smash-the-firewall/slides/intro.md

150 lines
3.3 KiB
Markdown
Raw Normal View History

2024-04-20 13:50:27 +02:00
<!-- .slide: data-background="./img/copertina.png" -->
## Autodifesa<br/>digitale
2024-04-20 15:59:41 +02:00
A big thanks to the <br/>[_TO hacklab](https://autistici.org/underscore) <br/>for the source of this presentation.
2024-04-20 13:50:27 +02:00
<footer>
<small>
2024-04-20 15:59:41 +02:00
You can find the slides at
[LEZZO.org/smash-the-firewall](https://lezzo.org/smash-the-firewall/)
<p xmlns:cc="http://creativecommons.org/ns#" ><a href="https://creativecommons.org/licenses/by-nc-sa/4.0/?ref=chooser-v1" target="_blank" rel="license noopener noreferrer" style="display:inline-block;">CC BY-NC-SA 4.0</a></p>
2024-04-20 13:50:27 +02:00
</small>
</footer>
--
2024-04-24 13:58:22 +02:00
## Goal
2024-04-20 15:59:41 +02:00
- When you leave the squat, you should have a better idea of what it means to defend yourself when you have a digital presence.
2024-04-20 13:50:27 +02:00
2024-04-24 13:58:22 +02:00
<br>
2024-04-20 15:59:41 +02:00
- The slides are meant to be used as a web resource, so there is a lot of text. I'll try not to read ¯\_(ツ)_/¯
2024-04-24 15:04:34 +02:00
- Cyberattacks will be mentioned during the presentation. Feel free to ask for details.
2024-04-20 13:50:27 +02:00
--
2024-04-24 13:58:22 +02:00
### Why
- There is no such thing as 100% protection
<br>
- There is no one size fits all solution
<br>
- Cybersecurity means mitigating the potential dangers your
online actions might create
<br>
- Techniques that are beneficial in one situation might pose risks in
another
<br>
--
2024-04-20 13:50:27 +02:00
2024-04-20 15:59:41 +02:00
### Threat model
You can't protect yourself from what you're not aware of.
2024-04-20 13:50:27 +02:00
2024-04-20 15:59:41 +02:00
- **Who is my enemy?<!-- .element: class="red"-->** (my parents, my significant other, my employer, interpol, the freemasonry 𓁿)
<!-- .element: class="fragment" -->
2024-04-20 13:50:27 +02:00
2024-04-20 15:59:41 +02:00
- **What am I protecting?**<!-- .element: class="red"--> (my identity, my sexual preferences, my ideas, my spicy text ㆆ _ ㆆ)
<!-- .element: class="fragment" -->
- **How can I be attacked?**<!-- .element: class="red"--> i.e. my threat categories =͟͟͞͞(꒪ᗜ꒪‧̣̥̇)
<!-- .element: class="fragment" -->
2024-04-20 13:50:27 +02:00
--
2024-04-24 17:22:29 +02:00
### Practical example
2024-04-20 15:59:41 +02:00
<p style="color:green;">Selling pot in high school</p>
2024-04-20 13:50:27 +02:00
2024-04-20 15:59:41 +02:00
Who is my enemy?
- Law Enforcement
2024-04-20 13:50:27 +02:00
<!-- .element: class="fragment" -->
2024-04-20 15:59:41 +02:00
- The school
<!-- .element: class="fragment" -->
- My parents
2024-04-20 13:50:27 +02:00
<!-- .element: class="fragment" -->
2024-04-20 15:59:41 +02:00
What am I protecting?
- My parents
<!-- .element: class="fragment" -->
- My friends and buyers
<!-- .element: class="fragment" -->
- My future
<!-- .element: class="fragment" -->
notes: proporre una riflessione collettiva su uno scenario
2024-04-20 13:50:27 +02:00
--
2024-04-20 15:59:41 +02:00
### Threat categories
A framework to answer the question "how can I be attacked?"
![](./img/bearattack.jpg)
2024-04-20 13:50:27 +02:00
2024-04-20 15:59:41 +02:00
--
### Spoofing
The act to violate **authenticity**. Examples:
2024-04-24 13:58:22 +02:00
- Forgery of documents
- Web phishing
- Email spoofing, the act to fake the sender
2024-04-20 15:59:41 +02:00
2024-04-20 13:50:27 +02:00
--
2024-04-20 15:59:41 +02:00
### Tampering
2024-04-24 13:58:22 +02:00
The act to violate **integrity** of data. Examples:
- Graffiti
- Man in the middle attacks
- Web defacing
- Double spending w.r.t. blockchain networks
2024-04-20 15:59:41 +02:00
--
### Information Disclosure
The act to violate **confidentiality**. Examples:
2024-04-24 13:58:22 +02:00
- Whistleblowing
- Revenge porn
2024-04-20 13:50:27 +02:00
2024-04-20 15:59:41 +02:00
--
### Denial of Service
The act to violate **availability**. Examples:
2024-04-20 13:50:27 +02:00
2024-04-24 13:58:22 +02:00
- Denial of service attacks
- Ticket scalping
2024-04-20 13:50:27 +02:00
--
2024-04-20 15:59:41 +02:00
### Elevation of privileges
The act to violate **authorization**. Examples:
2024-04-24 13:58:22 +02:00
- Jailbreaking
- Card cloning
2024-04-20 15:59:41 +02:00
--
2024-04-24 13:58:22 +02:00
### Repudiation
The act of denying or disavowing responsibility for an incident or
security breach. <br> In other words: claiming that you didn't do something
or were not responsible. Examples:
- Cooking the books
- Deleting log entries