WEBVTT 1 00:00:00.080 --> 00:00:03.240 Welcome to this deep dive. We're going to be looking 2 00:00:03.240 --> 00:00:07.200 at network security assessments. We'll be using the book Network 3 00:00:07.280 --> 00:00:11.839 Security Assessment, Know Your Network, third edition. By the way, 4 00:00:12.359 --> 00:00:14.359 I think it's going to be pretty interesting stuff, especially 5 00:00:14.359 --> 00:00:17.000 with you know, all the stuff we hear about security 6 00:00:17.039 --> 00:00:17.519 these days. 7 00:00:17.719 --> 00:00:21.160 Yeah, for sure. I mean, coactive security is so important. 8 00:00:21.239 --> 00:00:24.079 That's really where these assessments come in. And you know 9 00:00:24.120 --> 00:00:26.719 what's really interesting about this book is it actually follows 10 00:00:26.760 --> 00:00:31.199 a lot of those industry recognized pen testing standards, you know, 11 00:00:31.800 --> 00:00:34.240 like the ones from NIST and the NSA. 12 00:00:34.359 --> 00:00:36.960 Oh wow, so it's like the real deal. Huh, We're 13 00:00:36.960 --> 00:00:37.799 not messing. 14 00:00:37.479 --> 00:00:39.560 Around here, Yeah, yeah, no kidding. 15 00:00:39.840 --> 00:00:41.679 Well, so one thing that really stuck out to me 16 00:00:41.719 --> 00:00:43.280 at the beginning of this book was, you know, we 17 00:00:43.359 --> 00:00:45.920 hear all the time that software is getting more secure, right, 18 00:00:46.159 --> 00:00:48.759 but our systems are also becoming more and more complex, 19 00:00:49.079 --> 00:00:50.679 and it seems like that kind of opens up this 20 00:00:50.799 --> 00:00:52.719 whole new set of challenges. 21 00:00:52.759 --> 00:00:55.000 Absolutely. Yeah, And on top of that, you have the 22 00:00:55.039 --> 00:00:57.880 attackers who are getting more creative. They're always finding new 23 00:00:57.880 --> 00:01:00.719 ways to you know what weaknesses. 24 00:01:00.840 --> 00:01:03.600 So it's like two steps forward, one step back kind 25 00:01:03.640 --> 00:01:06.680 of Even when we make progress on the security front. 26 00:01:06.879 --> 00:01:08.519 There's always something else popping up. 27 00:01:08.760 --> 00:01:12.719 Yeah, exactly. And you know what's even more unsettling, Sometimes 28 00:01:13.079 --> 00:01:16.000 the very tools that we rely on for security can 29 00:01:16.040 --> 00:01:20.680 have flaws themselves. A researcher at Google Project zero, Tavis Ormandy, 30 00:01:20.879 --> 00:01:23.840 you might have heard of him. He's uncovered vulnerabilities in 31 00:01:23.920 --> 00:01:26.439 a bunch of popular anti virus products. 32 00:01:26.560 --> 00:01:29.079 Oh wow, So even the stuff that's supposed to protect 33 00:01:29.159 --> 00:01:30.959 us can be turned against us. 34 00:01:31.319 --> 00:01:32.640 Yeah, it's kind of a scary thought. 35 00:01:32.760 --> 00:01:35.000 It's like finding out your bodyguard is actually working for 36 00:01:35.040 --> 00:01:37.159 the other side. So where do we even begin to 37 00:01:37.239 --> 00:01:38.359 tackle this whole mess. 38 00:01:38.439 --> 00:01:40.640 Well, you know, if you really want to protect your network, 39 00:01:40.920 --> 00:01:43.079 you got to start by thinking like someone who's trying 40 00:01:43.079 --> 00:01:45.560 to break into it. And that's the whole idea behind 41 00:01:45.599 --> 00:01:47.519 these network security assessments. 42 00:01:47.640 --> 00:01:50.200 Okay, so like put on our black hats and get 43 00:01:50.200 --> 00:01:51.359 into the hacker mindset. 44 00:01:51.480 --> 00:01:51.879 Exactly. 45 00:01:51.959 --> 00:01:54.159 So let's play that game for a second. If you 46 00:01:54.200 --> 00:01:56.920 were a hacker, what would be your first. 47 00:01:56.640 --> 00:02:01.079 Move, No doubt about it. Reconnaissance. It's all about gathering information, 48 00:02:01.319 --> 00:02:03.560 you know, like a detective collecting evidence. 49 00:02:03.599 --> 00:02:05.959 So basically, you're trying to learn as much as you 50 00:02:05.959 --> 00:02:08.080 can about the target before you even make a move. 51 00:02:08.240 --> 00:02:09.800 Exactly, you want to know what you're dealing with. 52 00:02:10.080 --> 00:02:11.879 So what kind of tools would you use for that? 53 00:02:12.240 --> 00:02:13.680 Oh, there were a bunch of them out there. 54 00:02:14.039 --> 00:02:17.520 The book mentions showdown, which is like a search engine 55 00:02:17.520 --> 00:02:21.039 for exposed devices. You can find all sorts of information 56 00:02:21.080 --> 00:02:22.719 about a target's network using that. 57 00:02:22.840 --> 00:02:26.560 Right, Yeah, things like open ports, running services, even the 58 00:02:26.639 --> 00:02:28.000 types of devices they're using. 59 00:02:28.199 --> 00:02:30.800 Wow, so you can really get a pretty detailed picture. 60 00:02:31.000 --> 00:02:35.199 And then there's whois, which gives you information about domain registration. 61 00:02:35.680 --> 00:02:38.280 You can find out who owns the domain, when it 62 00:02:38.360 --> 00:02:41.719 was registered, where their servers are located, all that stuff. 63 00:02:41.840 --> 00:02:44.560 So it's like piecing together a puzzle, taking little bits 64 00:02:44.560 --> 00:02:46.039 of information from different sources. 65 00:02:46.120 --> 00:02:47.879 Yeah, you're building a profile of your target. 66 00:02:48.000 --> 00:02:51.159 And then what they use this information to launch more 67 00:02:51.199 --> 00:02:52.080 targeted attacks? 68 00:02:52.240 --> 00:02:54.639 Exactly, they want to make sure they're hitting the right spots. 69 00:02:54.879 --> 00:02:57.639 Right. The book has this crazy story about a phishing 70 00:02:57.639 --> 00:03:02.479 attack against a financial institution. The attackers created a fake 71 00:03:02.639 --> 00:03:07.280 VPN portal and they got employees to enter their login information. 72 00:03:08.199 --> 00:03:10.520 Oh wow, so they thought they were connecting securely, but 73 00:03:10.520 --> 00:03:12.240 they were actually giving their credentials away. 74 00:03:12.360 --> 00:03:14.800 Yeah, it's crazy. How clever these attackers can be. 75 00:03:15.240 --> 00:03:17.919 And it highlights how important the human element is in 76 00:03:18.000 --> 00:03:21.120 all of this. You can have the best tech defenses 77 00:03:21.159 --> 00:03:24.360 in the world, but as someone falls for a phishing scam, 78 00:03:24.759 --> 00:03:26.039 it can all be bypassed. 79 00:03:26.520 --> 00:03:30.120 That's unsettling to think about. It's like having a fortress 80 00:03:30.159 --> 00:03:32.879 with steel walls but leaving the front gate wide open. 81 00:03:33.240 --> 00:03:35.560 Yeah, and that's why it's important to understand the psychology 82 00:03:35.560 --> 00:03:38.639 behind these attacks. You know why people fall for them. 83 00:03:38.560 --> 00:03:40.800 Right, So it's not just about securing the systems, it's 84 00:03:40.800 --> 00:03:42.719 about educating the people who use them. 85 00:03:42.840 --> 00:03:45.400 Absolutely. Awareness is a huge part of the equation. We'll 86 00:03:45.400 --> 00:03:47.080 be getting into a lot of that stuff later on. 87 00:03:47.280 --> 00:03:48.800 Okay, well, this is already giving me a lot to 88 00:03:48.800 --> 00:03:50.919 think about, and we're just getting. 89 00:03:50.599 --> 00:03:52.680 Started, just scratching the surface. 90 00:03:52.960 --> 00:03:56.319 So we've talked about reconnaissance and the human factor. What 91 00:03:56.439 --> 00:03:58.800 else is there to consider when it comes to network 92 00:03:58.879 --> 00:04:00.000 security assessments. 93 00:04:00.680 --> 00:04:02.800 Well, let's talk about the attack surface. You know, all 94 00:04:02.840 --> 00:04:05.960 the points where an attacker could potentially get in. Every 95 00:04:06.039 --> 00:04:10.240 exposed element of a network is part of that, like servers, applications, 96 00:04:10.319 --> 00:04:11.599 even user devices. 97 00:04:12.319 --> 00:04:15.840 So the bigger the attack surface, the more potential entry 98 00:04:15.879 --> 00:04:17.319 points there are for attackers. 99 00:04:17.639 --> 00:04:19.839 Right. It's like leaving all the doors and windows unlocked 100 00:04:19.879 --> 00:04:21.439 and then wondering why someone broke in. 101 00:04:21.680 --> 00:04:24.279 Okay, so let's say an attacker has done their homework, 102 00:04:24.399 --> 00:04:27.800 they've found some potential entry points. How do they actually 103 00:04:27.920 --> 00:04:31.959 figure out what's vulnerable, what they can exploit. 104 00:04:32.360 --> 00:04:35.079 That's where we get into how software itself can have weaknesses, 105 00:04:35.360 --> 00:04:38.399 like built in vulnerabilities. There's this model called the Seven 106 00:04:38.439 --> 00:04:41.439 Pernicious Kingdoms that helps categorize these weaknesses. 107 00:04:41.920 --> 00:04:46.040 Seven Pernicious Kingdoms sounds kind of ominous. 108 00:04:45.560 --> 00:04:48.199 It is in a way because these weaknesses can have 109 00:04:48.240 --> 00:04:49.319 serious consequences. 110 00:04:49.439 --> 00:04:53.279 So what are some examples of these kingdoms or whatever 111 00:04:53.279 --> 00:04:53.680 they're called. 112 00:04:54.079 --> 00:04:57.959 Well, one of the most common is input validation and representation. 113 00:04:59.120 --> 00:05:02.000 If a program doesn't properly check the data it receives, 114 00:05:02.399 --> 00:05:04.600 an attacker can sneak in malicious code. 115 00:05:04.680 --> 00:05:06.720 Oh I see. So it's like if you're filling out 116 00:05:06.720 --> 00:05:09.279 an online form, instead of typing your name, you type 117 00:05:09.279 --> 00:05:11.040 in some code that tells the server to do. 118 00:05:11.000 --> 00:05:12.439 Something bad exactly. 119 00:05:12.519 --> 00:05:14.399 That could lead to all sorts of problems, right, like 120 00:05:14.439 --> 00:05:17.639 a buffer overflow where you overload a program with data 121 00:05:17.720 --> 00:05:18.759 and cause it to crash. 122 00:05:18.920 --> 00:05:22.079 Yeah, or cross site scripting, where malicious scripts are injected 123 00:05:22.079 --> 00:05:24.680 into websites to steal information or take control. 124 00:05:24.800 --> 00:05:28.120 Wow, so many ways for things to go wrong, and those. 125 00:05:27.920 --> 00:05:31.639 Are just two examples. Other kingdoms include things like API abuse, 126 00:05:32.040 --> 00:05:35.199 where attackers exploit the way programs communicate with each other, 127 00:05:35.720 --> 00:05:39.279 and security features flaws, where the mechanisms that are supposed 128 00:05:39.279 --> 00:05:42.079 to protect us actually have weaknesses that can be exploited. 129 00:05:42.360 --> 00:05:44.279 So it's like the very things we rely on for 130 00:05:44.399 --> 00:05:46.680 security can sometimes be our downfall. 131 00:05:46.759 --> 00:05:48.079 Yeah, it's a constant arms race. 132 00:05:48.279 --> 00:05:51.759 Okay, so we've got attackers doing the reconnaissance finding these weaknesses, 133 00:05:51.800 --> 00:05:55.319 and then what's next, how do they actually get into the. 134 00:05:55.279 --> 00:05:59.759 Network that brings us to attack vectors and vulnerabilities the 135 00:05:59.800 --> 00:06:02.120 way that these weaknesses can actually be exploited. 136 00:06:02.439 --> 00:06:04.319 So it's like finding a crack in a wall and 137 00:06:04.319 --> 00:06:06.399 then figuring out how to widen it so you can 138 00:06:06.399 --> 00:06:07.839 get through exactly. 139 00:06:07.879 --> 00:06:10.240 And one of the key areas here is understanding network 140 00:06:10.279 --> 00:06:15.160 protocols like TCP, UDP, SCTP. These are the languages that 141 00:06:15.199 --> 00:06:16.399 computers use to talk to. 142 00:06:16.360 --> 00:06:19.839 Each other, and if there are flaws in these protocols, 143 00:06:19.959 --> 00:06:21.879 attackers can use them to their advantage. 144 00:06:21.920 --> 00:06:26.439 Precisely, they can manipulate these protocols to bypass security measures 145 00:06:26.839 --> 00:06:30.399 like intrusion detection systems and intrusion prevention systems. 146 00:06:30.480 --> 00:06:32.439 So even if you have those systems in place, they're 147 00:06:32.480 --> 00:06:33.240 not fool proof. 148 00:06:33.399 --> 00:06:36.439 No, unfortunately not. And then there are tools like sniff, 149 00:06:36.519 --> 00:06:38.839 joke and end map that attackers use for things like 150 00:06:38.879 --> 00:06:42.560 port scanning, which is basically checking for open doors on 151 00:06:42.600 --> 00:06:43.600 a computer system, so. 152 00:06:43.519 --> 00:06:46.319 They're looking for any way that can get in, and endmap. 153 00:06:46.079 --> 00:06:48.759 Can also be used for other things like OS fingerprinting, 154 00:06:48.920 --> 00:06:51.439 where they figure out what operating system a target is running, 155 00:06:51.920 --> 00:06:55.519 and banner grabbing, which involves collecting information about the services 156 00:06:55.519 --> 00:06:56.519 that are running on a server. 157 00:06:56.879 --> 00:06:59.399 Wow, so they're gathering all this information to build a 158 00:06:59.439 --> 00:07:02.399 complete picture of the target network exactly. 159 00:07:02.439 --> 00:07:04.519 They want to know as much as possible before they 160 00:07:04.560 --> 00:07:05.120 make their move. 161 00:07:05.360 --> 00:07:08.639 This is all pretty intense stuff. It's amazing how much 162 00:07:08.720 --> 00:07:10.759 thought and effort goes into these attacks. 163 00:07:10.920 --> 00:07:14.399 Yeah, these attackers are often very skilled and determined. But 164 00:07:14.480 --> 00:07:17.600 the good news is that by understanding their methods, we 165 00:07:17.680 --> 00:07:19.199 can better defend ourselves. 166 00:07:19.519 --> 00:07:22.759 Right, Knowledge is power. Well, I'm definitely learning a lot 167 00:07:22.800 --> 00:07:26.199 here today, and I'm a little bit scared to be honest, 168 00:07:26.279 --> 00:07:26.600 it is. 169 00:07:26.560 --> 00:07:29.360 A bit daunting, but it's important to face these threats 170 00:07:29.560 --> 00:07:31.680 head on, and that's what we're here to do. 171 00:07:32.120 --> 00:07:36.480 Okay, so we've talked about reconnaissance, vulnerabilities, attack vectors. We've 172 00:07:36.519 --> 00:07:39.120 even touched on some pretty advanced techniques. Where do we go. 173 00:07:39.120 --> 00:07:41.600 From here, Well, now that we have a better understanding 174 00:07:41.639 --> 00:07:44.519 of how attackers operate, we can start to think about 175 00:07:44.560 --> 00:07:49.279 how to defend ourselves, and that's where things get really interesting. Okay, 176 00:07:49.319 --> 00:07:52.639 so far we've been talking about the attacker's perspective, but 177 00:07:52.720 --> 00:07:54.600 now let's switch gears a bit and look at things 178 00:07:54.600 --> 00:07:57.800 from the defender side. How do security pros actually go 179 00:07:57.879 --> 00:08:00.519 about assessing a network for those vulnerab abilities. 180 00:08:00.759 --> 00:08:03.519 Yeah, it's one thing to talk about how attackers operate, 181 00:08:03.639 --> 00:08:06.399 but it's another thing to actually try to find those 182 00:08:06.439 --> 00:08:07.680 weaknesses before. 183 00:08:07.399 --> 00:08:10.000 They do exactly. And one of the most effective ways 184 00:08:10.000 --> 00:08:13.920 to do that is through penetration testing, or ethical hatting 185 00:08:14.040 --> 00:08:15.160 as it's sometimes called. 186 00:08:15.279 --> 00:08:18.120 So basically hiring good guys to try to break into 187 00:08:18.160 --> 00:08:19.480 your system in a nutshell. 188 00:08:19.560 --> 00:08:22.360 Yeah, but of course it's not as simple as just 189 00:08:22.439 --> 00:08:26.079 letting anyone loose on your network. There's a whole process involved. 190 00:08:26.079 --> 00:08:29.560 A structured approach to make sure it's done safely and responsibly. 191 00:08:29.800 --> 00:08:32.799 Right, you don't want to cause any damage or accidentally 192 00:08:32.840 --> 00:08:35.840 leak sensitive information exactly. 193 00:08:35.720 --> 00:08:38.519 And the book actually walks us through this process in detail. 194 00:08:38.879 --> 00:08:41.840 It starts with information gathering, just like we talked about 195 00:08:41.879 --> 00:08:43.159 from the attackers perspective. 196 00:08:43.240 --> 00:08:45.120 So the good guys are doing their reconnaissance too. 197 00:08:45.279 --> 00:08:48.639 Absolutely, they need to understand the target environment before they 198 00:08:48.639 --> 00:08:51.720 can start poking around for vulnerabilities, makes sense, And they 199 00:08:51.799 --> 00:08:54.000 use a lot of the same techniques that attackers use, 200 00:08:54.320 --> 00:08:55.600 like open source intelligence. 201 00:08:55.759 --> 00:08:58.200 Ohcent right, we talked about that earlier. 202 00:08:58.039 --> 00:09:03.240 Yep, scouring publicly available information for clues about the target network, 203 00:09:03.840 --> 00:09:09.240 things like online databases, social media profiles, even company websites. 204 00:09:09.799 --> 00:09:12.679 Wow, so they're basically playing detective. 205 00:09:12.879 --> 00:09:15.240 In a way. Yeah, they're trying to piece together a 206 00:09:15.279 --> 00:09:19.480 picture of the network, identify potential points of entry, expose servers, 207 00:09:19.799 --> 00:09:23.080 open ports, even the versions of software that are being used. 208 00:09:23.120 --> 00:09:28.120 And sometimes a simple whois lookup can reveal a lot, right. 209 00:09:28.240 --> 00:09:30.559 Oh yeah, you'd be surprised how often you can find 210 00:09:30.600 --> 00:09:35.039 outdated contact information or even details about employees who no 211 00:09:35.120 --> 00:09:36.320 longer work for the company. 212 00:09:36.399 --> 00:09:38.279 So it's not just about the technical stuff. It's about 213 00:09:38.279 --> 00:09:40.960 the human element too, always, So once they've gathered all 214 00:09:40.960 --> 00:09:42.240 this information, what's next? 215 00:09:42.320 --> 00:09:45.519 Then they move on to vulnerability scanning, using automated tools 216 00:09:45.600 --> 00:09:47.080 to check for known weaknesses. 217 00:09:47.360 --> 00:09:49.679 So kind of like running a security check on your computer, 218 00:09:49.840 --> 00:09:52.360 but for the whole network exactly. But I imagine these 219 00:09:52.399 --> 00:09:53.759 scanners aren't perfect, are they? 220 00:09:54.000 --> 00:09:56.720 No, they're not. They can sometimes flag things that aren't 221 00:09:56.759 --> 00:09:59.480 actually vulnerabilities or false positives. 222 00:09:59.080 --> 00:10:00.679 So you can't just rely on them blindly. 223 00:10:01.039 --> 00:10:04.720 Nope, A good penetration tester will always verify those findings 224 00:10:04.720 --> 00:10:07.279 manually before attempting any exploitation. 225 00:10:08.120 --> 00:10:12.279 So how do they go about verifying those potential vulnerabilities. 226 00:10:12.600 --> 00:10:15.480 It depends on the specific vulnerability, but they might use 227 00:10:15.519 --> 00:10:19.519 tools like n map to probe the target system, or 228 00:10:19.600 --> 00:10:22.159 they might craft custom network packets to see how the 229 00:10:22.159 --> 00:10:23.120 system responds. 230 00:10:23.360 --> 00:10:25.840 So they're being very careful making sure they don't accidentally 231 00:10:25.840 --> 00:10:27.120 break anything exactly. 232 00:10:27.159 --> 00:10:29.240 It's all about testing the waters before diving in. 233 00:10:29.399 --> 00:10:33.080 Okay, So let's say they've identified a real vulnerability, something 234 00:10:33.120 --> 00:10:35.519 that could actually be exploited by an attacker. 235 00:10:36.080 --> 00:10:39.000 Then it's time for the fun part, exploitation. 236 00:10:39.399 --> 00:10:41.000 Okay, now I'm really intrigued. 237 00:10:41.240 --> 00:10:43.480 This is where they try to actually exploit the weakness 238 00:10:43.639 --> 00:10:45.159 to see how far an attacker could get. 239 00:10:45.320 --> 00:10:46.759 What kind of techniques do they use for that? 240 00:10:47.000 --> 00:10:49.279 Oh? All sorts of things, depending on the nature of 241 00:10:49.279 --> 00:10:50.000 the vulnerability. 242 00:10:50.000 --> 00:10:51.960 Oh, we've talked about some of them before, like buffer 243 00:10:52.000 --> 00:10:54.039 overflows and SEQL injection. 244 00:10:53.759 --> 00:10:58.639 Right, yep, those are classic techniques. Buffer overflows involve overflowing 245 00:10:58.639 --> 00:11:02.200 a portion of memory to xcut malicious code, and SQL 246 00:11:02.240 --> 00:11:06.279 injection manipulates database queries to gain unauthorized access to data. 247 00:11:06.960 --> 00:11:09.600 Right. And then there's cross site scripting where you inject 248 00:11:09.720 --> 00:11:11.799 malicious scripts into websites yep. 249 00:11:11.840 --> 00:11:14.159 And then there's privileged escalation where you try to gain 250 00:11:14.240 --> 00:11:17.000 higher levels of access within a system. 251 00:11:17.519 --> 00:11:19.879 So many ways to break in it's a bit overwhelming, 252 00:11:19.879 --> 00:11:22.759 I know it is, but it's also fascinating in a way, 253 00:11:22.840 --> 00:11:26.039 like a game of chess, but with really high stakes. 254 00:11:25.759 --> 00:11:28.440 Exactly, and the stakes are only getting higher as attackers 255 00:11:28.440 --> 00:11:30.000 become more sophisticated. 256 00:11:30.240 --> 00:11:32.320 Can you give you an example, like a specific case 257 00:11:32.320 --> 00:11:35.759 from the book of how a vulnerability might be exploited. 258 00:11:36.080 --> 00:11:37.919 Sure, there's a case study in the book about a 259 00:11:38.000 --> 00:11:42.279 vulnerability in a particular FTP server. This vulnerability allowed anyone 260 00:11:42.320 --> 00:11:45.840 to upload files to the server, even if they weren't authenticated. 261 00:11:46.240 --> 00:11:48.879 Wait, so anyone could just dump whatever they wanted on 262 00:11:48.919 --> 00:11:50.080 this server pretty much. 263 00:11:50.159 --> 00:11:53.480 Yeah, and an attacker could easily exploit this by uploading 264 00:11:53.519 --> 00:11:56.399 a malicious file like a backdoor or a webshell. 265 00:11:56.480 --> 00:11:58.720 Oh wow, So they could basically take control of the. 266 00:11:58.639 --> 00:12:01.759 Server exactly, and then they could use that server to 267 00:12:01.840 --> 00:12:05.639 launch further attacks, steal data, or just cause general mayhem. 268 00:12:05.840 --> 00:12:07.120 Scary stuff it. 269 00:12:07.039 --> 00:12:10.200 Is, but it highlights how important it is to find 270 00:12:10.279 --> 00:12:13.480 and fix these vulnerabilities before the bad guys do. 271 00:12:13.720 --> 00:12:17.720 So what happens after they've exploited a vulnerability, Well. 272 00:12:17.600 --> 00:12:20.480 It depends on the attackers' goals, but often they'll try 273 00:12:20.519 --> 00:12:24.080 to maintain a low profile. They might install backdoors, create 274 00:12:24.159 --> 00:12:27.840 hidden user accounts, or even hijack legitimate user accounts. 275 00:12:27.919 --> 00:12:30.440 So they're trying to blend in make it harder to 276 00:12:30.480 --> 00:12:32.279 detect their activity exactly. 277 00:12:32.320 --> 00:12:34.120 They want to stay under the radar for as long 278 00:12:34.159 --> 00:12:36.720 as possible. That makes sense, and that's where tools like 279 00:12:36.840 --> 00:12:40.600 intrusion detection and prevention systems come in. These systems monitor 280 00:12:40.600 --> 00:12:44.559 network traffic for suspicious activity and can alert administrators or 281 00:12:44.559 --> 00:12:46.720 even block malicious traffic automatically. 282 00:12:46.919 --> 00:12:49.559 So they're like security cameras for the network in a way. 283 00:12:49.720 --> 00:12:53.320 But even the best security systems can be bypassed. 284 00:12:52.879 --> 00:12:56.720 Right Unfortunately, Yes, attackers are always finding new ways to 285 00:12:56.759 --> 00:12:59.799 evade detection. That's why it's important to have a layered 286 00:12:59.840 --> 00:13:03.320 security approach, multiple layers of defense, right. 287 00:13:03.399 --> 00:13:05.639 It's not enough to just have one line of defense. 288 00:13:05.759 --> 00:13:10.240 Nope, you need multiple layers, like a strong firewall, intrusion 289 00:13:10.279 --> 00:13:15.000 detection systems, anti virus software, and strong security policies. 290 00:13:15.159 --> 00:13:18.080 So it's about making it as difficult as possible for 291 00:13:18.120 --> 00:13:20.039 an attacker to succeed exactly. 292 00:13:20.080 --> 00:13:22.519 You want to make them work for it and hopefully 293 00:13:22.519 --> 00:13:24.679 they'll give up and move on to an easier target. 294 00:13:24.759 --> 00:13:26.639 And we haven't even talked about social engineering yet. 295 00:13:26.639 --> 00:13:28.039 Oh yeah, we can't forget about that. 296 00:13:28.159 --> 00:13:31.200 The book has a whole section on that. It's crazy 297 00:13:31.279 --> 00:13:35.240 how attackers can manipulate people into giving up sensitive information 298 00:13:35.440 --> 00:13:37.039 or access to systems. 299 00:13:37.120 --> 00:13:41.159 It's a very powerful technique. They often exploit our natural 300 00:13:41.200 --> 00:13:45.200 tendencies to be helpful and trusting. They might impersonate a coworker, 301 00:13:45.519 --> 00:13:48.759 a vendor, or even a government official to trick someone 302 00:13:48.840 --> 00:13:50.159 into revealing information. 303 00:13:50.480 --> 00:13:53.080 The book gives some pretty scary examples of how that's 304 00:13:53.080 --> 00:13:54.039 been done in the past. 305 00:13:54.159 --> 00:13:56.440 Yeah, I like that story about the attacker who called 306 00:13:56.480 --> 00:13:59.200 up an employee pretending to be from IT and ask 307 00:13:59.279 --> 00:14:02.639 for their passwords. It's amazing how easily people can be fooled. 308 00:14:02.720 --> 00:14:05.039 It is, especially when they're caught off guard or under 309 00:14:05.080 --> 00:14:06.279 pressure exactly. 310 00:14:06.720 --> 00:14:10.000 And these attacks can be very sophisticated, involving a lot 311 00:14:10.039 --> 00:14:13.240 of research and planning to create a believable scenario. 312 00:14:13.559 --> 00:14:16.000 So what can we do to protect ourselves from these 313 00:14:16.000 --> 00:14:17.360 social engineering attacks? 314 00:14:17.720 --> 00:14:21.679 The best defense is awareness and education. We need to 315 00:14:21.679 --> 00:14:26.120 teach people to be skeptical of unsolicited requests for information, 316 00:14:26.559 --> 00:14:30.440 to verify identities, and to report any suspicious activity. 317 00:14:30.559 --> 00:14:33.720 Right, It's not enough to just have the latest security software. 318 00:14:34.080 --> 00:14:36.320 We need to create a security conscious culture. 319 00:14:36.440 --> 00:14:37.000 Absolutely. 320 00:14:37.039 --> 00:14:39.559 Okay, So we've covered a lot of ground today, from 321 00:14:39.639 --> 00:14:45.559 reconnaissance to vulnerability scanning, to exploitation to social engineering, and 322 00:14:45.600 --> 00:14:46.919 I'm sure there's even more to come. 323 00:14:47.080 --> 00:14:49.440 Oh yeah, we've only just scratched the surface. But I 324 00:14:49.440 --> 00:14:51.960 think we've laid a good foundation for understanding the basics 325 00:14:51.960 --> 00:14:54.879 of network security assessments, and in the next part we'll 326 00:14:54.879 --> 00:14:57.159 delve even deeper. Into some of the more advanced techniques 327 00:14:57.200 --> 00:14:57.759 and concepts. 328 00:14:57.879 --> 00:15:00.000 Okay, I'm ready for it. Bring on the advance stuff, 329 00:15:00.879 --> 00:15:03.159 all right, So we're back for the final part of 330 00:15:03.200 --> 00:15:06.919 our deep dive into network security assessments. I'm ready to 331 00:15:07.200 --> 00:15:08.279 tackle some more of this stuff. 332 00:15:08.559 --> 00:15:10.840 Yeah, we've definitely covered a lot of ground so far, 333 00:15:11.519 --> 00:15:13.679 but there's still some really interesting stuff to explore in 334 00:15:13.720 --> 00:15:14.200 this book. 335 00:15:14.320 --> 00:15:15.919 You know, in the last part we were talking about 336 00:15:15.919 --> 00:15:21.639 how attackers can exploit network protocols and authentication mechanisms. But 337 00:15:21.679 --> 00:15:23.960 now I'm kind of curious about the whole cryptography side 338 00:15:23.960 --> 00:15:27.440 of things. The book has this whole chapter dedicated to 339 00:15:28.240 --> 00:15:30.480 assessing cryptographic systems. 340 00:15:30.639 --> 00:15:35.519 Yeah, cryptography is like the backbone of network security, right. 341 00:15:35.879 --> 00:15:40.200 It's used everywhere to encrypt data, authenticate users, make sure 342 00:15:40.200 --> 00:15:41.679 that communication hasn't. 343 00:15:41.399 --> 00:15:43.799 Been tampered with, right, right, So it's basically all about 344 00:15:43.840 --> 00:15:47.600 protecting information and making sure it stays confidential and secure exactly. 345 00:15:47.919 --> 00:15:51.320 But the thing is, if these cryptographic systems are not 346 00:15:51.559 --> 00:15:55.279 implemented or configured correctly, they can actually create weaknesses that 347 00:15:55.320 --> 00:15:56.440 attackers can exploit. 348 00:15:56.679 --> 00:15:59.600 So it's like having a strong lock on your door 349 00:15:59.639 --> 00:16:01.559 but then accidentally leaving the key under. 350 00:16:01.360 --> 00:16:02.960 The mat Yeah, pretty much. 351 00:16:03.000 --> 00:16:05.120 You've got the security in place, but if there's a 352 00:16:05.159 --> 00:16:07.440 simple way to bypass it, it's not really doing much 353 00:16:07.480 --> 00:16:08.519 good exactly. 354 00:16:08.600 --> 00:16:12.200 And the book actually walks through different types of cryptographic 355 00:16:12.240 --> 00:16:15.679 attacks that attackers might use, things like brute force attacks 356 00:16:16.080 --> 00:16:19.080 where they just try every possible key combination until they 357 00:16:19.080 --> 00:16:19.799 find the right one. 358 00:16:20.120 --> 00:16:22.799 So it's basically a trial and error approach hoping to 359 00:16:22.799 --> 00:16:23.360 get lucky. 360 00:16:24.159 --> 00:16:26.799 Yeah, and with enough computing power it can actually be 361 00:16:26.879 --> 00:16:31.919 effective against weaker encryption algorithms. But then there's cryptanalysis, which 362 00:16:31.960 --> 00:16:35.919 is a bit more sophisticated. It involves using mathematical techniques 363 00:16:36.000 --> 00:16:39.120 to exploit weaknesses in the encryption algorithm itself. 364 00:16:39.360 --> 00:16:42.080 Oh wow, so that sounds like some serious math skills 365 00:16:42.120 --> 00:16:42.759 are required. 366 00:16:42.879 --> 00:16:46.799 Yeah, cryptanalysis is definitely a specialized area. And then there 367 00:16:46.799 --> 00:16:49.440 are side channel attacks, which are even more subtle. 368 00:16:49.519 --> 00:16:51.080 Side channel attacks what are those? 369 00:16:51.399 --> 00:16:55.559 Well, they involve observing the physical characteristics of a cryptographic system, 370 00:16:55.840 --> 00:17:00.440 things like power consumption, electromagnetic emissions, even the time it 371 00:17:00.480 --> 00:17:05.319 takes to perform certain operations. And by analyzing these physical characteristics, 372 00:17:05.559 --> 00:17:08.480 attackers can actually infer information about the secret key. 373 00:17:08.880 --> 00:17:12.000 Wow, so they're not even directly attacking the algorithm itself. 374 00:17:12.319 --> 00:17:15.119 Nope, they're looking for clues in the way the system behaves. 375 00:17:15.200 --> 00:17:16.680 That's pretty sneaky, it is. 376 00:17:17.279 --> 00:17:19.920 And side channel attacks are becoming more and more popular 377 00:17:19.960 --> 00:17:21.640 as attackers get more sophisticated. 378 00:17:21.920 --> 00:17:24.400 So even if you're using a strong encryption algorithm, you 379 00:17:24.480 --> 00:17:27.960 still need to be aware of these other potential attack vectors. 380 00:17:28.000 --> 00:17:29.599 Absolutely, security is all about layers. 381 00:17:29.759 --> 00:17:32.720 Okay, so we've talked about different types of cryptographic attacks, 382 00:17:33.119 --> 00:17:36.039 but what about key management? How does that fit into 383 00:17:36.119 --> 00:17:36.440 all of this. 384 00:17:36.920 --> 00:17:41.599 Key management is crucial for any cryptographic system. It's all 385 00:17:41.599 --> 00:17:47.039 about generating, storing, distributing, and revoking cryptographic keys securely. 386 00:17:47.519 --> 00:17:49.640 So it's not just about having a key, it's about 387 00:17:49.759 --> 00:17:53.319 keeping it safe and making sure that only authorized individuals 388 00:17:53.319 --> 00:17:54.119 have access to it. 389 00:17:54.319 --> 00:17:54.759 Exactly. 390 00:17:54.799 --> 00:17:57.200 It's like having a safe with a combination lock, but 391 00:17:57.240 --> 00:17:59.559 if you write the combination down on a sticky note 392 00:17:59.559 --> 00:18:01.920 and stick to the safe, it's not really very secure, 393 00:18:02.039 --> 00:18:02.279 is it? 394 00:18:02.480 --> 00:18:04.440 Not at all? And the book goes into a lot 395 00:18:04.480 --> 00:18:08.000 of detail about best practices for key management, things like 396 00:18:08.319 --> 00:18:12.400 using hardware security modules or HSMs to store keys securely 397 00:18:13.079 --> 00:18:16.160 and implementing key rotation policies to make sure the keys 398 00:18:16.160 --> 00:18:17.519 are changed regularly. 399 00:18:17.640 --> 00:18:19.519 So it's like changing the locks on your house every 400 00:18:19.519 --> 00:18:21.599 once in a while to make it harder for burglars 401 00:18:21.640 --> 00:18:22.160 to break in. 402 00:18:22.519 --> 00:18:23.759 Exactly makes sense. 403 00:18:24.160 --> 00:18:28.440 Okay, so we've covered cryptography key management. What about password 404 00:18:28.440 --> 00:18:30.200 cracking that's always a hot topic. 405 00:18:30.440 --> 00:18:33.720 Yeah, password cracking is an important part of network security assessment. 406 00:18:33.960 --> 00:18:36.599 It allows us to test the strength of our passwords 407 00:18:36.799 --> 00:18:40.119 and identify weak passwords that attackers could easily guess. 408 00:18:40.480 --> 00:18:43.079 And the book talks about all sorts of different password 409 00:18:43.079 --> 00:18:44.000 cracking techniques. 410 00:18:44.079 --> 00:18:46.960 Yeah, things like dictionary attacks where they try common words 411 00:18:46.960 --> 00:18:49.880 and phrases, and brute force attacks where they try every 412 00:18:49.880 --> 00:18:53.720 possible combination of characters. There are even tools like John 413 00:18:53.759 --> 00:18:57.000 the Ripper and hashcat which can try millions or even 414 00:18:57.079 --> 00:18:58.880 billions of passwords per second. 415 00:18:59.000 --> 00:19:01.519 Wow, that's incredible. So it's like having an army of 416 00:19:01.640 --> 00:19:05.079 robots trying every possible combination on your door lock until 417 00:19:05.079 --> 00:19:06.039 they find the right one. 418 00:19:06.319 --> 00:19:07.039 Pretty much. 419 00:19:07.440 --> 00:19:09.559 So, what can we do to protect ourselves from these 420 00:19:09.599 --> 00:19:10.920 password cracking attacks? 421 00:19:11.200 --> 00:19:14.200 The best defense is to use strong, unique passwords for 422 00:19:14.319 --> 00:19:17.240 all of your accounts. A strong password is at least 423 00:19:17.240 --> 00:19:20.079 twelve characters long, includes a mix of upper and lower 424 00:19:20.079 --> 00:19:21.400 case letters, numbers and. 425 00:19:21.400 --> 00:19:24.960 Symbols, right, And the book also recommends using a password manager. 426 00:19:25.240 --> 00:19:28.200 Yes, password managers are great. They encrypt your passwords and 427 00:19:28.240 --> 00:19:30.920 store them securely, so you only need to remember one 428 00:19:31.000 --> 00:19:32.720 master password, so it's. 429 00:19:32.599 --> 00:19:35.640 Like having a digital vault for all of your passwords exactly. Okay, 430 00:19:35.680 --> 00:19:39.359 so we've covered cryptography, key management, password cracking. What else 431 00:19:39.440 --> 00:19:40.240 is there to consider? 432 00:19:40.759 --> 00:19:43.640 Well, the book also delves into malware analysis, which is 433 00:19:43.680 --> 00:19:45.599 all about understanding how malware works. 434 00:19:45.759 --> 00:19:49.680 Malware so like viruses, worms, trojans, all that nasty stuff. 435 00:19:49.759 --> 00:19:53.240 Yep, all of the above, and malware analysis is essential 436 00:19:53.279 --> 00:19:55.240 for developing effective countermeasures. 437 00:19:55.640 --> 00:19:58.400 So it's like having a team of scientists studying a 438 00:19:58.480 --> 00:20:01.119 dangerous virus to figure out out how it spreads and 439 00:20:01.160 --> 00:20:02.799 how to cure it exactly. 440 00:20:03.240 --> 00:20:06.519 And the book covers various techniques for analyzing malware static 441 00:20:06.559 --> 00:20:09.279 analysis where you examine the code without actually running it, 442 00:20:09.640 --> 00:20:12.920 and dynamic analysis, where you run the malware in a 443 00:20:12.960 --> 00:20:15.000 controlled environment to see how it behaves. 444 00:20:15.279 --> 00:20:18.160 So it's like studying the blueprints of a building versus 445 00:20:18.240 --> 00:20:20.599 actually walking through it and seeing how it's laid out. 446 00:20:20.720 --> 00:20:24.279 That's good analogy. And they're even specialized tools for malware 447 00:20:24.279 --> 00:20:26.599 analysis like ida pro and Gidra. 448 00:20:26.799 --> 00:20:27.960 Those sound pretty hardcore. 449 00:20:28.119 --> 00:20:31.160 They are, but they're essential for understanding the inner workings 450 00:20:31.160 --> 00:20:31.759 of malware. 451 00:20:31.839 --> 00:20:33.920 Wow. Well, we've covered a lot of ground today, from 452 00:20:33.960 --> 00:20:38.799 cryptography to password cracking to malware analysis. It's been a 453 00:20:38.839 --> 00:20:40.880 pretty intense deep dive. 454 00:20:41.039 --> 00:20:43.079 It has, but I think it's been worth it. We've 455 00:20:43.119 --> 00:20:45.200 learned a lot about how attackers operate and how we 456 00:20:45.240 --> 00:20:46.079 can defend ourselves. 457 00:20:46.200 --> 00:20:49.240 Absolutely, and I'm feeling a lot more informed about network 458 00:20:49.279 --> 00:20:52.079 security now. I still feel a little bit overwhelmed, to 459 00:20:52.119 --> 00:20:54.039 be honest, but in a good way, like I've just 460 00:20:54.039 --> 00:20:57.279 scratched the surface of a vast and complex subject. 461 00:20:57.480 --> 00:20:59.599 That's a good way to put it. Network security is 462 00:20:59.599 --> 00:21:02.920 a constantly evolving field. There's always something new to learn, 463 00:21:02.960 --> 00:21:03.839 new threats to face. 464 00:21:04.119 --> 00:21:05.759 Well, I'm definitely going to be keeping an eye on 465 00:21:05.759 --> 00:21:07.599 this stuff from now on. I'm also going to be 466 00:21:07.680 --> 00:21:10.279 double checking all of my passwords and making sure I'm 467 00:21:10.319 --> 00:21:11.440 using a password manager. 468 00:21:11.759 --> 00:21:14.920 Good idea, and don't forget to stay informed about the 469 00:21:15.000 --> 00:21:16.119 latest security threats. 470 00:21:16.279 --> 00:21:19.880 Right, Knowledge is power. Well, I think that's a wrap 471 00:21:19.960 --> 00:21:22.759 for our deep dive into network security assessments. 472 00:21:22.839 --> 00:21:23.599 It's been a pleasure. 473 00:21:23.720 --> 00:21:26.960 Thanks for joining me on this journey and to everyone listening, 474 00:21:27.039 --> 00:21:30.119 stay safe out there in the digital world, and stay curious.