On Friday, 18 August 2017 18:14:22 CEST Sebastian Kügler wrote: > So, I could use some help with this, in the form of how this can be > structured, in what form it will be useful, more ambitious, and very > importantly measurable: I want us to be able to sit down in two years > and check: Are we on track? Do we need to change our approach? Do we > need to work harder? And of course: Did we achieve our goal? > > Your thoughts and input?
Obviously an idea I can support :) I have been looking a bit into how to verify the leak and transport encryption aspects. Using something like https://github.com/iovisor/bcc/blob/master/ tools/tcpconnect.py as a low-impact long-term recording and adding a decent filter/aggregation tool for the result should allow us to also find rare short-lived TCP connections and pin them on the responsible application. Port numbers provided by this give a first hint on transport encryption, but I'm still hoping for something better to verify this automatically and with a lower impact than a long running Wireshark session. Another aspect to check might be if we are still storing sensitive information like passwords outside of KWallet. Regards, Volker
signature.asc
Description: This is a digitally signed message part.
