Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated:
1
00:00:00,300 --> 00:00:03,870
Welcome to the module focusing on the security of data in this module.
2
00:00:03,870 --> 00:00:08,640
We'd like to think about why ensuring and maintaining confidentiality integrity and authenticity of
3
00:00:08,640 --> 00:00:12,450
data should be the main purpose and role of computer security policies.
4
00:00:12,450 --> 00:00:15,120
Let's start by reaching back to the essence of this problem.
5
00:00:15,150 --> 00:00:18,260
Why does computer security usually fail against attacks.
6
00:00:18,270 --> 00:00:23,070
The reason is that system users are often unaware of the threats they're facing and if they're unaware
7
00:00:23,190 --> 00:00:25,080
they can't counteract the threats.
8
00:00:25,080 --> 00:00:30,300
The second aspect of data security that relates both to users and administrators is a failure to clearly
9
00:00:30,300 --> 00:00:32,820
identify the resources that require protection.
10
00:00:32,820 --> 00:00:37,320
There's a common thinking pattern that pictures a safe computer network separated from the big bad internet
11
00:00:37,350 --> 00:00:38,610
with a firewall.
12
00:00:38,610 --> 00:00:40,870
This has been outdated for some time now.
13
00:00:40,920 --> 00:00:43,980
You can't base your security policy on this type of assumption.
14
00:00:44,010 --> 00:00:48,950
One problem that relates only to computer systems administrators is their unchecked belief in technology.
15
00:00:48,960 --> 00:00:52,920
We tend to think subconsciously that since we've paid a lot of money for security solutions provided
16
00:00:52,920 --> 00:00:56,090
by a popular brand they'll be completely reliable and efficient.
17
00:00:56,310 --> 00:01:01,500
If you don't know the mechanisms behind a solution or technology or don't even know attack vectors running
18
00:01:01,500 --> 00:01:06,210
a piece of software or a tool won't make you secure users and administrators need to keep track of new
19
00:01:06,210 --> 00:01:10,230
developments and utilities in the system security field and deal with threats differently than it's
20
00:01:10,230 --> 00:01:11,390
shown in the slide.
21
00:01:11,400 --> 00:01:13,100
Why is this all so hard.
22
00:01:13,110 --> 00:01:17,590
The main reason for this difficulty is a new growing trend known as the consumerization of I.T..
23
00:01:17,610 --> 00:01:21,840
The tables have turned since the development of high tech software and devices in the past.
24
00:01:21,870 --> 00:01:27,240
New technologies were enterprise led and only after time emerged on the consumer market devices were
25
00:01:27,240 --> 00:01:29,610
customized for the needs and goals of businesses.
26
00:01:29,610 --> 00:01:34,610
Today there's no recognizable boundary between consumer and corporate technology appliances and software
27
00:01:34,620 --> 00:01:36,600
being designed with users in mind.
28
00:01:36,750 --> 00:01:38,760
What are the effects of this reversal.
29
00:01:38,760 --> 00:01:43,020
It's harder to say whether the Smartphone you're holding is a company device or a private device.
30
00:01:43,050 --> 00:01:45,870
The same technology can be used at work and for play.
31
00:01:45,870 --> 00:01:50,040
It wasn't quite this way a while back and this shift seems to have blurred the lines between business
32
00:01:50,040 --> 00:01:52,190
computer systems and home systems.
33
00:01:52,200 --> 00:01:57,060
New developments mean that more and more people can work from home and we use our own devices a laptop
34
00:01:57,060 --> 00:01:58,620
or a smartphone for work.
35
00:01:58,710 --> 00:02:01,750
System administrators have limited control over these devices.
36
00:02:01,770 --> 00:02:06,630
If there's any control at all administrators can't force us to stop using our own devices because our
37
00:02:06,630 --> 00:02:08,160
productivity would be lowered.
38
00:02:08,160 --> 00:02:11,510
We can do some tasks remotely while travelling or on holidays.
39
00:02:11,670 --> 00:02:14,710
Companies can't ban sending emails from outside their offices.
40
00:02:14,760 --> 00:02:19,410
While this would improve security it just simply isn't feasible given this new emerging reality.
41
00:02:19,500 --> 00:02:23,350
I.T. security staff have to reformulate their strategies and actions.
42
00:02:23,400 --> 00:02:26,370
A good solution for this problem was introducing a new term.
43
00:02:26,430 --> 00:02:30,750
It's ridiculous to say that our security measures are ineffective because script kids lunch exploits
44
00:02:30,750 --> 00:02:36,240
remotely advanced persistent threat has a different ring to it though saying that we can be susceptible
45
00:02:36,240 --> 00:02:40,230
to threats that are advanced and persistent is not equivalent to an admission of guilt.
46
00:02:40,350 --> 00:02:45,540
APT was coined and defined in 2006 by the U.S. Army when the military began to realize that existing
47
00:02:45,540 --> 00:02:50,190
computer security models were ineffective funds on fighting launched attacks were irrationally high
48
00:02:50,190 --> 00:02:51,490
compared to the results.
49
00:02:51,570 --> 00:02:53,280
Something had to be changed.
50
00:02:53,310 --> 00:02:57,740
Originally app referred to persistent threats or those threats that were a long term risk.
51
00:02:57,750 --> 00:03:02,430
A good example of persistent activity is the slew of attacks on American high tech companies that were
52
00:03:02,430 --> 00:03:05,860
detected by Google and occurred from 2006 to 2007.
53
00:03:05,880 --> 00:03:10,480
In this attack email boxes of the company's staff had been monitored for over a year.
54
00:03:10,500 --> 00:03:15,120
Today advanced persistent threats are understood as attacks that successfully launch malicious software
55
00:03:15,120 --> 00:03:18,450
on targeted computers malicious software is a broad term.
56
00:03:18,450 --> 00:03:22,420
We'll show you why launching a program can cause an attacker to take over a system.
57
00:03:22,470 --> 00:03:27,090
Local attacks and large scale attacks that exploit vulnerabilities in security systems.
58
00:03:27,150 --> 00:03:29,700
We'll talk about this factor in the following modules.
59
00:03:29,700 --> 00:03:34,710
By and large advanced persistent threats include internal attacks for the most part internal attacks
60
00:03:34,710 --> 00:03:37,590
render any technological protection measures useless.
61
00:03:37,590 --> 00:03:42,260
The last category of threats classed as apps are the attacks that target trusted communications channels.
62
00:03:42,270 --> 00:03:47,580
The amount of information exchange between computer systems is huge intrusion detection systems implemented
63
00:03:47,580 --> 00:03:52,370
in banks and insurance institutions often react only the active suspicious user actions.
64
00:03:52,470 --> 00:03:57,450
Attackers exploit a tendency of specialist ideas tools to react to unauthorized claims payments but
65
00:03:57,450 --> 00:04:02,870
ignore information extraction in protecting data is crucial to set up goals that you want to achieve.
66
00:04:02,940 --> 00:04:05,980
Our first objective should be the confidentiality of data.
67
00:04:06,000 --> 00:04:09,880
Confidentiality means that data is safeguarded against unauthorized access.
68
00:04:09,900 --> 00:04:13,080
Information should be categorized according to its sensitivity.
69
00:04:13,080 --> 00:04:17,310
It doesn't make sense to take measures for protecting information that's published online on a company's
70
00:04:17,310 --> 00:04:18,120
Web site.
71
00:04:18,120 --> 00:04:22,740
Any company will understandably be happy that there are visitors on the Web site internal information
72
00:04:22,740 --> 00:04:24,560
it's the second class of information.
73
00:04:24,570 --> 00:04:29,430
This category of data is available to a broad group of selected people for example for all the employees
74
00:04:29,430 --> 00:04:30,290
in a company.
75
00:04:30,330 --> 00:04:34,770
We wouldn't want unauthorized persons to access this type of information but it doesn't spell the end
76
00:04:34,770 --> 00:04:36,390
of the world if a breach occurs.
77
00:04:36,390 --> 00:04:41,730
The next category of information includes personal information personally identifiable information is
78
00:04:41,730 --> 00:04:46,860
defined as information that can be used to easily and specifically identify a person to whom the information
79
00:04:46,860 --> 00:04:52,320
relates national identification numbers like Social Security numbers are an obvious example of personal
80
00:04:52,320 --> 00:04:53,270
information.
81
00:04:53,280 --> 00:04:54,860
There's also sensitive data.
82
00:04:54,900 --> 00:04:59,570
This class of data if disclosed to the public brings direct losses to a specific person.
83
00:04:59,610 --> 00:05:03,260
The last data confidentiality category includes classified information.
84
00:05:03,260 --> 00:05:06,410
This is the type of data that should only be accessed by trusted people.
85
00:05:06,410 --> 00:05:11,630
Disclosing classified information deals a grievous blow to a company assigning a level of sensitivity
86
00:05:11,630 --> 00:05:16,620
to data stored on a system fast tracked the implementation of a data security policy in a company.
87
00:05:16,640 --> 00:05:20,900
If a company fails to introduce this policy this could end in the sort of situations you've seen in
88
00:05:20,900 --> 00:05:25,700
previous modules where you can view classified sensitive and confidential information on the Internet
89
00:05:25,730 --> 00:05:27,830
next to people's personal information.
90
00:05:27,890 --> 00:05:30,880
Confidentiality of data has to be protected in some way.
91
00:05:30,950 --> 00:05:35,190
In the past obtaining or extracting confidential data was a difficult feat.
92
00:05:35,300 --> 00:05:38,170
The next time you see a person go through the garbage bins of your company.
93
00:05:38,270 --> 00:05:43,010
Remember that the person does not have to be a beggar in search of food in the US the trash that's located
94
00:05:43,010 --> 00:05:44,980
in a company's site belongs to that company.
95
00:05:44,990 --> 00:05:47,690
Trespassing and stealing things from trash bins is illegal.
96
00:05:47,690 --> 00:05:50,730
The contents of the bins only later become public property.
97
00:05:50,750 --> 00:05:53,840
It's increasingly easy to find confidential information on the Internet.
98
00:05:54,350 --> 00:05:58,920
Let's see how this can be done to do this we'll use a hacking technique that most of you know very well.
99
00:05:59,030 --> 00:05:59,970
Google hacking.
100
00:06:00,020 --> 00:06:03,740
We'll see if Google can be used to find some information on people who interest us.
101
00:06:03,740 --> 00:06:07,850
We'll also find out if it's true that once a piece of information is put on the web it will exist there
102
00:06:07,850 --> 00:06:08,600
forever.
103
00:06:08,600 --> 00:06:13,790
Finally we'll also use specialist programs like focus to automate the process of finding information.
104
00:06:13,790 --> 00:06:18,170
Let's start with a question Is it possible to completely erase a piece of information that has been
105
00:06:18,170 --> 00:06:22,760
published online to find an answer we'll use a site called archive dot org.
106
00:06:22,750 --> 00:06:27,830
There is a time machine called the wayback machine available on the site Let's type in any address you're
107
00:06:27,830 --> 00:06:28,630
interested in.
108
00:06:28,640 --> 00:06:34,490
For example Microsoft dot com and click on take me back after the search ends you'll be able to view
109
00:06:34,490 --> 00:06:37,020
the archived versions of the page.
110
00:06:37,040 --> 00:06:39,400
Let's start with 1996.
111
00:06:39,410 --> 00:06:42,580
There are only a few copies of the page from that year.
112
00:06:42,650 --> 00:06:48,630
Let's see how the Web site looked on October twenty ninth 1996 we have a chance to take a peek into
113
00:06:48,630 --> 00:06:51,280
the past and see how the page looked in 1996.
114
00:06:51,330 --> 00:06:54,360
All things on the page are related to one another and are still active.
115
00:06:54,360 --> 00:06:58,090
You can read press information about Microsoft from 1996.
116
00:06:58,320 --> 00:07:01,410
What's been put on the Internet stays on the internet forever.
117
00:07:01,410 --> 00:07:05,760
Let's check now off a popular search engine like Google will enable us to find confidential information
118
00:07:05,760 --> 00:07:06,570
on the Internet.
119
00:07:06,570 --> 00:07:09,670
I have a few predefined queries which you've already seen on a slide.
120
00:07:09,690 --> 00:07:13,750
We'll start with exploring whether there are any results for company Excel spreadsheets.
121
00:07:13,770 --> 00:07:17,250
In other words Excel spreadsheets that relate to user accounts.
122
00:07:17,250 --> 00:07:21,270
It take a lot of time and persistence to browse through all of these spreadsheets but I'll try to give
123
00:07:21,270 --> 00:07:24,390
you a more interesting example and show another type of search.
124
00:07:24,390 --> 00:07:29,040
This time we'll search for PDA files on military Web sites that contain the phrase top secret.
125
00:07:29,070 --> 00:07:32,280
It doesn't seem likely that anyone would put these documents on the web does it.
126
00:07:32,400 --> 00:07:33,390
But here you are.
127
00:07:33,420 --> 00:07:36,990
If this picks your interest and you're not planning on visiting any of the countries that put up these
128
00:07:36,990 --> 00:07:41,850
files go ahead and click on the links to find out what types of classified information can easily be
129
00:07:41,850 --> 00:07:43,180
found on the web.
130
00:07:43,210 --> 00:07:46,790
The crawling methods I've shown you are manual that can be automated though.
131
00:07:46,830 --> 00:07:51,930
For example by using a tool like gulag scanner the application contains a simple set of Google queries
132
00:07:51,930 --> 00:07:53,800
that fall into several categories.
133
00:07:53,820 --> 00:07:59,250
There are for example video files containing juicy info like passwords Loggins and the like or software
134
00:07:59,250 --> 00:08:02,280
errors messages that display sensitive information on a system.
135
00:08:02,280 --> 00:08:07,170
Another category includes files containing usernames clicking on open in the browser will cause a search
136
00:08:07,170 --> 00:08:11,550
engine with selected file types to be displayed instead of clicking on each file type.
137
00:08:11,670 --> 00:08:15,450
You can select a whole category type in a page name that interests you.
138
00:08:15,450 --> 00:08:18,300
For example example dot com and click on scan.
139
00:08:18,450 --> 00:08:21,080
Notice that you don't connect to the site directly.
140
00:08:21,120 --> 00:08:24,260
We don't search for information on the servers of a given company.
141
00:08:24,270 --> 00:08:27,000
The query is not only sent to the Google search engine.
142
00:08:27,210 --> 00:08:29,940
We're exploring what has already been indexed.
143
00:08:30,030 --> 00:08:33,810
We'll be able to send bulk queries until search engines like Google block them.
144
00:08:33,960 --> 00:08:39,210
As you can see in the slide 15 results have been returned all queries have been processed successfully
145
00:08:39,270 --> 00:08:42,810
which means there are no files that contain user names in the results.
146
00:08:42,870 --> 00:08:47,400
A small application called FOCA is a rather curious example of a search engine that crawls the web for
147
00:08:47,400 --> 00:08:49,300
publicly available information.
148
00:08:49,320 --> 00:08:53,870
It enables users to not only analyze selected Web sites but also the metadata that saved in the Web
149
00:08:53,870 --> 00:08:57,810
site files will create a project by entering a Web site name.
150
00:08:57,810 --> 00:09:01,760
For example Microsoft dot com using search engines like Google or Bing.
151
00:09:01,770 --> 00:09:06,990
We can try to extract information on the network infrastructure the servers versions and so on.
152
00:09:06,990 --> 00:09:11,370
We can try to ascertain whether or not there are any vulnerabilities or susceptibilities to a given
153
00:09:11,370 --> 00:09:18,150
type of threat we can also read the metadata or the various documents opening the documents will extract
154
00:09:18,150 --> 00:09:24,790
information on their creators to download an analyzed file right click on the document and select download.
155
00:09:24,900 --> 00:09:27,900
Once you've downloaded the files that can be analyzed.
156
00:09:27,900 --> 00:09:33,870
Click on extract metadata we'll extract all the metadata available for the document files from both
157
00:09:33,870 --> 00:09:38,870
categories will be analyzed in sequence we have records for 10 users.
158
00:09:38,920 --> 00:09:41,820
They're the creators of PDL documents or doc files.
159
00:09:41,980 --> 00:09:47,050
We can view the information on when and in how many documents they use Open Office in Microsoft Office
160
00:09:47,320 --> 00:09:51,820
and also see the versions of the operating systems that were used to create the documents.
161
00:09:51,820 --> 00:09:56,170
All this metadata is contained in the files that we edit and save on a daily basis.
162
00:09:56,380 --> 00:10:00,820
When you publish your files on the Internet you have to realize that the metadata will also be published
163
00:10:00,880 --> 00:10:02,470
and be accessible.
164
00:10:02,470 --> 00:10:07,180
Metadata discloses not only the information on a configuration of the system but also contains your
165
00:10:07,180 --> 00:10:08,590
personal information.
166
00:10:08,800 --> 00:10:11,980
FOCA is a great tool for extracting information of this type.
167
00:10:11,980 --> 00:10:14,890
Thus far we've talked about data confidentiality.
168
00:10:14,890 --> 00:10:19,390
This is the most relevant aspect and the first thing that springs to mind when data protection is concerned.
169
00:10:19,990 --> 00:10:22,380
But this doesn't always have to be the case.
170
00:10:22,390 --> 00:10:27,730
Sometimes the integrity of data is equally important data integrity refers to a situation when a given
171
00:10:27,730 --> 00:10:32,500
message has not been modified by an unauthorized person did it integrity can be maintained by adding
172
00:10:32,500 --> 00:10:34,300
specific check sums to the data.
173
00:10:34,300 --> 00:10:37,930
This method also helps protecting the integrity of operating system files.
174
00:10:37,960 --> 00:10:42,550
If a document you open has a different checksum than that of a document saved by a trusted user.
175
00:10:42,550 --> 00:10:44,870
This points to a data integrity corruption.
176
00:10:44,920 --> 00:10:46,810
Why is integrity so important.
177
00:10:46,810 --> 00:10:49,060
Let's use online orders as an example.
178
00:10:49,090 --> 00:10:51,330
If someone has spied that we've ordered five books.
179
00:10:51,340 --> 00:10:52,910
This usually doesn't bother us.
180
00:10:53,020 --> 00:10:58,000
But if that person modifies the order value from five to five hundred books we would be less than happy.
181
00:10:58,000 --> 00:11:00,930
Integrity is a vital feature of information data.
182
00:11:00,940 --> 00:11:04,060
Authenticity is another key aspect to data security.
183
00:11:04,090 --> 00:11:06,710
Authenticity is a bit broader in scope than integrity.
184
00:11:06,730 --> 00:11:11,290
Authenticity is a feature of information that ensures that the center of the data stream is legitimate
185
00:11:11,440 --> 00:11:14,740
and that the data has not been modified after it was sent by a trusted sender.
186
00:11:14,740 --> 00:11:17,890
This feature can be verified through the use of digital signatures.
187
00:11:17,980 --> 00:11:21,280
We'll cover this in coming modules as we've stressed before.
188
00:11:21,280 --> 00:11:23,620
You should not put too much faith in technology.
189
00:11:23,620 --> 00:11:26,720
You can see an example of why limited trust is the best option.
190
00:11:26,770 --> 00:11:31,840
It's a certificate for signing crucial information contained in system files or EMC files.
191
00:11:31,840 --> 00:11:34,540
It was stolen and used to sign malicious software.
192
00:11:34,540 --> 00:11:39,630
Authenticity is verified through digital signatures on files that are usually generated from certificates.
193
00:11:39,720 --> 00:11:41,800
A certificate has an assigned level of trust.
194
00:11:41,800 --> 00:11:45,510
A user can give the last feature of information is its availability.
195
00:11:45,550 --> 00:11:51,400
Data availability is specified in an SLA service level agreement I.T. departments and business customers
196
00:11:51,400 --> 00:11:53,860
are bound with the terms and conditions of an SLA.
197
00:11:53,860 --> 00:11:58,630
The specifications of this contract define the maximum tolerable length of service unavailability and
198
00:11:58,630 --> 00:12:01,840
determine the amounts of information that can be lost after a disaster.
199
00:12:01,840 --> 00:12:04,750
You can find lots of information on SLA is on the Internet.
200
00:12:04,750 --> 00:12:10,330
The key elements of the agreement are recovery time objective R O which is the duration of time in which
201
00:12:10,330 --> 00:12:15,700
a service can be unavailable most often calculated and a percentage the closer to 100 percent the longer
202
00:12:15,700 --> 00:12:17,390
the information needs to be available.
203
00:12:17,440 --> 00:12:22,360
Recovery point objective RPO which is the amount of data that can be lost in the event of a failure
204
00:12:22,510 --> 00:12:27,700
to recovery time objective forms the foundation of all SLA lays the measures the non-negotiable duration
205
00:12:27,700 --> 00:12:31,300
of time within which information or services can be unavailable.
206
00:12:31,300 --> 00:12:37,300
It is usually expressed as a number of nines if a given service is to be provided 365 days a year 24
207
00:12:37,300 --> 00:12:39,370
hours a day seven days a week.
208
00:12:39,370 --> 00:12:44,560
This means that an RTI value that has five nines ninety nine point nine nine nine percent can only be
209
00:12:44,560 --> 00:12:50,260
shut down for whatever reason maintenance attacks threats for five minutes in a year agreeing on a five
210
00:12:50,260 --> 00:12:54,760
nines RTL means that a given service or information has to be protected in a special way.
211
00:12:54,760 --> 00:12:59,950
It's impossible to provide Nasedo this high if data is stored in one system only hosting companies usually
212
00:12:59,950 --> 00:13:04,870
agreed to a four digit R2 yo under the same assumptions three nines mean that a service can shut down
213
00:13:04,870 --> 00:13:06,750
for eight hours per year maximum.
214
00:13:06,790 --> 00:13:11,080
You can't expect your only computer to be set up for the whole year without interruption and eight hours
215
00:13:11,080 --> 00:13:15,870
will probably be too little to successfully deal with an attack or to restore a system after a failure.
216
00:13:15,880 --> 00:13:20,380
Another part of an SLA which is defined in all contracts of this type is a recovery point objective
217
00:13:20,470 --> 00:13:24,160
which is the measure that determines the amount of data that can be lost after an attack.
218
00:13:24,160 --> 00:13:27,370
It's easier to ensure a recovery point objective of 0 percent.
219
00:13:27,400 --> 00:13:31,840
It's a matter of replicating data and creating backups than to ensure ensuring Arto equaling ninety
220
00:13:31,840 --> 00:13:33,570
nine point nine nine nine percent.
221
00:13:33,640 --> 00:13:38,270
In the case of the auto high availability comes with the need for investing in expensive equipment.
222
00:13:38,300 --> 00:13:42,490
Sellers are becoming increasingly popular and it's quite possible that you'll often be asked to sign
223
00:13:42,490 --> 00:13:45,520
an SLA that determines the RPO as a 0 percent.
224
00:13:45,550 --> 00:13:49,980
Businesses need the guarantee that whatever happens no data will be lost from the system.
225
00:13:50,020 --> 00:13:55,060
We have few technologies that can ensure implementing good values of RTA and RPO will mention them later
226
00:13:55,060 --> 00:13:56,930
on in the next modules of this course.
227
00:13:56,950 --> 00:14:00,790
High availability of services usually require the use of specialist technologies.
228
00:14:00,790 --> 00:14:03,540
There will also be covered in the next part of this course.
229
00:14:03,550 --> 00:14:04,000
Thank you.
25724
Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.