WEBVTT 1 00:00:00.040 --> 00:00:02.480 Welcome to the deep dive. Great to be here today. 2 00:00:02.600 --> 00:00:06.759 We're jumping into information security the fundamentals. 3 00:00:06.839 --> 00:00:09.679 Yeah, we've been digging through some excerpts from that pretty 4 00:00:09.679 --> 00:00:11.800 detailed study guide you mentioned, right, and. 5 00:00:11.759 --> 00:00:14.960 The mission here is well to cut through it all, 6 00:00:15.240 --> 00:00:18.600 pull out the really key stuff and basically give you 7 00:00:18.719 --> 00:00:22.679 a clearer path to understanding how we protect electronic information today. 8 00:00:23.600 --> 00:00:26.719 Because it's a complicated world out there, it really is. 9 00:00:26.719 --> 00:00:28.199 And you just need to look at the numbers to 10 00:00:28.239 --> 00:00:31.079 see why understanding this is so critical right now. 11 00:00:31.320 --> 00:00:33.960 Absolutely, I mean the scale is kind of mind boggling. 12 00:00:34.240 --> 00:00:38.880 Over four hundred and fifty thousand new malware types every 13 00:00:38.920 --> 00:00:39.640 single day. 14 00:00:39.520 --> 00:00:41.759 Every day, and think about the total volume. It was 15 00:00:42.119 --> 00:00:44.119 what one hundred and eighty two million ten years back, 16 00:00:44.240 --> 00:00:46.439 now it's over one point three to four billion. That's 17 00:00:46.479 --> 00:00:47.600 just a constant barage. 18 00:00:47.600 --> 00:00:50.159 It's a huge threat landscape, and that translates into real money, 19 00:00:50.240 --> 00:00:50.520 right Oh. 20 00:00:50.560 --> 00:00:55.119 Absolutely, cybercrime isn't just some abstract threat. The estimates are staggering, 21 00:00:55.119 --> 00:00:58.479 maybe ten point five trillion dollars annually by twenty twenty five. 22 00:00:58.679 --> 00:01:00.560 That's a massive hit to the global economy. 23 00:01:00.600 --> 00:01:03.039 Wow, And we need people to fight this. But there's 24 00:01:03.039 --> 00:01:03.880 a gap, a. 25 00:01:03.920 --> 00:01:07.439 Huge gap globally. Even though the cybersecurity workforce has grown, 26 00:01:07.799 --> 00:01:11.640 we're still short something like three point four million professionals. 27 00:01:11.280 --> 00:01:15.599 Over three million needed. That really drives home why getting 28 00:01:15.599 --> 00:01:18.920 these fundamentals is so important for everyone, not just the specialist. 29 00:01:19.159 --> 00:01:21.920 It's about protecting information on a massive. 30 00:01:21.519 --> 00:01:27.000 Scale, exactly. So let's dive in the core idea information security. 31 00:01:27.040 --> 00:01:31.239 It's really just about protecting electronic information, simple as that sounds, okay, 32 00:01:31.640 --> 00:01:35.959 and that protection usually boils down to three key ideas. 33 00:01:36.159 --> 00:01:38.760 You've probably heard of them. The CIA triad. 34 00:01:38.560 --> 00:01:41.959 Right, not the intelligence agency, No, definitely not. 35 00:01:42.319 --> 00:01:45.640 It stands for confidentiality, integrity, and availability. 36 00:01:45.959 --> 00:01:46.959 Okay, break those down. 37 00:01:47.000 --> 00:01:50.560 Confidentiality that's about keeping secrets, making sure only the people 38 00:01:50.560 --> 00:01:53.560 who are supposed to see sensitive information can actually. 39 00:01:53.319 --> 00:01:55.280 See it, right and integrity. 40 00:01:55.359 --> 00:01:58.959 Integrity is about trust. Is the data accurate? Has it 41 00:01:59.000 --> 00:02:01.879 been changed or messed with by someone unauthorized? You need 42 00:02:01.920 --> 00:02:03.519 to trust your data is correct. 43 00:02:03.319 --> 00:02:04.920 Makes sense? And availability. 44 00:02:05.200 --> 00:02:09.199 Availability just means that the authorized users can get to 45 00:02:09.240 --> 00:02:12.199 the information and the systems when they need to. You know, 46 00:02:12.240 --> 00:02:13.360 the system is up and running. 47 00:02:13.520 --> 00:02:17.400 So stopping things like ransomware attacks, which hit all three precisely. 48 00:02:17.719 --> 00:02:21.719 Ransomware locks you out, that hits availability, It might change files, 49 00:02:21.759 --> 00:02:25.800 hitting integrity, and often they threaten to leak the data 50 00:02:25.919 --> 00:02:30.080 if you don't pay, that's confidentiality breached. It's a perfect 51 00:02:30.159 --> 00:02:31.400 storm against the triad. 52 00:02:31.680 --> 00:02:35.000 That really clarifies how they link together. Yeah, controlling who 53 00:02:35.039 --> 00:02:37.919 sees it, who changes it, and ensuring access. But I 54 00:02:37.960 --> 00:02:40.159 heard there's a bit of a trade off, like more 55 00:02:40.199 --> 00:02:42.080 security means less convenience. Yeah. 56 00:02:42.120 --> 00:02:45.080 Generally speaking, the tighter the security, the more hoops users 57 00:02:45.159 --> 00:02:47.960 might have to jump through. Finding that sweet spot between 58 00:02:48.080 --> 00:02:52.439 really strong protection and usability. That's that's the constant balancing act. 59 00:02:52.439 --> 00:02:54.560 Okay, so that's what we're protecting. Who's trying to break it? 60 00:02:54.639 --> 00:02:59.000 Who are the attackers, right, thread actors or malicious actors. Historically, 61 00:02:59.039 --> 00:03:02.039 you know, maybe it was about fame, proving technical skill, 62 00:03:02.439 --> 00:03:09.360 bragging rights, but today overwhelmingly the main driver is money, fortune, 63 00:03:10.039 --> 00:03:13.080 financial gain, So less. 64 00:03:12.879 --> 00:03:15.680 Digital graffiti, more like digital bank robbery exactly. 65 00:03:16.000 --> 00:03:18.759 And it's not just one type of person or group. 66 00:03:19.120 --> 00:03:22.599 The landscape of adversaries is really diverse. They vary a 67 00:03:22.639 --> 00:03:28.280 lot in you know, skill level, resources, motivation, even whether 68 00:03:28.280 --> 00:03:32.039 they're attacking from outside or crucially from inside an organization. 69 00:03:32.360 --> 00:03:34.199 So what kind of categories are we talking about. 70 00:03:34.240 --> 00:03:38.080 Well, you've got the less sophisticated end, sometimes called script kitties. 71 00:03:38.599 --> 00:03:41.080 They might use tools they found online but don't have 72 00:03:41.199 --> 00:03:45.120 deep expertise. Okay, Then you scale up. You have organized 73 00:03:45.120 --> 00:03:48.319 crime groups very focused on financial fraud, ransomware, that kind 74 00:03:48.360 --> 00:03:52.280 of thing. You have insiders, employees or contractors who misuse 75 00:03:52.400 --> 00:03:53.800 their legitimate access. 76 00:03:53.879 --> 00:03:55.879 That sounds tricky to defend against it is. 77 00:03:56.560 --> 00:03:59.800 Then there are activists driven by ideology, political or social 78 00:03:59.840 --> 00:04:02.439 call and at the top end you have nation state 79 00:04:02.479 --> 00:04:06.280 actors sponsored by governments, massive resources, highest scale levels. They're 80 00:04:06.319 --> 00:04:10.240 playing a different game entirely. Understanding that whole spectrum is key. 81 00:04:10.879 --> 00:04:13.360 So knowing that who and why, let's talk how how 82 00:04:13.360 --> 00:04:15.919 do these attacks actually work? What are the common methods. 83 00:04:16.079 --> 00:04:19.199 Well, one of the most common and honestly most effective 84 00:04:19.240 --> 00:04:22.920 methods doesn't even rely purely on tech. It's social engineering 85 00:04:23.279 --> 00:04:29.639 manipulating people exactly. It plays on human psychology, trust, fear, urgency, 86 00:04:30.199 --> 00:04:34.279 our tendency to obey authority. Attackers exploit all of that 87 00:04:34.399 --> 00:04:35.079 to trick. 88 00:04:34.879 --> 00:04:37.720 Someone, how like pretending to be someone else. 89 00:04:37.879 --> 00:04:40.879 Yeah, they might impersonate an authority figure, maybe someone for it, 90 00:04:41.160 --> 00:04:43.399 support or a boss. They might create a sense of 91 00:04:43.439 --> 00:04:47.040 panic you need to click this link now, or use intimidation, 92 00:04:47.920 --> 00:04:51.079 or they create a whole believable story a pretext to 93 00:04:51.120 --> 00:04:53.000 get you to give up info or click something. 94 00:04:53.079 --> 00:04:55.199 And this is the basis for things like phishing, right, 95 00:04:55.199 --> 00:04:56.959 which everyone gets emails about right. 96 00:04:57.120 --> 00:04:59.920 Phishing is the broad term those mass emails hoping so 97 00:05:00.079 --> 00:05:03.079 one bites, but it gets much more focused. How so 98 00:05:03.279 --> 00:05:07.199 you have spearfishing, which targets specific people, maybe using information 99 00:05:07.319 --> 00:05:10.000 gleaned from social media to make it more convincing. Then 100 00:05:10.040 --> 00:05:14.319 there's whaling, which goes after the big fish CEOs CFOs 101 00:05:14.439 --> 00:05:16.360 often impersonating another executive. 102 00:05:16.519 --> 00:05:18.240 Wow. And it's not just email, No. 103 00:05:18.399 --> 00:05:23.199 The delivery method varies. Smishing uses SMS, texts and vishing 104 00:05:23.480 --> 00:05:27.360 voice phishing uses phone calls. Those can be surprisingly effective, 105 00:05:27.680 --> 00:05:31.800 especially unfortunately sometimes targeting older individuals who might be more 106 00:05:31.800 --> 00:05:32.839 trusting over the phone. 107 00:05:32.879 --> 00:05:35.800 It's incredible the different angles they try. Okay, what about 108 00:05:35.879 --> 00:05:38.720 attacks that bypass tricking the user directly. 109 00:05:38.959 --> 00:05:41.839 That's where things like supply chain attacks come in. And 110 00:05:41.920 --> 00:05:45.639 these are really dangerous because the victim, the end user, 111 00:05:46.079 --> 00:05:48.560 often has absolutely no idea they've been compromised. 112 00:05:48.720 --> 00:05:49.480 How does that work? 113 00:05:49.879 --> 00:05:53.279 Compromised hardware, It can be a device could be tampered 114 00:05:53.319 --> 00:05:57.120 with during manufacturing or while it's being shipped. Imagine buying 115 00:05:57.160 --> 00:05:59.439 a new piece of network gear that already has malware 116 00:05:59.480 --> 00:06:01.800 on it. Yeah, very hard for the buyer to spot. 117 00:06:01.920 --> 00:06:04.000 And software too. You mentioned like updates. 118 00:06:04.199 --> 00:06:06.600 Yes, that's a huge vector. The source material had to 119 00:06:06.600 --> 00:06:09.600 really putent. Example, attackers got into the systems of a 120 00:06:09.639 --> 00:06:13.879 company that makes network management software. Okay, they injected malicious 121 00:06:13.920 --> 00:06:16.800 code into a software update, So when tens of thousands 122 00:06:16.839 --> 00:06:20.279 of clients downloaded what looked like a perfectly legitimate. 123 00:06:19.839 --> 00:06:21.959 Update, they were installing the malware. 124 00:06:21.879 --> 00:06:25.959 Exactly, over thirty three thousand of them. That one breach 125 00:06:26.040 --> 00:06:31.120 in the supply chain spread massively, affecting thousands of organizations downstream. 126 00:06:31.160 --> 00:06:32.759 It's incredibly damaging. 127 00:06:33.079 --> 00:06:37.959 So beyond people and the supply chain, attacks also exploit 128 00:06:39.319 --> 00:06:41.120 weaknesses in the tech itself. Right. 129 00:06:41.439 --> 00:06:45.759 Vulnerabilities, Yes, absolutely, Vulnerabilities are flaws or weaknesses. They can 130 00:06:45.759 --> 00:06:49.279 pop up anywhere in the operating system and applications. Those 131 00:06:49.279 --> 00:06:52.680 are platform issues in firmware, which is that low level 132 00:06:52.720 --> 00:06:55.720 code embedded in hardware that's often hard to update. In 133 00:06:55.800 --> 00:06:58.839 legacy platforms, old systems that aren't supported anymore, no more 134 00:06:58.839 --> 00:07:01.680 security patches even in brand new hardware if it reaches 135 00:07:01.680 --> 00:07:05.399 its end of life, and very very commonly, just simple misconfigurations. 136 00:07:05.399 --> 00:07:08.879 Someone didn't set up a system securely, default passwords left unchanged, 137 00:07:08.920 --> 00:07:09.560 things like that. 138 00:07:09.560 --> 00:07:11.519 Right, And we always hear about zero day attacks? What 139 00:07:11.560 --> 00:07:12.439 does that mean? Exactly? 140 00:07:12.680 --> 00:07:15.839 Zero day vulnerability is a specific type of flaw. It's 141 00:07:15.839 --> 00:07:19.279 one that's actively being exploited by attackers before the vendor 142 00:07:19.319 --> 00:07:22.120 who made the software or hardware, or the wider security 143 00:07:22.120 --> 00:07:26.160 community even knows it exists. So zero days of warning precisely, 144 00:07:26.360 --> 00:07:29.720 that's why they're so dangerous. When a zero day exploit appears, 145 00:07:30.040 --> 00:07:33.639 there's no patch ready, no immediate defense. Attackers have a 146 00:07:33.639 --> 00:07:35.720 free run until it's discovered and fixed. 147 00:07:36.120 --> 00:07:40.759 Okay, So when these attacks succeed using social engineering supply 148 00:07:40.920 --> 00:07:45.279 chain vulnerabilities, what's the fault? What are the typical impacts? 149 00:07:45.839 --> 00:07:49.240 The consequences can be really severe. Obviously, there's the impact 150 00:07:49.240 --> 00:07:52.439 on data. You could have data loss or data exultration 151 00:07:52.480 --> 00:07:55.360 where they steal copies of your data. A formal data 152 00:07:55.360 --> 00:07:59.079 breach often leads to identity theft for customers or employees right, 153 00:07:59.160 --> 00:08:02.680 that's huge on the data itself. Think about lost productivity. 154 00:08:03.000 --> 00:08:05.879 If systems are down because of ransomware or some other attack, 155 00:08:06.160 --> 00:08:09.279 the business grinds to a halt. That costs money directly 156 00:08:09.439 --> 00:08:12.439 and the reputation that can be the longest lasting damage. 157 00:08:12.600 --> 00:08:16.120 And enterprise's reputation takes a massive hit after a major breach, 158 00:08:16.240 --> 00:08:20.000 especially if customer data is stolen. Rebuilding that public trust 159 00:08:20.040 --> 00:08:21.959 can take years and a lot of investment. 160 00:08:22.199 --> 00:08:24.720 Okay, that paints a clear picture of the threats. So 161 00:08:25.079 --> 00:08:27.720 let's switch to defenses. How do we start building up protection. 162 00:08:27.759 --> 00:08:30.560 Where's the first layer you actually start in the real 163 00:08:30.639 --> 00:08:34.519 world physical security, Because think about it, if someone can 164 00:08:34.559 --> 00:08:36.639 just walk up and grab your server or plug into 165 00:08:36.679 --> 00:08:39.799 your network closet, a lot of your other digital defenses 166 00:08:39.879 --> 00:08:41.080 become kind of moot. 167 00:08:41.440 --> 00:08:44.159 So locks, fences, security. 168 00:08:43.679 --> 00:08:47.840 Guards, yep, all of that perimeter defenses like barriers, gates, 169 00:08:48.039 --> 00:08:52.480 maybe security guards. Sometimes in very secure areas, they use 170 00:08:52.480 --> 00:08:56.240 what's called two person integrity or control, meaning to authorize 171 00:08:56.240 --> 00:08:58.600 people have to be present to perform a sensitive action. 172 00:08:59.159 --> 00:09:01.639 Reduces the risk of a single insider threat. 173 00:09:01.840 --> 00:09:03.759 Okay. And sensors, yes. 174 00:09:03.480 --> 00:09:08.600 Sensors to detect intrusion, passive infrared, pir microwave, ultrasonic, even 175 00:09:08.600 --> 00:09:12.080 pressure sensors on floors or fences. Plus monitoring tools like 176 00:09:12.120 --> 00:09:15.840 CCTV cameras and increasingly drones for surveillance. 177 00:09:15.440 --> 00:09:18.399 Night secure the building. What's next the data itself? Does 178 00:09:18.440 --> 00:09:20.000 all data need the same locks? 179 00:09:20.240 --> 00:09:23.000 No, absolutely not, and that's where data classification comes in. 180 00:09:23.080 --> 00:09:25.200 It's crucial you figure out what data you have and 181 00:09:25.240 --> 00:09:27.320 categorize it based on sensitivity. 182 00:09:26.840 --> 00:09:29.240 And important like top secret versus public. 183 00:09:29.480 --> 00:09:33.840 Sort of. Yeah, common categories might be sensitive, think trade secrets, 184 00:09:34.279 --> 00:09:39.519 personal identifiable information, critical data essential for the business to operate, 185 00:09:40.200 --> 00:09:44.279 and public information that can be freely shared. Classifying it 186 00:09:44.399 --> 00:09:47.480 lets you apply the right level of security controls. You 187 00:09:47.519 --> 00:09:49.879 don't need Fort Knox for the company newsletter, but you 188 00:09:49.919 --> 00:09:51.759 do for customer financial data. 189 00:09:51.799 --> 00:09:54.759 Does that make sense? Focus resources where they matter most? 190 00:09:55.240 --> 00:09:58.279 And you mentioned location matters too. Legally, it really does. 191 00:09:58.320 --> 00:10:01.159 That's data sovereignty. It's the the idea that data is 192 00:10:01.200 --> 00:10:03.840 subject to the laws and regulations of the country where 193 00:10:03.840 --> 00:10:06.759 it's collected or processed. This is a big deal. Some 194 00:10:06.799 --> 00:10:10.960 countries Russia, China, Germany, France or examples, have laws requiring 195 00:10:11.039 --> 00:10:14.240 data about their citizens to physically stay within their borders. 196 00:10:14.279 --> 00:10:16.000 You can't just store it anywhere in the world. 197 00:10:16.120 --> 00:10:18.919 That adds another layer of complexity. Okay, let's get into 198 00:10:18.960 --> 00:10:22.120 the tech for protecting the data itself making it unreadable. 199 00:10:22.200 --> 00:10:26.799 Cryptography, right, Cryptography a fundamental building block. It's important to 200 00:10:26.799 --> 00:10:30.799 distinguish it from something called stiganography. Stiganography is about hiding 201 00:10:30.799 --> 00:10:33.960 the fact that data exists, like hiding a message inside 202 00:10:33.960 --> 00:10:37.360 an image file. Cryptography, on the other hand, isn't hiding 203 00:10:37.440 --> 00:10:40.960 the existence of the data. It's hiding its meaning, making 204 00:10:41.039 --> 00:10:43.000 it unreadable unless you have the key. 205 00:10:43.279 --> 00:10:45.279 How does that work fundamentally? 206 00:10:45.360 --> 00:10:48.639 Well, the basic recipe is you take your original data, 207 00:10:48.759 --> 00:10:51.600 the readable stuff called plaint text, You combine it with 208 00:10:51.639 --> 00:10:54.399 a secret piece of information on the key, and you 209 00:10:54.519 --> 00:10:58.360 run both through a mathematical process, the algorithm. The result 210 00:10:58.399 --> 00:11:01.320 is scrambled unreadable data the cipher text. 211 00:11:01.600 --> 00:11:05.240 So plaintext plus key plus algorithm equals ciphertext, and the 212 00:11:05.320 --> 00:11:06.799 key is the crucial part. 213 00:11:06.919 --> 00:11:10.279 Absolutely the algorithms themselves. The mathematical recipes can often be 214 00:11:10.320 --> 00:11:13.960 public knowledge. Security experts have vetted them, but the key 215 00:11:14.039 --> 00:11:16.120 must be kept secret. That's the lynchpin. 216 00:11:16.279 --> 00:11:18.080 What does cryptography actually do for us? 217 00:11:18.080 --> 00:11:21.279 What are the benefits it gives us several key security properties. 218 00:11:21.519 --> 00:11:25.320 The obvious one is confidentiality, keeping data secret, but it 219 00:11:25.399 --> 00:11:28.320 also provides integrity, ways to check if the data has 220 00:11:28.360 --> 00:11:32.480 been altered since it was encrypted. It enables authentication, verifying 221 00:11:32.519 --> 00:11:35.000 that someone or something is who they claim to be. 222 00:11:35.720 --> 00:11:39.080 It supports non repudiation, proving that a specific person send 223 00:11:39.080 --> 00:11:42.000 a message or performed an action they can't deny it later. 224 00:11:42.440 --> 00:11:45.399 And it can be used for obfuscation like masking parts 225 00:11:45.440 --> 00:11:48.399 of data or replacing sensitive data with tokens. 226 00:11:48.519 --> 00:11:50.559 And you can use it on data anywhere. 227 00:11:50.639 --> 00:11:53.639 Pretty much. We talk about protecting data in three states, 228 00:11:54.039 --> 00:11:57.320 data in use while it's being actively processed in menory, 229 00:11:57.679 --> 00:12:00.519 data in transit while it's moving across a network, and 230 00:12:00.720 --> 00:12:03.120 data at rest while it's stored on a hard drive 231 00:12:03.240 --> 00:12:05.919 or database. Cryptography applies to all three. 232 00:12:06.200 --> 00:12:08.759 Are there different ways the keys work? I've heard symmetric 233 00:12:08.759 --> 00:12:09.559 and asymmetric. 234 00:12:09.720 --> 00:12:12.720 Yes, those are the two main types. Symmetric cryptography uses 235 00:12:12.759 --> 00:12:15.759 the same secret key to both encrypt and decrypt the data. 236 00:12:15.840 --> 00:12:19.720 It's generally faster. Asymmetric cryptography uses a pair of keys 237 00:12:19.759 --> 00:12:22.919 that are mathematically linked, a public key and a private key. 238 00:12:23.080 --> 00:12:25.720 How does that work? One locks the other unlocked. 239 00:12:25.720 --> 00:12:27.879 Kind of what you encrypt with the public key can 240 00:12:27.960 --> 00:12:31.240 only be decrypted with the corresponding private key, and vice versa. 241 00:12:31.639 --> 00:12:35.480 This allows for some really powerful things like digital signatures. 242 00:12:35.679 --> 00:12:40.120 Ah right, how do digital signatures use those keys? Okay? 243 00:12:40.320 --> 00:12:42.679 Let's say Bob wants to send a message to Alice 244 00:12:42.720 --> 00:12:45.200 and prove it's really from him and hasn't been tampered with. 245 00:12:45.879 --> 00:12:48.600 He takes his message, calculates a unique fingerprint of it 246 00:12:48.679 --> 00:12:52.480 called a hash digest, then he encrypts that small digest 247 00:12:52.679 --> 00:12:56.120 using his own private key. Okay, he sends the original 248 00:12:56.120 --> 00:12:59.600 message and this encrypted digest to Alice. Alice receives both. 249 00:13:00.120 --> 00:13:02.480 She uses Bob's public key, which anyone can have, to 250 00:13:02.519 --> 00:13:06.440 decrypt the digest. Then she calculates her own hash digest 251 00:13:06.440 --> 00:13:09.759 from the message she received in coomeris them exactly If 252 00:13:09.759 --> 00:13:12.639 the digest she calculated matches the one she decrypted using 253 00:13:12.679 --> 00:13:15.799 Bob's public key, she knows two things for sure. One 254 00:13:15.960 --> 00:13:19.639 the message wasn't changed in transit because the digest match integrity, 255 00:13:19.919 --> 00:13:22.600 and two it had to come from Bob because only 256 00:13:22.639 --> 00:13:24.919 his private key could have created something that his public 257 00:13:25.000 --> 00:13:29.000 key could decrypt. Authentication and non repudiation that's clever. 258 00:13:29.120 --> 00:13:31.559 Yeah. So it doesn't encrypt the whole message, just proves 259 00:13:31.559 --> 00:13:33.639 who sent it and then it's syntactic licely. 260 00:13:33.679 --> 00:13:34.480 It's very efficient. 261 00:13:34.679 --> 00:13:37.360 So where do we actually use cryptography in the real world? 262 00:13:37.519 --> 00:13:41.919 Oh, it's everywhere in software like full disc encryption FD 263 00:13:42.360 --> 00:13:46.360 that scrambles your entire laptop hard drive, or Transparent Data 264 00:13:46.440 --> 00:13:50.799 Encryption TDE used by databases, and increasingly it's built into 265 00:13:50.799 --> 00:13:54.759 hardware like what things like self encrypting drives seds that 266 00:13:54.840 --> 00:14:00.679 handle encryption automatically, Hardware security modules HSMs, dedicated devices for 267 00:14:00.720 --> 00:14:06.080 securely managing cryptographic keys, Trusted platform modules TPMs, chips on 268 00:14:06.120 --> 00:14:09.360 motherboards that help with secure boot processes and key storage, 269 00:14:09.639 --> 00:14:12.720 and secure enclaves found in many mobile phone processors. 270 00:14:12.799 --> 00:14:15.919 So it's embedded deep Yeah. And blockchain is that related? 271 00:14:16.039 --> 00:14:19.879 It's definitely related. Blockchain technology relies heavily on cryptographic principles, 272 00:14:20.000 --> 00:14:24.200 especially hashing and digital signatures to create that shared, immutable, 273 00:14:24.279 --> 00:14:25.240 trustworthy ledger. 274 00:14:25.360 --> 00:14:29.080 Okay, with all this complex math, how do attackers actually 275 00:14:29.080 --> 00:14:31.000 break it? Are they cracking the algorithms? 276 00:14:31.200 --> 00:14:35.960 Well, theoretical attacks against algorithms exist, things like known ciphertext attacks, 277 00:14:36.200 --> 00:14:40.720 downgraded attacks trying to force weaker encryption collision attacks against hashing. 278 00:14:41.279 --> 00:14:45.559 But honestly, the most common way cryptographic protections fail in 279 00:14:45.600 --> 00:14:49.879 the real world is much simpler misconfigurations. 280 00:14:49.240 --> 00:14:50.240 Human error again. 281 00:14:50.240 --> 00:14:54.320 Often yes implementing it incorrectly, using weak keys, poor key 282 00:14:54.399 --> 00:14:58.440 management practices. Those are far more likely avenues for attackers 283 00:14:58.440 --> 00:15:02.399 than actually breaking the underlying math, which is usually incredibly. 284 00:15:01.840 --> 00:15:05.120 Strong that makes sense, and managing all those keys and identities. 285 00:15:05.360 --> 00:15:07.240 That sounds like a job in itself. That leads to 286 00:15:07.279 --> 00:15:09.960 PKI Public Key infrastructure exactly. 287 00:15:10.000 --> 00:15:16.200 PKI is the whole system, the technology policies, procedures for creating, managing, distributing, using, storing, 288 00:15:16.240 --> 00:15:20.399 and revoking digital certificates which bind public keys to identities. 289 00:15:20.480 --> 00:15:22.360 So it's how we trust that a public key actually 290 00:15:22.440 --> 00:15:24.320 belongs to who it says it does, right. 291 00:15:24.639 --> 00:15:28.159 It relies on trusted third parties called certificate authorities CAAs. 292 00:15:28.399 --> 00:15:31.200 You have a root CAA which is highly trusted, It 293 00:15:31.240 --> 00:15:35.120 issues certificates to intermediate CAAs, who might then issue certificates 294 00:15:35.159 --> 00:15:38.480 to end users or servers. It forms a certificate chain 295 00:15:38.519 --> 00:15:43.399 of trust. Your browser uses this chain to verify websites identity, for. 296 00:15:43.399 --> 00:15:47.440 Instance, but certificates can expire or be compromised. How do 297 00:15:47.480 --> 00:15:48.639 we know if one is still good? 298 00:15:48.879 --> 00:15:52.759 That's crucial. We need revocation checking. The main protocol for 299 00:15:52.799 --> 00:15:56.840 this is OCSP, the Online Certificate Status protocol. Your browser 300 00:15:56.879 --> 00:15:59.919 can query an OCSP responder server to ask is this 301 00:16:00.000 --> 00:16:04.000 certificate's still valid? Sometimes the web server gets the OCSP 302 00:16:04.120 --> 00:16:07.120 response itself and staples it to the certificate it sends you, 303 00:16:07.159 --> 00:16:09.720 which is faster, But there's a known issue called the 304 00:16:09.720 --> 00:16:13.159 OCSP soft fail if your browser can't reach the OCSP 305 00:16:13.279 --> 00:16:16.200 server for some reason, it might just proceed anyway assuming 306 00:16:16.240 --> 00:16:18.440 the certificate is okay, which is an ideal. 307 00:16:18.519 --> 00:16:19.759 Yeah, that sounds like a gap. 308 00:16:19.919 --> 00:16:23.279 It highlights why proper certificate and key management is so vital. 309 00:16:23.639 --> 00:16:27.159 It's complex, and it's a frequent target for attackers because 310 00:16:27.159 --> 00:16:29.399 if they can compromise the trust system, they can do 311 00:16:29.440 --> 00:16:30.440 a lot of damage. 312 00:16:30.559 --> 00:16:34.200 Okay, so we've covered securing data itself. What about securing 313 00:16:34.200 --> 00:16:35.759 it as it travels across networks? 314 00:16:36.080 --> 00:16:40.039 Right? Securing data and transit. Often this involves creating secure 315 00:16:40.080 --> 00:16:43.679 tunnels through untrusted networks like the Internet. The main protocols 316 00:16:43.720 --> 00:16:45.759 you hear about are TLS and ip. 317 00:16:45.720 --> 00:16:49.399 SC TLS that replaced SSL. Right for websites. 318 00:16:49.519 --> 00:16:53.600 Correct. Transport layer security TLS is the standard now for 319 00:16:53.720 --> 00:16:57.039 encrypting communication between your web browser and servers. That little 320 00:16:57.159 --> 00:17:00.919 padlock icon you see. Ip sc P security is a 321 00:17:00.960 --> 00:17:04.000 broader framework. It works at a lower network layer, the 322 00:17:04.039 --> 00:17:07.400 IP layer, and can encrypt and authenticate all IP traffic 323 00:17:07.480 --> 00:17:10.559 between two points, like between two corporate sites forming a VPN. 324 00:17:10.839 --> 00:17:15.640 Got it. Okay, So we've looked at physical security, data classification, crypto, PKI, 325 00:17:15.799 --> 00:17:21.000 secure comms. Let's pivot to the devices people actually use, endpoints, laptops, desktops, phones, right. 326 00:17:21.200 --> 00:17:24.359 Endpoint security hugely important because that's where users interact with 327 00:17:24.440 --> 00:17:27.160 data and often where at tax land. First, a major 328 00:17:27.240 --> 00:17:30.079 threat category here is malware, malicious software. 329 00:17:30.240 --> 00:17:32.160 On top of that list seems to be ransomware. 330 00:17:32.400 --> 00:17:35.720 It's definitely a huge problem. Ransomware either just locks your 331 00:17:35.759 --> 00:17:39.880 screen locker ransomware, or more commonly now encrypts all your 332 00:17:40.039 --> 00:17:44.240 files crypto ransomware and demands payment for the decryption key. 333 00:17:44.519 --> 00:17:48.240 Nasty stuff, and it's evolving. We're seeing more blended attacks. 334 00:17:48.519 --> 00:17:51.240 The attackers don't just encrypt your files. They steal a 335 00:17:51.240 --> 00:17:54.319 copy of your sensitive data first, then they threaten to 336 00:17:54.400 --> 00:17:57.480 release it publicly, even if you manage to restore your 337 00:17:57.519 --> 00:18:01.240 files from backup. It gives them extra leverage extortion exactly 338 00:18:01.759 --> 00:18:04.680 Beyond ransomware, you have other types of malware designed for 339 00:18:04.799 --> 00:18:09.640 spying eavesdropping malware, things like keyloggers that record every keystroke 340 00:18:09.720 --> 00:18:13.319 you make, or spyware that monitors your activity, take screenshots, 341 00:18:13.519 --> 00:18:15.119 accesses your camera or mic. 342 00:18:15.440 --> 00:18:17.119 Are classic viruses still around? 343 00:18:17.240 --> 00:18:20.599 They are. They use various techniques to infect files, like 344 00:18:20.680 --> 00:18:23.599 appending their code or splitting it up. They also use 345 00:18:23.640 --> 00:18:27.200 methods like mutations to constantly change their digital fingerprint trying 346 00:18:27.200 --> 00:18:30.799 to evade detection by antivirus software. Some are even smart 347 00:18:30.880 --> 00:18:32.759 enough to check if they're running in a sandbox or 348 00:18:32.759 --> 00:18:35.279 if security tools are present, and they'll just shut down 349 00:18:35.359 --> 00:18:36.759 to avoid being analyzed. 350 00:18:37.160 --> 00:18:40.000 And the web browser itself can be an attack vector. 351 00:18:39.759 --> 00:18:44.079 Oh definitely. Two common web based attacks are cross site 352 00:18:44.079 --> 00:18:48.680 request forgery CSRF and sericide request forgery SSRF. 353 00:18:48.799 --> 00:18:49.519 Okay, what are those? 354 00:18:49.799 --> 00:18:53.640 CSRF is clever? It tricks your browser while you're logged 355 00:18:53.640 --> 00:18:56.839 into a legitimate site like your bank, into sending an 356 00:18:56.880 --> 00:18:59.680 unwonted command to that site from a malicious site or 357 00:18:59.759 --> 00:19:03.200 e mail you might visit. It basically hijacks the trust 358 00:19:03.240 --> 00:19:05.720 the bank site has in you or your browser session. 359 00:19:05.839 --> 00:19:06.160 Wow. 360 00:19:06.319 --> 00:19:10.079 A SSRF is kind of the flip side. It exploits 361 00:19:10.079 --> 00:19:12.799 a vulnerability on the server itself, tricking the web server 362 00:19:12.880 --> 00:19:15.599 into making requests to other internal systems it wouldn't normally 363 00:19:15.599 --> 00:19:18.599 access or even to external systems. It abuses the trust 364 00:19:18.680 --> 00:19:21.480 the server has, maybe with other back end systems inside 365 00:19:21.480 --> 00:19:22.000 the network. 366 00:19:22.119 --> 00:19:24.640 Okay, lots of threats targeting endpoints. So what are the 367 00:19:24.680 --> 00:19:25.359 main defenses? 368 00:19:25.640 --> 00:19:27.960 It has to be a layered approach. First, you need 369 00:19:28.039 --> 00:19:32.039 good anti virus or anti malware software. Modern versions use 370 00:19:32.079 --> 00:19:35.920 signature based detection for known threats, but also heuristic or 371 00:19:35.960 --> 00:19:40.000 behavioral analysis to spot suspicious activity even from unknown malware. 372 00:19:40.240 --> 00:19:41.519 Right. What else? 373 00:19:41.599 --> 00:19:46.079 Patching seriously keeping your operating system and applications updated with 374 00:19:46.119 --> 00:19:49.240 the latest security patches is arguably the single most important 375 00:19:49.240 --> 00:19:53.000 thing you can do. Attackers actively reverse engineer patches to 376 00:19:53.000 --> 00:19:55.799 figure out the vulnerability they fix, and then they target 377 00:19:55.880 --> 00:19:59.640 unpatched systems. Automation helps a lot here, so patch quickly 378 00:19:59.680 --> 00:20:03.559 and off absolutely. Then there are OS level protections, things 379 00:20:03.640 --> 00:20:06.880 like hardening the system by disabling unused ports, protocols or 380 00:20:06.920 --> 00:20:11.960 services using application allow listing where only explicitly approved software 381 00:20:12.039 --> 00:20:15.000 is allowed to run rather than trying to block known 382 00:20:15.039 --> 00:20:15.799 bad software. 383 00:20:15.880 --> 00:20:18.359 That sounds more restrictive, but maybe more effective. 384 00:20:18.039 --> 00:20:21.319 It can be. Yeah, also sandboxing applications running them in 385 00:20:21.400 --> 00:20:24.279 isolated containers so if they get compromised, they can't easily 386 00:20:24.279 --> 00:20:26.599 affect the rest of the system. And you have host 387 00:20:26.680 --> 00:20:28.039 based monitoring. 388 00:20:27.599 --> 00:20:30.039 Tools like HIDS and HIPS exactly. 389 00:20:30.400 --> 00:20:34.880 A host based intrusion detection system HIDS monitors logs and 390 00:20:34.960 --> 00:20:38.039 activity on a single computer for signs of intrusion. A 391 00:20:38.079 --> 00:20:41.799 host based intrusion prevention system HIPS goes a step further 392 00:20:42.000 --> 00:20:46.519 and can actively block malicious activity. It detects detection versus prevention. 393 00:20:46.880 --> 00:20:51.680 Okay, Now, mobile devices, phones, tablets, they're basically powerful computers 394 00:20:51.759 --> 00:20:54.559 we carry around, but they seem different from a security perspective. 395 00:20:54.680 --> 00:20:57.000 They are. They've come a long way from old feature phones. 396 00:20:57.240 --> 00:21:01.640 Now they run complex OS's apps. Enterprises manage them using 397 00:21:01.640 --> 00:21:06.359 different models BYOD bring your own Device CO, corporate own, 398 00:21:06.559 --> 00:21:10.440 personally enabled CIOD, choose your own device, trying to balance 399 00:21:10.480 --> 00:21:11.319 flexibility and. 400 00:21:11.279 --> 00:21:13.160 Control, but they carry unique risks. 401 00:21:13.640 --> 00:21:16.799