I am a co-founder of a startup company. We are not doing things of computer science or programming. We're making our own product. As a result, My partner and I use some cloud platform service, for instance, Google Drive, Slack, Facebook Messenger, and Google Hangout, to support us. We use them to share files of our development. The problem is that my partner is not a person who studies computer science or has enough background of information security. So he always hesitating to use those services to share important files. For example, with Slack, we can share code snippet in our team channels, but he think we should encrypt our code file to avoid any information leakage. I think encryption will lose the convenience feature to use such service. How do I convince my partner that he doesn't need to worry about the safety issue to share code or file on cloud platform services?
This is a very open-ended question, primarily because we don't know your partner.
Essentially, irrespective of how safe your platform is, it's only as safe as the hosts machine is—gain access to that and all the files are still compromised anyway.
Most of the day-to-day work can be done through the platforms mentioned however extremely sensitive files (e.g. server keys) should be passed physically through a data storage device (e.g. pendrive).
If you are geographical apart, you can transfer sensitive documents using PGP instead. For messenging you could use something such as Telegram or Signal.
Related
I'm doing a hobby project Windows 8 app in WinJS. As I'm calling an external api, which requires an api key and oauth authentication, I've got a number of keys that I need to keep "secret".
I've seen places around the web with detailed descriptions on how to get access to and also modify the source code for WinJs (and C#) apps on your computer. But I think those were in the beta/preview time frame?
My Google skills don't seem to be able to tell me if this has been fixed since, does anyone know?
If it wasn't fixed, how do people handle these situations?
Any tips and suggestions welcome :)
You have a couple options here.
Integrate Azure Mobile Services and have it do the oAuth if possible. Your keys remain secret in the cloud.
Store the main key encrypted in your WinJs application. The secret then is also encrypted and stored locally. I use https://github.com/cauld/winjs-oauth-for-twitter and have a slight revision that when I get the key back I store it in the credential manager.
Any local application compiled from any computer language can be tampered with, all you need is a debugger. If you encrypt everything I in theory can just load up a debugger, attach to the http stack library and watch the data go out (excluding even easier techniques like Fiddler to watch this data) and extract whatever I want - fairly easily. So the question is what are you trying to prevent?
If your app could be facilitated to launch a man-in-the-middle attack, you should not keep confidential data in plain form for a long time, in memory or on disk. Also, storing encrypted data locally, alongside with the algorithm and the algorithm key/hash is a recipe for security incidents.
There is no silver bullet to protect your code or data from probing by the end user (or someone who has physical access to the end user's machine), see the amount of game save editors and game trainers out there. Don't put your business logic or important data (e.g. in-app purchases) in plain text or similar, at least add some obfuscation
I am looking to create a simple mobile agent system which will deal with 4 tasks, i.e 4 different mobile agents jobs: Database update, meeting scheduling, network services discovery and kernel update.
I have done my research and have seen different frameworks such as Aglet, Jade, agent builder etc. My question is which one should i use? Also i need to setup the base code for it to work, can someone point me to a site or help me to setup the basic functions of the mobile agent?
I've read about tahiti server for the Aglet model. I'm quite confused about how to set up the mobile agent system. Any help would be much appreciated.
I have also tried to it using RMI. I had created a method of type agent, but i couldn't pass it through remote method implementation. I was reading about tcp and udp socket programming. I was thinking may be it would be more fair to do it using socket programming. In this case, would this be called an agent? I was thinking about the server sending datagram packets to multiple clients.
You need to ask yourself why you want to use mobile agents at all. The notion of a mobile agent was popular in the agent research community in the early 90's, but fell out of favour because (i) it wasn't clear what problem it was solving, (ii) the capability to allow arbitrary code to migrate to a particular computer and execute with enough privileges to access local data and services is very open to abuse, and (iii) all of the claimed benefits of mobile agents can actually be achieved though web services (REST or otherwise) and open data formats such as RDF. Consequently, few, if any, mobile agent platforms have been properly maintained since the early experiments.
It also sounds as though you need to be clear which end-user problem you want to solve. Scheduling a meeting and updating my kernel are very different tasks - I'd be very uncomfortable with a program that claims do both. If your interest is in the automation of system maintenance tasks, such as DB tuning and kernel patching, on large networks you might want to look at the SmartFrog project, or read up on autonomic computing.
I use JADE and I agree with the first guy, agent systems usually take alot of overhead to going so if you can avoid it, please do. If however you choose to proceed choose a platform with alot of support and a big user group.
Jade has some neat features like a directory facilitator DF, which works like a yellow pages so other agents don't have to know what agents are running and what services are supplied they can simply inquire by the DF.
Also JADE ContractNetBehaviours help simplify communication.
While the are many social networks in the wild, most rely on data stored on a central site owned by a third party.
I'd like to build a solution, where data remains local on member's systems. Think of the project as an address book, which automagically updates contact's data as soon a a contact changes its coordinates. This base idea might get extended later on...
Updates will be transferred using public/private key cryptography using a central host. The sole role of the host is to be a store and forward intermediate. Private keys remain private on each member's system.
If two client are both online and a p2p connection could be established, the clients could transfer data telegrams without the central host.
Thus, sender and receiver will be the only parties which are able create authentic messages.
Questions:
Do exist certain protocols which I should adopt?
Are there any security concerns I should keep in mind?
Do exist certain services which should be integrated or used somehow?
More technically:
Use e.g. Amazon or Google provided services?
Or better use a raw web-server? If yes: Why?
Which algorithm and key length should be used?
UPDATE-1
I googled my own question title and found this academic project developed 2008/09: http://www.lifesocial.org/.
The solution you are describing sounds remarkably like email, with encrypted messages as the payload, and an application rather than a human being creating the messages.
It doesn't really sound like "p2p" - in most P2P protocols, the only requirement for central servers is discovery - you're using store & forward.
As a quick proof of concept, I'd set up an email server, and build an application that sends emails to addresses registered on that server, encrypted using PGP - the tooling and libraries are available, so you should be able to get that up and running in days, rather than weeks. In my experience, building a throw-away PoC for this kind of question is a great way of sifting out the nugget of my idea.
The second issue is that the nature of a social network is that it's a network. Your design may require you to store more than the data of the two direct contacts - you may also have to store their friends, or at least the public interactions those friends have had.
This may not be part of your plan, but if it is, you need to think it through early on - you may end up having to transmit the entire social graph to each participant for local storage, which creates a scalability problem....
The paper about Safebook might be interesting for you.
Also you could take a look at other distributed OSN and see what they are doing.
None of the federated networks mentioned on http://en.wikipedia.org/wiki/Distributed_social_network is actually distributed. What Stefan intends to do is indeed new and was only explored by some proprietary folks.
I've been thinking about the same concept for the last two years. I've finally decided to give it a try using Python.
I've spent the better part of last night and this morning writing a sockets communication script & server. I also plan to remove the central server from the equation as it's just plain cumbersome and there's no point to it when all the members could keep copies of their friend's keys.
Each profile could be accessed via a hashed string of someone's public key. My social network relies on nodes and pods. Pods are computers which have their ports open to the network. They help with relaying traffic as most firewalls block incoming socket requests. Nodes store information and share it with other nodes. Each node will get a directory of active pods which may be used to relay their traffic.
The PeerSoN project looks like something you might be interested in: http://www.peerson.net/index.shtml
They have done a lot of research and the papers are available on their site.
Some thoughts about it:
protocols to use: you could think exactly on P2P programs and their design
security concerns: privacy. Take a great care to not open doors: a whole system can get compromised 'cause you have opened some door.
services: you could integrate with the regular social networks through their APIs
People will have to install a program in their computers and remeber to open it everytime, like any P2P client. Leaving everything on a web-server has a smaller footprint / necessity of user action.
Somehow you'll need a centralized server to manage the searches. You can't just broadcast the internet to find friends. Or you'll have to rely uppon email requests to add somenone, and to do that you'll need to know the email in advance.
The fewer friends /contacts use your program, the fewer ones will want to use it, since it won't have contact information available.
I see that your server will be a store and forward, so the update problem is solved.
I am facing some questions when trying to design an S3 application using ASP.NET MVC and trying to stay HIPAA compliant.
My initial plan was to require an SSL connection to my web server, encrypt the images on my server, then send them to s3 using my private keys.
Here's my obvious concerns:
You cannot store unencrypted images in any temporary file cache when client views images within the browser.
Even if I setup an ashx to generically handle the image in memory, couldn't this get stored in cache?
Saying the images will be encrypted because you will be connecting to my server via https still does not guarantee all browsers will not cache data.
It's not possible to even consider the "Query String" with expiration option since data will be encrypted before being stored on disk at s3, and will again be decrypted at my server in memory.
I think my only option would be to write/purchase some sort of ActiveX component that will not expose the image as a simple html image source or write my app as a client side WinForm application.
On the face of it, it seems unlikely that cloud computing could be HIPAA compliant. Surely it is impossible to satisfy the Security Rule when the instance is hosted on someone else's hardware, tended by someone else's sysadmins?
However, Amazon have published a whitepaper on this very topic: Creating HIPAA-compliant Medical Data Applications with AWS. It is well-worth reading, and seems to address the main concerns. It does end with a disclaimer:
"This white paper is not intended to
constitute legal advice. You are
advised to seek the advice of counsel
regarding compliance with HIPAA and
other laws that may be applicable to
you and your business."
Naturally the same applies to any advice you get from some random bloke off Das Interwebs.
Contrary to some of the other answers, cloud computing and cloud data storage can in fact be HIPAA compliant (note that they were written in 2010, when this was a much tougher call).
There are two main things you should consider for this:
you must get the cloud provider to sign a HIPAA Business Associate Agreement (BAA)
you must adhere closely to the Security Rule in the development of your system (encryption, audit trails, etc.)
Here are some cloud providers that will sign BAA's:
Amazon Web Services
Rackspace
Windows Azure (as of July 2012)
(Up until recently, Amazon wasn't willing to sign a BAA, so even though they had a whitepaper on compliance, following their guidelines just didn't cut it - all that has changed, though).
For image storage, AWS has S3 and Azure has blob storage.
As far as your concerns about serving the images in the browser, I'm actually not sure how strict you have to be, but it seems like you could embed your images within:
a Java Virtual Machine (JVM)
Flash
Flex
HTML5
It looks like PracticeFusion started off using Flex & Flash and is in the process of gradually transitioning to HTML5.
The HIPAA and the credit card PCI compliance are basically impossible to implement, or trivial - it all depends on what consultant you hire to tell you what the meaning of a 'closed' network is - is that mathematically closed (which I would argue is the highest form), or is that closed as in behind a wall and not connected to the outside world, but trivially easy to eavesdrop with some basic equipment on the sidewalk outside?
When you get done with consultants, the fact that much computer equipment is leased, the fact that computers have usb ports and their users camera phones, how could storing encrypted data anywhere be a problem? If you store encrypted data on S3, then S3 is not storing ANYTHING other than random bits of garbage. Some key owned by you + the garbage = data and that only happens in your system.
I have seen 'HIPAA compliant' software that runs with no encryption on a PC with XP on it. Considering how many laptops are owned by botnets and keystroke loggers, the whole thing is an basically an exercise in deniability.
The HIPAA rules explicitly state that data does not have to be encrypted when its sitting on your users computer:
"Information systems housing PHI must be protected from intrusion. When information flows over open networks, some form of encryption must be utilized. If closed systems/networks are utilized, existing access controls are considered sufficient and encryption is optional."
A couple comments. Images served via https are not always stored in the browser cache. Even so, you can control this using headers.
When you upload an image you can stream it into memory and directly into a database using your favorite encryption technique. When the user requests a page with a url to an encrypted image, you simply call your controller, grab the encrypted data from the database, decrypt it in memory and return the image.
[AcceptVerbs(HttpVerbs.Get)]
public ActionResult ShowImage(string id)
{
ImageEntity image = Repository.For<ImageEntity>().Where(a => a.AssetIdd == id).First();
var decryptedImage = Decrypt(image);
ImageResult result = new ImageResult(decryptedImage.ImageData, decryptedImage.ContentType);
return result;
}
You use it like this:
<img src="/Assets/ShowImage/<%=Model.Id%>" alt="" />
No. HIPAA compliance is impossible due to the conflict between the network encryption requirement and the network monitoring requirement.
We've talked about personal password management here but how do you guys manage your passwords at a company wide level?
I thought I'd report back after my week of searching...
I've settled on PassPack I've been using it for a few days now for my personal passwords and I'm a total fanboy.
They use the Host-Proof Hosting pattern so the only one that can access your stuff is you and if you forget your password they can't help you.
They have some nice Offline apps written with Adobe AIR and Google Gears.
But, best of all, they fit my "enterprise" requirement because an upcoming release will support sharing within a trusted group.
Plus, I learned about The "Blog" of "Unnecessary" Quotation Marks in their forum.
We have managed to plan our company applications so they are mainly web based and open source or in-house developed. This then allowed us to use LDAP to hook into active directory for logging into our intranet. From there we modified the logins into various products we use (MediaWiki, Wordpress, SugarCRM etc.) so that if the user is authenticated in the intranet, they are automatically logged into these other products as well.
This has taken some time setting up the process and creating a script to set all the appropriate user details in each system when someone joins the company, however now we have a situation where everyone only has to remember one password, removing the need for managing a growing list of passwords.
Obviously this may not be viable in many companies, but now that we have it setup it was worth the effort.
We use Password Agent: http://www.moonsoftware.com/pwagent.asp
It stores everything from PC admin logins to website logins and product keys for products we all use.
We use Active Directory to store user credentials, and developed custom library for Desktop and Web
We are using KeePass application with success.
We create file per project and/or per business domain.
We share the password to appropriate KeePass file between people who should have access.
It's not the best solution. We also have Cyber-Ark software installed corporate-wide, but due to some strange configuration rules it does not work for us as good as the previous solution. It might be also related to the fact that we have an old version.
We maintain an in-house Lotus Notes database that stores absolutely everything from passwords to server change records. It is big, cumbersome, takes an age to load, and is generally not, uh, nice.
No, this is not a sane way to do it. :-|
Obviously I'm biased because I work there, but we use Enterprise Random Password Manager from Lieberman Software. Yes, we do actually dogfood our own tool in our own network. It has some nice features, like web accessibility with delegation, scheduled operation with retry, propagation to other things using accounts (services, COM+ apps, etc.), system/account discovery, Linux/Unix account management, etc.
I'm sure a salesperson could give a better pitch, but that I am not. I'd encourage you to check it out. :)
For passwords related to my work, I store them in a plain unencrypted passwords.txt file in my user storage area on the main company file server. Normally, other people in the company can't read files in my user storage area, so there is little risk of exposure. However, if something were to happen to me, then all my passwords for company related activities would be trivially available to others inside the company - just ask MIS.
This is a very different security model than what I use for my personal passwords, of course.
Just a heads up: Microsoft have a product managing credentials/passwords/identity across varied systems: Identity Lifecycle Manager
Secret Server is something that grew from an internal need (within our software company) to a viable product that is now used all over the world. It is web-based and allows you to store passwords and then securely share them with other users and groups (even AD users and groups). It is also able to actively reach out and change passwords on automatic schedules, even handling associated dependencies such as Windows Services for service accounts.
Enterprise Password Management (free 30 day trial).
Use Apache Directory Server, which is an LDAP-standard implementation.
You can manage the directory database using Apache Directory Studio so it's quite user friendly (or at least, admin-friendly).
Then you can hook the directory programmatically to any application that requires access to the credentials, LDAP client libraries are widely available on popular programming platforms such as Java, C++, PHP, Ruby, etc.
My business friend adviced me to check out Passwork (https://passwork.me). They use self-hosted version on own servers, i found out that Passwork also has SaaS.
So i and my colleagues store our company passwords in Passwork.
We had tried another enterprise pw managers before but weren't able to trust them.
We had a look at a product that had these features:
Can give access privleges to password using roles.
Handles delegation.
Logs access to passwords.
Can Randomize passwords.
Can automatically re-randomize a password X days after access to it.
Unfortunately, I can't couldn't it's name when I posted this... It was "Secret Server"