how to turn a computer into a trusted terminal

securing traffic over a network (what is a network?)

how-to on some specific tool (gpg/enigmail/etc...)

security culture for computers: how to have a secure password,
password sharing, how to not be a naive user

analogies to real-world security

Q&A


a) An Introduction to Computer Security (1 hr)
----------------------------------------------

0) intro -- who we are

1) authentication: passwords -- yuri
   bad passwords
   what makes a password better?
   some techniques for choosing a good password

2) can you trust the computer you are using -- jrollins
  define TPC
  assumption: no one here is using a TPC: why is that?
  coping without one (because most people don't have one)

3) networks -- communicating between multiple machines -- dkg
      

4) case study -- what does this mean, exactly?  can either of you guys fill this in more?



b) Towards a Trusted Computing Environment (1 hr)
-------------------------------------------------
(knoppix is already running)

0) intro -- who we are -- 2 minute recap of A2 -- 
0.25) where would they use this?
        university
	company
	friend's houses
      warning! not all administrators will be ok with this!

0.5) quick knoppix demo

1) what's knoppix: a operating system that runs off of a read-only CD  -- dkg
		   it includes software applications and tools
                   it's open source
                   it's configurable (though we didn't configure it and configuring it is beyond the scope of this talk)
                   why do we consider this a more trustworthy environment:
		      disk can't be overwritten by malicious code so it's the same at startup
		      open tools (verifiable by anyone)
		   it might run slower because it's coming off the CD
                   
2) How to boot Knoppix?  -- dkg
   what's a bios
   how does a computer boot?

3) demo of a couple bioses focussed on changing boot media
   (securing the bios/bios passwords?)

4) knoppix demo -- jrollins
   browser: konqueror (if you prefer mozilla, that's on here too)
   openoffice
   modem configuration
   network configuration?
   printers?
   "what's this hda1 thingy?"  don't touch it!  this is why admins might get cranky...
   how to explore
  



theory part:
------------

introduction:  who we are, why we might have some clue

"has everyone here logged into a computer before?"


multi-user computers 

password


classroom -- passing notes





layers of vulnerability






0) introduction

1) authentication

2) tpc -- can you trust your machine?
  define TPC. (2m)

  assumption: no one here is using a TPC (2m)

  b) coping without one (because most people don't have one)

3) dealing with networks



duration of the talk?

number of sessions?

who is the audience?

who can give us legal advice?

what handouts do we need?

what props do we need?

Q&A -- will vary 








-----------------------------------------

bring small whiteboard

dealing with networks:
----------------------

0) we've talked about security of accounts (passwords)
   we've talked about security of the local machine (tpc)
   now we're going to talk about computers as a communication tool.  this rests on the other security items.

1) role-play with note passing.  if no volunteers, me and yuri.
   this is what a network is.
   don't go into technical details -- offer to talk afterwards about it if they want that.

2) introduce the two major problems:  privacy and integrity

3) this is not just e-mail.  this is about web site requests as well.

4) the main tool for secured e-mail is GPG -- don't have time to go into it.

5) explain breakdown of URL into hostname parts.  SSL means "you are
   connected securely to this host".  it doesn't claim any other level
   of security.  it refers to both privacy and integrity.  it relies
   on TPC, and it also relies on an international network of trust
   about how to identify these computers.  i won't go into the trust
   network here, but there are various ways it could be compromised.

6) questions?



----------------------------------------------

other things to do today:

test video switching



Personal Machine:
-----------------

hw/sw distinction
-----------------

hw: keylogger, wireless kbd snooping

sw: 
     transparent and non-transparent
      ad-ware you can see

      spy-ware

social:
  whose machine is it?
  where is it?

   


what is a TPC: a machine that you are confident has never been compromised.

are most computers TPC

what are ways that it has never been compromised -- that's not
knowable.  but you can check certain ways to see that it *has been* compromised:

 -- presence of ad-ware
 -- netstat -n to monitor network traffic
 -- look at process list
 -- memory usage
 -- disk space
 -- regular monitoring is the key

what are ways to move towards trusting your personal machine:

DIY
limiting physical access
types of software to use:
  open source vs. proprietary
be aware of what it is you are downloading and where it came from.
security patches -- be aware of false promises of updates -- each system has a standard way.
antivirus programs/scanning programs: ad-aware/spybot search and destroy/hijack this!
reading community forums 
removing traces on public machines