can build, maintain and evaluate their own security policies. We want to hear suggestions in how security policies can be implemented and what they can contain. Goal is to write some templates and recommendations so each team can use to build their own policies.
|
|
|
|
|
|
Context
|
|
# Context
|
|
|
|
|
|
- we have no security policies, but some ad-hoc practices, an oral
|
|
- we have no security policies, but some ad-hoc practices, an oral
|
|
tradition
|
|
tradition
|
... | @@ -18,7 +18,7 @@ Context |
... | @@ -18,7 +18,7 @@ Context |
|
enumerated some policies, per team
|
|
enumerated some policies, per team
|
|
- got stuck at establishing a common policy
|
|
- got stuck at establishing a common policy
|
|
|
|
|
|
Discussion
|
|
# Discussion
|
|
|
|
|
|
- maybe we can't have a unique policy at all
|
|
- maybe we can't have a unique policy at all
|
|
- maybe there can be baseline security requirements for all teams, a
|
|
- maybe there can be baseline security requirements for all teams, a
|
... | @@ -32,7 +32,7 @@ Discussion |
... | @@ -32,7 +32,7 @@ Discussion |
|
- tradeoff between comfort and security
|
|
- tradeoff between comfort and security
|
|
- requires cultural changes
|
|
- requires cultural changes
|
|
|
|
|
|
Resources to protect
|
|
# Resources to protect
|
|
|
|
|
|
- signing keys
|
|
- signing keys
|
|
- source code integrity
|
|
- source code integrity
|
... | @@ -46,7 +46,7 @@ Resources to protect |
... | @@ -46,7 +46,7 @@ Resources to protect |
|
- bridges inventory
|
|
- bridges inventory
|
|
- high availability
|
|
- high availability
|
|
|
|
|
|
Attack scenarios
|
|
# Attack scenarios
|
|
|
|
|
|
- ransomware attack against ops people
|
|
- ransomware attack against ops people
|
|
- can limit service (e.g. "no paycheck")
|
|
- can limit service (e.g. "no paycheck")
|
... | @@ -62,7 +62,7 @@ Attack scenarios |
... | @@ -62,7 +62,7 @@ Attack scenarios |
|
- slander lawsuits (e.g. "someone is saying bad things about me on the
|
|
- slander lawsuits (e.g. "someone is saying bad things about me on the
|
|
dark web, you are responsible" which would lead to emails leaking)
|
|
dark web, you are responsible" which would lead to emails leaking)
|
|
|
|
|
|
Possible practices
|
|
# Possible practices
|
|
|
|
|
|
- review logging policies regularly
|
|
- review logging policies regularly
|
|
- checklist of things to surveil on services (e.g. logging, backups,
|
|
- checklist of things to surveil on services (e.g. logging, backups,
|
... | @@ -76,7 +76,7 @@ Possible practices |
... | @@ -76,7 +76,7 @@ Possible practices |
|
- CT-style logging (cf [sigstore](https://www.sigstore.dev/), [research about alternatives by
|
|
- CT-style logging (cf [sigstore](https://www.sigstore.dev/), [research about alternatives by
|
|
anarcat](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/howto/gitlab#git-repository-integrity-solutions))
|
|
anarcat](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/howto/gitlab#git-repository-integrity-solutions))
|
|
|
|
|
|
Next steps
|
|
# Next steps
|
|
|
|
|
|
- make a (private!) survey of security practices, e.g.:
|
|
- make a (private!) survey of security practices, e.g.:
|
|
- 2fa? u2f?
|
|
- 2fa? u2f?
|
... | | ... | |