Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 0 1 00:00:01,050 --> 00:00:05,640 Welcome to the general definition section. In this section, we'll go over some of the most common terms 1 2 00:00:05,640 --> 00:00:06,570 used in cyber security. 2 3 00:00:06,960 --> 00:00:07,780 So let's dive in. 3 4 00:00:09,240 --> 00:00:12,540 First off, we have infosec or information security. 4 5 00:00:13,200 --> 00:00:15,490 InfoSec is the practice of protecting information. 5 6 00:00:16,020 --> 00:00:21,690 This usually involves protecting or at least reducing the risk of unauthorized access, disclosure, 6 7 00:00:21,720 --> 00:00:26,970 modification, corruption or deletion of information. To make it more concrete 7 8 00:00:27,000 --> 00:00:29,540 let's think of a few examples where infosec would be needed. 8 9 00:00:30,210 --> 00:00:33,660 First off, think of an application that contains your medical records. 9 10 00:00:34,380 --> 00:00:40,080 Only you and your doctor should be able to see those medical records, so your data should be protected 10 11 00:00:40,080 --> 00:00:41,400 against unauthorized access. 11 12 00:00:41,940 --> 00:00:47,770 Another example would be your private messages and emails. We would definitely not want them to be leaked 12 13 00:00:47,820 --> 00:00:48,960 publicly on the Internet. 13 14 00:00:49,680 --> 00:00:51,930 And finally, think of your bank account. 14 15 00:00:52,260 --> 00:00:56,810 That account should be protected against modification, corruption or deletion. 15 16 00:00:57,840 --> 00:01:02,400 You wouldn't want to wake up with less money in your account or without an account altogether. 16 17 00:01:03,470 --> 00:01:09,700 Next, we have cyber security, also known as computer security or information technology security. 17 18 00:01:10,370 --> 00:01:16,230 Cybersecurity is part of infosec and is the practice of protecting I.T. systems against digital attacks. 18 19 00:01:16,910 --> 00:01:22,880 It basically means protecting computers, servers, mobile devices, electronic systems, networks and 19 20 00:01:22,880 --> 00:01:24,320 data from malicious attacks. 20 21 00:01:24,770 --> 00:01:30,740 These attacks can have as purpose the theft or damage of electronic data, such as personal data as 21 22 00:01:30,740 --> 00:01:32,600 well as software and hardware. 22 23 00:01:33,000 --> 00:01:39,200 Other common purposes are to disrupt and/or misdirect the services provided by I.T. systems. 23 24 00:01:39,650 --> 00:01:43,910 For example, attackers can target the bank and make online banking unavailable. 24 25 00:01:44,000 --> 00:01:49,310 Or, in another scenario, an attacker would misdirect us to a malicious website where we would be tricked 25 26 00:01:49,310 --> 00:01:53,780 into giving our credit details to hackers. In the previous slide 26 27 00:01:53,810 --> 00:01:59,960 we learned that cybersecurity means protecting components such as data, software, and hardware that 27 28 00:01:59,960 --> 00:02:02,270 support information related activities. 28 29 00:02:02,660 --> 00:02:05,630 In infosec, such a component is called an asset. 29 30 00:02:06,230 --> 00:02:10,430 Assets can be devices such as a PC, a server or a smartphone. 30 31 00:02:10,970 --> 00:02:17,000 Assets can also be software, for example, a website, an online shop, an online banking app, a car 31 32 00:02:17,000 --> 00:02:22,460 infotainment system, an operating system such as Windows, Linux, or MacOS, or just a regular application. 32 33 00:02:23,300 --> 00:02:29,270 Finally, assets can also be information such as a database with customer information, emails, personal 33 34 00:02:29,270 --> 00:02:30,370 messages and so on. 34 35 00:02:31,160 --> 00:02:34,880 Now that we learn what an asset is, let's have a look at vulnerability. 35 36 00:02:35,450 --> 00:02:38,000 A vulnerability is a weakness in an asset. 36 37 00:02:38,660 --> 00:02:43,580 Usually, an attacker uses one or more vulnerabilities to commit their attack. 37 38 00:02:44,000 --> 00:02:50,960 Some common vulnerability examples are using outdated software and libraries, bugs, and miss configurations 38 39 00:02:50,960 --> 00:02:52,020 of I.T. systems. 39 40 00:02:52,910 --> 00:02:55,550 Next, term is threat. In computer security 40 41 00:02:55,760 --> 00:03:01,160 a threat is the potential negative action or event caused by exploiting a vulnerability. 41 42 00:03:01,820 --> 00:03:04,490 Threats can be intentional or unintentional. 42 43 00:03:05,480 --> 00:03:12,350 A few examples of intentional threats are malware, phishing, hackers, or even an employee that is 43 44 00:03:12,350 --> 00:03:15,440 angry with the company. For unintentional threats 44 45 00:03:15,470 --> 00:03:21,500 some examples would be natural events such as an earthquake, a flood, or a hurricane, or a technical 45 46 00:03:21,500 --> 00:03:24,130 failure such as a hardware or software failure. 46 47 00:03:25,200 --> 00:03:32,010 Another term commonly used is attack. An attack is a deliberate assault on an I.T. system with malicious 47 48 00:03:32,010 --> 00:03:36,420 purpose. You might see some similarities between a threat and an attack. 48 49 00:03:36,450 --> 00:03:37,410 So let's compare them. 49 50 00:03:38,610 --> 00:03:43,920 An attack is a deliberate action against the target with the intention of doing harm, while a threat 50 51 00:03:43,920 --> 00:03:46,320 is the potential for the occurrence of an attack. 51 52 00:03:47,250 --> 00:03:50,910 Since an attack is a deliberate action, it's always intentional, 52 53 00:03:51,060 --> 00:03:54,360 while a threat can be intentional or unintentional. 53 54 00:03:55,170 --> 00:04:00,180 Last but not least, an attack is an attempt to cause damage, while a threat has the potential to cause 54 55 00:04:00,180 --> 00:04:00,600 damage. 55 56 00:04:01,970 --> 00:04:07,550 The final term that we'll discuss in this section is IT risk. IT risk is the potential that a given 56 57 00:04:07,550 --> 00:04:11,130 threat will exploit vulnerabilities of an asset and cause harm. 57 58 00:04:12,020 --> 00:04:18,440 The risk is basically a combination of impact and likelihood. To better understand the risk, 58 59 00:04:18,740 --> 00:04:22,240 let's have a look at an IT risk matrix. On the horizontal axis 59 60 00:04:22,250 --> 00:04:28,550 we have the impact which goes from negligible, on the left side, to severe, on the right side. 60 61 00:04:29,540 --> 00:04:35,930 On the vertical axis, we have likelihood, going from very unlikely at the bottom, to very lightly at 61 62 00:04:35,930 --> 00:04:36,320 the top. 62 63 00:04:37,250 --> 00:04:41,250 Let's take two scenarios to better understand risk. In the first scenario. 63 64 00:04:41,270 --> 00:04:44,450 we have a website which is hosted on multiple data centers, 64 65 00:04:44,870 --> 00:04:50,420 and for one of the data centers, there is a very small chance that an earthquake can happen in that 65 66 00:04:50,420 --> 00:04:50,690 area. 66 67 00:04:50,840 --> 00:04:54,080 Because of that, the likelihood of the threat is very unlikely. 67 68 00:04:54,110 --> 00:04:58,700 And since the website is hosted on multiple data centers, the impact is negligible. 68 69 00:04:59,210 --> 00:05:02,840 Even if one of the datacenter goes down, the website will still work. 69 70 00:05:03,560 --> 00:05:06,050 Based on the information, the risk is very low. 70 71 00:05:07,610 --> 00:05:13,130 For the second scenario, let's think of an online shop, due to a bug, when you log in on the online shop, you 71 72 00:05:13,130 --> 00:05:16,910 have the rights of an admin and you can access data from other customers. 72 73 00:05:17,970 --> 00:05:23,760 In this case, likelihood is very likely because all users have admin rights and the impact is severe, 73 74 00:05:23,760 --> 00:05:27,390 because everyone can access data of other customers. 74 75 00:05:27,960 --> 00:05:34,040 This results in a critical risk. Now that we have knowledge of the terms used in cybersecurity, 75 76 00:05:34,380 --> 00:05:36,750 let's use what we learned in a couple of examples. 76 77 00:05:37,560 --> 00:05:42,750 In the first scenario, we have an online shop which contains private information such as contact details 77 78 00:05:42,750 --> 00:05:48,540 of customers. Besides that we have Alice, the owner of the online shop who uses insecure credentials, 78 79 00:05:48,630 --> 00:05:51,270 such as admin, admin for username and password. 79 80 00:05:52,110 --> 00:05:58,200 And finally, we have Eve, the hacker, who tries to obtain private information using combinations of commonly 80 81 00:05:58,200 --> 00:06:02,660 known credentials. Let's map the terms used to date to this scenario. 81 82 00:06:03,510 --> 00:06:06,420 First, we have the online shop, which is an asset. 82 83 00:06:07,710 --> 00:06:11,980 The database containing the details of the customers can also be considered an asset. 83 84 00:06:13,120 --> 00:06:18,940 Then we have the vulnerability, which in this case is the use of insecure credentials. 84 85 00:06:20,100 --> 00:06:26,520 Next, the threat, which in this case is information disclosure by exploiting the vulnerability and 85 86 00:06:26,520 --> 00:06:32,430 then, we have the attack, which in this case is Eve's attempt to log in as administrator using common, 86 87 00:06:32,430 --> 00:06:34,200 insecure credential combinations. 87 88 00:06:34,830 --> 00:06:36,480 Finally, we have the risk. 88 89 00:06:37,400 --> 00:06:43,090 As we discussed, risk is a combination of likelihood and impact. In this case, the likelihood is likely, 89 90 00:06:43,100 --> 00:06:47,870 since this is a simple attack, and the impact is severe, because private information would be leaked to 90 91 00:06:47,870 --> 00:06:48,600 Eve, the hacker. 91 92 00:06:49,400 --> 00:06:51,170 This results in a critical risk. 92 93 00:06:52,620 --> 00:06:58,080 In our second scenario, we again have an online shop which contains private information such as contact 93 94 00:06:58,080 --> 00:06:59,300 details of customers. 94 95 00:06:59,310 --> 00:07:02,910 In this case, the online shop is hosted on an unpatched server. 95 96 00:07:03,730 --> 00:07:07,830 Besides that, we have Bob, a regular user, just buying stuff online. 96 97 00:07:08,900 --> 00:07:14,570 On the other side, we have again, if the hacker who tries to obtain confidential information using 97 98 00:07:14,570 --> 00:07:16,490 vulnerabilities from the unpatched server. 98 99 00:07:17,450 --> 00:07:23,690 This may seem a bit abstract, so let's see a more concrete example. Let me introduce Heartbleed. 99 100 00:07:24,770 --> 00:07:28,030 Heartbleed was a bug in the open SSL library, in the Heartbeat implementation. 100 101 00:07:28,640 --> 00:07:34,200 The Heartbeat is used to check that the connection between the server and the client is still active. 101 102 00:07:34,250 --> 00:07:35,510 Due to improper input validation, 102 103 00:07:35,750 --> 00:07:39,480 this bug could result in leaking confidential information from the server. 103 104 00:07:40,310 --> 00:07:46,070 The bug was first introduced in 2012 but was only detected in April 2014. 104 105 00:07:46,370 --> 00:07:51,650 As of July 2019, over 90000 devices who are still vulnerable to Heartbleed. 105 106 00:07:53,170 --> 00:07:59,500 To better understand this, we have here an oversimplified example of how hard it works and how hard 106 107 00:07:59,630 --> 00:08:00,090 it works. 107 108 00:08:01,460 --> 00:08:06,170 From time to time, the client wants to check that the connection with the server is still open and 108 109 00:08:06,170 --> 00:08:11,750 will send the message to the server and wait for a reply. On the left, we have the normal usage in which 109 110 00:08:11,750 --> 00:08:15,200 the client would say something like: "Hey, server, are you still there? 110 111 00:08:15,710 --> 00:08:18,170 Send me this three letter word back if you are there." 111 112 00:08:18,470 --> 00:08:24,680 And then it would give a three-letter word such as "Cat", then the server would reply with the message "Cat". 112 113 00:08:24,680 --> 00:08:28,330 Now, the client knows that the connection with the server is still open. 113 114 00:08:29,720 --> 00:08:35,740 On the right, we have the malicious usage using the Heartbleed bug. Similarly to the normal usage, 114 115 00:08:35,960 --> 00:08:38,660 the malicious client would send a message to the server. 115 116 00:08:39,380 --> 00:08:42,950 The client would say something like: "Hey, server, are still there? 116 117 00:08:43,250 --> 00:08:46,910 Send me this 128 letter word back if you are there." 117 118 00:08:47,330 --> 00:08:52,670 And then it would just send a three letter word such as "Cat". Due to improper input validation 118 119 00:08:52,880 --> 00:08:58,880 the server would send back the three letter word, followed by 128 letters filled with whatever else 119 120 00:08:58,910 --> 00:09:00,020 is after that word 120 121 00:09:00,020 --> 00:09:05,090 in the memory of the server. The malicious client could get an answer such as cat, followed by some 121 122 00:09:05,090 --> 00:09:10,580 secret key stored on the server, or confidential information about users such as their credentials, or 122 123 00:09:10,580 --> 00:09:11,540 personal details. 123 124 00:09:13,150 --> 00:09:17,370 Now that we have a concrete example with Heartbleed, we will update the second scenario. 124 125 00:09:17,950 --> 00:09:22,750 So we have an online shop which is using OpenSSL version 1.0.1 125 126 00:09:22,750 --> 00:09:26,610 This version of Open SSL is vulnerable to Heartbleed. 126 127 00:09:27,370 --> 00:09:32,890 As we discussed previously, the online shop contains private information such as details of customers. 127 128 00:09:33,520 --> 00:09:38,170 Besides that, on the left side, we have Bob, a regular user, just buying stuff online. 128 129 00:09:38,770 --> 00:09:44,470 And on the right side, we have Eve, the hacker, who tries to obtain confidential information by exploiting 129 130 00:09:44,470 --> 00:09:45,010 Heartbleed. 130 131 00:09:45,580 --> 00:09:48,580 Once again, let's map the terms learned today to the scenario. 131 132 00:09:49,480 --> 00:09:55,370 First, we have the online shop, which is an asset. The database containing the details of the customer 132 133 00:09:55,430 --> 00:09:56,330 is also an asset. 133 134 00:09:57,070 --> 00:09:57,760 Next, let's see 134 135 00:09:57,760 --> 00:10:02,380 the vulnerability. In this case, is the usage of OpenSSL version 1.0.1 135 136 00:10:02,380 --> 00:10:02,820 . 136 137 00:10:03,340 --> 00:10:08,800 Then, we have the threat, which is again, information disclosure, by exploiting the vulnerability, in 137 138 00:10:08,800 --> 00:10:09,850 this case, Heartbleed. 138 139 00:10:11,060 --> 00:10:16,550 Now, let's have a look at the attack, which in this case is Eve's attempt to obtain confidential information 139 140 00:10:16,550 --> 00:10:18,450 using Heartbleed. 140 141 00:10:18,800 --> 00:10:20,060 Finally, we'll have a look at the risk. 141 142 00:10:20,510 --> 00:10:22,620 Again, we will have a look first 142 143 00:10:22,620 --> 00:10:24,390 at the likelihood, then the impact. 143 144 00:10:24,410 --> 00:10:26,240 Finally, we will calculate the risk. 144 145 00:10:27,230 --> 00:10:32,720 In this case, the likelihood is likely, since this is a relatively simple attack and the impact is severe, 145 146 00:10:32,720 --> 00:10:37,550 because private information would be leaked to Eve, the hacker. Because of this, we have a critical risk. 146 147 00:10:39,020 --> 00:10:46,190 To recap, in this section, we learned the definitions of infosec, cybersecurity, asset, vulnerability, 147 148 00:10:46,610 --> 00:10:51,410 threat, attack, IT risk, and how to map these terms to scenarios. 148 149 00:10:52,190 --> 00:10:53,780 With that, we conclude this section. 149 150 00:10:53,930 --> 00:10:56,390 If you have any questions, don't hesitate to ask us. 150 151 00:10:56,510 --> 00:10:58,100 See you soon in the next section. 16880