149 lines
3.3 KiB
Markdown
149 lines
3.3 KiB
Markdown
<!-- .slide: data-background="./img/copertina.png" -->
|
||
|
||
## Smash <bretthe Firewall
|
||
|
||
|
||
A big thanks to the <br/>[_TO hacklab](https://autistici.org/underscore) <br/>for the source of this presentation.
|
||
<footer>
|
||
<small>
|
||
You can find the slides at
|
||
[LEZZO.org/smash-the-firewall](https://lezzo.org/smash-the-firewall/)
|
||
<p xmlns:cc="http://creativecommons.org/ns#" ><a href="https://creativecommons.org/licenses/by-nc-sa/4.0/?ref=chooser-v1" target="_blank" rel="license noopener noreferrer" style="display:inline-block;">CC BY-NC-SA 4.0</a></p>
|
||
</small>
|
||
</footer>
|
||
|
||
--
|
||
|
||
## Goal
|
||
- When you leave the squat, you should have a better idea of what it means to defend yourself when you have a digital presence.
|
||
|
||
<br>
|
||
- The slides are meant to be used as a web resource, so there is a lot of text. I'll try not to read ¯\_(ツ)_/¯
|
||
- Cyberattacks will be mentioned during the presentation. Feel free to ask for details.
|
||
|
||
|
||
--
|
||
|
||
### Why
|
||
- There is no such thing as 100% protection
|
||
<br>
|
||
- There is no one size fits all solution
|
||
<br>
|
||
- Cybersecurity means mitigating the potential dangers your
|
||
online actions might create
|
||
<br>
|
||
- Techniques that are beneficial in one situation might pose risks in
|
||
another
|
||
<br>
|
||
|
||
|
||
|
||
|
||
|
||
--
|
||
|
||
### Threat model
|
||
You can't protect yourself from what you're not aware of.
|
||
|
||
- **Who is my enemy?<!-- .element: class="red"-->** (my parents, my significant other, my employer, interpol, the freemasonry 𓁿)
|
||
⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
|
||
<!-- .element: class="fragment" -->
|
||
|
||
- **What am I protecting?**<!-- .element: class="red"--> (my identity, my sexual preferences, my ideas, my spicy text ㆆ _ ㆆ)
|
||
<!-- .element: class="fragment" -->
|
||
|
||
- **How can I be attacked?**<!-- .element: class="red"--> i.e. my threat categories =͟͟͞͞(꒪ᗜ꒪‧̣̥̇)
|
||
<!-- .element: class="fragment" -->
|
||
|
||
--
|
||
|
||
### Practical example
|
||
<p style="color:green;">Selling pot in high school</p>
|
||
|
||
Who is my enemy?
|
||
- Law Enforcement
|
||
<!-- .element: class="fragment" -->
|
||
- The school
|
||
<!-- .element: class="fragment" -->
|
||
- My parents
|
||
<!-- .element: class="fragment" -->
|
||
|
||
What am I protecting?
|
||
- My parents
|
||
<!-- .element: class="fragment" -->
|
||
- My friends and buyers
|
||
<!-- .element: class="fragment" -->
|
||
- My future
|
||
<!-- .element: class="fragment" -->
|
||
|
||
notes: proporre una riflessione collettiva su uno scenario
|
||
|
||
--
|
||
|
||
### Threat categories
|
||
A framework to answer the question "how can I be attacked?"
|
||
![](./img/bearattack.jpg)
|
||
|
||
--
|
||
|
||
### Spoofing
|
||
The act to violate **authenticity**. Examples:
|
||
|
||
- Forgery of documents
|
||
- Web phishing
|
||
- Email spoofing, the act to fake the sender
|
||
|
||
|
||
--
|
||
|
||
|
||
### Tampering
|
||
The act to violate **integrity** of data. Examples:
|
||
|
||
- Graffiti
|
||
- Man in the middle attacks
|
||
- Web defacing
|
||
- Double spending w.r.t. blockchain networks
|
||
|
||
--
|
||
|
||
### Information Disclosure
|
||
|
||
The act to violate **confidentiality**. Examples:
|
||
|
||
- Whistleblowing
|
||
- Revenge porn
|
||
|
||
|
||
--
|
||
|
||
|
||
### Denial of Service
|
||
|
||
The act to violate **availability**. Examples:
|
||
|
||
- Denial of service attacks
|
||
- Ticket scalping
|
||
|
||
|
||
--
|
||
|
||
|
||
|
||
### Elevation of privileges
|
||
|
||
The act to violate **authorization**. Examples:
|
||
|
||
- Jailbreaking
|
||
- Card cloning
|
||
|
||
--
|
||
|
||
|
||
### Repudiation
|
||
The act of denying or disavowing responsibility for an incident or
|
||
security breach. <br> In other words: claiming that you didn't do something
|
||
or were not responsible. Examples:
|
||
|
||
- Cooking the books
|
||
- Deleting log entries
|