SF Bitcoin Devs HackDay: Operations Security for Running Sensitive Services
Details
Goal:
In this hackathlon the goal is to share the industry best practices how to protect your (web based) services. This includes protecting the development team and their tools, network and application firewalling, gathering OPSEC-related performance metrics, hardening your service against attack and Bitcoin multisig best practices.
After the discussion the hackathlon members work towards bootstrapping an open, Creative Commons licensed, Gitbook project for operations security manual. This effort draws inspiration from 90s Linux HOWTOs and comprehensive open tutorial books like DjangoGirls' Django tutorial (
http://tutorial.djangogirls.org/
What is OPSEC:
Operations security (OPSEC) is cross-discipline approach for protecting your service and information. It is crucial for all cryptoasset operations as the nature of these transactions attracts malicious actors. Hacked Bitcoin services give the industry a bad name, thus greatly reducing the consumer acceptance. This hackathlon is a small attempt to make it easy for the operators of cryptoasset services to protect their assets and users.
Who it is for
The primary audience is Bitcoin service operators and developers. Whitehats, blackhats and hackers wearing any other hat welcome.
Suggested agenda
-
Short presentation about OPSEC lessons learnt running a Bitcoin exchange
-
Discussion and sharing the experiences
-
Practical one-to-one sessions tutoring e.g. how to install and configure components on your servers (fail2ban, Cloudflare, etc.)
-
Working towards open OPSEC manual
Author
Mikko Ohtamaa is open source activist, Python and Bitcoin hacker and former CTO of LocalBitcoins.
http://photos1.meetupstatic.com/photos/event/6/c/3/4/600_435567700.jpeg
https://opensourcehacker.com (https://opensourcehacker.com/)
