Intro to digital security

Transcript

1. intro to digital security Florencia Herra-Vega (@flohdot) CTO, Peerio (peerio.com)

   Concordia Student Union, March 2017

2. what are you protecting? Against whom? a.k.a. “Threat Modelling”

3. Case Study #1 Amy is an aid worker coordinating a

   number of colleagues and volunteers in an area that is recovering from a natural disaster, which has a number of sensitive resource/land disputes. She gathers some information in the field that could be of interest to local businesspeople, politicians, and police.

4. Case Study #2 Roger is a teenager in a tightly

   knit, extremely conservative community. He lives at home with his tech-savvy parents and brother. He thinks he might be gay.

5. Case Study #3 Marie is a journalist working on a

   big scoop about police and construction industry corruption. She has anonymous sources, and she needs to discuss some aspects of the case with colleagues and experts.

6. where is your data? who owns it? how is it

   secured? who does it share its data with? what can it see about you? who owns it? who can access it? how is it secured?

7. where is your data? who owns it? how is it

   secured? who does it share its data with? what can it see about you? who owns it? who can access it? how is it secured? who owns it? how is it secured? who does it share its data with? what can it see about you? what data are you sending?

8. where is your data? who owns it? how is it

   secured? who does it share its data with? what can it see about you? who owns it? who can access it? how is it secured? who owns it? how is it secured? who does it share its data with? what can it see about you? what metadata are you sending?

9. who’s between you and your data? wi-fi network corporate network

   ISPs wi-fi network corporate network ISPs

10. where’s the crypto? “at rest” disk encryption ? ?

11. where’s the crypto? “at rest” disk/database encryption ? ?

12. where’s the crypto? “in transit” TLS/HTTPS ? ? ? ?

13. where’s the crypto? “in transit” TLS/HTTPS

14. where’s the crypto? “in transit” TLS/HTTPS

15. where’s the crypto? “end to end” (sometimes “zero knowledge”)

16. why isn’t everything end-to-end encrypted? 1. someone is making money

    off your data

17. why isn’t everything end-to-end encrypted? 1. someone is making money

    off your data 2. encryption is (REALLY) hard

18. why isn’t everything end-to-end encrypted? 1. someone is making money

    off your data 2. encryption is (REALLY) hard You have a secret you can’t share and can’t lose.

19. why isn’t everything end-to-end encrypted? 1. someone is making money

    off your data 2. encryption is (REALLY) hard You have to verify other people’s “identity” through math.

20. how do i pick my tools?

21. how do i pick my tools? do they protect the

    right things?

22. how do i pick my tools? are they worth the

    time + money?

23. how do i pick my tools? are they worth the

    hassle and rage?

24. You control your own computer (so keep it clean!) •

    update your operating system (mobile & desktop) • update applications • browse securely with extensions: uBlock origin (adblocker) & privacy badger (tracking blocker) & https everywhere • disk encryption (FileVault & Bitlocker) or file encryption (Veracrypt)

25. Use good passwords • don’t repeat them everywhere • long

    is better than complicated • use a password manager • two-factor authentication

26. last tips • your security is only as good as

    your weakest endpoint • don’t forget about physical security • think about economics • create solutions you & your friends/ colleagues will actually use