Your SlideShare is downloading. ×
Privacy on the Internet - Init6 InfoSec August Meeting
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Introducing the official SlideShare app

Stunning, full-screen experience for iPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Privacy on the Internet - Init6 InfoSec August Meeting

370
views

Published on

Presented by: Jose Quinones …

Presented by: Jose Quinones
Learn about technologies that may help you maintain your privacy on the Internet.

Published in: Technology

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
370
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
4
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Obsidis Consortia, Inc. Privacy on the Internet “This presentation is dedicated to the NSA” José L. Quiñones-Borrero, BS MCP, MCSA, MCT, CEH, CEI, GCIH, GPEN, RHCSA
  • 2. What is OC, Inc? • Obsidis Consortia, Inc. [OC, Inc.] is a non-profit organization that promotes security awareness in the community and supports professional development of security professionals, students and enthusiasts in Puerto Rico. • OC, Inc. has develop and is supporting initiatives like the Init6 Security User Group, Professional Training & Workshops, Network and Security Systems Simulation Scenarios (Capture the Flag), Security BSides Puerto Rico Conference and a Community Outreach Program.
  • 3. How the Internet works?
  • 4. The NSA scandal has revealed … • They can and will capture all traffic possible • All encrypted traffic is considered suspicious and is retained indefinitely • They trace up to 3 hops/connections (people) to and from the target. • This is not something new, don’t be naive. • The Patriot Act was extended until Dec 2017
  • 5. …here come the technologies • Encryption – SSL/TLS/IPSec – PGP/GPG – AES/RSA/DES • Tunneling – SSH – Tor – VPN
  • 6. (The Onion Router) • "Onion Routing" refers to the layers of the encryption used. • The original data, including its destination, are encrypted and re-encrypted multiple times, and sent through a virtual circuit comprising successive, randomly selected Tor relays. • Each relay decrypts a "layer" of encryption to reveal only the next relay in the circuit in order to pass the remaining encrypted data on to it. The final relay decrypts the last layer of encryption and sends the original data, without revealing or even knowing its sender, to the destination. • This method reduces the chance of the original data being understood in transit and, and conceals the routing of it
  • 7. How does Tor works?
  • 8. How Tor protects you from snooping
  • 9. Cautions with Tor • Traffic on exit nodes can be captured/sniffed • Incompatible applications can bypass Tor and reveal your location/personal information • “User” fingerprinting may be possible – User agent, OS, plugins, etc… – Client side scripting can collect valuable information • Exit nodes should not (NEVER) be trusted
  • 10. VPN • Protocols – PPTP (weakest) – L2TP/Ipsec – SSL • Private VPN service – VPN service you pay for to protect your information – VPN providers are bound by its country’s laws • OpenVPN
  • 11. How a private VPN works
  • 12. SSH Goodness • Remote – ssh –R remote_port • Static (redirect a local connection to a remote ip:port) – ssh –L local_port:remote_ip:remote_port user@host • ssh –L 10000:10.10.10.10:80 user@host • Dynamic (socks5) – ssh –D local_port user@host • ssh –D 10000 user@host • Other options • -f (sent to backgrond • -N (prevent execution on remote server • -o (send proxy command) 9/26/2013
  • 13. Proxychains • Forces TCP applications that don’t support proxies to go thru them • Uses proxies in config file: – /etc/proxychains.conf – socks4, socks5, http • Simple to use – proxychains firefox http://mozilla.com – proxychains nmap -sT -p 80 1.2.3.4 9/26/2013
  • 14. Metadata • With whom do you communicate? – Telephone, Email, Text/SMS, chat • What is you pattern of communication? – frequency, periods of time, volume, time line • Where do you go and go goes the same “place”? – “places” you visit
  • 15. Immersion at MIT https://immersion.media.mit.edu/ • Immersion presents users with a number of different perspectives of their email data. • It provides a tool for self-reflection at a time where the zeitgeist is one of self-promotion. • It provides an artistic representation that exists only in the presence of the visitor. • It helps explore privacy by showing users data that they have already shared with others. • Finally, it presents users wanting to be more strategic with their professional interactions, with a map to plan more effectively who they connect with.
  • 16. My Work
  • 17. My Hobbie
  • 18. My Person
  • 19. Always be: Paranoid!
  • 20. Please visit us to keep in touch … www.ObsidisConsortia.org www.BSidesPR.org https://www.youtube.com/channel/UCtpOw0dKOIVJu7JZqHx4oQg https://plus.google.com/u/0/communities/102771209982001396923 https://facebook.com/obsidisconsortia https://twitter.com/BSidesPR Affiliates: www.TalktoanIT.com www.codefidelio.org www.darkoperator.com
  • 21. More Info • Tor – https://www.torproject.org/docs/documentation.html.en – https://www.youtube.com/watch?v=LAcGiLL4OZU – https://www.eff.org/pages/tor-and-https – http://www.aldeid.com/wiki/Tor/Usage/Nmap-scan-through-tor • SSH – https://chamibuddhika.wordpress.com/2012/03/21/ssh-tunnelling- explained/ – http://technologyordie.com/ssh-tunneling-and-proxying – https://www.youtube.com/watch?v=TEuus9-nXNY • VPNs – http://openvpn.net/index.php/open-source/documentation/howto.html – http://www.linuxforu.com/2012/01/ipsec-vpn-penetration-testing- backtrack-tools/
  • 22. Open Discussion … Q & A