smash-the-firewall/slides/intro.md
2024-04-30 10:24:03 +02:00

149 lines
3.3 KiB
Markdown
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<!-- .slide: data-background="./img/copertina.png" -->
## Smash <bretthe Firewall
A big thanks to the <br/>[_TO hacklab](https://autistici.org/underscore) <br/>for the source of this presentation.
<footer>
<small>
You can find the slides at
[LEZZO.org/smash-the-firewall](https://lezzo.org/smash-the-firewall/)
<p xmlns:cc="http://creativecommons.org/ns#" ><a href="https://creativecommons.org/licenses/by-nc-sa/4.0/?ref=chooser-v1" target="_blank" rel="license noopener noreferrer" style="display:inline-block;">CC BY-NC-SA 4.0</a></p>
</small>
</footer>
--
## Goal
- When you leave the squat, you should have a better idea of what it means to defend yourself when you have a digital presence.
<br>
- The slides are meant to be used as a web resource, so there is a lot of text. I'll try not to read ¯\_(ツ)_/¯
- Cyberattacks will be mentioned during the presentation. Feel free to ask for details.
--
### Why
- There is no such thing as 100% protection
<br>
- There is no one size fits all solution
<br>
- Cybersecurity means mitigating the potential dangers your
online actions might create
<br>
- Techniques that are beneficial in one situation might pose risks in
another
<br>
--
### Threat model
You can't protect yourself from what you're not aware of.
- **Who is my enemy?<!-- .element: class="red"-->** (my parents, my significant other, my employer, interpol, the freemasonry 𓁿)
<!-- .element: class="fragment" -->
- **What am I protecting?**<!-- .element: class="red"--> (my identity, my sexual preferences, my ideas, my spicy text ㆆ _ ㆆ)
<!-- .element: class="fragment" -->
- **How can I be attacked?**<!-- .element: class="red"--> i.e. my threat categories =͟͟͞͞(꒪ᗜ꒪‧̣̥̇)
<!-- .element: class="fragment" -->
--
### Practical example
<p style="color:green;">Selling pot in high school</p>
Who is my enemy?
- Law Enforcement
<!-- .element: class="fragment" -->
- The school
<!-- .element: class="fragment" -->
- My parents
<!-- .element: class="fragment" -->
What am I protecting?
- My parents
<!-- .element: class="fragment" -->
- My friends and buyers
<!-- .element: class="fragment" -->
- My future
<!-- .element: class="fragment" -->
notes: proporre una riflessione collettiva su uno scenario
--
### Threat categories
A framework to answer the question "how can I be attacked?"
![](./img/bearattack.jpg)
--
### Spoofing
The act to violate **authenticity**. Examples:
- Forgery of documents
- Web phishing
- Email spoofing, the act to fake the sender
--
### Tampering
The act to violate **integrity** of data. Examples:
- Graffiti
- Man in the middle attacks
- Web defacing
- Double spending w.r.t. blockchain networks
--
### Information Disclosure
The act to violate **confidentiality**. Examples:
- Whistleblowing
- Revenge porn
--
### Denial of Service
The act to violate **availability**. Examples:
- Denial of service attacks
- Ticket scalping
--
### Elevation of privileges
The act to violate **authorization**. Examples:
- Jailbreaking
- Card cloning
--
### Repudiation
The act of denying or disavowing responsibility for an incident or
security breach. <br> In other words: claiming that you didn't do something
or were not responsible. Examples:
- Cooking the books
- Deleting log entries