-
Notifications
You must be signed in to change notification settings - Fork 11
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
2 changed files
with
27 additions
and
55 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,77 +1,49 @@ | ||
| # Glossary | ||
|
|
||
| There are a lot of different ways to talk about some of the underlying topics, and the explanation that really clicks is different for every person. This is less a glossary than a round-up of great analogies and explanations. These are simplified explanations of technical concepts for non-techinical users, | ||
|
|
||
| possibly with links to helpful analogies or in-depth material. | ||
|
|
||
| simplified explanations of technical concepts for non-techinical users, possibly with links to helpful analogies or in-depth material. | ||
|
|
||
| These are good ways to talk about security topics. Aka: analogies we love. | ||
| s | ||
|
|
||
| + Intro/framing | ||
| + What is a Network | ||
| + What is Encryption | ||
| + What is Authentication | ||
| + What is a Computer (& What is Software) | ||
|
|
||
| # Concept Glossary | ||
|
|
||
| There are a lot of ways to talk about the topics and concepts underlying digital security, and the example that really clicks can be different for every person. This resource is less a glossary than a round-up of great analogies and explanations, offering simplified explanations of technical concepts for non-technical users. | ||
|
|
||
| Let's start at the beginning: What is a network? | ||
|
|
||
| ## What is a network | ||
|
|
||
| A network is two or more nodes connected physically and informationally over time. | ||
| ## Networks | ||
|
|
||
| ### How do you teach networks? | ||
| A network is two or more nodes connected physically and informationally over time. For example: | ||
|
|
||
| Examples of Networks: | ||
| * Path data for cellphones | ||
| * Electrical grids | ||
| * Social graphs | ||
| * Road systems | ||
| * John Snow's cholera map | ||
| * Packet switching diagram | ||
| * [John Snow's cholera map](https://www.theguardian.com/news/datablog/2013/mar/15/john-snow-cholera-map) | ||
| * [Packet-switching diagram](https://en.wikipedia.org/wiki/Packet_switching#/media/File:Packet_Switching.gif) | ||
|
|
||
| Think about what a network sees when it sees you. On some you look like a billing point, little more than an amount of money owed, with a individual ID number. On some you look like a series of paths: think about cell phone towers and ATM withdrawals. In a medical network, you look like a series of diagnoses, vital statistics, and a place where medical professional time and drugs vanish. That's what the you-shaped hole in that network looks like. To the electrical grid your house looks like a point where power vanishes and money comes out. On a smart grid, that portrait is a little more complex. What do you look like on a phone network? You look like data, metadata, and paths from tower to tower. Time stamps, locations, and connections out to nodes on the internet tell the story of your day, and much of your life. | ||
| Think about what a network sees when it sees you. On some you look like a billing point, little more than an amount of money owed, with a individual ID number. On some you look like a series of paths: Think about cell phone towers and ATM withdrawals. In a medical network, you look like a series of diagnoses, vital statistics, and a place where medical professional time and drugs vanish. That's what the you-shaped hole in that network looks like. To the electrical grid, your house looks like a point where power vanishes and money comes out. On a smart grid, that portrait is a little more complex. What do you look like on a phone network? You look like data, metadata, and paths from tower to tower. Time stamps, locations, and connections out to nodes on the internet tell the story of your day, and much of your life. | ||
|
|
||
| Most surveillance, good or bad, is built on how networks operate on the physical level. They're not nefarious, they're physics. | ||
|
|
||
| We live with and in networks every minute of every day. These networks lay over each other and touch all over the place. Once we start thinking about them, what they're shaped like, where we are in them, our contemporary world starts to make more sense. | ||
|
|
||
| The net is a packet switching network. Packet switching is rather like passing notes in class, you hand the note to someone near you, who tries to hand it to someone closer to the person it's intended for. To know where to pass the note, a person has to know who it's going to, and they know who gave it to them. This knowledge is called metadata: the data a network needs to function. | ||
|
|
||
| **exercises** | ||
| + cell phone exercise (Marco Polo Is a very interesting historical figure/Ping Pong is a game with two people) | ||
| + passing notes in class | ||
| The net is a packet-switching network. Packet switching is rather like passing notes in class: You hand the note to someone near you, who tries to hand it to someone closer to the person it's intended for. To know where to pass the note, a person has to know who it's going to, and they know who gave it to them. This knowledge is called metadata: the data a network needs to function. | ||
|
|
||
| ## HTTPS | ||
|
|
||
| [The US CIO's excellent and thorough explanation](https://https.cio.gov/everything/), and [Chrome's Developer Blog](https://developers.google.com/web/fundamentals/security/encrypt-in-transit/why-https) | ||
|
|
||
| [HTTPS as Pigeons](https://medium.freecodecamp.org/https-explained-with-carrier-pigeons-7029d2193351) via Andrea Zanin on freeCodeCamp walks through the core principles of HTTP and HTTPS with some nice pigeon analogies. (Not helpful, but clever, is the [IP Over Avian Carriers](https://en.wikipedia.org/wiki/IP_over_Avian_Carriers) protocol) | ||
|
|
||
| Wikipedia's [HTTPS entry](https://en.wikipedia.org/wiki/HTTPS) | ||
|
|
||
| * See [the US CIO's excellent and thorough explanation](https://https.cio.gov/everything/), and [Chrome's Developer Blog](https://developers.google.com/web/fundamentals/security/encrypt-in-transit/why-https) | ||
| * [HTTPS as Pigeons](https://medium.freecodecamp.org/https-explained-with-carrier-pigeons-7029d2193351) via Andrea Zanin on freeCodeCamp walks through the core principles of HTTP and HTTPS with some nice pigeon analogies. (Not helpful, but clever, is the [IP Over Avian Carriers](https://en.wikipedia.org/wiki/IP_over_Avian_Carriers) protocol.) | ||
| * Wikipedia's [HTTPS entry](https://en.wikipedia.org/wiki/HTTPS) | ||
|
|
||
| ## Certificate Authority | ||
|
|
||
| [HTTPS as Pigeons](https://medium.freecodecamp.org/https-explained-with-carrier-pigeons-7029d2193351) covers CAs as trusted signatories (but doesn't address Let's Encrypt). | ||
|
|
||
|
|
||
| ## What is Encryption | ||
| * [HTTPS as Pigeons](https://medium.freecodecamp.org/https-explained-with-carrier-pigeons-7029d2193351) covers CAs as trusted signatories (but doesn't address Let's Encrypt). | ||
|
|
||
| [Wikipedia's entry on Encryption](https://en.wikipedia.org/wiki/Encryption) is a solid overview. | ||
| ## Encryption | ||
|
|
||
| ### Key Based Authentication | ||
| * [Wikipedia's entry on Encryption](https://en.wikipedia.org/wiki/Encryption) is a solid overview. | ||
|
|
||
| Seth Schoen leads a great workshop on key based authentication -- the analogy he uses is this: if you remember anything about mathematics, you might remember that one thing that is pretty easy to do is to multiply two really big numbers together. It takes time, if you're only using a pencil, but you can do it. Factoring the product of two primes, however, is a lot harder. You can think of key-based encryption as taking advantage of this disparity. | ||
| ### Key-Based Authentication | ||
|
|
||
| Seth Schoen leads a great workshop on key based authentication, and the analogy he uses is this: If you remember anything about mathematics, you might remember that one pretty easy thing to do is to multiply two really big numbers together. It takes time, if you're only using a pencil, but you can do it. Factoring the product of two primes, however, is a lot harder. You can think of key-based encryption as taking advantage of this disparity. | ||
|
|
||
| ## What is Authentication | ||
| ## Authentication | ||
|
|
||
| The passwords lesson is a great resource for explaining the process of authentication. But at it's core, "authentication" is just the process that a system uses to determine that you are who you say you are. | ||
| The [passwords lesson](Chapter02-06-Passwords.md) is a great resource for explaining the process of authentication. But at its core, "authentication" is just the process that a system uses to determine that you are who you say you are. | ||
|
|
||
| ## What is a Computer (& What is Software) | ||
|
|
||
| As ever, [Wikipedia's entry on Computers](https://en.wikipedia.org/wiki/Computer) is an excellent resource for thinking about definitions. | ||
| * As ever, [Wikipedia's entry on Computers](https://en.wikipedia.org/wiki/Computer) is an excellent resource for thinking about definitions. |