3.3 KiB
3.3 KiB
Autodifesa
digitale
A big thanks to the
_TO hacklab
for the source of this presentation.
--
Goal
- When you leave the squat, you should have a better idea of what it means to defend yourself when you have a digital presence.
- The slides are meant to be used as a web resource, so there is a lot of text. I'll try not to read ¯\_(ツ)_/¯ - Cyberattacks will be mentioned during the presentation. Feel free to ask for details.
--
Why
- There is no such thing as 100% protection
- There is no one size fits all solution
- Cybersecurity means mitigating the potential dangers your
online actions might create
- Techniques that are beneficial in one situation might pose risks in
another
--
Threat model
You can't protect yourself from what you're not aware of.
- Who is my enemy? (my parents, my significant other, my employer, interpol, the freemasonry 𓁿) ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
- What am I protecting? (my identity, my sexual preferences, my ideas, my spicy text ㆆ _ ㆆ)
- How can I be attacked? i.e. my threat categories =͟͟͞͞(꒪ᗜ꒪‧̣̥̇)
--
Practical example
Selling pot in high school
Who is my enemy?
- Law Enforcement
- The school
- My parents
What am I protecting?
- My parents
- My friends and buyers
- My future
notes: proporre una riflessione collettiva su uno scenario
--
Threat categories
A framework to answer the question "how can I be attacked?"
--
Spoofing
The act to violate authenticity. Examples:
- Forgery of documents
- Web phishing
- Email spoofing, the act to fake the sender
--
Tampering
The act to violate integrity of data. Examples:
- Graffiti
- Man in the middle attacks
- Web defacing
- Double spending w.r.t. blockchain networks
--
Information Disclosure
The act to violate confidentiality. Examples:
- Whistleblowing
- Revenge porn
--
Denial of Service
The act to violate availability. Examples:
- Denial of service attacks
- Ticket scalping
--
Elevation of privileges
The act to violate authorization. Examples:
- Jailbreaking
- Card cloning
--
Repudiation
The act of denying or disavowing responsibility for an incident or
security breach.
In other words: claiming that you didn't do something
or were not responsible. Examples:
- Cooking the books
- Deleting log entries