SouthEast Linux Fest 2024

Best Practices for Hardware Security Tokens
06-07, 16:00–16:50 (EST5EDT), System76 (BallroomA)

Hardware security tokens from vendors such as Nitrokey and Yubico, are the single most effective mechanism to protect against cybersecurity breaches. In this session we discuss best practices on deployment and usage including use as a passkey, ssh, OpenPGP, passwords, disk encryption, and computer login.


The FBI Internet Crime Report report gives a sense of the scale of the cybersecurity threat with their latest report showing a loss of $28 billion in 2022 with a tenfold increase over five years.

Hardware security tokens have the potential for significantly reducing this threat for both companies and individuals. Tokens store information such as passwords, cryptographic keys used to generate digital signatures, and even biometric data (such as
fingerprints). Tokens are used to gain access to an restricted
services and devices. The tokens do all the crypto calculations on
board. The secrets typically never leave the device and are actually impossible to access directly.

This session will discuss best practices for deployment and usage of security tokens for companies and individuals. We will focus on multi protocol tokens such as NitroKeys and YubiKeys. The emphasis is on achieving real security and not "security theater".

Topics:

  1. Secure configuration for FIDO, OpenPGP, PIV, and passwords.
  2. Really secure OpenSSH usage.
  3. Disk encryption.
  4. Local and remote login.
  5. sudo including remote servers using pam.
  6. Backup and recover strategies.
  7. Full life cycle support including provisioning, inventory control,
    decommissioning.
  8. Compliance with standards such as SOC 2 and NIST CSF.

Jean Pierre has been involved in the open-source community since 1990. He has been a Debian DM for several years and is currently actively involved in Primero, an open-source platform for social welfare. He has started several companies, the latest is Salus CM (https://salus-cm.care/).

This speaker also appears in: