Author: phobos Date: 2011-09-29 16:14:46 +0000 (Thu, 29 Sep 2011) New Revision: 25140 Added: projects/presentations/2011-09-29-FCADV-data-security.pdf projects/presentations/2011-09-29-FCADV-data-security.tex Log: add today's presentation Added: projects/presentations/2011-09-29-FCADV-data-security.pdf =================================================================== (Binary files differ) Property changes on: projects/presentations/2011-09-29-FCADV-data-security.pdf ___________________________________________________________________ Added: svn:mime-type + application/octet-stream Added: projects/presentations/2011-09-29-FCADV-data-security.tex =================================================================== --- projects/presentations/2011-09-29-FCADV-data-security.tex (rev 0) +++ projects/presentations/2011-09-29-FCADV-data-security.tex 2011-09-29 16:14:46 UTC (rev 25140) @@ -0,0 +1,130 @@ +\documentclass{beamer} +\mode<presentation> +\usetheme{Boadilla} +\title{FCADV Data Security} +\author{Andrew Lewman \\ andrew@torproject.org} +\date{September 29, 2011} +\begin{document} + +\begin{frame} +\maketitle +\begin{center} +\includegraphics[height=3cm]{./images/2009-tor-logo} +\end{center} +\end{frame} + +\begin{frame} +\frametitle{What are we talking about?} +\begin{itemize} +\item Quick overview of data security and privacy +\item Securing data independent of location +\item Shelters, survivors, and Internets +\end{itemize} +\end{frame} + +\begin{frame} +\frametitle{} +\begin{quotation} +\noindent \includegraphics[width=1cm]{./images/opquo}\quad +Knowledge is power... Knowledge is happiness. +\end{quotation} +\bigskip +\textbf{Thomas Jefferson, 1817} +\end{frame} + +\begin{frame} +\frametitle{The Tor Project, Inc.} +501(c)(3) non-profit organization dedicated to the research and development of technologies for online anonymity and privacy +\begin{center} +\includegraphics[height=5cm]{./images/2009-oval_sticker_new} +\end{center} +\end{frame} + +\begin{frame} +\frametitle{Crashing into data security and privacy} +\begin{itemize} +\item Encryption +\pause \item Access controls +\pause \item Backups +\pause \item Masking +\pause \item Erasure +\pause \item ISO/IEC 27002 Standard +\end{itemize} +\end{frame} + +\begin{frame} +\frametitle{Crashing into data security} +Follow the data itself. Ignore the technology used to touch it. +\end{frame} + +\begin{frame} +\frametitle{The life of a case file} +\begin{itemize} +\item Data is collected. +\item Data entered into ALICE. +\item Then what? +\pause \item who gets access to it? +\pause \item how is it transmitted to the next stop? +\pause \item where is it living? +\end{itemize} +\end{frame} + +\begin{frame} +\frametitle{Forget Alice, think about the data} +\begin{itemize} +\item zip code, sex, date of birth are all that's needed to deanonymize someone +\item ALICE computers should be separate from any other networks, such as survivor networks in a shelter, or reachable from outside the shelter. +\item firewalls are just locks on a door, they stop honest people from going further. +\end{itemize} +\end{frame} + +\begin{frame} +\frametitle{Securing data} +\begin{itemize} +\item disaster recovery, or where do I send a safe full of valuables? +\pause \item encryption? It should solve all my problems, right? +\pause \item how did you encrypt the case file? all as one big file, or individually? +\pause \item subpoena can force decryption +\end{itemize} +\end{frame} + +\begin{frame} +\frametitle{Internet access in the shelter} +\begin{itemize} +\item survivors will find a way to connect to the 'net +\item may circumvent your controls to their own detriment +\item IP address gives them away +\item shared computer, cookies (browser, flash, dom, html5) +\item wifi access means everyone can get on it +\item private browsing mode is hardly private +\item use read-only operating systems, livecd/liveusb so no one can save + anything locally. Tor makes one of these, btw. +\item virtual machines +\end{itemize} +\end{frame} + +\begin{frame} +\frametitle{OMG nevar goin' on dar Internets again!} +\begin{itemize} +\item Risk assessment +\pause \item minimization of harm +\pause \item containment +\pause \item work with your vendors +\end{itemize} +\end{frame} + +\begin{frame} +\frametitle{Questions?} +\begin{center} +\includegraphics[scale=1.0]{images/question-mark} +\end{center} +\end{frame} + +\begin{frame} +\frametitle{Copyrights} +\begin{itemize} +\item question mark, http://how-to-do-it.net/ +\end{itemize} +\end{frame} + +\end{document} \ No newline at end of file Property changes on: projects/presentations/2011-09-29-FCADV-data-security.tex ___________________________________________________________________ Added: svn:mime-type + text/x-tex