Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Intro to digital security

FHV
March 16, 2017
Technology
1
63

Intro to digital security

Part I of workshop given with @denkiii for the Concordia Student Union. (second part included Signal, Tor, Yubikeys)

FHV

March 16, 2017
Tweet

More Decks by FHV

See All by FHV
Electron: From Awesome To Scary And Back Again (ScotlandJS)
flohdot
0
350
A Beginner's Toolkit for Securing Web Apps
flohdot
0
59
Dipping your toes into web security
flohdot
0
47
Digital Harm Reduction by Floh & Cleve (Perverscité 2016)
flohdot
0
98
Intro to web security
flohdot
0
59
An intro to web security
flohdot
0
160
Intro to Riak at montreal.rb
flohdot
0
73

Other Decks in Technology

See All in Technology
DDD e Team Topologies como estes conceitos podem te dar pistas de como montar seus times de engenharia!!!
claudioed
2
220
Aurora MySQL version 3でTempTable溢れの振り返り
mixi_engineers
PRO
6
1.6k
LINE 平台與開發生態系介紹
line_developers_tw
PRO
0
230
Beyond the Baseline: Horizons for Cloud Security Programs
ramimac
0
130
PHPからはじめるコンピュータア ーキテクチャ / PHP Meets Silicon: A Fun Dive into Computer Structures
tomzoh
3
180
クラウドだからできた 地方主導のJAWS DevOps
matsuihidetoshi
2
170
TypeScript ⼩ネタとか
sansantech
PRO
0
290
自作WASMランタイムをKernelに改造する試み.pdf
riru
2
460
DMMプラットフォームに ゼロベースでSLO導入している取り組み 適切なSLI模索の軌跡
junjunjunk
1
380
dojo230914
mitsuakitohei
1
190
組織・プロセス・技術 - フロントエンドの生産性向上への複眼的アプローチ / 20230921
bengo4com
3
370
四国クラウドお遍路_AWSアップデート2023
tsujiba
0
210

Featured

See All Featured
How to Ace a Technical Interview
jacobian
272
22k
[Brighton Ruby 2023] The Magic of Rails
eileencodes
3
260
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
318
20k
Product Roadmaps are Hard
iamctodd
42
8.7k
The Straight Up "How To Draw Better" Workshop
denniskardys
226
130k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
0
2.3k
Creatively Recalculating Your Daily Design Routine
revolveconf
208
11k
Build The Right Thing And Hit Your Dates
maggiecrowley
23
1.7k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
239
1.2M
How STYLIGHT went responsive
nonsquared
89
4.4k
Fantastic passwords and where to find them - at NoRuKo
philnash
34
2.1k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
6
7.1k

Transcript

  1. intro to digital
    security
    Florencia Herra-Vega (@flohdot)
    CTO, Peerio (peerio.com)
    Concordia Student Union, March 2017

    View Slide

  2. what are you protecting?
    Against whom?
    a.k.a. “Threat Modelling”

    View Slide

  3. Case Study #1
    Amy is an aid worker coordinating a number of colleagues
    and volunteers in an area that is recovering from a natural
    disaster, which has a number of sensitive resource/land
    disputes. She gathers some information in the field that
    could be of interest to local businesspeople, politicians, and
    police.

    View Slide

  4. Case Study #2
    Roger is a teenager in a tightly knit, extremely conservative
    community. He lives at home with his tech-savvy parents
    and brother. He thinks he might be gay.

    View Slide

  5. Case Study #3
    Marie is a journalist working on a big scoop about police
    and construction industry corruption. She has anonymous
    sources, and she needs to discuss some aspects of the case
    with colleagues and experts.

    View Slide

  6. where is your data?
    who owns it?
    how is it secured?
    who does it share its data with?
    what can it see about you?
    who owns it?
    who can access it?
    how is it secured?

    View Slide

  7. where is your data?
    who owns it?
    how is it secured?
    who does it share its data with?
    what can it see about you?
    who owns it?
    who can access it?
    how is it secured?
    who owns it?
    how is it secured?
    who does it share its data with?
    what can it see about you?
    what data are you sending?

    View Slide

  8. where is your data?
    who owns it?
    how is it secured?
    who does it share its data with?
    what can it see about you?
    who owns it?
    who can access it?
    how is it secured?
    who owns it?
    how is it secured?
    who does it share its data with?
    what can it see about you?
    what metadata are you sending?

    View Slide

  9. who’s between you and your
    data?
    wi-fi network
    corporate network
    ISPs
    wi-fi network
    corporate network
    ISPs

    View Slide

  10. where’s the crypto?

    “at rest”
    disk encryption
    ?
    ?

    View Slide

  11. where’s the crypto?

    “at rest”
    disk/database encryption
    ?
    ?

    View Slide

  12. where’s the crypto?

    “in transit”
    TLS/HTTPS
    ?
    ? ?
    ?

    View Slide

  13. where’s the crypto?

    “in transit”
    TLS/HTTPS

    View Slide

  14. where’s the crypto?

    “in transit”
    TLS/HTTPS

    View Slide

  15. where’s the crypto?

    “end to end”
    (sometimes “zero knowledge”)

    View Slide

  16. why isn’t everything
    end-to-end encrypted?
    1. someone is making money off your data

    View Slide

  17. why isn’t everything
    end-to-end encrypted?
    1. someone is making money off your data
    2. encryption is (REALLY) hard

    View Slide

  18. why isn’t everything
    end-to-end encrypted?
    1. someone is making money off your data
    2. encryption is (REALLY) hard
    You have a secret you can’t share
    and can’t lose.

    View Slide

  19. why isn’t everything
    end-to-end encrypted?
    1. someone is making money off your data
    2. encryption is (REALLY) hard
    You have to verify other people’s
    “identity” through math.

    View Slide

  20. how do i pick my
    tools?

    View Slide

  21. how do i pick my
    tools?
    do they protect the right things?

    View Slide

  22. how do i pick my
    tools?
    are they worth the time + money?

    View Slide

  23. how do i pick my
    tools?
    are they worth the hassle and rage?

    View Slide

  24. You control your own
    computer (so keep it clean!)
    • update your operating system (mobile & desktop)
    • update applications
    • browse securely with extensions: uBlock origin
    (adblocker) & privacy badger (tracking
    blocker) & https everywhere
    • disk encryption (FileVault & Bitlocker) or file
    encryption (Veracrypt)

    View Slide

  25. Use good passwords
    • don’t repeat them everywhere
    • long is better than complicated
    • use a password manager
    • two-factor authentication

    View Slide

  26. last tips
    • your security is only as good as your weakest
    endpoint
    • don’t forget about physical security
    • think about economics
    • create solutions you & your friends/
    colleagues will actually use

    View Slide