Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:00,780 --> 00:00:06,480 This course takes you on a journey that starts with the basics and theory of security and then builds 2 00:00:06,480 --> 00:00:13,700 upon it with practical exercises and on to more advanced topics in the later sections and other volumes. 3 00:00:13,770 --> 00:00:19,350 You have to know the basics so that you can make your own informed choices about security. 4 00:00:19,530 --> 00:00:21,660 I don't want to give you just a to do list. 5 00:00:21,690 --> 00:00:25,130 I want you to understand both the why and the how. 6 00:00:25,140 --> 00:00:31,590 So we start with the theory and basics of security and then build on that later with practical exercises 7 00:00:31,920 --> 00:00:34,090 and onto more advanced topics. 8 00:00:34,110 --> 00:00:40,140 But before we start in the theory basics I want to give you a super easy quick security win that you 9 00:00:40,140 --> 00:00:43,770 can set up right now a small practical exercise. 10 00:00:43,770 --> 00:00:45,410 Before we dig into the theory. 11 00:00:45,510 --> 00:00:51,060 So you have an immediate security capability to detect malware and hackers that you can set up in about 12 00:00:51,060 --> 00:00:54,050 10 minutes and you don't even have to install anything. 13 00:00:54,210 --> 00:00:59,370 This way if you forget to do the rest of the course at least you have got some security capability out 14 00:00:59,370 --> 00:00:59,820 of it. 15 00:01:00,000 --> 00:01:01,140 So here goes. 16 00:01:01,140 --> 00:01:09,030 Wouldn't it be cool if we could set up security trip wires to tell is if someone or something was poking 17 00:01:09,030 --> 00:01:16,270 around in our files on a laptop on a phone tablet you know e-mail and or online accounts basically everywhere. 18 00:01:16,290 --> 00:01:21,270 Will it be good if we could have some trip wires alerted is when somebody was doing things that we don't 19 00:01:21,270 --> 00:01:22,180 want them to do. 20 00:01:22,320 --> 00:01:24,070 Well we can set those things up. 21 00:01:24,070 --> 00:01:30,010 So let me show you how to set the security tripwires using a service call canary tokens. 22 00:01:30,010 --> 00:01:35,760 They are made available just for you guys on this course so you can have some quick and easy security 23 00:01:35,760 --> 00:01:37,210 wins. 24 00:01:37,260 --> 00:01:44,070 So if you get your way to w w w Don't Station X don't net slash canary tokens slash you can follow along 25 00:01:44,070 --> 00:01:47,690 with what I'm doing and create your own tokens at the same time. 26 00:01:47,700 --> 00:01:53,550 So here we have our little canary friendly token we see a rather obvious red boat in here and this is 27 00:01:53,550 --> 00:01:58,960 what we need to click on to take us to the domain that will provide us with the tokens. 28 00:01:58,980 --> 00:02:01,740 So here we are this is a domain here that will rotate. 29 00:02:01,740 --> 00:02:04,840 So don't worry about what that is at the moment. 30 00:02:04,920 --> 00:02:08,100 So here we are this is the main thing that you need to interact with. 31 00:02:08,190 --> 00:02:13,890 And I'm going to show you five different ways of setting up traps these traps that are also called tokens 32 00:02:13,890 --> 00:02:15,660 or canary tokens. 33 00:02:15,660 --> 00:02:17,280 We're going to keep it simple. 34 00:02:17,310 --> 00:02:19,440 The early stages of this course. 35 00:02:19,470 --> 00:02:21,900 So first thing we do is really to put in an e-mail address. 36 00:02:21,900 --> 00:02:26,620 Now this is the e-mail address which you want to get send alerts to. 37 00:02:26,850 --> 00:02:29,210 So this needs to be an e-mail address that you monitor. 38 00:02:29,370 --> 00:02:34,530 I like the e-mail address that you have on your phone or something so that you get notified immediately 39 00:02:34,530 --> 00:02:38,130 when there's a security problem you don't want to set up a secondary e-mail address that you never look 40 00:02:38,130 --> 00:02:41,170 at as pointless as be an e-mail address that you monitor. 41 00:02:41,220 --> 00:02:44,720 Even if you set up a new e-mail address as long as it's one that you monitor. 42 00:02:44,730 --> 00:02:46,140 So let me put one in here. 43 00:02:48,410 --> 00:02:53,340 So that's the e-mail address I want to get sent alerts to and then I need to put in here some sort of 44 00:02:53,340 --> 00:02:58,370 comment that lets me know which token which trap has been triggered. 45 00:02:58,470 --> 00:03:03,380 So I'm going to put Word document in a password folder on the laptop. 46 00:03:03,450 --> 00:03:05,990 That's going to make more sense in a second. 47 00:03:06,000 --> 00:03:08,700 Ignore all this for now just have a DNS and hates it. 48 00:03:08,710 --> 00:03:12,120 Yes and generate token. 49 00:03:12,220 --> 00:03:20,280 And if we go down here the first one that I want you to look at is the M-S word token or trap. 50 00:03:20,290 --> 00:03:26,250 So what this has done is this has generated a unique word document for you that we can download. 51 00:03:26,260 --> 00:03:27,670 I'll give you a demo of it. 52 00:03:27,750 --> 00:03:29,310 It will download that now. 53 00:03:30,190 --> 00:03:34,910 And if you see this here this is the Word document that we've just downloaded. 54 00:03:34,930 --> 00:03:42,270 Now if I click on that and that's just opened up there you see what little time is going on there in 55 00:03:42,270 --> 00:03:43,210 the background. 56 00:03:44,270 --> 00:03:46,970 And you see there we've been alerted. 57 00:03:47,160 --> 00:03:54,060 Now any time anyone opens this document you're going to get alerted is a little trap and this little 58 00:03:54,060 --> 00:03:56,340 trap should work on most operating systems. 59 00:03:56,340 --> 00:03:57,640 Most versions of Word. 60 00:03:57,720 --> 00:04:02,600 There's no 100 percent guarantee that it's going to work on every system and with every version of Word. 61 00:04:02,670 --> 00:04:06,860 So if it doesn't work for you then try one of the other tokens that I'm going to show you in a second. 62 00:04:06,870 --> 00:04:09,970 Let me close that and create another example here. 63 00:04:10,110 --> 00:04:12,460 You can change the filename of this document by the way. 64 00:04:12,480 --> 00:04:16,420 Anything that you like make in time step is on to click on. 65 00:04:16,560 --> 00:04:17,900 I opened this one a second 66 00:04:20,550 --> 00:04:26,210 just opened this fully now and this one I put valuable and juicy information in it. 67 00:04:26,240 --> 00:04:34,050 The hacker or other type of threat would be interested in finding Pay-Pal usernames and passwords stock 68 00:04:34,110 --> 00:04:41,220 trading information social media accounts etc. etc. those are the sort of things the threat is going 69 00:04:41,220 --> 00:04:42,570 to be searching for. 70 00:04:42,630 --> 00:04:48,720 If he's on your laptop your device your phone with your e-mail is going to be searching for key words. 71 00:04:49,060 --> 00:04:54,210 And if you want an idea of the sort of things that you want to put in these traps and I put some examples 72 00:04:54,210 --> 00:04:59,260 here we can say personal information financial information file hosting accounts. 73 00:04:59,340 --> 00:05:03,910 And if we go further down here I provide an example file and we just copy this. 74 00:05:03,930 --> 00:05:09,300 We can use it as just an example the sort of information you can see social security numbers credit 75 00:05:09,300 --> 00:05:12,430 card details have put them in the right sorts of formats. 76 00:05:12,630 --> 00:05:14,460 Bitcoin wallet IDs. 77 00:05:14,610 --> 00:05:15,670 You get the idea. 78 00:05:16,890 --> 00:05:23,250 So we can imagine now a hacker was snooping around in an area that we specifically put aside just for 79 00:05:23,250 --> 00:05:26,650 the hackers to find and we've put in that word document. 80 00:05:26,850 --> 00:05:32,490 And he has now clicked on it and this is the alert we get so we know he's snooping around and we know 81 00:05:32,490 --> 00:05:37,860 he's sniffing around we know what he's doing because we set up that comment there and if we click here 82 00:05:38,700 --> 00:05:41,040 we can look to see where he's come from. 83 00:05:41,040 --> 00:05:47,930 We can track him down and it provides further information on how he triggered the alert. 84 00:05:47,940 --> 00:05:50,970 But what is important is that you react to the alert. 85 00:05:51,170 --> 00:05:56,330 And later during the course we're going to talk more about response and recovery strategies as you get 86 00:05:56,330 --> 00:05:58,450 through to the more advanced sections. 87 00:05:58,730 --> 00:06:05,000 And if you look at the second type of token that we can create or trap a PTF so we can download this 88 00:06:05,000 --> 00:06:09,220 PTF version and it works pretty much exactly the same as the Word document. 89 00:06:09,380 --> 00:06:19,740 We opened this PTF document and we will get alerted that someone has opened it and boom there we go. 90 00:06:19,940 --> 00:06:22,160 I know there are PTF trap. 91 00:06:22,340 --> 00:06:28,220 So I think you get any idea and so you want to sprinkle as many of these tokens these traps throughout 92 00:06:28,250 --> 00:06:34,010 your laptop your phone or tablet in your e-mail on your online accounts. 93 00:06:34,010 --> 00:06:39,320 So for example you could put it in your Dropbox and maybe the staff at Dropbox are looking through your 94 00:06:39,350 --> 00:06:40,340 documents. 95 00:06:40,340 --> 00:06:42,010 They open the Word document boom. 96 00:06:42,050 --> 00:06:43,860 You know someone snooping in there. 97 00:06:44,030 --> 00:06:49,640 And as I say they need to be interesting enticing and valuable and he can get that sort of information 98 00:06:49,640 --> 00:06:50,870 from here. 99 00:06:50,870 --> 00:06:56,460 Now let me show you another sneaky way of setting up a trap fake e-mail of passwords. 100 00:06:56,480 --> 00:07:03,650 Number one oh by the way if you put it on that one you'll get more information in the alert about who 101 00:07:03,650 --> 00:07:04,640 the hacker was. 102 00:07:04,730 --> 00:07:09,040 With this type of traveling about set up now so choose that one. 103 00:07:09,050 --> 00:07:15,950 So generate if you pop down here we're going to go to Web books and we're going to use two Web books 104 00:07:15,950 --> 00:07:16,710 here. 105 00:07:16,980 --> 00:07:19,650 Let's just grab that you are real. 106 00:07:19,730 --> 00:07:21,400 So there is a clickable link. 107 00:07:21,460 --> 00:07:24,440 If the hacker clicks on you're going to be alerted. 108 00:07:25,450 --> 00:07:27,840 Let's open up our e-mail here. 109 00:07:27,960 --> 00:07:28,940 Right. 110 00:07:28,960 --> 00:07:31,150 Let's just pop that in there for now. 111 00:07:31,320 --> 00:07:34,380 Then we're going to send this to our self. 112 00:07:34,540 --> 00:07:39,730 We could send it from a different account but all that matters is that the two e-mail addresses the 113 00:07:39,730 --> 00:07:44,590 account that you're wanting to be monitored you wanting to know if a hacker is in there we need to create 114 00:07:44,590 --> 00:07:46,810 an enticing subject so 115 00:07:49,580 --> 00:07:51,230 and then just as an example. 116 00:07:51,340 --> 00:07:57,290 But this one I'm going to go here and I'm going to copy all of this stuff here into this e-mail 117 00:08:02,440 --> 00:08:07,880 obviously you're going to put your own sort of information in here and things related to you know I've 118 00:08:07,930 --> 00:08:10,620 just taken that link there. 119 00:08:11,450 --> 00:08:14,240 Now putting that link here. 120 00:08:17,020 --> 00:08:18,990 I can actually change this to anything I want. 121 00:08:18,990 --> 00:08:27,370 After this here can change this to whatever I want so I can put log in if I want to him now and see 122 00:08:27,370 --> 00:08:33,570 what I'm doing is I'm creating an enticement here by private files or back I put everything username 123 00:08:33,580 --> 00:08:34,900 and password. 124 00:08:34,900 --> 00:08:39,520 So if the person opens his email and then clicks on this link it will trigger the alert. 125 00:08:39,670 --> 00:08:42,800 Will get you something even more tricky here. 126 00:08:42,910 --> 00:08:47,030 We want to definitely catch this hacker within Thunderbird. 127 00:08:47,110 --> 00:08:52,030 There is a feature by which you can insert a link to an image. 128 00:08:52,030 --> 00:08:56,190 Now we don't want to attack an image we want to insert a link to an image. 129 00:08:56,220 --> 00:09:01,700 So if you're going to insert an image and we own click this. 130 00:09:01,760 --> 00:09:03,720 We don't want to attach. 131 00:09:03,720 --> 00:09:11,970 We go on there and then we can put image gif and see we're already alerted. 132 00:09:12,070 --> 00:09:20,140 That's our quick services and we do not want to use any alternative text out there and you'll see you 133 00:09:20,140 --> 00:09:25,000 can't see the image because that is a one by one pixel invisible gif. 134 00:09:25,000 --> 00:09:28,570 Now let me show you how this works so when can send that to ourselves. 135 00:09:32,420 --> 00:09:33,370 So there we go. 136 00:09:33,370 --> 00:09:36,370 That's our little trap there that we can choose to open it. 137 00:09:36,370 --> 00:09:42,640 Leave it as an open e-mail or we can leave it as an open e-mail but no matter what if someone's in e-mail 138 00:09:42,670 --> 00:09:46,560 and they're searching for whatever it is that they want to be searching for maybe they're interested 139 00:09:46,560 --> 00:09:48,110 in PayPal accounts. 140 00:09:48,340 --> 00:09:48,960 Well there we go. 141 00:09:48,960 --> 00:09:54,730 That comes up searching for bank information credit card information that's going to come up and all 142 00:09:54,730 --> 00:09:57,440 they need to do is just open it. 143 00:09:57,530 --> 00:10:01,310 They want me to click on a link to them. 144 00:10:01,330 --> 00:10:03,200 No they're poking around in there. 145 00:10:03,260 --> 00:10:08,710 So let's say that doesn't work for whatever reason it should then there's still things like that to 146 00:10:08,710 --> 00:10:12,630 entice them like on that boom caught him again. 147 00:10:12,640 --> 00:10:17,370 Now in order for us to have inserted that image I went on this insert image. 148 00:10:17,410 --> 00:10:22,150 Now you may not have this functionality available in the e-mail client that you use. 149 00:10:22,210 --> 00:10:25,720 It may not even be available to do this but it doesn't matter. 150 00:10:25,720 --> 00:10:28,750 You can still download Thunderbird if you like. 151 00:10:28,780 --> 00:10:29,650 It's FREE. 152 00:10:29,710 --> 00:10:36,190 And just send an e-mail or e-mails using Thunderbird just for this one task if you can't work out how 153 00:10:36,190 --> 00:10:40,010 to embed that invisible web book into your email. 154 00:10:40,510 --> 00:10:45,490 So as I said you want to sprinkle these tokens throughout your laptop on your laptop phone tablet in 155 00:10:45,490 --> 00:10:49,210 your e-mail in your accounts make them enticing make them valuable. 156 00:10:49,210 --> 00:10:55,250 And then when you get an alert respond to that and respond in the ways I recommend throughout this course. 157 00:10:55,390 --> 00:11:00,110 Changing your password and all this sort of thing is disconnecting from the network. 158 00:11:00,400 --> 00:11:03,090 So there you go that's your security quick win. 159 00:11:03,130 --> 00:11:05,260 Go ahead and set those up right now. 160 00:11:05,440 --> 00:11:07,690 You will have after you set this up. 161 00:11:07,750 --> 00:11:11,610 Better security detection capabilities than most companies do. 162 00:11:11,620 --> 00:11:16,960 You might not believe that if you're not in the security industry but that is a sad and true analysis 163 00:11:16,990 --> 00:11:20,510 of the state of most organizations detection capabilities. 164 00:11:20,510 --> 00:11:21,720 Just think of Edward Snowden. 165 00:11:21,760 --> 00:11:27,050 He was poking around in the NSA for months as an insider threat and nothing like this. 166 00:11:27,130 --> 00:11:28,500 Alerted the NSA. 167 00:11:28,600 --> 00:11:29,550 Pretty crazy. 168 00:11:29,740 --> 00:11:34,020 Later on in the course we will discuss canary tokens a more advanced level. 169 00:11:34,060 --> 00:11:38,920 When you get there you'll understand more about how they work and will understand about the importance 170 00:11:38,920 --> 00:11:45,250 of detection controls which these are versus preventative controls which are used to stop a hacker getting 171 00:11:45,250 --> 00:11:46,420 in in the first place. 172 00:11:46,450 --> 00:11:48,520 The preventative controls are very important. 173 00:11:48,520 --> 00:11:50,260 We use a defense in depth approach. 174 00:11:50,260 --> 00:11:51,580 All of which we're going to go into. 175 00:11:51,610 --> 00:11:53,640 So that was form. 176 00:11:53,740 --> 00:11:59,130 Now let's dig into the theory and the basics and start our journey into cybersecurity. 17985