WEBVTT 1 00:00:00.040 --> 00:00:03.319 All right, so today we are really diving deep get 2 00:00:03.319 --> 00:00:10.279 this into Windows networking security, specifically the world of Windows 3 00:00:10.320 --> 00:00:14.400 AID and Server twenty twelve. Right, we're using excerpts from 4 00:00:14.599 --> 00:00:19.480 a Windows twenty twelve Server Network Security to kind of 5 00:00:19.600 --> 00:00:22.280 guide us. Think of it as our security handbook for 6 00:00:22.399 --> 00:00:23.280 this deep dive. 7 00:00:23.399 --> 00:00:25.879 And what a handbook it is. You know, this era 8 00:00:26.320 --> 00:00:29.239 really marked a shift in how we thought about security. 9 00:00:29.320 --> 00:00:31.559 Oh Will. It was no longer just for the IT 10 00:00:31.839 --> 00:00:34.600 specialist tucked away in a room somewhere, right. It became 11 00:00:35.159 --> 00:00:38.679 everybody's responsibility, from you know, the average user just browsing 12 00:00:38.759 --> 00:00:41.320 the web, right all the way up to the DNS admin. 13 00:00:41.359 --> 00:00:42.640 And as funy as you should say that about the 14 00:00:42.719 --> 00:00:44.520 DNS admin because I was reading in the book, it's 15 00:00:44.560 --> 00:00:47.200 like you think about that role and you think, DNS, Oh, 16 00:00:47.200 --> 00:00:48.920 they just make sure that the websites work. But they 17 00:00:48.960 --> 00:00:50.520 have to think about security. 18 00:00:50.000 --> 00:00:51.280 Too, oh absolutely, yeah, like. 19 00:00:51.240 --> 00:00:53.359 Way more than just making sure a website loads. 20 00:00:53.439 --> 00:00:55.439 Absolutely, you know, they have to think about things like 21 00:00:56.320 --> 00:00:59.439 availability during an attack. Okay, making sure that the system's 22 00:00:59.479 --> 00:01:04.079 not just protected, but that it's still giving out accurate information. Wow, 23 00:01:04.159 --> 00:01:05.280 it's a real balancing act. 24 00:01:05.359 --> 00:01:07.640 So there's a lot more to it than meets the eye. 25 00:01:07.719 --> 00:01:10.079 And speaking of things that have more to them than 26 00:01:10.120 --> 00:01:13.519 meets the eye, the book mentions the CIA tryad a lot. 27 00:01:13.640 --> 00:01:15.400 Is that where this balancing act comes in. 28 00:01:15.680 --> 00:01:22.359 The Cishod triad. It's essential confidentiality, integrity, availability, those three 29 00:01:22.400 --> 00:01:26.200 pillars they all have to work in harmony, okay, And 30 00:01:26.280 --> 00:01:29.879 this book it really hammers home the point that good 31 00:01:29.920 --> 00:01:34.359 security isn't just about building those digital fortresses, you know, 32 00:01:34.400 --> 00:01:37.120 with your firewalls and your encryption and everything. Yeah, it's 33 00:01:37.120 --> 00:01:39.319 also about making sure those systems are usable for the 34 00:01:39.319 --> 00:01:40.319 people who need them. Right. 35 00:01:40.519 --> 00:01:42.480 So it's kind of like you could have the most 36 00:01:42.519 --> 00:01:44.959 secure car in the world, right, but if the doors 37 00:01:44.959 --> 00:01:47.879 are welded shut, it's not very practical exactly, you got it, 38 00:01:47.879 --> 00:01:49.040 It's not doing you any good. 39 00:01:49.200 --> 00:01:52.599 And speaking of practicality and usability, you know Windows eight 40 00:01:52.719 --> 00:01:56.599 and Server twenty twelve, they brought some serious upgrades to 41 00:01:56.640 --> 00:01:57.040 the table. 42 00:01:57.159 --> 00:01:57.840 They did, they did. 43 00:01:58.040 --> 00:02:02.280 I'm thinking specifically about the revamp Server Manager, okay, and 44 00:02:02.319 --> 00:02:04.879 then the expanded power of PowerShell PowerShell. 45 00:02:04.959 --> 00:02:07.040 Yeah, that was a big deal, right, huge, huge more 46 00:02:07.079 --> 00:02:08.680 power your fingertips. 47 00:02:08.120 --> 00:02:10.400 But's double aid sword exactly. 48 00:02:09.960 --> 00:02:11.879 That's what I was thinking like more power to break 49 00:02:11.919 --> 00:02:13.120 things too. If you're not careful. 50 00:02:13.159 --> 00:02:15.960 It's like being handed the keys to like, you know, 51 00:02:16.120 --> 00:02:19.360 a Formula one race car. Okay, you know it's exhilarating, 52 00:02:19.400 --> 00:02:21.520 but you better know what you're doing behind the wheel, you. 53 00:02:21.439 --> 00:02:23.879 Know, exactly. Yeah, if you don't know what you're doing, 54 00:02:23.919 --> 00:02:24.800 you could get in trouble. 55 00:02:24.879 --> 00:02:25.280 Exactly. 56 00:02:25.280 --> 00:02:26.800 We'll be off the track in no time. 57 00:02:27.680 --> 00:02:30.120 In this book, it really gets into the nitty gritty 58 00:02:30.120 --> 00:02:33.319 of how to use these tools. Yeah, but for our 59 00:02:33.360 --> 00:02:37.199 purposes today, we're going to focus on the security essentials. Okay, 60 00:02:37.400 --> 00:02:39.599 sounds good, Just the need to know to keep you 61 00:02:39.639 --> 00:02:41.759 safe on the information super Highway. 62 00:02:41.960 --> 00:02:43.159 Love it. Love the analogy. 63 00:02:43.360 --> 00:02:43.560 Right. 64 00:02:44.240 --> 00:02:47.719 So, one thing that was really making waves back then 65 00:02:48.000 --> 00:02:52.800 and still is is the rise of IPv six. Yes, 66 00:02:53.120 --> 00:02:56.039 remember all the hype about running out of IPv four addresses. 67 00:02:56.319 --> 00:02:58.520 Oh absolutely, it was like the Y two K the Internet. 68 00:02:58.599 --> 00:02:58.919 It was. 69 00:02:59.000 --> 00:03:00.800 It was everyone was talking about it. 70 00:03:00.879 --> 00:03:03.719 But you know, IPv six, that's a whole other ball game. 71 00:03:03.919 --> 00:03:04.120 Yeah. 72 00:03:04.280 --> 00:03:06.479 Instead of those thirty two bit addresses we were used to, 73 00:03:06.919 --> 00:03:10.400 we're talking one hundred and twenty eight bits. Yeah, basically 74 00:03:10.439 --> 00:03:12.240 an unlimited number of addresses. 75 00:03:12.400 --> 00:03:14.159 It's practically an unlimited number. 76 00:03:14.280 --> 00:03:14.520 Yeah. 77 00:03:14.560 --> 00:03:17.280 The book was saying it's enough for every person on 78 00:03:17.360 --> 00:03:20.719 Earth to have billions of addresses each and then some 79 00:03:21.039 --> 00:03:24.960 yeah yeah, like it's incredible. It is no more hoarding 80 00:03:25.120 --> 00:03:28.960 ip addresses like they're going extinct exactly. And I gotta say, 81 00:03:29.120 --> 00:03:31.960 you know, this is maybe a personal preference. Yeah, but 82 00:03:32.199 --> 00:03:37.039 I always found that colon and hexadecimal notation in IPv 83 00:03:37.159 --> 00:03:41.479 six addresses, right, just a bit more I don't know, elegant. 84 00:03:41.039 --> 00:03:41.719 A little cleaner. 85 00:03:41.879 --> 00:03:44.120 Yeah, it's cleaner. I like it it is, even if 86 00:03:44.120 --> 00:03:45.159 it takes a little getting used to. 87 00:03:45.400 --> 00:03:49.400 It's definitely a more I think, scalable system designed with 88 00:03:49.520 --> 00:03:52.439 the future in mind, you know, security in mind, right, 89 00:03:52.639 --> 00:03:53.520 long term, long. 90 00:03:53.439 --> 00:03:55.199 Term, Yeah, because we're not going to run out of 91 00:03:55.240 --> 00:03:57.520 addresses anytime soon with IPVs. 92 00:03:57.240 --> 00:03:58.000 Not anytime soon. 93 00:03:58.240 --> 00:04:01.199 So we've got all these addresses, but how do devices 94 00:04:01.240 --> 00:04:04.000 actually get them. That's where DHCP comes in. 95 00:04:04.000 --> 00:04:07.199 Right, ECP. It's like the automated address dispenser of the 96 00:04:07.240 --> 00:04:10.080 network world, exactly, right. You just show up, you get 97 00:04:10.080 --> 00:04:11.039 an address, You're good to go. 98 00:04:11.199 --> 00:04:13.319 It just makes things so much easier because I mean, 99 00:04:13.360 --> 00:04:16.279 can you imagine having to manually configure. 100 00:04:15.919 --> 00:04:17.279 Oh, I don't even want to think about. 101 00:04:17.120 --> 00:04:21.040 It, the IP settings for every single device on a network. Oh, 102 00:04:21.079 --> 00:04:25.279 the nightmare, especially a large network like a corporate network. 103 00:04:25.040 --> 00:04:26.199 Especially, Yeah, forget it. 104 00:04:26.399 --> 00:04:27.480 Oh it'd be impossible. 105 00:04:27.600 --> 00:04:28.600 Yeah, no, it's essential. 106 00:04:28.759 --> 00:04:32.279 So DHCP is great for streamlining things. But the book 107 00:04:32.480 --> 00:04:36.000 hints at some security risks involved as well. Right, something 108 00:04:36.000 --> 00:04:37.000 about blind trust. 109 00:04:37.480 --> 00:04:40.720 Well, the issue is that DHCP in its basic form, 110 00:04:41.480 --> 00:04:43.480 it doesn't have any built in authentication. 111 00:04:44.199 --> 00:04:44.680 What do you mean. 112 00:04:44.839 --> 00:04:46.879 It's like, you know, leaving a bowl of candy on 113 00:04:46.920 --> 00:04:49.439 your porch with a sign that says, please take one. Okay, 114 00:04:50.079 --> 00:04:51.920 you're just trusting everyone to play by the rules. 115 00:04:52.079 --> 00:04:55.480 And in the network world, not everyone plays. 116 00:04:55.160 --> 00:04:57.319 By the rules exactly. You got it. You never know 117 00:04:57.360 --> 00:04:58.759 who's going to show up and grab a hand for 118 00:04:58.879 --> 00:04:59.519 right exactly. 119 00:04:59.560 --> 00:05:01.560 So what could go wrong? Give me an example. 120 00:05:01.639 --> 00:05:06.120 Okay, so let's say someone sneaks a rogue DHCP server 121 00:05:06.519 --> 00:05:07.399 onto your network. 122 00:05:07.600 --> 00:05:09.600 A rogue DHCP server. 123 00:05:09.480 --> 00:05:11.920 A rogue one. Yeah, it's like a wolf in sheep's clothing. 124 00:05:12.399 --> 00:05:16.360 When your device instantly requests an IP address this rogue server, 125 00:05:16.839 --> 00:05:18.480 it can jump in with a bogus one. 126 00:05:18.519 --> 00:05:20.279 So instead of getting a piece of candy, I get 127 00:05:20.279 --> 00:05:20.639 a rock. 128 00:05:20.800 --> 00:05:24.560 The rock exactly. That fake IP address, it can block 129 00:05:24.600 --> 00:05:28.839 your device from connecting entirely, or worse, it could redirect 130 00:05:28.839 --> 00:05:32.519 your DNS requests, sending you to a fake website, maybe 131 00:05:32.519 --> 00:05:33.920 designed to steal your information. 132 00:05:34.199 --> 00:05:37.160 Oh so that's how that works, exactly. That's really scary. 133 00:05:37.240 --> 00:05:37.839 It's sneaky. 134 00:05:38.120 --> 00:05:40.399 But I think I remember reading in the book about 135 00:05:40.600 --> 00:05:42.759 some defenses against these rogue servers. 136 00:05:42.839 --> 00:05:43.000 Yeah. 137 00:05:43.079 --> 00:05:45.240 Yeah, like something called DHCP snooping. 138 00:05:45.360 --> 00:05:48.519 EHCP snooping. That's a life saver. Yeah. It works with 139 00:05:48.600 --> 00:05:53.000 your network switches to create essentially a VIP list. Okay, 140 00:05:53.120 --> 00:05:57.319 so only DHCP responses from trusted HGC addresses and ports 141 00:05:57.480 --> 00:05:58.120 are let through. 142 00:05:58.319 --> 00:06:01.199 So it's like having a bouncer at our party. 143 00:06:01.040 --> 00:06:03.319 Exactly, only the people on the list get through. 144 00:06:03.480 --> 00:06:07.600 I like that analogy, right. What about DHCP reservations. I 145 00:06:07.600 --> 00:06:10.279 remember that being a big deal for important systems. 146 00:06:10.600 --> 00:06:14.079 DHCP reservations those are essential. To think of it like 147 00:06:14.759 --> 00:06:18.399 assigning reserved parking spaces in your network. Okay, you're basically 148 00:06:18.399 --> 00:06:22.800 telling the DHDP server this specific device always gets this 149 00:06:22.879 --> 00:06:25.879 specific IP address, no exceptions. 150 00:06:25.600 --> 00:06:29.439 Which makes sense for things like servers or printers. Absolutely, yeah, 151 00:06:29.480 --> 00:06:31.639 things that need to have that static address. 152 00:06:31.360 --> 00:06:34.319 Anything mission critical that needs a permanent address. That makes 153 00:06:34.360 --> 00:06:36.920 a lot of sense, and you're essentially nailing it to 154 00:06:37.399 --> 00:06:41.879 that device's MC address for IPv four or it's DUID 155 00:06:42.040 --> 00:06:46.000 for IPv six. Gotcha either way, no more musical chairs 156 00:06:46.040 --> 00:06:48.199 with IP addresses for those important devices. 157 00:06:48.279 --> 00:06:50.839 That's great. So we've got our addresses sorted with DHCP. 158 00:06:51.120 --> 00:06:51.439 We do. 159 00:06:51.600 --> 00:06:53.720 Now let's talk about how we actually find our way 160 00:06:53.720 --> 00:06:55.920 around the Internet, and that's where DNS comes in, right. 161 00:06:56.000 --> 00:06:57.800 DNS it's the Internet's phone book, right. 162 00:06:57.759 --> 00:06:58.399 Yeah, it is. 163 00:06:58.480 --> 00:07:01.480 It takes those easy to remember domain names like Google 164 00:07:01.519 --> 00:07:05.120 dot com and translates them into those IP addresses that 165 00:07:05.160 --> 00:07:06.879 the computers use to actually communicate. 166 00:07:07.079 --> 00:07:09.120 Yeah, because who wants to remember a string of numbers 167 00:07:09.160 --> 00:07:10.600 every time you want to visit a website? 168 00:07:10.680 --> 00:07:13.600 No one, it'd be impossible, to be impossible, right exactly. 169 00:07:13.680 --> 00:07:16.160 But like with any good system, I'm guessing there are 170 00:07:16.240 --> 00:07:18.560 vulnerabilities with DNS too, right, Oh. 171 00:07:18.439 --> 00:07:22.720 Absolutely, DNS is a prime target. Really, it's a critical 172 00:07:22.759 --> 00:07:26.759 piece of Internet infrastructure, okay, and like any critical system, 173 00:07:27.079 --> 00:07:28.519 it's got its vulnerabilities. 174 00:07:28.600 --> 00:07:30.079 So what are some of the things that can go 175 00:07:30.160 --> 00:07:31.120 wrong with DNS. 176 00:07:31.319 --> 00:07:34.959 Well, one of the biggest threats is DNS. 177 00:07:34.639 --> 00:07:36.720 Spoofing, DNA spoofing? What is that? 178 00:07:37.240 --> 00:07:43.439 So imagine someone you know, tampers with the DNS cash okay, 179 00:07:43.519 --> 00:07:46.360 either on your computer or maybe on a DNS server, right, 180 00:07:46.639 --> 00:07:49.720 and suddenly you're being redirected to a malicious website. 181 00:07:50.000 --> 00:07:51.759 Even if I type in the correct address. 182 00:07:51.800 --> 00:07:53.439 Even if you type in the correct address, you're not 183 00:07:53.480 --> 00:07:54.600 going where you think you're going. 184 00:07:54.680 --> 00:07:56.879 Oh wow, So I could type in like a Google 185 00:07:56.920 --> 00:08:00.480 dot com and end up on some sketchy fishing site exactly. 186 00:08:00.920 --> 00:08:03.439 That's how they get you. It's all about misdirection. 187 00:08:03.759 --> 00:08:04.839 That's really sneaky. 188 00:08:05.040 --> 00:08:07.600 Thankfully, there are ways to protect against this, okay, good. 189 00:08:08.199 --> 00:08:10.759 The book talks about a feature in Windows Active directory 190 00:08:10.839 --> 00:08:13.519 called Secure Dynamic Updates. 191 00:08:14.040 --> 00:08:16.560 Secure Dynamic Updates, what is that. 192 00:08:16.959 --> 00:08:19.399 It's like a security checkpoint for any changes to your 193 00:08:19.480 --> 00:08:23.759 DNS records, so only authorized devices can update the records, so. 194 00:08:23.680 --> 00:08:26.160 No one can just waltz in and change things exactly. 195 00:08:26.199 --> 00:08:29.959 It prevents anyone from you know, hijacking a domain name 196 00:08:30.399 --> 00:08:33.000 or creating these fake entries to mislead people. 197 00:08:33.120 --> 00:08:33.679 That makes sense. 198 00:08:33.679 --> 00:08:36.720 I liked it. The book also mentions this this interesting 199 00:08:36.720 --> 00:08:40.919 little detail about something called the dncept beat date Proxwi group. 200 00:08:41.039 --> 00:08:43.720 The DNCE up beat prox Wei group. I don't think 201 00:08:43.720 --> 00:08:44.519 I've heard of that one. 202 00:08:44.679 --> 00:08:47.919 So, you know, when you've got multiple DHCP servers on a. 203 00:08:47.879 --> 00:08:49.879 Network, okay, which is common. 204 00:08:50.039 --> 00:08:53.159 Yeah, it's very common, especially in larger organizations. Right, they 205 00:08:53.200 --> 00:08:55.879 need a way to you know, play nicely together, right 206 00:08:56.360 --> 00:08:59.519 when it comes to updating those DNS records. Yeah, that's 207 00:08:59.519 --> 00:09:02.039 where this comes in. It ensures that they can all 208 00:09:02.120 --> 00:09:07.720 modify the necessary registrations without causing conflicts or you know, 209 00:09:07.960 --> 00:09:08.960 disrupting connections. 210 00:09:09.000 --> 00:09:11.159 So it's all about keeping things in sync exactly. 211 00:09:11.559 --> 00:09:13.120 Synchronization and cooperation. 212 00:09:13.240 --> 00:09:16.080 That's the key, I like it. Right, So we've gone 213 00:09:16.080 --> 00:09:19.879 from securing the network's foundation with DHCP right to making 214 00:09:19.919 --> 00:09:23.159 sure we can find our way around safely with DNS. 215 00:09:23.360 --> 00:09:25.000 It's all connected, you see. 216 00:09:24.799 --> 00:09:26.799 It is. Yeah, it's all part of the big picture, 217 00:09:26.919 --> 00:09:29.440 it is. Now let's shift gears a bit and talk 218 00:09:29.440 --> 00:09:33.480 about something that's directly relevant to well everyone using a 219 00:09:33.480 --> 00:09:37.720 Windows eight computer okay, Yeah, those different network location types 220 00:09:37.919 --> 00:09:40.919 from group work and public right right, right, I always 221 00:09:40.919 --> 00:09:43.639 found those interesting, Like what are the security implications of 222 00:09:43.759 --> 00:09:45.480 choosing one over the other. 223 00:09:45.919 --> 00:09:50.559 It's all about setting the right security posture for your computer, yeah, right, 224 00:09:50.559 --> 00:09:52.440 depending on where you are and what you're doing. Okay, 225 00:09:52.720 --> 00:09:54.840 a home group, for example, it's like hanging out in 226 00:09:54.840 --> 00:09:55.600 your living room. 227 00:09:55.559 --> 00:09:58.720 So pretty relaxed, pretty secure environment exactly. 228 00:09:58.759 --> 00:10:02.399 You're mostly a trusted devices right right, So things are, 229 00:10:02.639 --> 00:10:03.960 you know, a bit more relaxed. 230 00:10:04.039 --> 00:10:07.519 You're not too worried about someone swiping your data precisely. 231 00:10:07.679 --> 00:10:10.600 You're more worried about, you know, maybe someone accidentally seeing 232 00:10:10.639 --> 00:10:12.000 something they shouldn't, right. 233 00:10:12.120 --> 00:10:15.320 Exactly, Like you don't want your roommate reading your diary exactly. 234 00:10:16.000 --> 00:10:18.440 Then you've got your work network, which is designed for 235 00:10:18.799 --> 00:10:21.080 well work environments. 236 00:10:20.759 --> 00:10:23.360 So a bit more security than your living room, a 237 00:10:23.360 --> 00:10:25.840 bit more locked down. Yeah, you don't want just anyone 238 00:10:25.879 --> 00:10:28.480 accessing sensitive company information exactly. 239 00:10:28.919 --> 00:10:31.720 And then you've got public, which is like you know, 240 00:10:31.759 --> 00:10:33.679 the coffee shop, the airport. 241 00:10:33.320 --> 00:10:35.519 The wild West of network, the wild West. 242 00:10:35.600 --> 00:10:36.919 You've got your cowboy hat on. 243 00:10:37.039 --> 00:10:39.759 You're ready for anything, right, because you really don't know 244 00:10:39.840 --> 00:10:40.639 who's out there. 245 00:10:40.759 --> 00:10:42.720 You don't know who's lurking on that public Wi Fi. 246 00:10:42.919 --> 00:10:44.639 You could be sitting next to a hacker and not 247 00:10:44.720 --> 00:10:46.039 even know it, exactly. 248 00:10:46.440 --> 00:10:48.720 So you want to make sure you're wearing your digital armor, 249 00:10:48.840 --> 00:10:49.440 so to speak. 250 00:10:49.480 --> 00:10:50.960 That makes a lot of sense. So if I'm at 251 00:10:50.960 --> 00:10:53.720 a coffee shop, yeah, I definitely want to make sure 252 00:10:53.759 --> 00:10:55.200 I'm in that public. 253 00:10:54.840 --> 00:10:57.080 Mode, public mode, lockdown. 254 00:10:57.159 --> 00:11:00.000 I want just anyone peeking at my files, exactly. 255 00:11:00.279 --> 00:11:02.039 You want to keep your private data private. 256 00:11:02.519 --> 00:11:06.519 Now, speaking of sharing files, Windows eight also introduced that 257 00:11:06.600 --> 00:11:10.440 home group feature right right, specifically for home networks. 258 00:11:10.080 --> 00:11:13.000 Right right. It was designed to make sharing you know, 259 00:11:13.120 --> 00:11:16.519 files and printers between Windows seven and a PC's super easy. 260 00:11:16.559 --> 00:11:19.200 So it's like a little private network within your home 261 00:11:19.440 --> 00:11:20.360 network exactly. 262 00:11:20.399 --> 00:11:23.720 It created this like little enclosed space where you can 263 00:11:23.759 --> 00:11:25.120 easily share things. 264 00:11:24.879 --> 00:11:27.799 And it was password protected, right yeah, so only people 265 00:11:27.799 --> 00:11:31.039 with the password could access the shared stuff exactly. But 266 00:11:31.120 --> 00:11:34.080 I imagine the security of that home group really depended 267 00:11:34.120 --> 00:11:35.679 on the strength of the password. Right. 268 00:11:35.759 --> 00:11:38.519 Absolutely, a week password is like leaving the door to 269 00:11:38.559 --> 00:11:40.360 your secret club wide open. 270 00:11:40.480 --> 00:11:44.080 So it's still important to choose a strong, unique password, 271 00:11:44.519 --> 00:11:45.759 even for your home network. 272 00:11:45.799 --> 00:11:49.320 Absolutely, never underestimate the importance of a strong password. 273 00:11:49.399 --> 00:11:53.720 Good advice. Now let's talk about wireless security. Ah, yeah, 274 00:11:53.759 --> 00:11:58.519 topic that's always top of mind always. I remember back 275 00:11:58.519 --> 00:12:00.960 in the day there was alt us talk about hiding 276 00:12:01.000 --> 00:12:04.919 your sasid right, like it was some secret agent tactic. 277 00:12:04.799 --> 00:12:08.360 Security through obscurity, as they call it, But is that 278 00:12:08.440 --> 00:12:11.840 really effective. It's like hiding your house key under the 279 00:12:11.840 --> 00:12:12.440 welcome matt. 280 00:12:13.120 --> 00:12:16.240 It might deter some casual snoopers, it might deter your 281 00:12:16.279 --> 00:12:19.600 neighbor's kid, but great, but a determined thief. 282 00:12:19.480 --> 00:12:21.279 A determined thief is going to find a way in. 283 00:12:21.519 --> 00:12:24.919 So what should we be doing to actually secure our 284 00:12:24.960 --> 00:12:25.320 Wi Fi? 285 00:12:25.639 --> 00:12:27.600 Strong encryption is your best friend? 286 00:12:27.799 --> 00:12:29.960 Okay? What kind of encryption are we talking about? 287 00:12:30.080 --> 00:12:33.279 WPA two specifically with AES encryption. 288 00:12:33.679 --> 00:12:37.399 WPA two with AES, got it, that's the gold standard. Okay. 289 00:12:37.480 --> 00:12:42.600 You know older protocols like WEP or WPA with TIP encryption, 290 00:12:42.919 --> 00:12:45.080 those are much more vulnerable these days, so those are 291 00:12:45.080 --> 00:12:47.360 a no go. Yeah, try to avoid those if you can. 292 00:12:47.440 --> 00:12:48.159 Okay, good to know. 293 00:12:48.320 --> 00:12:51.039 And be careful with those settings that automatically connect you 294 00:12:51.080 --> 00:12:52.840 to Wi Fi networks when you're in range. 295 00:12:53.080 --> 00:12:55.639 You mean, like when my phone just automatically connects to 296 00:12:55.679 --> 00:12:57.279 my home Wi Fi when I get home. 297 00:12:57.279 --> 00:13:00.000 Exactly, or to that coffee shop WiFi you used. 298 00:12:59.799 --> 00:13:04.360 One, right, right? So convenient, but maybe not always the safest. 299 00:13:04.519 --> 00:13:06.919 Convenience can sometimes come at the cost of security. 300 00:13:07.120 --> 00:13:09.879 So it's better to choose my Wi Fi networks carefully 301 00:13:10.279 --> 00:13:12.600 and connect manually exactly. 302 00:13:12.480 --> 00:13:14.840 Be mindful of where you're connecting, and always double check 303 00:13:14.879 --> 00:13:15.559 the network name. 304 00:13:15.639 --> 00:13:16.919 Okay, good advice, I like it. 305 00:13:17.159 --> 00:13:19.399 You don't want to accidentally connect to a rogue access 306 00:13:19.440 --> 00:13:20.879 point set up by some hacker. 307 00:13:21.360 --> 00:13:22.559 A rogue access point. 308 00:13:22.679 --> 00:13:24.639 Yeah, they can set up fake Wi Fi hotspots that 309 00:13:24.679 --> 00:13:25.440 look legitimate. 310 00:13:25.559 --> 00:13:27.840 Oh wow, that's really sneaky. 311 00:13:28.039 --> 00:13:29.559 They are sneaky, those hackers. 312 00:13:29.759 --> 00:13:31.320 So you really can't be too. 313 00:13:31.200 --> 00:13:33.720 Careful exactly, always be vigilant. 314 00:13:33.879 --> 00:13:38.159 Good advice. So we've talked about securing our networks foundation 315 00:13:38.639 --> 00:13:41.799 right and making sure we can find our way around safely. Yes, 316 00:13:42.120 --> 00:13:46.080 but what about protecting our individual computers. That's where the 317 00:13:46.120 --> 00:13:47.960 Windows firewall comes in, right. 318 00:13:47.960 --> 00:13:52.440 Ah, the trusty Windows Firewall everyone's first line of defense. 319 00:13:52.519 --> 00:13:55.320 It is, it really is. Most people know to turn 320 00:13:55.360 --> 00:13:57.440 it on and off, right, But there's a lot more 321 00:13:57.440 --> 00:13:58.080 to it than that. 322 00:13:58.440 --> 00:14:00.000 So give me the rundown. That's the bigger pick. 323 00:14:00.080 --> 00:14:02.320 Sure here, Well, think of the Windows firewall like a 324 00:14:02.759 --> 00:14:04.600 like a bodyguard for your computer. 325 00:14:04.399 --> 00:14:04.559 You know. 326 00:14:04.679 --> 00:14:07.919 Okay, it's that first line of defense against unauthorized access. 327 00:14:08.159 --> 00:14:10.279 Checking those digital IDs at the door. 328 00:14:10.519 --> 00:14:12.320 I like it. So it's like having a bouncer at 329 00:14:12.320 --> 00:14:15.120 the door of my computer exactly. And Windows comes with 330 00:14:15.399 --> 00:14:18.080 like a set of default rules, right, so it knows 331 00:14:18.159 --> 00:14:20.320 who to let in and who to keep out automatically. 332 00:14:20.559 --> 00:14:23.519 Right. It's like a preapproved guest list, you know, designed 333 00:14:23.519 --> 00:14:25.000 to keep out those common troublemakers. 334 00:14:25.120 --> 00:14:28.159 Gotcha. But the cool thing is you can customize those rules, right. 335 00:14:28.279 --> 00:14:30.960 Oh, absolutely, you can get really granular with it, you know, 336 00:14:31.279 --> 00:14:33.360 really specify who's allowed in and out. 337 00:14:33.519 --> 00:14:35.559 So if I'm running a server or something, I can 338 00:14:35.600 --> 00:14:37.320 create my own rules for that exactly. 339 00:14:37.679 --> 00:14:39.879 Let's say you're, you know, running a web server from 340 00:14:39.879 --> 00:14:43.159 your home office. Okay, you need to create a rule 341 00:14:43.320 --> 00:14:46.080 that allows incoming traffic on port. 342 00:14:45.879 --> 00:14:49.559 Eighty because that's the standard port for web traffic exactly. 343 00:14:49.840 --> 00:14:52.519 Otherwise no one would be able to access your website. 344 00:14:52.600 --> 00:14:54.759 So it's like adding a side entrance to your house, 345 00:14:54.960 --> 00:14:58.039 right with a speparate key. Only certain people can use it. 346 00:14:58.120 --> 00:15:01.200 You got it. And remember those work location types we 347 00:15:01.240 --> 00:15:06.399 talked about domain, private, public, right, Well, the Windows firewall 348 00:15:06.480 --> 00:15:08.960 actually has different profiles for each one. 349 00:15:09.039 --> 00:15:11.519 So it adjusts its security posture based. 350 00:15:11.320 --> 00:15:14.279 On where I am exactly. It's like, you know, if 351 00:15:14.320 --> 00:15:17.080 you're walking alone at night, you can be more on guard, 352 00:15:17.360 --> 00:15:19.600 right than if you're strolling through your living room. 353 00:15:19.679 --> 00:15:22.080 So the public profile that's going to have the tightest 354 00:15:22.080 --> 00:15:22.799 security by. 355 00:15:22.720 --> 00:15:25.399 Default exactly you don't know who's out there. 356 00:15:25.519 --> 00:15:28.240 Makes sense now. The book also mentioned something called Windows 357 00:15:28.279 --> 00:15:29.799 Firewall with Advanced Security. 358 00:15:29.919 --> 00:15:34.159 Oh, yes, that's for the power users. Okay, the control freaks. 359 00:15:33.840 --> 00:15:35.960 Like me, what kind of control are we talking about here? 360 00:15:36.000 --> 00:15:39.480 We're talking granular control. You're not just flipping a switch 361 00:15:39.559 --> 00:15:43.080 on or off. You know, you're defining very specific rules. 362 00:15:43.159 --> 00:15:43.480 Okay. 363 00:15:43.559 --> 00:15:47.240 You can control access based on the program, the port, 364 00:15:47.360 --> 00:15:51.000 the protocol where the connection is coming from, going to Wow. 365 00:15:51.440 --> 00:15:54.120 You can even get really specific and base it on 366 00:15:54.159 --> 00:15:55.000 the user account. 367 00:15:55.240 --> 00:15:59.039 So if I wanted to like prevent a specific application 368 00:15:59.120 --> 00:16:00.879 from accessing, then I could do that. 369 00:16:01.200 --> 00:16:03.840 You got it. It's like, you know, imagine you're in 370 00:16:03.840 --> 00:16:07.519 a crowded room and you have the power to control 371 00:16:07.559 --> 00:16:10.159 the Internet usage of every single person in there. 372 00:16:10.279 --> 00:16:11.919 And that's impressive. I like it. 373 00:16:11.919 --> 00:16:16.240 It's powerful stuff. The book also delves into ip sec 374 00:16:16.639 --> 00:16:17.240 ip SEC. 375 00:16:17.320 --> 00:16:18.240 Yeah, I remember seeing that. 376 00:16:18.320 --> 00:16:20.960 What is that ip sec? It's like a super secure 377 00:16:21.200 --> 00:16:24.480 tunnel for your data. Okay, so while it's traveling across 378 00:16:24.519 --> 00:16:25.759 the Internet, it's protected. 379 00:16:25.919 --> 00:16:29.399 So it's like encrypting my data while it's in transit exactly. 380 00:16:29.519 --> 00:16:32.519 Think of it like like you're sending a secret message, 381 00:16:32.519 --> 00:16:34.320 you know. Okay, you put it in a lock box 382 00:16:34.559 --> 00:16:36.159 and only the person with a key on the other 383 00:16:36.240 --> 00:16:36.919 end can open it. 384 00:16:37.080 --> 00:16:39.039 That's a good analogy, and it uses. 385 00:16:38.879 --> 00:16:41.080 You know, several different techniques to keep things safe. 386 00:16:41.200 --> 00:16:42.720 Like what, give me some examples. 387 00:16:42.799 --> 00:16:45.000 So there's something called authentication headers. 388 00:16:45.919 --> 00:16:47.919 Ah, authentication headers. 389 00:16:47.960 --> 00:16:51.480 Yeah, these are like tamper proof seals for your data packets. Okay, 390 00:16:51.639 --> 00:16:53.559 so you know that the data hasn't been messed with 391 00:16:53.600 --> 00:16:54.159 in transit. 392 00:16:54.480 --> 00:16:55.399 Okay, that makes sense. 393 00:16:55.440 --> 00:17:00.519 And then there's encapsulation security payload or ESP for short, ESP, 394 00:17:00.840 --> 00:17:03.799 which encrypts the actual data itself, so even. 395 00:17:03.679 --> 00:17:05.759 If someone intercepts it, they can't read it. 396 00:17:06.000 --> 00:17:07.720 Exactly, it's just gibberish to them. 397 00:17:07.799 --> 00:17:08.319 I like it. 398 00:17:08.640 --> 00:17:11.440 And to make sure it all runs smoothly, ip sec 399 00:17:11.599 --> 00:17:13.640 uses something called the security association or. 400 00:17:13.759 --> 00:17:15.839 Essay, a security association okay. 401 00:17:15.880 --> 00:17:18.559 Yeah, it's like an agreement between the two devices on 402 00:17:18.680 --> 00:17:21.079 how they're going to secure their communication. 403 00:17:20.599 --> 00:17:21.720 So they're on the same page. 404 00:17:21.960 --> 00:17:26.839 Exactly, same encryption algorithms, same keys, the whole nine yards. 405 00:17:27.000 --> 00:17:29.279 I like it. So it's like a secret handshake before 406 00:17:29.319 --> 00:17:31.920 they exchange secret messages precisely. 407 00:17:32.480 --> 00:17:35.680 Now, let's talk about remote access, okay, because that's become 408 00:17:35.799 --> 00:17:39.240 increasingly important in our always connected world. 409 00:17:39.079 --> 00:17:41.640 Right, the ability to work from anywhere, connect to our 410 00:17:41.640 --> 00:17:45.839 home computers from afar. It's incredibly convenient, it is, but 411 00:17:45.960 --> 00:17:49.960 I'm guessing there are some security concerns there as well. Well. Absolutely, yeah, 412 00:17:50.000 --> 00:17:53.039 because you're essentially opening up your computer to the outside world. 413 00:17:53.079 --> 00:17:54.960 It's like leaving the front door of your digital house 414 00:17:55.000 --> 00:17:55.599 wide open. 415 00:17:55.720 --> 00:17:58.400 So we got to be careful, right, very careful. What 416 00:17:58.519 --> 00:18:00.559 are some of the things we should be thinking about 417 00:18:00.640 --> 00:18:03.599 when it comes to remote access tools. 418 00:18:03.519 --> 00:18:06.359 Well, let's start with let's start with teln it. 419 00:18:06.799 --> 00:18:08.920 Telln it. Okay, I've heard of that one, but I've 420 00:18:08.920 --> 00:18:09.759 never really used it. 421 00:18:10.079 --> 00:18:12.680 Yeah, tell it. It's a bit of an old timer 422 00:18:12.720 --> 00:18:15.039 in the remote access world, in old Teimer. It's been 423 00:18:15.079 --> 00:18:18.519 around for ages. It's very simple, simple, but not exactly 424 00:18:18.559 --> 00:18:20.000 known for its robust security. 425 00:18:20.039 --> 00:18:20.799 Okay, why is that? 426 00:18:21.720 --> 00:18:26.799 The problem with telln it is it sends data in plaintext, plaintext, plaintext, 427 00:18:26.920 --> 00:18:31.480 which means Anyone who intercepts that data can read everything. 428 00:18:31.960 --> 00:18:35.880 So not ideal if you're working with like sensitive information. 429 00:18:36.079 --> 00:18:38.039 Not ideal at all. It's like, you know, writing your 430 00:18:38.039 --> 00:18:40.720 message on a postcard. Yeah, anyone who sees it can 431 00:18:40.759 --> 00:18:41.039 read it. 432 00:18:41.200 --> 00:18:43.440 So tellent is a no go for anything important. 433 00:18:43.640 --> 00:18:45.960 It's best to avoid it if you can, for sure. 434 00:18:46.039 --> 00:18:46.920 Okay, good to know. 435 00:18:47.079 --> 00:18:50.200 There are much more secure alternatives out there, like SSH 436 00:18:50.440 --> 00:18:51.359 for example. 437 00:18:51.119 --> 00:18:52.720 Yes, a sage Okay, I'll have to look into that. 438 00:18:52.759 --> 00:18:55.160 So what about remote desktop That's the one I see everywhere. 439 00:18:55.240 --> 00:18:57.599 Ah, remote desktop that's become the go to for a 440 00:18:57.599 --> 00:19:00.319 lot of people. Yeah, and for good reason. It's much 441 00:19:00.319 --> 00:19:01.960 more secure than telmet thankfully. 442 00:19:02.039 --> 00:19:02.799 Okay, good to know. 443 00:19:02.920 --> 00:19:05.720 It's built right into Windows and it allows you to 444 00:19:06.599 --> 00:19:09.319 basically take control of a remote computer just like you're 445 00:19:09.319 --> 00:19:10.240 sitting right in front of it. 446 00:19:10.400 --> 00:19:13.880 Yeah. I've used that to help family members with computer troubles. 447 00:19:13.960 --> 00:19:14.599 It's a life saver. 448 00:19:14.759 --> 00:19:15.920 Oh, it's incredibly useful. 449 00:19:16.000 --> 00:19:18.559 But I imagine there are still some security risks with 450 00:19:18.640 --> 00:19:22.759 remote desktop right, Oh, absolutely, because you're essentially opening up 451 00:19:22.839 --> 00:19:26.119 a port on your computer for someone else to connect. 452 00:19:25.799 --> 00:19:28.759 To you are, and hackers know this. They specifically scan 453 00:19:29.000 --> 00:19:31.200 for open remote desktop ports. 454 00:19:31.839 --> 00:19:34.359 So if I have remote desktop enabled and it's just 455 00:19:34.400 --> 00:19:36.759 like ah, open to the internet. 456 00:19:36.440 --> 00:19:38.319 That's like, you know, that's like leaving a welcome mat 457 00:19:38.359 --> 00:19:39.000 out for trouble. 458 00:19:39.160 --> 00:19:42.480 Not good. So what can I do to secure remote desktop? 459 00:19:42.559 --> 00:19:43.720 How do I lock it down? 460 00:19:43.880 --> 00:19:46.680 Well? Strong passwords are a must for starters, of. 461 00:19:46.680 --> 00:19:49.160 Course, Strong passwords for everything. 462 00:19:48.799 --> 00:19:52.200 For everything, but especially for something like remote desktop where 463 00:19:52.240 --> 00:19:54.640 you're essentially giving someone the keys to your computer. 464 00:19:55.119 --> 00:19:56.880 Makes sense. Any other tips? 465 00:19:57.400 --> 00:19:59.880 Enable network level authentication. 466 00:19:59.640 --> 00:20:01.799 Network authentication okay. 467 00:20:01.519 --> 00:20:04.119 What is that? So that forces users to authenticate before 468 00:20:04.160 --> 00:20:05.160 they can even connect. 469 00:20:05.400 --> 00:20:07.279 So it's like an extra layer of security. 470 00:20:07.480 --> 00:20:09.759 Exactly, it's like having a security guard check your ID 471 00:20:09.880 --> 00:20:11.319 before they even let you in the building. 472 00:20:11.400 --> 00:20:16.359 Okay, So strong passwords, network level authentication, anything else. 473 00:20:16.160 --> 00:20:18.319 And restrict access What do you mean, don't just let 474 00:20:18.319 --> 00:20:19.079 anyone connect? 475 00:20:19.319 --> 00:20:19.640 Okay? 476 00:20:19.799 --> 00:20:22.960 Only allow specific users or IP addresses. 477 00:20:23.039 --> 00:20:25.319 So it's like having a guest list for my computer. 478 00:20:25.720 --> 00:20:27.119 Only the people on the list are allowed in. 479 00:20:27.319 --> 00:20:28.920 Exactly you like it. 480 00:20:28.960 --> 00:20:31.440 So we're being selective about who we give access to. 481 00:20:31.680 --> 00:20:34.559 Exactly. It's all about minimizing that attack surface. 482 00:20:34.839 --> 00:20:38.160 Makes sense now. The book mentions some really interesting stuff 483 00:20:38.160 --> 00:20:41.880 about server twenty twelve and how it handles remote access. 484 00:20:42.039 --> 00:20:44.279 Oh yeah, it sounds like they really stepped up their game. 485 00:20:44.319 --> 00:20:46.519 Oh yeah. Server twenty twelve has some cool features like 486 00:20:46.559 --> 00:20:50.680 there's Remote Desktop Gateway okay, which allows you to securely 487 00:20:50.759 --> 00:20:53.480 access your work computer from anywhere in the world. 488 00:20:53.599 --> 00:20:56.559 So it's like having a secure tunnel directly to my 489 00:20:56.640 --> 00:20:57.920 work desktop exactly. 490 00:20:58.000 --> 00:20:59.960 No matter where you are, you can connect secure. 491 00:21:00.400 --> 00:21:01.000 That's amazing. 492 00:21:01.039 --> 00:21:04.480 What else, and then there's remote Desktop web Access, which 493 00:21:04.519 --> 00:21:07.279 lets you connect to your desktop through a web browser. 494 00:21:07.319 --> 00:21:10.039 Through a web browser. That's really convenient, super convenient. 495 00:21:10.119 --> 00:21:12.400 You don't have to install any special software, you just 496 00:21:12.440 --> 00:21:13.279 need a web browser. 497 00:21:13.599 --> 00:21:18.119 Wow. So Server twenty twelve really expanded the possibilities it did. 498 00:21:18.359 --> 00:21:19.799 They really took it to the next level. 499 00:21:19.960 --> 00:21:24.079 So we've talked about securing our networks, our individual computers, 500 00:21:24.160 --> 00:21:25.240 even accessing. 501 00:21:24.920 --> 00:21:26.480 Them remotely go a lot to cover. 502 00:21:26.680 --> 00:21:30.240 But what happens when things go wrong? Because let's face it, 503 00:21:30.359 --> 00:21:31.799 things inevitably go. 504 00:21:31.799 --> 00:21:33.880 Wrong, right, that's the nature of technology. 505 00:21:33.920 --> 00:21:37.920 What tools does Windows give us to monitor and troubleshoot 506 00:21:37.960 --> 00:21:38.599 these issues? 507 00:21:39.039 --> 00:21:41.839 Well, Windows has some great built in tools for that. 508 00:21:42.240 --> 00:21:46.000 We've got task Manager, resource monitor, and event viewer. 509 00:21:46.359 --> 00:21:47.920 Okay, so let's start with task Manager. 510 00:21:47.960 --> 00:21:49.400 Task Manager everybody's favorite. 511 00:21:49.480 --> 00:21:51.680 Yeah, it's the first place you go when something's acting 512 00:21:51.759 --> 00:21:52.839 up exactly. 513 00:21:53.000 --> 00:21:55.680 Most people just use it to see what programs are running. 514 00:21:55.480 --> 00:21:58.359 Right, or to force quit something that's frozen exactly. 515 00:21:58.759 --> 00:22:01.880 But it's got some hidden depth really. Oh yeah, check 516 00:22:01.880 --> 00:22:02.880 out the performance tab. 517 00:22:02.960 --> 00:22:04.920 The performance tab, what's in there. 518 00:22:05.119 --> 00:22:08.240 It's a treasure trove of information. You can see your 519 00:22:08.240 --> 00:22:14.400 CPU usage, okay, memory usage, disc activity, and most importantly 520 00:22:14.480 --> 00:22:18.319 for our purposes, network activity. Oh okay, you can see 521 00:22:18.319 --> 00:22:20.920 how much data you're sending and receiving, which can be 522 00:22:21.200 --> 00:22:24.240 super helpful if you're having internet problems. 523 00:22:24.319 --> 00:22:26.799 So if my connection is super slow, I can use 524 00:22:26.880 --> 00:22:30.279 task manager to see if anything's hogging the bandwidth exactly. 525 00:22:30.559 --> 00:22:32.200 You can see which program is the culprit. 526 00:22:32.319 --> 00:22:33.720 Oh, that's really helpful. 527 00:22:33.839 --> 00:22:36.319 And keep an eye out for any processes that are 528 00:22:36.400 --> 00:22:39.200 sending or receiving a ton of data. Why is that 529 00:22:39.480 --> 00:22:41.839 could be a sign of malware, you know, something malicious. 530 00:22:41.880 --> 00:22:45.119 Oh, so it's a good way to spot suspicious activity exactly. 531 00:22:45.359 --> 00:22:48.640 Always be vigilant, Always be vigilant. Good advice. Right, And 532 00:22:48.680 --> 00:22:51.200 then there's resource monitor. I'm not as familiar with that one. 533 00:22:51.279 --> 00:22:56.559 Resource monitor is like task managers more tech savvy sibling. Okay, 534 00:22:56.599 --> 00:22:59.359 it gives you an even deeper dive into how your 535 00:22:59.400 --> 00:23:01.079 computer's are being used. 536 00:23:01.079 --> 00:23:05.119 So we're talking CPU memory, disk activity, all that good. 537 00:23:04.920 --> 00:23:06.799 Stuff, all of it, and of course network activity. 538 00:23:06.880 --> 00:23:09.720 So it's like task manager on steroids exactly. 539 00:23:09.920 --> 00:23:13.559 You can see which processes are connecting to which IP addresses. Wow, 540 00:23:13.839 --> 00:23:14.839 it's powerful stuff. 541 00:23:14.880 --> 00:23:17.680 That's amazing. Right, it's like having a private investigator for 542 00:23:17.799 --> 00:23:19.079 my computer exactly. 543 00:23:19.559 --> 00:23:20.680 And then we have event viewer. 544 00:23:20.960 --> 00:23:23.240 Event viewer. I've always thought of that as like the 545 00:23:23.240 --> 00:23:24.640 computer's personal diary. 546 00:23:24.880 --> 00:23:27.920 That's a great analogy. It's constantly keeping a record of 547 00:23:27.960 --> 00:23:28.799 everything that's happening. 548 00:23:28.920 --> 00:23:31.200 So it's logging events both good and. 549 00:23:31.119 --> 00:23:35.440 Bad, exactly, errors, warnings, information messages. It's all there. 550 00:23:35.599 --> 00:23:37.920 So if something's acting up, event viewer is a good 551 00:23:37.920 --> 00:23:38.640 place to start. 552 00:23:38.759 --> 00:23:40.799 Absolutely, it can point you in the right direction. 553 00:23:41.000 --> 00:23:44.000 And it can also be helpful for network problems too, right. 554 00:23:43.880 --> 00:23:49.519 Oh, absolutely, it logs events related to your network connections, DGP, DNS, 555 00:23:49.599 --> 00:23:50.440 all that good stuff. 556 00:23:50.440 --> 00:23:53.759 So it's like a comprehensive history of my computer's activity. 557 00:23:53.920 --> 00:23:56.680 Precisely, if you're trying to track down a problem event 558 00:23:56.799 --> 00:23:57.680 viewer is your friend. 559 00:23:57.960 --> 00:24:00.880 This has been a fascinating deep dive. I've learned so 560 00:24:01.000 --> 00:24:03.000 much about Windows networking security. 561 00:24:03.160 --> 00:24:04.720 It's been my pleasure, from. 562 00:24:04.640 --> 00:24:09.000 Securing the network's foundation, to protecting our individual computers, even 563 00:24:09.119 --> 00:24:12.319 venturing into the world of remote access and troubleshooting. It's 564 00:24:12.319 --> 00:24:15.279 a lot to take in, it is, but it's so important. 565 00:24:15.440 --> 00:24:17.880 It is. Security is paramount. 566 00:24:18.000 --> 00:24:20.400 So as we wrap up here, any final thoughts for 567 00:24:20.440 --> 00:24:21.480 our listeners. 568 00:24:21.240 --> 00:24:23.759 Knowledge is power, my friend. The more you know about 569 00:24:23.759 --> 00:24:26.160 your systems, the better equipped you are to protect them. 570 00:24:26.200 --> 00:24:30.319 So keep learning, keep experimenting, and most importantly, keep those 571 00:24:30.359 --> 00:24:31.920 firewalls strong. 572 00:24:31.880 --> 00:24:33.519 And your passwords even stronger. 573 00:24:33.759 --> 00:24:37.880 Absolutely well said. Until next time, everyone, happy networking, stay 574 00:24:37.880 --> 00:24:38.599 safe out there.