Confirmed users
502
edits
Security/Automation/WinterOfSecurity2014: Difference between revisions
Jump to navigation
Jump to search
Security/Automation/WinterOfSecurity2014 (view source)
Revision as of 21:17, 21 April 2014
, 21 April 2014no edit summary
Gdestuynder (talk | contribs) No edit summary |
|||
| Line 54: | Line 54: | ||
* language: english or french | * language: english or french | ||
Mozilla maintains guidelines for server side configurations of SSL/TLS. The goal of this project is to build a tool that verifies compliance of a configuration with our guidelines, and help the administrators improve their security. It is very similar in philosophy to project like SSL Labs, but with a stronger emphasis on explaining how to reach a better security level, and educating the administrators. | Mozilla maintains guidelines for server side configurations of SSL/TLS. The goal of this project is to build a tool that verifies compliance of a configuration with our guidelines, and help the administrators improve their security. It is very similar in philosophy to project like SSL Labs, but with a stronger emphasis on explaining how to reach a better security level, and educating the administrators. | ||
=== Security tools === | |||
==== Improving OpenVPN with better MFA support ==== | |||
* Mozilla Advisor: Guillaume Destuynder | |||
* difficulty: medium | |||
* language: english, french | |||
* Required skills: C | |||
Mozilla uses OpenVPN with MFA using deferred C plugins and pythons scripts. However, there are several caveats that require non-plugin based modifications, such as OTP client input and session tracking. The modifications will also be sent to the upstream OpenVPN project. | |||
=== Risk Management === | === Risk Management === | ||
==== A playful way of teaching risk management to individuals ==== | ==== A playful way of teaching risk management to individuals ==== | ||
| Line 61: | Line 71: | ||
Risk management methodologies are numerous, but often regarded by individuals outside of the security community as dull and boring. The goal of this project is to design a way to teach the Mozilla Risk Management program to individuals at Mozilla. This could take the form of a strategy game, or anything that the students think is appropriate. This project has a strong component of creativity, but must also take into account some of the particularities of Mozilla: people are technically minded, work remotely often on video, and care a lot about security and privacy. A successful training program should teach the individual the entire lifecycle of data at Mozilla. | Risk management methodologies are numerous, but often regarded by individuals outside of the security community as dull and boring. The goal of this project is to design a way to teach the Mozilla Risk Management program to individuals at Mozilla. This could take the form of a strategy game, or anything that the students think is appropriate. This project has a strong component of creativity, but must also take into account some of the particularities of Mozilla: people are technically minded, work remotely often on video, and care a lot about security and privacy. A successful training program should teach the individual the entire lifecycle of data at Mozilla. | ||
==== An online threat | ==== An online threat modeling tool ==== | ||
* Mozilla Advisor: TBD | * Mozilla Advisor: TBD | ||
* difficulty: medium | * difficulty: medium | ||