WEBVTT 1 00:00:00.040 --> 00:00:03.000 Welcome to another deep dive. Today. We're going to be 2 00:00:03.040 --> 00:00:08.000 looking at network security, yeah, and going beyond the basics 3 00:00:08.279 --> 00:00:10.640 to really get into some of the practical attack and 4 00:00:10.679 --> 00:00:14.000 defense techniques. And for this deep dive, we're using the 5 00:00:14.000 --> 00:00:18.079 book Understanding Network Hacks, Attack and Defense with Python three. 6 00:00:18.239 --> 00:00:21.800 That's right, Yeah, and it's really cool because it's like 7 00:00:21.839 --> 00:00:24.280 a hacker's playbook. But we're going to be focusing on 8 00:00:24.359 --> 00:00:26.000 the defense side of things exactly. 9 00:00:26.000 --> 00:00:27.280 We're going to try to get into the mind of 10 00:00:27.280 --> 00:00:30.640 an attacker so you can be better prepared to defend 11 00:00:30.679 --> 00:00:31.519 your own systems. 12 00:00:32.000 --> 00:00:33.560 I like it. So we're going to start with some 13 00:00:33.600 --> 00:00:35.920 of the core networking concepts just to get us all 14 00:00:35.960 --> 00:00:37.200 on the same page for sure. 15 00:00:37.240 --> 00:00:38.240 Got to build that foundation. 16 00:00:38.479 --> 00:00:41.439 Yeah, and then we'll dive into some real world attack 17 00:00:41.520 --> 00:00:45.679 techniques and how those can be used to exploit vulnerabilities 18 00:00:45.679 --> 00:00:49.479 in different well, I guess network protocols, right, Yeah. So 19 00:00:49.600 --> 00:00:51.479 let's start with something I think most people think is 20 00:00:51.520 --> 00:00:56.200 pretty secure. Ethernet. Okay, those physical cables, you know, plugged in, 21 00:00:56.240 --> 00:00:56.840 what could go wrong? 22 00:00:57.039 --> 00:00:59.719 Right? You would think that, right, Yeah, But every device 23 00:00:59.759 --> 00:01:03.000 on an Ethernet network has what's called a massy address 24 00:01:03.399 --> 00:01:06.000 and it's like a unique identifier for that device. 25 00:01:06.079 --> 00:01:07.799 Yeah, like a digital fingerprint. I've heard it. 26 00:01:07.799 --> 00:01:11.239 Called exactly, And a lot of people assume those are unspoofable, 27 00:01:11.560 --> 00:01:12.280 so to speak. 28 00:01:12.400 --> 00:01:16.959 Wait, spoofed. Hold on, how is that even possible? I 29 00:01:16.959 --> 00:01:19.480 thought MC addresses were hard coded into the hardware. 30 00:01:19.719 --> 00:01:23.359 They are, but an attacker can still send out data 31 00:01:23.400 --> 00:01:25.599 packets that make it look like it's coming from a 32 00:01:25.640 --> 00:01:28.280 different MC address. Okay, So they could pretend to be 33 00:01:28.319 --> 00:01:31.560 your printer for example. Oh sneaky, and your computer wouldn't 34 00:01:31.599 --> 00:01:32.159 know the difference. 35 00:01:32.400 --> 00:01:32.920 Oh wow. 36 00:01:33.000 --> 00:01:36.079 So that's why AMT address filtering by itself isn't enough 37 00:01:36.159 --> 00:01:36.879 for security. 38 00:01:37.239 --> 00:01:40.079 So even if you have a list of approved devices, 39 00:01:40.480 --> 00:01:43.200 someone could still slip through by faking their ID. 40 00:01:43.719 --> 00:01:47.439 Precisely. It shows how we need multiple layers of security. 41 00:01:47.040 --> 00:01:48.599 You know, there's a little unsettling. 42 00:01:48.719 --> 00:01:51.280 Yeah. And another thing about Ethernet is how it handles 43 00:01:51.319 --> 00:01:54.680 all the traffic. It uses this thing called CSMACD. 44 00:01:55.000 --> 00:01:56.239 Okay, what is that? Exactly? 45 00:01:56.359 --> 00:01:59.640 It stands for a Carrier Sense multiple Access with Collision 46 00:01:59.640 --> 00:02:04.120 detect and basically it's how Ethernet avoids those data collisions, 47 00:02:04.560 --> 00:02:06.560 you know, when multiple devices try to send stuff at 48 00:02:06.560 --> 00:02:07.120 the same time. 49 00:02:07.439 --> 00:02:11.280 Okay, so it keeps things running smoothly. Yeah. Does that 50 00:02:11.319 --> 00:02:14.520 have any impact on security though not directly. 51 00:02:14.599 --> 00:02:17.360 But it's important to remember that while it manages the 52 00:02:17.400 --> 00:02:21.400 flow of traffic, it doesn't actually prevent attackers from sniffing 53 00:02:21.439 --> 00:02:21.960 that data. 54 00:02:22.120 --> 00:02:25.280 Sniffing, yeah, like listening in on conversation exactly. 55 00:02:25.400 --> 00:02:28.400 All that data going across the network is traveling in 56 00:02:28.400 --> 00:02:31.639 these little packets, and anyone with the right tools and 57 00:02:31.719 --> 00:02:34.960 access can capture and analyze those packets. 58 00:02:35.240 --> 00:02:38.240 Okay, So what about VLANs then, aren't they supposed to 59 00:02:38.280 --> 00:02:41.599 like segment the network and add an extra layer of security. 60 00:02:41.960 --> 00:02:43.919 Yeah, a lot of people think that. Okay, but it's 61 00:02:44.000 --> 00:02:47.120 kind of a myth. VLANs are great for network management, 62 00:02:47.199 --> 00:02:50.960 but they don't offer that hardcore security that some people expect. 63 00:02:51.759 --> 00:02:55.840 An attacker can jump between VLANs using certain techniques, you know, 64 00:02:56.159 --> 00:02:58.280 and totally bypass those separations. 65 00:02:58.360 --> 00:03:01.240 You mean, even with VLANs in place, shouldn't get complacent 66 00:03:01.280 --> 00:03:02.080 about security. 67 00:03:02.360 --> 00:03:05.599 Absolutely, you need other security measures, you know, like firewalls, 68 00:03:05.639 --> 00:03:08.759 intrusion detection systems, that kind of thing to really lock 69 00:03:08.840 --> 00:03:09.280 things down. 70 00:03:09.400 --> 00:03:11.400 Okay, So before we go any further, I think we 71 00:03:11.400 --> 00:03:14.360 should back up a bit. Okay, how do devices actually 72 00:03:14.400 --> 00:03:15.800 find each other on a network. 73 00:03:15.919 --> 00:03:19.560 Ah. That's where ARP comes in, the Just Resolution protocol. 74 00:03:20.199 --> 00:03:23.560 It's how devices figure out each other's MC addresses. 75 00:03:23.400 --> 00:03:26.400 Right right, Because you might know a device's IP address, 76 00:03:26.800 --> 00:03:29.479 but you need its MSI address to actually, you know, 77 00:03:29.639 --> 00:03:31.159 send it data exactly. 78 00:03:31.560 --> 00:03:34.120 So your computer will send out what's called an ARP 79 00:03:34.360 --> 00:03:37.360 request okay, And it's basically like saying, hey, who has 80 00:03:37.360 --> 00:03:41.000 this IP, what's your MC and then the device with 81 00:03:41.080 --> 00:03:44.240 that IP address will respond with its MC address. 82 00:03:44.319 --> 00:03:46.039 Okay. What's the security problem there? 83 00:03:46.159 --> 00:03:49.960 Well, this whole process relies on trust, right, And what 84 00:03:50.039 --> 00:03:52.560 if an attacker sends out fake ARP. 85 00:03:52.560 --> 00:03:54.319 Responses, Oh, I see where you're going with this? 86 00:03:54.520 --> 00:03:57.319 They can poison the ARP cash you know, and then 87 00:03:57.360 --> 00:04:00.360 other devices believe that the attacker's MC address is the 88 00:04:00.400 --> 00:04:01.439 real one, so. 89 00:04:01.439 --> 00:04:04.840 The attacker can trick devices into sending their traffic to 90 00:04:04.879 --> 00:04:06.400 the wrong place exactly. 91 00:04:07.240 --> 00:04:10.039 That sets the stage for all sorts of attacks like 92 00:04:10.479 --> 00:04:14.000 man in the middle, where the attacker sits between two devices, 93 00:04:14.360 --> 00:04:17.199 listening in and even messing with the data. 94 00:04:17.639 --> 00:04:21.160 Man, this is getting interesting. It's crazy how even the 95 00:04:21.199 --> 00:04:25.720 most basic network processes have these vulnerabilities just lurking under 96 00:04:25.720 --> 00:04:26.240 the surface. 97 00:04:26.399 --> 00:04:27.560 Yeah, it really is. 98 00:04:27.759 --> 00:04:30.560 I am ready to dive deeper into these attack techniques. 99 00:04:30.720 --> 00:04:31.240 Let's do it. 100 00:04:31.639 --> 00:04:34.920 So we talked about ARP and how attackers can manipulate 101 00:04:34.959 --> 00:04:38.199 that whole process to get themselves in a prime position, right, 102 00:04:38.399 --> 00:04:40.279 So now I want to know what they can actually 103 00:04:40.319 --> 00:04:41.519 de with that access. 104 00:04:41.519 --> 00:04:43.279 Okay, Well, once they're there, you know, kind of sitting 105 00:04:43.319 --> 00:04:45.839 in the middle of everything, one of their favorite tools 106 00:04:45.879 --> 00:04:50.360 is sniffing. Sniffing, Yeah, they can actually capture the data 107 00:04:50.439 --> 00:04:53.560 packets as they're flowing between those two devices. 108 00:04:53.040 --> 00:04:56.079 So like a digital eavesdropper exactly. Okay, but would an 109 00:04:56.199 --> 00:04:58.199 encryption stop them in their tracks. 110 00:04:58.399 --> 00:05:00.519 It makes it a lot harder, that's for sure, but 111 00:05:00.639 --> 00:05:03.959 it's not foolproof. Think of it this way. Even if 112 00:05:04.000 --> 00:05:06.600 they can't read the actual message because it's all scrambled, right, 113 00:05:06.680 --> 00:05:09.839 they can still see things like the source and destination 114 00:05:09.920 --> 00:05:13.120 IP addresses, you know, okay, how much data is being sent, 115 00:05:13.199 --> 00:05:15.439 what protocols are being used, that kind of thing. 116 00:05:15.839 --> 00:05:19.079 So even encrypto traffic leave some kind of footprint. 117 00:05:18.800 --> 00:05:21.439 Exactly, and that can tell them a lot about what's 118 00:05:21.480 --> 00:05:21.879 going on. 119 00:05:22.240 --> 00:05:26.199 So like who you're talking to, what websites you're visiting, exactly, 120 00:05:26.199 --> 00:05:27.959 what kind of information is being exchanged. 121 00:05:28.000 --> 00:05:31.800 Yeah, all of that, and there are really powerful tools 122 00:05:31.800 --> 00:05:34.279 out there like TCP dump and wire shark that can 123 00:05:34.319 --> 00:05:37.560 capture all this stuff decode it all in real time. 124 00:05:37.839 --> 00:05:38.120 Wow. 125 00:05:38.199 --> 00:05:40.519 The book even shows you how to use like simple 126 00:05:40.639 --> 00:05:43.560 Python scripts to analyze network traffic. 127 00:05:43.680 --> 00:05:46.399 So it's not just about stealing passwords anymore. No, attackers 128 00:05:46.399 --> 00:05:49.399 can actually glean a lot of intelligence from patterns in 129 00:05:49.519 --> 00:05:50.199 network traffic. 130 00:05:50.279 --> 00:05:54.120 Absolutely wow. Okay, Now let's move on to IP spoofing. Okay, 131 00:05:54.319 --> 00:05:57.759 this is where the attacker basically disguises themselves as another 132 00:05:57.800 --> 00:05:58.839 device on the network. 133 00:05:59.120 --> 00:06:01.959 But wouldn't the system, you know, be able to tell 134 00:06:01.959 --> 00:06:03.279 that that IP addresses fake? 135 00:06:03.519 --> 00:06:06.279 Well, the Internet relies on a lot of trust, you know, 136 00:06:06.480 --> 00:06:10.439 and attackers exploit that, right, So they carefully craft packets 137 00:06:10.560 --> 00:06:13.000 make it look like that traffic is coming from a 138 00:06:13.079 --> 00:06:13.839 legitimate source. 139 00:06:13.959 --> 00:06:14.959 It's like a digital mask. 140 00:06:15.279 --> 00:06:16.079 Yeah pretty much. 141 00:06:16.120 --> 00:06:17.399 Okay, So then what can they do with that? 142 00:06:17.600 --> 00:06:20.920 Oh, all sorts of things you know, bypass access controls, 143 00:06:21.040 --> 00:06:24.279 inject data into the network, even launch a denial of 144 00:06:24.360 --> 00:06:25.079 service attack. 145 00:06:25.160 --> 00:06:27.000 A denial of service attack, those are the ones that 146 00:06:27.120 --> 00:06:28.839 like take websites offline. 147 00:06:28.600 --> 00:06:29.480 Right, yeah, exactly. 148 00:06:29.680 --> 00:06:29.959 Okay. 149 00:06:30.000 --> 00:06:32.279 One example the book covers is something called a s 150 00:06:32.399 --> 00:06:35.759 yn flood attack. Okay, Now, remember that TCP three way 151 00:06:35.800 --> 00:06:37.639 handshake we talked about earlier. 152 00:06:37.480 --> 00:06:39.240 Vaguely remind me how that works again. 153 00:06:39.319 --> 00:06:43.600 Sure, So it's basically how two devices establish a TCP connection, right, 154 00:06:43.800 --> 00:06:48.120 uh huh. The client sends a syn packet, the server 155 00:06:48.279 --> 00:06:51.959 responds with the syn ack packet. Okay, and then the 156 00:06:51.959 --> 00:06:55.240 client completes the handshake by sending an ack packet. 157 00:06:55.279 --> 00:06:55.600 Got it. 158 00:06:56.279 --> 00:06:59.120 Now. In an s yn flood attack, what happens is 159 00:06:59.160 --> 00:07:02.680 the attacker bombards the server with all these syn packets, 160 00:07:03.000 --> 00:07:05.279 but they never complete the handshake because. 161 00:07:05.000 --> 00:07:07.720 They're using spoofed IP addresses exactly. 162 00:07:08.199 --> 00:07:10.800 So the server gets all bogged down with all these 163 00:07:10.839 --> 00:07:14.439 half open connections. Oh and legitimate users can't get through. 164 00:07:14.879 --> 00:07:17.160 So it's like calling a restaurant and tying up all 165 00:07:17.199 --> 00:07:19.800 the lines so that no one else can make a reservation. 166 00:07:20.199 --> 00:07:21.120 Perfect analogy. 167 00:07:21.279 --> 00:07:21.759 I like that. 168 00:07:22.079 --> 00:07:25.439 And these attacks are surprisingly easy to launch. You know, 169 00:07:26.000 --> 00:07:28.680 the book actually shows you how to write a basic 170 00:07:28.920 --> 00:07:30.879 syn floodscript in Python. 171 00:07:31.120 --> 00:07:33.399 No way. Yeah, it's a little alarming. 172 00:07:33.319 --> 00:07:36.720 It is. But there are ways to defend against these attacks, 173 00:07:36.759 --> 00:07:40.319 you know, like syn cookies, which is a technique servers 174 00:07:40.319 --> 00:07:43.040 can use to kind of change up that handshake process 175 00:07:43.279 --> 00:07:46.399 and make it harder for attackers to exploit it. Okay, 176 00:07:46.519 --> 00:07:49.240 so there's this constant back and forth between the attackers 177 00:07:49.279 --> 00:07:50.079 and the defenders. 178 00:07:50.199 --> 00:07:50.720 Gotcha. 179 00:07:50.800 --> 00:07:53.560 What attackers can do depends a lot on what doors 180 00:07:53.600 --> 00:07:54.240 they can find. 181 00:07:54.360 --> 00:07:56.879 Open doors, you mean, like open ports on a computer. 182 00:07:57.240 --> 00:08:01.040 Exactly. Every computer has these virtual ports, and each port 183 00:08:01.079 --> 00:08:05.040 is associated with a specific service like web browsing or email, 184 00:08:05.759 --> 00:08:09.839 and attackers use something called port scanning to find those 185 00:08:09.959 --> 00:08:11.800 open and vulnerable ports. 186 00:08:12.040 --> 00:08:14.360 So they're like checking all the windows and doors to 187 00:08:14.360 --> 00:08:15.199 see if they can get in. 188 00:08:15.319 --> 00:08:17.199 Yeah, that's a good way to put it. They use 189 00:08:17.279 --> 00:08:20.160 tools to probe different ports and see which ones are 190 00:08:20.160 --> 00:08:23.079 open and listening. Okay, and once they find one, they 191 00:08:23.120 --> 00:08:26.000 can start exploring for weaknesses in that service. 192 00:08:26.240 --> 00:08:28.480 It's like casing the joint, you know, like a burglar 193 00:08:28.560 --> 00:08:32.440 figuring out how to break in exactly. Wow. Okay, so 194 00:08:32.720 --> 00:08:38.600 we've seen how attackers can spy on traffic right impersonaid devices, 195 00:08:38.759 --> 00:08:42.679 overload systems. Now I want to know what happens when 196 00:08:42.720 --> 00:08:44.639 they're actually inside the network. 197 00:08:44.720 --> 00:08:48.480 Well, one thing they can do is something called session hijacking. Okay, 198 00:08:48.799 --> 00:08:51.440 This is where they take over an existing connection between 199 00:08:51.440 --> 00:08:52.039 two parties. 200 00:08:52.159 --> 00:08:54.360 Like if I'm logged into my bank account, yeah, exactly, 201 00:08:54.440 --> 00:08:56.080 and an attacker can just jump in there. 202 00:08:56.159 --> 00:08:58.720 They can try to insert themselves into that session, so. 203 00:08:58.679 --> 00:09:01.159 They could see everything I'm doing. Potentially it even like 204 00:09:01.200 --> 00:09:02.279 make transactions or something. 205 00:09:02.320 --> 00:09:03.039 That's the danger. 206 00:09:03.120 --> 00:09:05.960 Yeah, yeah, well that's terrifying. But how do they actually 207 00:09:05.960 --> 00:09:06.240 do that. 208 00:09:06.519 --> 00:09:11.480 There's a few different techniques. One common one is exploiting 209 00:09:11.519 --> 00:09:15.000 weaknesses in how the session is managed. You know, like 210 00:09:15.039 --> 00:09:18.480 if a website doesn't properly validate those session IDs, an 211 00:09:18.519 --> 00:09:21.799 attacker might be able to guess or steal one and 212 00:09:21.840 --> 00:09:23.279 then use it to impersonate you. 213 00:09:23.879 --> 00:09:27.559 It sounds like they're stealing your digital identity in a way. Yeah, gosh, 214 00:09:27.559 --> 00:09:29.679 this is heavy stuff. It seems like everywhere you turn 215 00:09:29.679 --> 00:09:31.000 there's another vulnerability. 216 00:09:31.200 --> 00:09:33.000 It can seem that way. But don't worry. We're not 217 00:09:33.039 --> 00:09:38.600 done yet. We've got to talk about specific protocols like DNS, HTTP, HGTPS, 218 00:09:39.159 --> 00:09:41.960 even Wi Fi and Bluetooth. Lots more to uncover there. 219 00:09:42.000 --> 00:09:44.080 All right, let's do it, all right, let's dive into 220 00:09:44.080 --> 00:09:47.519 some of those specific protocols out DNS for starters, It's 221 00:09:47.519 --> 00:09:51.600 like the Internet's phone book. It translates those domain names 222 00:09:51.639 --> 00:09:56.559 into IP addresses exactly. But how is that vulnerable to attack? 223 00:09:56.720 --> 00:09:59.559 Well, it's actually pretty fascinating how such a you know, 224 00:10:00.000 --> 00:10:04.480 fundamental system can have these weaknesses. One really common attack 225 00:10:04.679 --> 00:10:07.600 is DNS spoofing. Imagine you're trying to go to your 226 00:10:07.639 --> 00:10:10.919 bank's website, right right. An attacker could intercept that DNS 227 00:10:11.000 --> 00:10:13.399 request that your computer sends out and send back a 228 00:10:13.399 --> 00:10:16.960 fake response, redirecting you to a malicious site that looks 229 00:10:17.000 --> 00:10:18.559 exactly like the real deal. 230 00:10:19.120 --> 00:10:21.600 So you could end up entering your login and password 231 00:10:21.639 --> 00:10:23.200 on a fake site and not even. 232 00:10:23.000 --> 00:10:25.720 Know it exactly. That's the whole danger there. Wow, And 233 00:10:25.759 --> 00:10:28.600 you know the book goes beyond just that basic DNS 234 00:10:28.639 --> 00:10:31.960 spoofing too, really Yeah, it gets into some lesser known 235 00:10:32.080 --> 00:10:36.360 but just as dangerous attacks. Oh like what, Well, there's 236 00:10:36.399 --> 00:10:39.320 one called DNS dictionary mapping, okay, and this is a 237 00:10:39.360 --> 00:10:43.120 way for attackers to basically, you know, gather intel on 238 00:10:43.159 --> 00:10:46.759 a network. They use DNS queries to scan for servers 239 00:10:46.759 --> 00:10:49.799 within an organization, almost like they're trying to map out 240 00:10:49.840 --> 00:10:51.519 the entire structure of the network. 241 00:10:51.600 --> 00:10:53.279 So they're like scoping out the play. 242 00:10:53.279 --> 00:10:57.000 Exactly like a digital burglar, you know, looking for potential targets, 243 00:10:57.039 --> 00:10:57.840 weak points. 244 00:10:57.879 --> 00:10:59.000 Wow, okay, and then. 245 00:10:58.840 --> 00:11:00.480 There's the zone transfer attack. 246 00:11:00.759 --> 00:11:01.080 What's that? 247 00:11:01.600 --> 00:11:04.600 This is where an attacker tries to actually download and 248 00:11:04.840 --> 00:11:07.360 entire domains DNS records so. 249 00:11:07.320 --> 00:11:09.240 They get like a blueprint of the whole infrastructure. 250 00:11:09.399 --> 00:11:11.039 Yeah, basically that's wild. 251 00:11:11.440 --> 00:11:15.159 Okay. Moving on to HTTP. Right, that's the protocol that 252 00:11:15.200 --> 00:11:18.159 powers the web. But I always hear about how it's 253 00:11:18.200 --> 00:11:22.279 transmitting data in plain text, which seems like a huge 254 00:11:22.440 --> 00:11:23.639 E security risk. 255 00:11:23.759 --> 00:11:26.120 Well, it definitely can be, especially when you're dealing with 256 00:11:26.159 --> 00:11:28.440 things like passwords and credit card numbers. 257 00:11:28.519 --> 00:11:28.720 Right. 258 00:11:28.919 --> 00:11:31.639 The book actually walks you through the anatomy of an 259 00:11:31.799 --> 00:11:37.639 HTTP request okay, breaks down the different methods like EET, post, 260 00:11:37.799 --> 00:11:41.320 and head, and it talks about those little text files 261 00:11:41.399 --> 00:11:43.759 that website store on your computer, you know, cookies. 262 00:11:43.840 --> 00:11:44.159 Cookies. 263 00:11:44.440 --> 00:11:46.679 A lot of people think they're totally harmless, but I mean, 264 00:11:46.720 --> 00:11:49.240 what's the risk. They can be used to track your 265 00:11:49.240 --> 00:11:54.240 browsing activity and they often store sensitive information like session IDs. Right, 266 00:11:54.480 --> 00:11:57.039 so an attacker who gets their hands on your cookies 267 00:11:57.399 --> 00:12:01.559 could do some damage. Like what, Well, they could manipulate 268 00:12:01.600 --> 00:12:05.039 the data, try to gain unauthorized access even hijack your 269 00:12:05.159 --> 00:12:05.960 entire session. 270 00:12:06.080 --> 00:12:08.720 Hold on session hijacking again, Yep, it's a big one. 271 00:12:08.840 --> 00:12:11.320 So like they could take over my online banking session. 272 00:12:11.399 --> 00:12:12.039 It's possible. 273 00:12:12.120 --> 00:12:13.840 Yeah, man, this is scary stuff. 274 00:12:13.879 --> 00:12:16.759 It is. And there's more. The book also covers things 275 00:12:16.799 --> 00:12:21.120 like directory traversal attacks, where attackers try to access files 276 00:12:21.159 --> 00:12:24.039 outside the web directory could be sensitive stuff in there. 277 00:12:24.519 --> 00:12:28.000 Then you got your sqel injection attacks, command injection attacks. 278 00:12:28.200 --> 00:12:29.399 So many ways to attack. 279 00:12:29.679 --> 00:12:32.159 Yeah, web developers have a lot to worry about. But hey, 280 00:12:32.279 --> 00:12:36.360 at least we have HTTPS now right right, A little padlock. 281 00:12:35.919 --> 00:12:37.960 In your browser that makes me feel safe. 282 00:12:38.159 --> 00:12:43.159 Definitely a huge improvement. It uses something called ssltls uh 283 00:12:43.240 --> 00:12:46.799 huh to encrypt that channel between your browser and the website. 284 00:12:46.879 --> 00:12:48.159 Okay, but here's the thing. 285 00:12:48.759 --> 00:12:51.519 Even HTTPS can be vulnerable. 286 00:12:51.679 --> 00:12:54.519 Wait seriously, So even that padlock is in a guarantee 287 00:12:54.600 --> 00:12:55.480 unfortunately not. 288 00:12:56.000 --> 00:12:58.440 It all comes down to how it's implemented. See the 289 00:12:58.480 --> 00:13:01.360 book talks about certificate a thought. Okay, those are the 290 00:13:01.480 --> 00:13:04.519 organizations that issue the digital certificate. 291 00:13:04.080 --> 00:13:06.559 Right to verify that a website is legitimate. 292 00:13:06.279 --> 00:13:08.720 Exactly, and if one of those CAAs gets compromised, they 293 00:13:08.720 --> 00:13:09.960 can issue fake certificates. 294 00:13:09.960 --> 00:13:12.399 So you can have a padlock, think everything's safe, and 295 00:13:12.440 --> 00:13:14.000 still be vulnerable exactly. 296 00:13:14.000 --> 00:13:15.919 And that's how man in the middle attacks can still 297 00:13:15.960 --> 00:13:17.879 happen even with https. 298 00:13:18.320 --> 00:13:22.039 Gosh, that's unsettling. Is it even possible to stay safe online? 299 00:13:22.360 --> 00:13:26.159 Well, it takes vigilance, for sure, keeping your browser, your 300 00:13:26.200 --> 00:13:29.279 operating system up to date with those security patches, right, 301 00:13:29.440 --> 00:13:32.639 being careful about what websites you visit, what information you 302 00:13:32.679 --> 00:13:36.879 share online, okay, and of course using strong, unique passwords 303 00:13:36.919 --> 00:13:38.720 for every account makes sense. 304 00:13:38.759 --> 00:13:40.840 It sounds like it's this constant arms race. 305 00:13:40.639 --> 00:13:43.159 You know it is in a way. Wow, the attackers 306 00:13:43.200 --> 00:13:46.440 are always trying to find new exploits and the defenders, well, 307 00:13:46.600 --> 00:13:48.960 we got to stay one step ahead, all right. 308 00:13:49.480 --> 00:13:53.240 So we've covered wired networks the web. What about Wi Fi? 309 00:13:53.559 --> 00:13:54.720 Ah? Wi Fi? 310 00:13:55.240 --> 00:13:56.679 I use it all the time, but I gotta admit 311 00:13:56.720 --> 00:13:58.039 I don't really understand how it works. 312 00:13:58.120 --> 00:14:00.519 Well. Wi Fi uses the ATO two two point one 313 00:14:00.639 --> 00:14:04.360 one protocol, okay, and the book digs into how that works, 314 00:14:04.519 --> 00:14:07.519 explores the different ways it can be attacked. Well, there's 315 00:14:07.559 --> 00:14:12.240 those probe requests and responses. It's basically how devices discover 316 00:14:12.360 --> 00:14:14.039 Wi Fi networks and connect to them. 317 00:14:14.159 --> 00:14:15.559 So like a little digital handshake. 318 00:14:15.799 --> 00:14:19.799 Yeah exactly, but attackers can actually set up these fake 319 00:14:19.919 --> 00:14:24.159 access points oh wow, mimic legitimate networks to try and 320 00:14:24.240 --> 00:14:26.080 trick your device into connecting. 321 00:14:26.440 --> 00:14:27.960 So how do you know if a network is the 322 00:14:28.000 --> 00:14:28.519 real deal? 323 00:14:30.039 --> 00:14:33.000 It can be tough, you know, look for strong passwords, 324 00:14:33.039 --> 00:14:36.159 make sure encryption is enabled, right, and be extra careful 325 00:14:36.200 --> 00:14:39.080 on those public Wi Fi networks, especially the ones that 326 00:14:39.159 --> 00:14:40.639 don't have any password protection. 327 00:14:40.879 --> 00:14:41.799 Yeah, that makes sense. 328 00:14:41.840 --> 00:14:45.200 And speaking of passwords, remember those different Wi Fi security protocols. 329 00:14:45.200 --> 00:14:49.320 Oh we got like WEPWPA two right, The book talks 330 00:14:49.320 --> 00:14:51.759 about how Wi Fi security has evolved over time. 331 00:14:52.519 --> 00:14:56.600 WEP is totally outdated, easy to crack. Okay, WPA was 332 00:14:56.639 --> 00:14:59.919 a step up, and WPA two with AES encryption is 333 00:15:00.039 --> 00:15:03.080 the most secure right now. But even WPA two has 334 00:15:03.120 --> 00:15:07.320 its vulnerabilities seriously, especially if it's not configured properly. 335 00:15:07.639 --> 00:15:10.240 So keeping my routers firm where updated is important. 336 00:15:10.559 --> 00:15:15.360 Absolutely and definitely disable WPS if you can ws. Yeah, 337 00:15:15.399 --> 00:15:17.879 WiFi protect it setup. It's supposed to make things easier, 338 00:15:17.879 --> 00:15:20.039 but it can actually make your network easier to hack. 339 00:15:20.200 --> 00:15:25.080 Gotcha, okay, last one Bluetooth Okay, it's short range, right, 340 00:15:25.840 --> 00:15:28.879 so are there really any serious security. 341 00:15:28.440 --> 00:15:33.360 Risks, you'd be surprised. Bluetooth has its own set of vulnerabilities. 342 00:15:34.279 --> 00:15:38.000 The book breaks down that whole Bluetooth protocol stack, explains 343 00:15:38.000 --> 00:15:42.039 how attackers can sniff those communications, exploit weaknesses and things 344 00:15:42.080 --> 00:15:45.159 like the obx protocol, which is used for file transfers 345 00:15:45.159 --> 00:15:45.480 a lot. 346 00:15:45.559 --> 00:15:48.279 Wait, so even my wireless headphones could be a security risk. 347 00:15:48.399 --> 00:15:51.639 They could be. Yeah, there's attacks like bluejacking where someone 348 00:15:51.679 --> 00:15:54.120 sends you spam messages. Oh yeah, blue snarfing where they 349 00:15:54.120 --> 00:15:57.559 try to steal your information, and even more advanced attacks 350 00:15:57.639 --> 00:16:02.480 like bias, knob and blueborn that target specific vulnerabilities and 351 00:16:02.519 --> 00:16:03.799 how Bluetooth is implemented. 352 00:16:04.000 --> 00:16:06.600 Wow, so much to think about. It really seems like 353 00:16:06.639 --> 00:16:09.320 every aspect of networking has its own unique set of challenges. 354 00:16:09.519 --> 00:16:12.000 It's true, but hey, knowledge is power, right, That's what 355 00:16:12.039 --> 00:16:14.960 they say. Understanding these attack techniques is the first step 356 00:16:15.000 --> 00:16:15.960 in defending yourself. 357 00:16:16.159 --> 00:16:18.360 I feel like I've learned so much in this deep dive. 358 00:16:18.399 --> 00:16:19.519 It's really been eye opening. 359 00:16:19.559 --> 00:16:21.720 I'm glad to hear that. And remember this is just 360 00:16:21.720 --> 00:16:24.519 scratching the surface, I know, right, There's always more to learn, 361 00:16:24.720 --> 00:16:27.159 and things are always changing in the world. Of cybersecurity, 362 00:16:27.279 --> 00:16:31.320 that's for sure, So stay curious, stay informed, and most importantly, 363 00:16:31.399 --> 00:16:32.159 stay safe. 364 00:16:32.320 --> 00:16:34.720 Great advice and for our listeners, if any of this 365 00:16:34.799 --> 00:16:39.919 sparked your interest, I highly recommend checking out Understanding Network Hacks, 366 00:16:40.440 --> 00:16:43.759 Attack and Defense with Python three great book. It's really 367 00:16:43.799 --> 00:16:46.320 a fascinating read for anyone who wants to delve deeper 368 00:16:46.360 --> 00:16:49.799 into this world of network security. Definitely, until next time, 369 00:16:50.639 --> 00:16:53.159 happy hacking the ethical kind of course.