WEBVTT 1 00:00:00.120 --> 00:00:03.040 Welcome to the deep dive. Today. We're going to be 2 00:00:03.080 --> 00:00:07.799 like cracking the code, you know, cryptography and network security. 3 00:00:08.039 --> 00:00:09.560 Oh sounds intense. 4 00:00:09.759 --> 00:00:13.160 Yeah, using excerpts from this book by William Stallings. It's 5 00:00:13.199 --> 00:00:16.079 called Cryptography and Network Security. 6 00:00:15.759 --> 00:00:19.960 So like a digital self defense crash course kind of thing, exactly. 7 00:00:21.239 --> 00:00:25.079 So the source material is super detailed. It's got diagrams, 8 00:00:25.199 --> 00:00:27.120 real world examples, the whole shebang. 9 00:00:27.679 --> 00:00:31.280 Oh cool, So like those aha moments to really help 10 00:00:31.320 --> 00:00:31.879 you get. 11 00:00:31.719 --> 00:00:33.719 It, yeah, exactly. And it seems like it's not just 12 00:00:33.719 --> 00:00:37.079 for beginners either. There are even some project suggestions if 13 00:00:37.119 --> 00:00:39.399 you want to you know, get your hands dirty. 14 00:00:39.439 --> 00:00:41.679 Oh wow, that's pretty cool. So there's definitely depth there. 15 00:00:41.840 --> 00:00:42.079 Yeah. 16 00:00:42.159 --> 00:00:44.759 Sounds like we'll be able to really analyze things like 17 00:00:44.840 --> 00:00:48.560 all those different kinds of security attacks active, passive, and 18 00:00:48.600 --> 00:00:49.799 then all the ways to fight. 19 00:00:49.640 --> 00:00:53.240 Back right encryption and digital signatures. It even talks about 20 00:00:53.240 --> 00:00:57.000 the importance of standards, which you know might not sound exciting, 21 00:00:57.039 --> 00:00:57.600 but think about it. 22 00:00:57.679 --> 00:00:57.880 Yeah. 23 00:00:57.920 --> 00:01:00.600 Yeah, without those rules, the whole sis them could. 24 00:01:00.439 --> 00:01:03.159 Just like fall apart totally. It'd be chaos. 25 00:01:03.280 --> 00:01:07.239 Yeah, total chaos. And speaking of like different attacks, the 26 00:01:07.280 --> 00:01:12.120 book starts off explaining active versus passive. It's like someone 27 00:01:12.159 --> 00:01:14.920 breaking into your house versus someone just watching from the street, 28 00:01:15.359 --> 00:01:17.480 like the peeper versus the actual burglar. 29 00:01:17.599 --> 00:01:20.159 You know, right right? I get that. Yeah, so passive 30 00:01:20.239 --> 00:01:23.239 is about gathering information. They're not actually trying to change anything, 31 00:01:23.400 --> 00:01:27.280 just like snooping around. Think about someone intercepting your emails 32 00:01:27.400 --> 00:01:30.439 or maybe they're like analyzing your network traffic patterns. 33 00:01:30.480 --> 00:01:32.519 You know. So passive is sneaky surveillance. 34 00:01:32.640 --> 00:01:33.400 Yeah, exact. 35 00:01:33.519 --> 00:01:37.040 Active is causing real damage, like messing with your stuff. 36 00:01:36.840 --> 00:01:39.719 Right, think about someone changing data in your emails or 37 00:01:39.799 --> 00:01:42.400 launching one of those denial of service attacks to shut 38 00:01:42.439 --> 00:01:46.120 down like a website you're trying to use, ugh the worst. 39 00:01:47.040 --> 00:01:50.879 So passive is sneaky. Active is destructive, got it? But 40 00:01:51.000 --> 00:01:53.439 how do we fight back against these digital delinquents? I'm 41 00:01:53.439 --> 00:01:54.400 guessing encryption? 42 00:01:54.799 --> 00:01:58.480 You got it? Encryption. It's like the art of secret writing, 43 00:01:58.760 --> 00:02:03.120 making information in comprehensible without the key to decipher it. 44 00:02:03.760 --> 00:02:06.040 The book goes through some cool history, like the Caesar 45 00:02:06.120 --> 00:02:09.520 cipher and the Playfair cipher. Did you know Baron Playfer 46 00:02:09.560 --> 00:02:12.199 of Saint Andrew's actually used the Playfair cipher at the 47 00:02:12.199 --> 00:02:13.199 British Foreign Office? 48 00:02:13.280 --> 00:02:14.840 Oh wow, that's pretty cool. 49 00:02:14.879 --> 00:02:16.599 Yeah, talk about cloak and dagger stuff. 50 00:02:16.800 --> 00:02:19.800 Yeah, it's like those spy movies where they're passing coded messages. 51 00:02:19.840 --> 00:02:20.520 Ye, exactly. 52 00:02:20.719 --> 00:02:23.240 But I mean those old ciphers seem kind of simple. 53 00:02:23.280 --> 00:02:25.080 Could they really keep secrets safe? 54 00:02:25.199 --> 00:02:27.039 Well, they were a good start, but the book shows 55 00:02:27.080 --> 00:02:31.280 how they can be broken to cryptanalysis. It's basically code 56 00:02:31.280 --> 00:02:36.199 breaking involves things like frequency analysis and pattern recognition. It's 57 00:02:36.280 --> 00:02:38.879 like a puzzle. You got to look for those little clues, 58 00:02:38.919 --> 00:02:40.199 those weaknesses in the cipher. 59 00:02:40.240 --> 00:02:42.199 Oh. So it's a constant back and forth. Yeah, like 60 00:02:42.240 --> 00:02:43.759 the code makers versus the codebreaker. 61 00:02:43.960 --> 00:02:44.400 Exactly. 62 00:02:44.680 --> 00:02:47.400 And speaking of tougher codes, the book talks about the 63 00:02:47.479 --> 00:02:53.039 Visionnaire cipher. It uses a keyword to scramble the message. Ah, 64 00:02:53.199 --> 00:02:55.400 reminds me of those decoder rings we had as kids. 65 00:02:55.560 --> 00:02:57.759 Yeah, that's a good analogy. The Visionaire cipher is a 66 00:02:57.759 --> 00:03:00.599 great example of how things got more complex, makes it 67 00:03:00.639 --> 00:03:03.719 harder to crack. And what's cool is by understanding how 68 00:03:03.719 --> 00:03:07.240 it's broken, we can appreciate the strengths and weaknesses of 69 00:03:07.719 --> 00:03:09.199 all kinds of encryption methods. 70 00:03:09.280 --> 00:03:12.000 Okay, so we've gone from simple ciphers to ones with keywords. 71 00:03:12.120 --> 00:03:16.599 But then the book jumps to DES data Encryption standard. 72 00:03:16.599 --> 00:03:19.080 That sounds serious, like government level stuff. 73 00:03:19.360 --> 00:03:22.960 It was DES was the go to for decades. It 74 00:03:23.080 --> 00:03:25.800 uses a structure called a feistal cipher, which is like 75 00:03:25.840 --> 00:03:29.080 a building block for lots of encryption algorithms. Think of 76 00:03:29.080 --> 00:03:31.680 it as a series of rounds where data gets scrambled 77 00:03:31.680 --> 00:03:35.280 and mixed up using specific operations. And within DES there 78 00:03:35.319 --> 00:03:38.360 are these components called s boxes. They introduce even more 79 00:03:38.360 --> 00:03:40.000 confusion S boxes. 80 00:03:40.400 --> 00:03:43.360 That sounds almost too simple for something so important. 81 00:03:42.960 --> 00:03:46.000 Right, but they are crucial. They make the encryption process 82 00:03:46.080 --> 00:03:49.639 non linear, so much harder for attackers to analyze patterns 83 00:03:49.680 --> 00:03:50.479 and crack the POD. 84 00:03:50.680 --> 00:03:53.879 So even with like the best computers, cracking DES would 85 00:03:53.919 --> 00:03:54.400 take forever. 86 00:03:54.479 --> 00:03:56.599 Pretty much, it took lots of time and resources. Like 87 00:03:56.639 --> 00:03:58.360 brute force wasn't really an option. 88 00:03:58.319 --> 00:04:01.120 So BES was like fort and for data at least 89 00:04:01.120 --> 00:04:01.599 for a while. 90 00:04:01.719 --> 00:04:03.759 Yeah, it was pretty solid for its time, but. 91 00:04:03.800 --> 00:04:08.680 Tech always moves forward. What about newer algorithms like AES 92 00:04:08.919 --> 00:04:12.840 Advanced Encryption Standard, Right? Is that like the next level 93 00:04:12.840 --> 00:04:13.800 of digital security. 94 00:04:13.879 --> 00:04:17.079 You could definitely say that AS was designed to replace 95 00:04:17.199 --> 00:04:20.279 DES and it offers even better security and efficiency. 96 00:04:20.439 --> 00:04:24.199 Okay, so AES is the gold standard now, yeah, pretty much. 97 00:04:24.279 --> 00:04:29.040 But even with the best encryption, the book emphasizes key management. 98 00:04:29.600 --> 00:04:32.199 I mean, what good is an unbreakable lock if you. 99 00:04:32.160 --> 00:04:35.439 Lose the key exactly. Key management is all about how 100 00:04:35.480 --> 00:04:40.240 you securely, store, distribute, and control access to those cryptographic keys. 101 00:04:40.560 --> 00:04:44.000 Imagine a bank vault. They don't just have one lock, right, 102 00:04:44.000 --> 00:04:46.399 there are multiple locks, checks and balances, all to make 103 00:04:46.439 --> 00:04:48.839 sure only the right people can get in. That's good. 104 00:04:48.920 --> 00:04:51.160 Key management in the digital world makes sense. 105 00:04:51.399 --> 00:04:53.839 But are there different ways to manage keys? Is it 106 00:04:53.879 --> 00:04:55.519 like a one size fits all situation? 107 00:04:55.959 --> 00:04:58.759 Not at all. There are different techniques. You've got symmetric 108 00:04:58.800 --> 00:05:02.240 key cryptography where everyone uses the same key, and then 109 00:05:02.240 --> 00:05:05.360 there's public key cryptography, where you have a pair of keys, 110 00:05:05.519 --> 00:05:06.879 one public, one private. 111 00:05:07.000 --> 00:05:09.920 Wait, public and private keys. That sounds kind. 112 00:05:09.720 --> 00:05:12.439 Of confusing, Yeah it can be. That's where things get 113 00:05:12.480 --> 00:05:15.920 really interesting. So with public key cryptography, you use your 114 00:05:15.959 --> 00:05:19.000 private key to encrypt a message, and then only the 115 00:05:19.000 --> 00:05:21.160 person with your public key can decrypt it. It's like, 116 00:05:21.240 --> 00:05:23.920 you know those special locks, only one key can open them. 117 00:05:24.040 --> 00:05:26.399 Okay, So it's like sending a postcard, like anyone can 118 00:05:26.439 --> 00:05:28.920 see it, but only the recipient has the key. To 119 00:05:29.040 --> 00:05:30.759 like decode the message exactly. 120 00:05:31.040 --> 00:05:35.439 Public key cryptography really revolutionized how we do secure communication, 121 00:05:35.519 --> 00:05:38.920 and it's the basis for things like digital signatures, which 122 00:05:39.680 --> 00:05:40.920 the book gets into next. 123 00:05:41.040 --> 00:05:44.399 Digital signatures are those kind of like the electronic version 124 00:05:44.439 --> 00:05:46.759 of you know, actually signing a document. I'm always a 125 00:05:46.800 --> 00:05:49.600 little I don't know, unsure about stuff like that online. 126 00:05:49.720 --> 00:05:50.759 How you know it's legit? 127 00:05:51.040 --> 00:05:55.839 Good point. Trust is super important here. So digital signatures 128 00:05:55.879 --> 00:05:59.639 they use public key cryptography, but they're verifying both the 129 00:05:59.680 --> 00:06:02.839 authenticity and the integrity of the message. Let's say you 130 00:06:02.839 --> 00:06:05.680 get an email it's digitally signed. You can use the 131 00:06:05.720 --> 00:06:09.240 center's public key to check if the signature's valid, and 132 00:06:09.279 --> 00:06:11.800 that tells you one it really came from them, and 133 00:06:11.839 --> 00:06:13.639 two nobody messed with it. 134 00:06:13.600 --> 00:06:16.360 Along the way. Okay, so it's like a tamper proof seal, 135 00:06:16.399 --> 00:06:17.959 but it also confirms who sent it. 136 00:06:18.480 --> 00:06:21.079 That's pretty cool. But if anyone can have my public key, 137 00:06:21.160 --> 00:06:24.160 couldn't they just use it to like fake my signature 138 00:06:24.160 --> 00:06:24.680 on something. 139 00:06:25.279 --> 00:06:27.959 That's a smart question. The way the math works in 140 00:06:28.000 --> 00:06:31.279 public key cryptography, it's almost impossible to forge a signature 141 00:06:31.399 --> 00:06:34.319 without the private key. Think of it like, you know, 142 00:06:34.399 --> 00:06:37.439 trying to perfectly copy someone's fingerprint. It's really hard to do. 143 00:06:37.560 --> 00:06:39.120 Okay. That makes me feel a little bit better about 144 00:06:39.160 --> 00:06:42.199 online transactions and stuff. Speaking of which, the book mentions 145 00:06:42.279 --> 00:06:45.920 Carberos it's a security protocol, but the name sounds like 146 00:06:45.920 --> 00:06:47.480 it's straight out of Greek mythology. 147 00:06:47.680 --> 00:06:50.439 It is Carebera's you know, like the three headed dog 148 00:06:50.639 --> 00:06:51.720 guarding the underwall. 149 00:06:51.720 --> 00:06:53.839 Wow. Right, plays a kind of similar role in the 150 00:06:53.879 --> 00:06:57.439 digital world. It's all about authentication, making sure users are 151 00:06:57.480 --> 00:06:59.680 who they say they are, and then giving them access 152 00:06:59.720 --> 00:07:01.439 to specific things on the network. 153 00:07:01.519 --> 00:07:04.639 So it's like the digital bouncer checking IDs at the door. 154 00:07:04.959 --> 00:07:09.279 Yeah, exactly, but instead of a physical ID, Carberos uses tickets, 155 00:07:09.360 --> 00:07:12.439 these electronic credentials that basically say hey, you're allowed in here, 156 00:07:12.480 --> 00:07:15.079 and these tickets are issued by a trusted third party 157 00:07:15.120 --> 00:07:18.879 called the Key Distribution Center or KDC for short. 158 00:07:19.120 --> 00:07:22.120 Sounds pretty secure, but where do passwords fit in? Does 159 00:07:22.160 --> 00:07:25.519 Garberos like send them over the network? That seems risky. 160 00:07:25.720 --> 00:07:28.639 That's the clever part. It never sends passwords over the network, 161 00:07:28.680 --> 00:07:32.000 so that vulnerability is gone. Instead, it uses encrypted messages 162 00:07:32.040 --> 00:07:32.839 and timestamps. 163 00:07:32.879 --> 00:07:35.120 Oh okay, so it's more like a secret handshake that 164 00:07:35.199 --> 00:07:37.399 only the user and the system know exactly. 165 00:07:37.920 --> 00:07:40.759 And the book also talks about how Carberos has evolved. 166 00:07:41.079 --> 00:07:44.319 You know, newer versions fixed security holes made the whole 167 00:07:44.360 --> 00:07:48.800 system tougher. Speaking of improvements, let's jump to certificates. They're 168 00:07:49.000 --> 00:07:52.160 huge for building trust online, especially for websites. 169 00:07:52.519 --> 00:07:54.560 Certificates those are the things that give you that little 170 00:07:54.560 --> 00:07:57.720 padlock icon in your browser, right yep. Honestly though I 171 00:07:57.759 --> 00:07:59.199 never really understood what they do. 172 00:08:00.040 --> 00:08:02.680 You see that padlock, it means the websites using a certificate, 173 00:08:02.759 --> 00:08:06.399 specifically something called an X point five zero nine certificate. 174 00:08:06.759 --> 00:08:09.240 Think of it like a digital ID card for the website, 175 00:08:09.279 --> 00:08:11.319 basically saying hey, we're legit. 176 00:08:11.800 --> 00:08:15.000 So it's like the website showing its driver's license to 177 00:08:15.120 --> 00:08:16.279 prove it's who it says. 178 00:08:16.040 --> 00:08:19.000 It is exactly. But instead of the DMV, there's a 179 00:08:19.000 --> 00:08:22.360 whole hierarchy of trust with a Certificate Authority or CAA 180 00:08:22.519 --> 00:08:26.720 at the top. They're the ones issuing those certificates to websites, 181 00:08:26.759 --> 00:08:30.759 to individuals verifying identities. When you see that padlock, it 182 00:08:30.839 --> 00:08:33.440 means a trusted ca has checked that website out. 183 00:08:33.480 --> 00:08:35.720 Okay, So that padlock is more than just a symbol. 184 00:08:36.039 --> 00:08:40.000 It's a sign that someone's actually vetted this website. That's reassuring. 185 00:08:40.559 --> 00:08:43.480 What about email, though, feels so vulnerable? Anyone could be 186 00:08:43.480 --> 00:08:44.360 reading my messages? 187 00:08:44.480 --> 00:08:47.039 You're right to be concerned. And the book dives into 188 00:08:47.080 --> 00:08:50.759 two big solutions for email security PGP which stands for 189 00:08:50.840 --> 00:08:56.120 pretty Good Privacy and smy IA that's secure Multipurpose Internet 190 00:08:56.120 --> 00:08:56.960 Mail Extensions. 191 00:08:57.279 --> 00:08:59.879 WHOA those sound intense? Are they hard to use? 192 00:09:00.240 --> 00:09:03.120 They might sound intimidating, but they're both designed to make 193 00:09:03.240 --> 00:09:07.480 email more secure. PGPs known for being pretty user friendly. 194 00:09:07.519 --> 00:09:10.799 You've got more flexibility. S MIME, on the other hand, 195 00:09:10.840 --> 00:09:14.519 it's more standardized, often build right into email clients. But 196 00:09:14.639 --> 00:09:18.039 they both use encryption, digital signatures, all that good stuff 197 00:09:18.080 --> 00:09:20.799 to keep your emails confidential and make sure nobody's messing 198 00:09:20.799 --> 00:09:21.080 with them. 199 00:09:21.320 --> 00:09:24.240 So it's like choosing between a personal lock box versus 200 00:09:24.320 --> 00:09:27.320 a bankfold. Yeah, both keep things safe, but one might 201 00:09:27.360 --> 00:09:28.639 be easier for everyday use. 202 00:09:28.759 --> 00:09:32.799 Exactly now switching gears a bit. The book gets into 203 00:09:32.840 --> 00:09:35.720 a topic that can be kind of scary. Intruders. You know, 204 00:09:35.799 --> 00:09:38.120 people trying to break into systems doing bad. It's like 205 00:09:38.159 --> 00:09:39.200 something out of a movie. 206 00:09:39.279 --> 00:09:44.960 You know, intruders basically hackers that does sound scary. What 207 00:09:45.039 --> 00:09:46.559 kind of things do they do? And how do we 208 00:09:46.559 --> 00:09:47.759 even know someone's trying to get in? 209 00:09:47.879 --> 00:09:51.080 So some intruders they're after your info, like credit card numbers, 210 00:09:51.159 --> 00:09:54.000 personal data, that kind of stuff. Others might want to 211 00:09:54.000 --> 00:09:57.639 disrupt services, like take down a website. Maybe they're vandalizing 212 00:09:57.720 --> 00:10:00.320 something or even using your computer as part of a 213 00:10:00.320 --> 00:10:04.440 bigger attack. To catch them, we've got intrusion detection systems 214 00:10:04.519 --> 00:10:10.159 or IDS's. They're like digital detectives, always watching for suspicious activity. 215 00:10:10.559 --> 00:10:13.200 So it's like having a security camera, but for your network, 216 00:10:13.480 --> 00:10:15.159 just watching for anything weird going on. 217 00:10:15.279 --> 00:10:18.720 You got it. IDs has use different techniques, like they 218 00:10:18.799 --> 00:10:21.960 might analyze data looking for unusual patterns, or they have 219 00:10:22.120 --> 00:10:25.120 rules set up to flag specific actions that could mean trouble. 220 00:10:25.519 --> 00:10:28.000 But even with fancy IDs is, we can't forget about 221 00:10:28.039 --> 00:10:30.360 those sneaky threats like viruses and worms. 222 00:10:30.440 --> 00:10:34.639 Viruses those things that spread through like floppy disks back 223 00:10:34.679 --> 00:10:36.639 in the day to people still worry about those. Seems 224 00:10:36.679 --> 00:10:37.399 kind of old school. 225 00:10:37.600 --> 00:10:40.080 They might sound old school, but viruses and worms there's 226 00:10:40.120 --> 00:10:43.240 still a big problem. They're types of malware and they 227 00:10:43.279 --> 00:10:47.919 spread super fast, copying themselves, infecting anything that's vulnerable. Think 228 00:10:47.960 --> 00:10:51.080 of them like digital parasites, wreaking havoc on your computer. 229 00:10:51.440 --> 00:10:53.960 So they're not gone. How do they even spread now? 230 00:10:54.600 --> 00:10:56.039 And how do we protect ourselves. 231 00:10:56.120 --> 00:10:57.879 They can get in through all sorts of ways, like 232 00:10:57.919 --> 00:11:02.200 malicious email attachments, infect did websites, even those us B 233 00:11:02.360 --> 00:11:05.559 drives that seem harmless. And to fight back, we've got 234 00:11:05.679 --> 00:11:10.960 anti virus software. It's like your computer's immune system, always standing, 235 00:11:11.240 --> 00:11:13.720 finding those threats and getting rid of them. 236 00:11:13.879 --> 00:11:17.559 So antivirus is like a bodyguard for your computer, checking 237 00:11:17.639 --> 00:11:18.399 everyone at the door. 238 00:11:18.480 --> 00:11:20.480 That's a great way to put it. But just like 239 00:11:20.519 --> 00:11:23.559 our own immune system, got to keep that anti virus 240 00:11:23.679 --> 00:11:26.519 up to date. New threats pop up all the time. 241 00:11:26.679 --> 00:11:30.200 It really is a constant battle, isn't it. Speaking of battles, 242 00:11:30.360 --> 00:11:32.919 what about those massive attacks that take down websites and 243 00:11:32.960 --> 00:11:36.399 mess up online services, those denial of service attacks, or 244 00:11:36.480 --> 00:11:38.039 DOS attacks as the book calls them. 245 00:11:38.120 --> 00:11:40.720 Yeah, DOS attacks are a big deal. They basically overwhelm 246 00:11:40.799 --> 00:11:44.639 the system so much traffic legitimate users can't get through. 247 00:11:44.960 --> 00:11:48.360 Imagine a website getting flooded with so many visitors it crashes. 248 00:11:49.000 --> 00:11:49.960 That's a DOS attack. 249 00:11:50.039 --> 00:11:53.559 So it's like a digital traffic jam, plugging everything up exactly. 250 00:11:53.679 --> 00:11:56.759 And then you've got the distributed denial of service attacks, 251 00:11:57.039 --> 00:11:59.320 the d DOS attacks. Those are even worse. It's not 252 00:11:59.360 --> 00:12:03.600 just one attack, it's a whole network of compromised computers 253 00:12:03.799 --> 00:12:07.360 called a botnet. They all flood the target tons of traffic. 254 00:12:07.399 --> 00:12:10.559 It's like, I don't know, a massive army of shoppers 255 00:12:10.600 --> 00:12:12.720 all trying to cram into a store at the same time. 256 00:12:12.799 --> 00:12:13.639 Total chaos. 257 00:12:13.840 --> 00:12:16.279 That sounds impossible to deal with. Yeah, how do you 258 00:12:16.320 --> 00:12:18.039 even defend against something like that? 259 00:12:18.240 --> 00:12:21.200 Defending against didos is tough, but the book talks about 260 00:12:21.240 --> 00:12:25.240 some techniques, things like traffic filtering, rate limiting, and working 261 00:12:25.320 --> 00:12:28.480 with Internet providers. They can help identify and block that 262 00:12:28.559 --> 00:12:31.240 attack traffic at the source. It's a real arms race, 263 00:12:31.360 --> 00:12:34.960 you know, attackers and defenders the game exactly. 264 00:12:35.120 --> 00:12:37.759 So it's like you're always reinforcing the castle walls and 265 00:12:37.799 --> 00:12:40.759 making sure your guards are trained for the newest siege weapons. 266 00:12:41.879 --> 00:12:45.679 Speaking of castle walls, what about firewalls? Are those even 267 00:12:45.759 --> 00:12:48.600 relevant anymore? With all these fancy threats we've been talking about. 268 00:12:48.720 --> 00:12:52.720 Firewalls are essential, absolutely essential. Think of it as your 269 00:12:52.720 --> 00:12:55.799 first line of defense. They control what gets in and 270 00:12:55.840 --> 00:12:58.440 out of your network. The book describes it as a 271 00:12:58.480 --> 00:13:01.720 barrier between a t trusted network like your home or 272 00:13:01.759 --> 00:13:05.320 office and the untrusted network, which is basically the whole Internet. 273 00:13:05.399 --> 00:13:08.840 So firewalls are like the gatekeepers, scrutinizing everyone who's trying 274 00:13:08.879 --> 00:13:10.399 to get into our little digital fortress. 275 00:13:10.519 --> 00:13:14.120 You got it, And just like gatekeepers, they've evolved over time. 276 00:13:14.200 --> 00:13:17.120 We used to have simple packet filters just looking at 277 00:13:17.120 --> 00:13:22.519 basic info. Now there are stateful inspection firewalls, application level gateways. 278 00:13:22.559 --> 00:13:25.360 They're getting smarter all the time. Adapting to the new 279 00:13:25.399 --> 00:13:26.559 threats makes sense. 280 00:13:26.919 --> 00:13:30.039 But even with a strong firewall, what about the security 281 00:13:30.120 --> 00:13:32.919 of the actual operating systems, of the software running on 282 00:13:32.919 --> 00:13:36.200 our computers. Those could have weaknesses that attackers can exploit. 283 00:13:36.279 --> 00:13:38.559 Right, that's a great point. You can have the strongest 284 00:13:38.600 --> 00:13:40.919 firewall in the world, but if your systems are full 285 00:13:40.919 --> 00:13:44.320 of holes, it won't matter much. That's where this idea 286 00:13:44.360 --> 00:13:47.639 of trusted systems comes in. It's not just adding security later, 287 00:13:47.679 --> 00:13:49.039 it's built in from the start. 288 00:13:49.120 --> 00:13:52.440 So it's like building a house with reinforced walls instead 289 00:13:52.440 --> 00:13:54.279 of trying to add bars on the windows later. 290 00:13:54.519 --> 00:13:58.480 Exactly, trusted systems they think about security in every part 291 00:13:58.480 --> 00:14:03.679 of the design. Boot processes, access controls, everything. They're designed 292 00:14:03.679 --> 00:14:06.559 to resist attacks, and even if someone does get in, 293 00:14:06.799 --> 00:14:08.159 the damage is minimized. 294 00:14:08.720 --> 00:14:12.559 It sounds like making a truly trusted system is super complicated. 295 00:14:12.879 --> 00:14:15.519 How do we even know if something meets like the 296 00:14:15.600 --> 00:14:16.399 right standards. 297 00:14:16.600 --> 00:14:20.120 There's something called the common criteria. It's a framework for 298 00:14:20.200 --> 00:14:23.679 evaluating how secure something is. Think of it like a 299 00:14:23.720 --> 00:14:26.559 really strict inspection making sure a building meets all the 300 00:14:26.600 --> 00:14:27.320 safety codes. 301 00:14:27.440 --> 00:14:31.080 So it's verifying that those security claims are backed up 302 00:14:31.120 --> 00:14:32.080 by actual evidence. 303 00:14:32.240 --> 00:14:33.039 Yeah, exactly. 304 00:14:33.120 --> 00:14:36.320 It's good to know. But with all this encryption, firewalls, 305 00:14:36.360 --> 00:14:39.559 trusted systems, it's like we're living in a digital fortress, 306 00:14:39.600 --> 00:14:40.320 isn't it. 307 00:14:40.320 --> 00:14:43.000 It might seem that way, but remember, security isn't about 308 00:14:43.039 --> 00:14:46.759 being impenetrable. It's about managing risk, having the right protections 309 00:14:46.759 --> 00:14:49.679 in place for what matters most, and sometimes the most 310 00:14:49.720 --> 00:14:52.840 important thing is something as simple as choosing a good password. 311 00:14:53.080 --> 00:14:55.200 You're right, passwords are off of the weakest link. 312 00:14:55.679 --> 00:14:57.639 Before we finish up, the book leaves us with this 313 00:14:57.720 --> 00:15:01.639 really cool thought, like, imagine you could design the ultimate 314 00:15:01.879 --> 00:15:03.159 unbreakable encryption. 315 00:15:03.759 --> 00:15:07.159 WHOA, yeah, that's a big one, it is. What would 316 00:15:07.200 --> 00:15:09.639 it even be based on? What kind of challenges would 317 00:15:09.639 --> 00:15:10.240 you run into. 318 00:15:10.440 --> 00:15:12.879 It's like, you know, being asked to make a lock 319 00:15:13.120 --> 00:15:15.879 that no key can open, no matter how good the 320 00:15:15.919 --> 00:15:20.279 locksmith is, right, And it's a question that's driven cryptography forever, 321 00:15:20.639 --> 00:15:23.360 perfect unbreakable encryption, And it might be more of a 322 00:15:23.559 --> 00:15:26.519 I don't know, a theoretical thing, but trying to get 323 00:15:26.519 --> 00:15:29.440 there has led to some amazing discoveries in security. 324 00:15:29.679 --> 00:15:32.919 It makes you think about the like the battle between 325 00:15:32.960 --> 00:15:34.799 the people making the codes and the people trying to 326 00:15:34.799 --> 00:15:38.000 break them. Yeah, every time one side makes a move, 327 00:15:38.039 --> 00:15:38.720 the other side. 328 00:15:38.519 --> 00:15:40.679 Has to catch up, exactly. And it's not just about 329 00:15:40.720 --> 00:15:43.919 the math the algorithms, you know, human behavior is a 330 00:15:44.000 --> 00:15:46.080 huge part of it too. Think about all those weak 331 00:15:46.159 --> 00:15:49.960 passwords out there, people falling for phishing scams. Right, those 332 00:15:50.000 --> 00:15:53.200 are vulnerabilities that, no matter how good the tech gets, 333 00:15:53.480 --> 00:15:54.840 we can't always solve for. 334 00:15:55.080 --> 00:15:57.799 It's like having the strongest castle, but you forget to 335 00:15:57.840 --> 00:16:01.360 lock the gate. All that work for nothing exactly. 336 00:16:01.440 --> 00:16:04.480 And that brings up another point. Security it's not just 337 00:16:04.519 --> 00:16:09.919 about being impenetrable. It's finding the right balance protection versus usability. 338 00:16:10.399 --> 00:16:12.960 If something's too secure it becomes a pain to use. 339 00:16:13.240 --> 00:16:15.879 People will find ways around it, which often makes things 340 00:16:15.919 --> 00:16:16.879 even less secure. 341 00:16:17.080 --> 00:16:19.000 Yeah, it's like those passwords that are supposed to be 342 00:16:19.080 --> 00:16:21.600 super strong, right, but they're so complex you end up 343 00:16:21.600 --> 00:16:24.399 writing them down on a sticky note exactly defeats the 344 00:16:24.440 --> 00:16:25.039 whole purpose. 345 00:16:25.320 --> 00:16:28.799 So as we're all, you know, living more and more online, 346 00:16:28.919 --> 00:16:30.679 we got to be smart about the tech side and 347 00:16:30.759 --> 00:16:33.000 the human side. It's on all of us. 348 00:16:33.240 --> 00:16:35.759 This deep dive has been awesome. I mean, we've covered 349 00:16:35.879 --> 00:16:40.120 so much ancient ciphers too, like the latest threats. 350 00:16:40.360 --> 00:16:41.320 Yeah, it's a lot. 351 00:16:41.399 --> 00:16:44.840 It's fascinating how it's all evolved. Yeah, photography and network security. 352 00:16:44.879 --> 00:16:48.360 It's more than just like tech jargon. It affects how 353 00:16:48.399 --> 00:16:49.759 we live online every day. 354 00:16:49.840 --> 00:16:52.440 I'm glad you see that. Yeah, and remember this is 355 00:16:52.519 --> 00:16:57.120 just the beginning. Cryptography keeps changing, so stay curious, stay informed. 356 00:16:57.399 --> 00:17:00.440 I'm definitely feeling more curious and a lot less intimidated 357 00:17:00.480 --> 00:17:04.079 by all this stuff. Good thanks to this deep dive. 358 00:17:04.200 --> 00:17:06.200 I feel like I get it now, you know, like 359 00:17:06.319 --> 00:17:08.960 what we can actually do to protect ourselves online. 360 00:17:09.039 --> 00:17:11.519 That's what it's all about, giving people the knowledge to 361 00:17:11.559 --> 00:17:13.240 be more secure and more proactive. 362 00:17:13.440 --> 00:17:16.279 Well said, So as we wrap up this episode, we 363 00:17:16.359 --> 00:17:19.160 want to leave you with that challenge, you know, designing 364 00:17:19.240 --> 00:17:22.400 the unbreakable algorithm. What would your ideal system look like? 365 00:17:22.480 --> 00:17:25.799 What kind of trade offs would you make, security versus usability? 366 00:17:26.039 --> 00:17:29.960 Let us know and until next time, stay curious, stay safe, 367 00:17:30.160 --> 00:17:31.119 and keep exploring.