Improvements in LibreOffice security
Speakers:
Thorsten Behrens (LibreOffice Developer, The Document Foundation / allotropia software GmbH) / Homepage
Scheduled time: Saturday, 09:00 - Room V3 - Duration 60 Min.
This talk provides an update on recent & upcoming improvements in LibreOffice, for an even safer operation.
As an office suite with a lot of functionality, as well as lots of ways to throw 'active content' aka macros at it, LibreOffice, just like its commercial brethren, provides a rather large attack surface.
To mitigate that, the German Federal Agency for Computer Security (BSI) has published a best practice handbook for secure deployments of LibreOffice, as well as funded a number of additional improvements. This talk will showcase the most important ones, as well as provide suggestions for further development and security-hardened deployments:
* fully automatic background updates under Windows
* bulk disabling of active content
* non-overridable admin configurations for all of LibreOffice
* better password security, including much-improved ODF document encryption
* disabling and removal of unsafe network protocols
Alongside of the above, the talk will suggest a number of additional best practices - for deploying LibreOffice configured as securely as possible.
Website: https://www.libreoffice.org/
Desired previous knowledge: Knowledge of LibreOffice, and some basic concepts of computer and information security are useful, but not required.
Supplemental material: Slides (1057 KiB)
Download MP4 (223 MiB)
