Cyber Security Introduction

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

welcome back to another class here in silicon dojo in asheville uh if you are new to the classes that i am currently doing here on youtube basically what this is is every week i do a presentation uh here live at our offices here in asheville north carolina and then the day after i essentially get in front of the camera and redo the entire presentation so the way that i think of these particular classes is imagine this as basically the director's cut of the class that i had last night so the reason that i do this is as i've said many times before i feel that putting a camera into a room uh not only does something go into the camera your video and your audio and all of that but something also comes out from the other side i don't i don't want the the people that are coming here to my classes to have to worry about whatever demons it is that that crawl out of the camera so anyways today the class that we're going to be doing is a cyber security introduction class i did this class last night uh and i think it went over uh relatively well uh a couple of things just so you all know if you're watching this you know you know in the timeline when these these videos are coming out approximately when they are coming out something for you to know is that i am happy to say we are going to be moving to a different office so if you are remote if you are watching these videos from somewhere else in the world and one of the things that you complain about is the echo the echo the audio quality of these classes is not up to par i expect better out of free technology classes well well hopefully on monday i am actually going to be moving to our new office space i got an office space about twice the size of what we currently have so that we can actually start doing the in-person hands-on labs like i've been wanting to do the good part about the office that we're going to is it has carpet carpet it's an amazing thing i don't know what it is with like the new generations like the millennials and the kinseys and all the folks pretending to be millennials and gen z's they really like cement floors and fake hardwood floors and to be honest with you as a professional i don't understand why it does it it makes voices echo it makes everything louder because basically there's no material to suck up the sound i have to say i'm just gonna put this on the table i really really really like carpet any place i'm gonna be doing silicon dojo anywhere then other than areas where there's gonna be soldering or any kind of power tools or anything i do have to say we are going to have carpet carpet's a good thing i'm just saying so anyways the new place that we're going to be going to we'll have carpet the important thing for you folks at home is that means then there will not be so so much echo hopefully the sound quality will be better also we won't be on the bikes beside the main road like we currently are so hopefully we won't hear fire trucks and all that kind of stuff going into the future the other thing also topically just you all know at home really excited about i think we may be closing our first sponsor again with silicon dojo the concept here is free to the end user technology education what if i could do what i did on youtube in the real world provide high quality education actually in a physical environment and it looks like we might actually be getting our first sponsor which that is a hell of a milestone but anyways that's what's going on topically most you people probably don't work don't don't care about this and even if you do you're probably watching this in like 2025 or something and so this is all so old so anyways let's get to the class so the class we're going to go you're doing today is a cyber security introduction so cyber security is a very important topic in the modern world and i know this is going to surprise you it's got to be shocking for anybody that's watched me for any amount of time but i actually feel the way that cyber security is talked about is is kind of foolish stupid what's a family-friendly way of saying idiotic uh tiger security is talked about a lot of the modern world the word cyber security is thrown around the problem that i see is is i don't think people are really thinking about what cyber security actually is properly uh and that's that's what's causing a lot of issues for a lot of folks i think if you rethink about how you consider cyber security and consider how you're going to be dealing with cyber security i think it will solve a lot of problems for you as a professional uh now one of the things i say i do these trigger warnings at the beginning of my classes and one of the warnings that i will give is nope still don't care so i started doing this type of particular trigger warning when i did the hacking class uh last week and basically one of the things whenever you talk about hacking whenever you talk about cyber security whenever you talk about water anymore it gets political all of a sudden everybody has so many opinions so many opinions i'm old enough i am old enough to remember when people did not have nearly so many opinions the important thing to understand when i talk about cyber security when i talk about hacking when i talk about a lot of the things that i'm talking about is i don't care about the opinions right again from a director's note doing these types of classes one of the issues you get into the modern world is talking about cyber security is difficult talking about python is difficult talking about parsing is difficult and so the thing is right if if you have one subject area that's difficult and another subject area like politics that's easy the problem is is you start having a class full of people all arguing about the easy thing to argue about which absolutely sucks especially when you're doing live classes some of the things i've told my people when they come into the class again and again and again and again is the only thing i care the only times i care about the color red or the color blue is basically when you're using leds in order to create a dashboard and you're trying to figure out what color you should use in order to alert the user otherwise i don't i don't care about this stuff again i'm just i'm just not getting into the politics and all that so if you have issues anyways you can you can scream at the screen hey i mean i do have to say that right like my people when they're here i have to worry about it because i don't want a stupid little argument session in my classroom but you know you're at home so yeah i guess feel free to scream at the scream at your lcd screen all you want just realize i don't i don't really care so as i tell my my people is feel free at the end of the class to go and grab some hot cocoa and argue about this crap all of you all all that you want i'm gonna go home and drink some bedtime tea and go to bed with my wife uh the other awarding that i will give you i think this is an important thing uh to start talking about in the modern world beginning of politics and all that kind of stuff is just what your bias is where are you coming from one of the reasons that i irritate a lot of viewers and sometimes a lot of students is because my viewpoint is actually very different from a lot of other people's viewpoints my lived is shockingly different than most people's lived experience so when i come to these types of classes i come to this with a certain background with donald duck in the army again remember i started in technology in the us army i was willing to grab a weapon i don't know protect freedom or whatever the hell it was i was supposed to do so a lot of the times when i talk about security when i talk about hacking when i talk about a lot about these things do remember my my my first understanding of technology was literally in the us army and they beat a lot of frankly quite good information into my head so when i talk about things like cyber security and all that uh yes i i am siding on the the security point of view for a lot of these things the other thing to remember from the bio standpoint again i come at this from an organization leader a business owner somebody who has had employees and i don't know if i should say hopefully we'll have employees again to say hopefully we'll have employees again is completely incorrect hopefully silicon dojo will grow to the point that i will be required to have employees that's a much better statement so anyways when i talk about things like cyber security the fact of the matter is i'm coming at this from the the business owner the manager's point of view to make clear there's not a really right or wrong bias on some of these things but it is important to understand where your instructor is coming from and so i'm coming from a well this sounds really horrible hey militaristic capitalist bent you know it sounds a lot better until you put it that way but anyways that's just how it goes so you understand uh now one of the interesting things that i find whenever we start talking about cyber security is the reality is is if most companies if most administrators followed basic cyber security practices we would have very few issues in the modern world when you see these ransomware attacks when you see these spearfishing attacks when you see so many of the attacks that are currently occurring it's it's because many administrators are grossly negligent i was going to put that one out there too if administrators actually did the job that they were paid for a lot of these issues would go away and i think one of the interesting things is literally right before i did this class i went to the fbi went to their whole cyber security bulletin board and they actually have some very good advice for protecting your systems and here's going to be the shocker you don't need a master's degree to follow any of this advice but if people actually followed this advice we'd have a lot fewer problems make sure to keep your firewalls turned on so especially with your servers and all that type of thing here's the thing people cannot do a brute force ssh attack or brute force rdp attack if those particular ports are not open on your server shocking how that is install install or update your anti-virus i've seen this in the real world especially even with businesses or larger organizations where they buy antivirus software they have a consultant that buys antivirus software for them obviously you you get the antivirus software plus you get one two three years of updates either for free or you pay for it when you initially buy it you don't know how many businesses and organizations that i walked into where they had anti-virus installed it just hadn't been updated in two years right just make sure all the antivirus and everything is actually installed and updated uh install or update your anti-spyware technology sadly anti-spyware and anti-virus offers many different times different things even though that's stupid on its own the reality is it's still a good device keep your operating system of today here here's one of the things right look we can complain about microsoft for so many reasons microsoft does so much stupid crap we could sit here with a couple of kegs of beer and we could complain about microsoft and even after the kegs of beer were all drunk we could still keep complaining about microsoft microsoft does a lot of stupid stuff the reality though is they're not actually necessarily as bad as we want to make them out to be a lot of times problems with microsoft operating systems microsoft has found out about those problems microsoft has has created patches for those problems but people simply have not installed the patches for the problems on their computers again if you get hit by what's it called a zero day attack a zero day attack is an attack that nobody knew existed until it was let loose in the wild right you get hit with a zero day attack again i'd go scream at microsoft about that one but a lot of things viruses worms all that kind of stuff many times microsoft knew that there was a problem they fixed the problem they put the pack out for the problem a year ago and the administrator didn't bother around to actually install the patch onto the server server gets compromised everything it goes to hell uh so make sure to just update your your operating systems uh be careful of what you download again especially with like employees an important thing to be thinking about let's say you have somebody in your marketing department and many people in your marketing department have adobe creative suite so adobe creative suite premiere illustrator photoshop the whole nine yards now for whatever reason this is a junior level person uh in your department and so you don't want to spend fifteen hundred dollars for it for a software suite for this junior level person they are there to get coffee not to create billboards or whatever else well here's the thing ah they feel sad they feel left out well if the company's not gonna buy them adobe creative suite they just gotta go to pirate bay and download it themselves and then they download you know adobe from pirate bay this creates a lot of its own legal issues on its own but what they don't understand because they are junior level people that haven't really been in the real world is not only did they install the adobe creative suite but they installed a lot of add-ons the folks over at pirate bay were so kind to give numerous add-ons to the adobe creative suite and you know remote access tools and god knows what else is in there so be careful what you download especially on company systems um and then turn your computer off i actually think this is interesting and this is actually directly coming from the fbi so this is this is not advice we have given for a while so it used to be turn your computer off at the end of the day and then for a long time it was never turn a computer off now the fbi is actually recommending that you do turn your computer off uh the reason being is with high-speed internet services uh when you have a computer and it's turned on but you walk away from it if it has been compromised by bots or whatever else as long as it's on as long as connected to the network or the internet it can automatically do whatever the hell hacker wants it to do and so simply by literally just turning computers off at the end of the day that means you know at least for 12 to 14 hours per day you know across your fingers at least for that amount of time even if they have been compromised they can't do anything the hackers can't do anything with it because they are actually turned off again if if you're going to be hacking people systems one of the best times to do it is two o'clock in the morning right if you're trying to compromise a company systems if you try to compromise company systems at two o'clock in the afternoon somebody might notice that there's a problem there's a glitch with printing computers start to reboot all kinds of weird crap happens right and then i t person gets called and they start saying oh we're getting hacked no right here's the thing if you if you hack or you attack these these computers at two o'clock in the morning even if things don't go to plan even if things get glitchy even if a couple computers reboot nobody's there to see nobody's there to notice their systems are getting compromised all hell and back uh so if you just turn off your computer again 12-14 hours a day is no longer a threat vector for your particular environment uh one of the big things that i'll say i get into a lot of trouble with this because it's not the kind of stuff that you're supposed to say but i would actually argue cyber security really is simply equals good administration if you are a good administrator you by default generally have good cyber security now again don't get me wrong i know like some cyber security people out there will lose their minds look there is a reason that some people get a master's degree in cyber security there is some reason there's there's a reason some people get a phd in cyber security as with many things i am not arguing about the very high level cyber security professionals the people that can actually find malware and then essentially dissect malware to understand what is going on that is a cyber security professional um somebody like turning on firewalls and updating computers and doing that kind of stuff you know they're they're just they're just doing good administration right if more people did more good administration we'd have a lot less problems again if you do proper patch management you stop having the problems of things that haven't been uh packed you know if you if you do use a good user account control you start having to stop having problems if you have a good uh privileges basically the the permissions that people have on the network and the devices right if if everybody in your network has the appropriate permissions to their computer and the resources on the network even if they do theoretically download some kind of malware or some kind of ransomware here's the thing right if the user does not have the ability to install something onto their computer quickbooks or napster or whatever else when they doubt when they accidentally download that ransomware and they double click the ransomware guess what if if the permissions are set properly that ransomware isn't going to get installed on the computer because they don't have the permission to install anything onto the computer itself right most cybersecurity is you know simply just proper system administration the same crap that you're going to learn whenever you get an mcse patch management user group policies clean up your network and server room again the kind of work the kind of work senior cis admins never want to do just going through how how many folks in 2021 i have this question riddle me this wrote me that let's put some money on the table how many people there are sis evans right now that are watching this video can you guarantee you have absolutely no yet direct print servers on your network sitting somewhere behind a file cabinet or something so print jet direct print server so print servers are now normally built directly into printers they actually used to be their own little devices almost like an apple tv or a roku or something basically plugged your printer into that then you plug the network cable into that and then that turned it into a network compatible printer so you know those were really about 15 20 years ago when was the last time you actually went through just the facility not your infrastructure the facility and just saw how many grody disgusting little server type devices are sitting behind file cabinets and all that kind of stuff again unfortunately a lot of people you know that's that's not their it's not their job they are there for group policies or whatever the hell else it is they're not there to to clean up the the the the server room they're not there to clean out a networking equipment that's not supposed to be there anymore they're not there to do those lowly jobs and here's the thing if you're not there to do those lovely jobs where you clean out equipment that's not supposed to be there you know hey if i'm a hacker if i'm a disgruntled employee and i plug this directly into your network and i throw it behind a file cabinet somewhere if you're never never bothering to go actually inspect your own damn facility this thing will sit there and mine the hell out of your network uh basically until its own cpu fails so yeah it's just good administration now one of the big things to say again i get into a lot of trouble when i talk about this kind of stuff because this is not the kind of stuff that technology professionals are supposed to worry about eli we're supposed to worry about frameworks and functions and api calls we're not supposed to worry about licensing and regulations and legal issues anyways one of the big things that i would say is remember if you're going to be doing cyber security it for your company for your organization one of the most important things is not the intrusion detection system or anything else it's your employee cyber security policy that all of your employees have signed the dotted line on so one of the big issues especially in the united states we're going to start seeing this in more countries especially over in europe all the countries over in europe is is the whole what is the the privacy expectation of the employee right so i come from the owner world right i own silicon dojo this is all my equipment if i if i hand this computer over to an employee i consider it my property so if they can if if i need to get into the computer for some reason if i want to see something on computer for some reason i feel since my company my property as the business owner i should just be able to grab the system and do whatever it is that i want to do with it here's the thing from a legal standpoint there is a concept of expectation of privacy what is the expectation of the employee and if you have not created something like a employee cyber security policy you can find out your employee is doing something as annoyingly stupid you can fire them for doing something astonishingly stupid and you can get sued for firing them because you they had an expectation of privacy that you violated because remember many times at the end of the day it's it's the boss's fault so one of the things to be thinking about is what your cyber security policy looks like uh this is just a website called betterteam.com they have a cyber security policy i am not telling you to use the copy the template for the cyber security policy i thought it was just an interesting thing to take a look at uh if we look at here uh basically they have some basic stuff uh so you do things like uh say basically say give an introduction talk about what the cyber security policy is you talk about the purpose of the cyber security policy now this is one of those things where i'll smack the bosses and the managers on hand out there is a lot of times it's kind of funny like bosses and managers really like to micromanage your employees but then they don't really have to want to think about what they are doing an important thing to be thinking about when you're doing cyber security especially when you start using all of these technology tools in order to do management is to really think about the purpose of the techno of whatever you're doing and what the scope is where does it start where does it end and one of the things that this does is it kind of protects everybody it makes sure that the employees understand what is the right side of the line or the wrong side of the line they make it make it pretty crystal clear and then also make sure that the managers don't get stupid with rules and just kind of create the these huge massive rules that nobody really understands why they exist why they're important anything else and it engenders a lot of anger and aggravation from the employee base it also can give your managers a far too much power again remember as a boss as an owner of a company the managers are my employees too when i talk about employees and whenever i talk about employees everybody thinks i'm like screaming about the warehouse managers oh the directors are my employees the managers are my employees right the division heads are my employees they're all employees as far as i'm concerned and just like a warehouse person or a sales person might do something ask another student just like uh back in the day when i worked in the corporate world our sales people were installing napster onto their company systems and then killing their company systems just like they were stupid enough to do that one of the problems you have is managers if if you don't narrow the scope on what they're allowed to basically punish people for they just start going hog wild sometimes and so by creating a purpose and a scope for your your cyber security policy it basically makes sure everybody understands what is supposed to be occurring uh basically defining things like what is confidential data again an important thing to think about your company in the modern world you know you have a lot of managers out there everything's confidential well if you make everything confidential and here come it's just it's just not gonna work out well i've seen companies that try to do that it just it just pisses everybody off something for you to be thinking about what data is actually important for your company and then as you sit there and you think about the confidential data and what data is important for your company then as an owner as a manager the other thing you should be asking yourself is how are you actually protecting that data if you are telling telling your employees this data is so important that if they let it out in the real world that they can be fired right you are going to be terminated if you let this data out it is that important um have you verified that that data is getting backed up have you verified that your cr your local crm solution has actually been updated within the past year and has anti-virus and has all of that stuff if it is so important are you making sure that you're doing your job to actually keep it secure device security talking about what kind of different devices you can use password what the what the minimum size of passwords and all kinds of different things are personal use talking about uh you know how how company employees can actually use their system for personal use again one of the big issues in the real world nowadays is you hand this computer off to your employee they take it they do their 12 hour shift they do their 8 10 12 hour shift typing away and then at the end of it you know it's it's covet time and they're lonely and they don't have anything else to do and you're just giving them this fancy computer that's actually pretty fast and they decide to do things we're not going to talk about here um are they allowed to do that right can you fire them can you discipline them for that email security transferring data again big thing with uh with confidentiality and then disciplinary action actually explaining to to the employees what will happen to them if they violate the cyber security policy and then the other thing heart thing for management is then actually following through if your employees do do things within the cyber security policy that are incorrect they do actually need to get punished so you need to have a cyber security policy like this so that again every employee signs off of it on it and then everybody's in the clear again as a system administrator this is something that you really do have to be concerned about right so you have the owner of the company the owner of the company comes to you and says this employee quits they didn't give us the password or whatever for some reason it's not on active directory so we can't access it normally so we need you to crack the password of this system and then give us all of the emails on the system yeah that's a that's a request right there there is actually a question about whether or not that is legal even though even though that is a company-owned computer even though that computer was given to the employee for company work when you start going through and you start cracking open and taking a look at emails and all that kind of stuff are you are you violating their expectation of privacy if you had them sign the dotted line on the cyber security policy you're absolutely clear screw them whatever you get you get if not you could run into all kinds of weird issues beyond the cyber security policy uh we then get to an important thing i want a lot of folks to be thinking about out there is that architectures change now one of the big problems that i see in the technology world so i've been doing technology since 1996. it's kind of creepy since i've come to asheville do you know how many people i've met in asheville that were born in 1996 or later yeah i have gotten to that age i have gotten to the age where professional tech folks were born after i shipped off to basic training that's a hell of a thing but anyways one of the problems that i've noticed over the 20 some odd years decades i can say that now decades i've been in the tech industry is that for a lot of folks in the tech industry basically they bust their butt to get to a certain level they bust their butt to get the mcsc or the ccie or whatever the certification is of the era and they get up there and they start making money and they start feeling important and they are kings of their realm and you know what's really weird they kind of like stop i notice this like my father my father actually got his phd years and years and years ago one of the funny things i remember after i got his after he got his phd i asked him i was like oh so dad you know are you gonna go for anything else and he looked me square in the eye and said no i got my phd i am done here's the thing he's an engineer right gravity and all that kind of stuff doesn't really change um in the it world it does change it changes every five to ten years massively one of the problems that you have though is a lot of folks feel like they're my father they get to a certain level in technology and they say i have learned what i need to know and then they kind of stop they kind of stop right and the problem is as time keeps moving along they're still building out infrastructure and deploying their infrastructure the same way they did once they became an important person and all kinds of nasty notes and nastiness can start start uh you know happening to the company basically because of people using outmoded uh outmoded methodologies of korean architecture uh one of the best quotes i actually memorized this quote when i was 17 years old it's kind of funny i was in this place and there was like this old there's old rundown mall there's a little run-down mall it had like a flea market in it it was really it's like one of those weird creepy places you go to like when you're a teenager i actually remember this quote i actually memorized this quote it was like scribbled it was like you know scribbled a graffiti on one of the walls i saw the greatest minds of my generation cold shivering naked in the dawn of a new age i just want you to think about that for a second because for anybody watching this video this is your future however amazing you are right now however great you are right now however much money you're making right now whatever alcohol accolades whatever accolades that you're getting right now you are going to be naked in the next new age and the problem that we run into is right a lot of folks don't move on once you once you get to that that high level position you kind of stick around even when your bettors are trying to come up and move you aside this is important to be thinking about from an architecture standpoint when we talk about architecture remember security is built into your architecture how you design your infrastructure is going to have a lot of cyber security implications right so back in the old days mainframes so in the very old days where you had mainframes and dumb terminals right with that all the compute was in the mainframe uh the different dump terminals connected to the mainframe many times the mainframe wasn't even networked right so as long as you had good password control as long as you did your good backups cyber security isn't relatively easy for the time period uh then we go to a client server architecture right we realize oh hey we can put a compute power into each individual computer they can then basically access a server for server resources email dns all that kind of stuff this is a new architecture but when you develop for this new architecture you now have new cyber security implications you now have to worry about security on the host right dumb terminals for a dumb terminal more or less all you have to worry about is username and passwords right because dumb terminals aren't going to get viruses dumb terminals you can't get spyware or whatever else they're just a dumb drum they're basically just a keyboard or mouse with a really damn long cable right you go over to client server architecture you now have to re-be rethinking about how you do cyber security again 10 years or so ago once everybody started going to the cloud for a lot of things against software as a service we started more using more sales force more that kind of stuff we go to something called service oriented architecture so instead of worrying about specific servers we look at more of the services themselves we then try to use those servers we build out our architecture there there's there are different cyber security implications for when you're dealing with things in that uh the service oriented architecture world we are now looking at a serverless architecture world so serverless architecture world is where compute and a lot of other things are actually done up in the serverless architecture basically you can call a compute just from an api call when i do my classes about computer uh speech recognition or computer vision a lot of things that i'm doing these are now serverless architecture right you're just you're sending an image you're sending voice it's running the compute it's sending back a json to you and there's security implications for how you design systems for that and so an important thing to be thinking about right now is we're going to a remote workers infrastructure and what what does that look like that's a question right there no that wasn't rhetorical what does a remote worker's infrastructure look like because one of the things like everybody's really excited right now with this whole work from home i have no idea let me let me tell you something that's worked from home for a long time at this point i have no idea what people are so excited to work them out but anyways they're still excited to work from home one important thing to understand is is in the old world you know the pre-coped world if you have 90 of your employees in the office and 10 of your employees out in the road sales people executives that type of thing right there is an implicit a security structure there right if i work in the office or the hr person or secretary or the lawyer works in the office and they get locked out of their computer because they they they forget their password or do something else they leave the cap locks on they get locked out right if they walk down to the help desk there's a lot of security there's a lot of security built in to that structure in order for me to get my password reset i actually have to walk into the building so any kind of physical security the building has i have to get past that physical security i actually have to have a computer a terminal that i'm able to access i have to know who my my user account is i have to then go to the help desk i have to say hey bob sue tyrone whoever it is hey i locked myself out of the computer again they look at me and they know me because i've watched myself on my computer the past 10 times because that's how users are right there's a lot of security that occurs in the physical world when you have a building and everybody is inside the building there's a lot of implicit implicit security there that disappears when you go to a remote worker infrastructure when you go from having 90 percent of your workforce in in the facility to having 90 of your workforce outside of the facility that massively changes how you build your infrastructure again things to be thinking about things like office 365 so exchange server exchange servers email server any kind of the communication server type services there are a lot of people out there a lot again a lot of it folks out there that are freaking shivering their little hoo-has off and the dawn of a new age and they don't want to get rid of their exchange servers why should i get rid of my exchange server because as vulnerable to high hell and back you yahoo because think about this if you have an exchange server that is on your premises that is a windows server that windows server is on the internal lan the windows server has exchange installed onto it most likely if you have a large extreme server you probably have some kind of exchange cluster so you may actually have multiple exchange servers right all of those servers could be compromised all of those servers could get hacked if somebody's able to compromise one account or one thing within that server they're able to compromise the entire server ninety percent of your workforce is now a remote right anyone any one of those 90 percent of people might be compromised by a hacker or malicious actor if they're able to use that connection to get into your exchange server they understand how your exchange server operates so they're able to compromise your exchange server once your exchange server is compromised your entire internal network is completely open to them uh to go you know hog wild on whereas if you use something like office 365 okay so let's say her account does get compromised somebody uses a key logger or whatever else figures out what her password is in the office 365 normal employee so a normal employee account they get into their office 365 account and they get her contact list they do get her emails i mean i'm not going to downplay this it might be bad but they're not going to compromise the entire email server they're not indefinitely if they can't compromise the entire email server they're not going to be able to compromise your entire internal network so using office 365 actually has a lot of security built into it again salesforce so back in the day for our crm solutions we used to have a local crm server and that's a server that is an operating system that has firmware it has all kinds of stuff going on right you have sales people out out in the uh out in the real world that are deciding to download whatever the hell they want onto their computers because they are sales people eli hey lotto don't tell me what to do with my computer you know how much money i bring to this business you will fix my napster well here's the thing right if they're connecting to an internal crm solution with something like vpn access they download who the hell knows what sales people are downloading how it is i don't want to know don't gotta tell me anyways they download something stupid they use vpn access to then connect into the internal uh crm server that crm server might not be up to date or anything or whatever else that crm server gets compromised that crm server is on the internal network uh all hell breaks loose um so again things that you think about like voiceover ip so um having telephone systems if you have 90 of the people in the office and 10 out of the office uh you may have an old-fashioned avaya telephone system or some kind of internal voip system that might make sense if 90 of your employees are outside the office they're working from home maybe it makes more sense to go over to a company like nextiva that actually offers basically a telephone service software as a service just like gmail offers email as a service and this company called nextiva you have a full voice over ip server with all kinds of wacky functions to it but it's all hosted by them and then to be thinking about again when you start thinking about your infrastructure then what about what about the things that you can't send off to software as a service what are things that you basically can't outsource maybe you have databases maybe you have some kind of internal legacy system that people are using then thinking about okay how are these 90 of the employees going to be accessing those those legacy type systems but do it in such a way that it doesn't create more more vectors of attack than necessary right this is an important thing to be thinking about again you think about this with twitter remember twitter with their famous part-time ceo yep nothing nothing quite fully fully states my feeling about the modern you know social media tech industry like jack dorsey part-time ceo hey we're going through coven hey we're going through one of the greatest economic crisis that our country may ever know and their ceo is still working 20 hours a week yay anyways uh twitter last year florida boy not florida man florida boy was able to compromise their systems why jack dorsey they're part-time ceo decided basically everybody should be able to work from home they apparently didn't really think about how this remote infrastructure should work very well or they thought about it and they just hired incompetent people one or the other i'm not saying which and so basically this florida boy was able to use a social engineering and a number of other attacks to be able to call in to twitter's help desk internal help desk to say hey i got locked out of this account to get passwords reset essentially by using some stupidly simple attack vectors uh was able to compromise something like a hundred very very prominent accounts like elon musk and obama and that type of thing in order to post stupid cryptocurrency um you know con or whatever in order to make about a hundred thousand dollars but think about that right you know having it's gonna come with a shot gonna be a shocker to you but when you have a part-time ceo maybe your ceo doesn't have enough time to think about the really big problems that your company is going to be dealing with when you massively change basically how your infrastructure should look for this modern world and so this is a very important thing to be thinking about and again this is this is one of those pivotal times because again i'm not not being funny not being joking not being sarcastic we don't really know what this infrastructure should look like we know mainframe we know client server we know soa we know serverless basically know how those should look we don't really know what the hell that should look like so this is one of those things just to be considering for yourself right if you are in a company if you're an organization leader and you start saying everybody should work from home like how is the help desk used who how how is communication with the help desk authenticated if somebody calls in and said i lost my password right that's no longer on an internal phone line perhaps that's no longer somebody walking up in person right there's a lot of security built there so when somebody calls up and says i need my password reset how are you going to verify how are you going to authenticate that user without a username or password what are the additional ways that you can authenticate the user answer i don't know but you've got to be thinking about this the myth of physical server security this is one of the things i love oh you talk about some i i.t administrators they're getting frostbite in the dawn of a new age right there is this idea especially for my generation of texts just just to be clear here i'm not laughing about the millennials i'm laughing about my generation attacks at this point anyways there's this idea like if i can see my server it is protected kind of reminds me like kind of think about like their servers kind of think the way like my chihuahua thinks of me it's really interesting like whenever there's a thunderstorm or whenever there's anything that scares my chihuahua my chihuahua she like runs to me hops on my lap and somehow thinks i can protect her i'm gonna protect you from a lightning strike little girl don't worry about it right there's this idea like daddy will protect me and well we'll let her keep thinking that uh but you know that there's that that feeling like if you if you see something if you know it if you can touch it this thing is somehow more physically secure that's just wrong that's just wrong it's just completely wrong one of the important things to realize right whenever we talk about things like hacking is if your device is connected to the network which is then connected to the internet it can be hacked just like anything else oh you're you're as your server or your aws server was hacked well that server that you see you can be sitting there looking at it you'll be like staring at it all day and you don't even realize it's getting hacked right it's connected to the internet if if the updates haven't been done on and if you've left the ssh open or anything else guessing because you can see your server does not mean it's more secure it's important to understand cloud servers so again up on azure aws digital ocean vulture whoever the hell you want to use um can't be stolen again remember we talk about biases i spent a long time in baltimore i spent a long time in baltimore here's the thing about crackheads let me explain something to you about crackheads see crackheads this is going to come as a shock they don't actually know a lot about computers they know a lot about crack they know they really like crack you know they're so focused on crack that they don't really understand computers very well so when they broke into your office they don't really know the difference between a high-end gaming machine and an active directory server so if they break into your office there's a computer and they grab it to go sell it for 25 bucks in order to get their next hit um they're not really thinking about what that server does had this happen and this happened in baltimore um so you can have a crackhead break into your office and steal your active directory server how secure was that right uh sir the cloud service can't be burnt in a fire again so right now uh to a summer of 2021 there are a hell of a lot of wildfires going out again hey in the technology world out in california out of the west lots and lots and lots of fires now obviously this is a hitting company it's like apple or google or whatever but how many small small businesses is this hitting if a wildfire goes through and wipes out a business park right how many how many people in that business park have their active directory server literally just melt can't die from lightning's trucks again the baltimore area we had comcast we actually had some competition for isps in the baltimore area can i just say i missed that i miss competition from isps and asheville there's not much competition you can tell anyways one of the big providers there was comcast they do cable internet for some reason i don't know why it is their infrastructure was horrible when it came to lightning strikes so basically they use um more anyways they use like uh oh cable you know thick thick cable uh in order to run the signal cable cable uh for whatever reason if lightning strike you know strikes within freaking 50 miles one of those damn cables uh it fries all of your equipment um and i had this happen i had this happen to clients actually had this happen to myself one of the reasons i went over to verizon i actually liked comcast all the way up until the day all of my networking equipment got fried then i went over to comcast because fiber optic lines don't have to worry about getting hit by lightning strikes but yeah thanks to the things to be thinking about uh on-prem servers so on-premises servers can be hacked from the outside world right if this is connected to the internet it can be hacked just like a server sitting up on aws it can't be ddosed right you know again one of the things to think about like with you know low orbit iron cannon or some other stupid-ass piece of software like that if somebody figures out what your stat external static ip address is and they just start hammering the hell out of it for craps and giggles um right you've still got problems so again this is one of those things to be thinking about when you're thinking about your architecture think about building your architecture off of reality think about building your architecture after all about your actual use case and then think about what the actual threat assessment is very very important thing to think about here uh so past that let's go start start talking about some of the security stuff itself uh so operational security operational security is something that is not talked about enough uh and is a very important thing to be thinking about whenever you're thinking about your cyber security whatever that you're gonna be doing right uh people cannot hack people cannot steal uh people can uh cause you know problems uh against things that they don't know exist right if people don't know that your server exists or they don't know where your servers are it is very hard uh to go after those servers i think about this the story i've been telling lately when it comes to hacking and we talk about operational security is uh back when i was doing telephone system administration work so i dealt with avaya dfinity systems if you know what the hell that is i wonder how many anyways we're not going to go into that i wonder how many people are younger than dfinity systems uh but anyway there are telephone systems right so there's these telephone cabinets essentially you secured to the wall the ones that i dealt with uh they had cards inside basically look like pci cards uh in a standard pc computer only they're a hell of a lot bigger uh in each one of those cars was thirty thousand dollars somewhere between twenty to forty five thousand dollars depending on what card you bought and you had a lot of cards in those things right so if you wanted you know so many telephone lines you had to buy a 30 000 card per certain number of telephone lines if you wanted an auto attendant there is a card for that if you wanted voicemail there is a card for that every service that you needed there was an additional 20 30 000 card you slipped into one of these things so when he had a full box with all the cards in there there's about a hundred and some odd thousand dollar box sitting up there so anyways these criminals these criminals realized uh those cards were worth a lot of money and so one of the things that they would do is that they would dress up as like telephone repair people they would go into people's telephone closets they would open up the uh the avaya telephone systems and just start pulling out the cards and shoving them into their uh into their their knapsacks or whatever and basically walking out before anybody knew what the hell was going on so one of the big problems there is that people knew where the server room was they knew where the telephone cabinet was uh this was something that people could easily figure out they said okay i know what i want to go after at this company and then they were able to figure out how to actually go after that particular thing one of the things that you should be thinking about is operational security how can you create your environment so that it's as confusing as possible to the people that do not need to know uh particular things about the environment again it's it the old thing i've actually seen this in the military world where you go to a hallway so a lot of times you watch like these and you know these you know spy movies you'll read a spy book and they talk about how some young person is told to go to door 10 and they walk into a hallway and then there's just a whole bunch of doors with no numbering on any of the doors and then there's this whole laughing moment where they have to figure out what which door is door number 10. uh that's actually an awesome form of security right again think about it right if you have hackers or if you have penetration testers or whatever else and they're trying to come in to compromise your systems and they can't figure out literally where the hell the networking closets are it makes their life a hell of a lot harder right if somebody can figure out where the networking closet is can walk up to the networking closet can pick the lock can get into the networking closet and it can sit there all night mining the hell out of your uh your your network that's something that's relatively difficult to detect if somebody's very good at it if they walk into your environment and all of a sudden they're they're walking in circles and they're going up and they're going down and they're going over here and they're going over there and they're just trying to figure out where the hell the uh the networking closet is that's kind of like a big red flashing light hey this person doesn't know where to go somebody should probably confront them and ask them why the hell they're in the building right one of the things i would say is if a silicon doe show ever gets to the point where we actually have like a real server room you can bet you can bet there is going to be a bathroom sign in a server room with a oops sorry toilets are out of order oh yeah that's our bathroom but it's currently out of order i guess you can use a bathroom over there right again things to be thinking about when you set up an environment you know things to do people know what your infrastructure looks like whether you're using aws whether you're using azure whether you're using digital ocean whether you're using a vulture lenove whoever else you're using do people need to know that again one of the big problems in the social media world right now is everybody wants to broadcast what they're doing this is what we're doing why i don't want to tell that to anybody when i tell the world we are proudly using microsoft products then that means a whole bunch of people out there go oh i understand the vector of attack from microsoft products i understand how i'm going to go after your company if you just say yep we use stuff yeah yeah oh yeah around here we we use stuff and we got systems we even got a database or two oh really so what kind of databases do you use yeah yep yes siri we use the ones with uh they got something called tables and we use table what does that mean ah i don't know that's for the smart people out there to understand i'm just yucky i'm just i'm just just a lonely old little system administrator up here in asheville north carolina i don't know how any of these systems work right but it's important to be thinking about like do people understand how your infrastructure operates and if they do do they need to understand so much one of the big things again coming from the baltimore area is physical security if a crackhead breaks into your phone that steals your active directory [Applause] oh what did you do to protect that active directory server a lot of people have an active directory server just shoved under some desk somewhere and that's providing all the services right something to be thinking about is if somebody is actually able to put their hands onto a physical machine they can cause all kinds of havoc with that physical machine they can they can put a malduino on that physical machine basically a little usb device you plug into a server or other kind of computer and it automatically starts running commands they can do that kind of thing they can try to destroy the server they can try to access the server somehow plug in a keyboard and mouse and just start seeing what they can get to the server the whole nine yards one of the things to think about is even if you just have a server rack in your facility and you have a front door and a back door on that server rack and you lock them lock them put the key somewhere then even if somebody sees your servers it's going to be difficult for them to actually access the machines and do something with them again if you have a crack head that comes into your environment and you have a server rack and all of your servers are nicely eract with those racks if screwed with the rails and the whole nine yards and as a front door and it has a back door you know crackheads need crack but they're not going to do that much work in order to get them right they're going to go and try to find something that's a little bit easier to sell and so hopefully they're not going to steal your infrastructure one of the things to be thinking about is like one of the things that we used to sell is digital surveillance systems and it's so funny with crackheads baltimore gave the best stories baltimore gave you the kind of stories that most people don't have as system administrators but other problems you can have with digital surveillance systems so digital for safer out systems you have all of these surveillance cameras that then plug into a basically a computer a computer that then stores uh stores the video files and they're able to access those video files remotely the whole nine yards here's the thing a computer is a computer to a crackhead what happens when your crackhead comes in steals your surveillance computer yep yeah yeah our surveillance computer definitely recorded the crackhead stealing the surveillance computer if only we could get our hands on that surveillance computer we'd have all the evidence we needed to arrest that crack yet unfortunately crackheads told the surveillance computer real world so one of the things is even if you don't have like a full server rack or cortisol rack or half server rack is they just have these server boxes we're probably going to have this when we move over to the new office for a couple of things basically what they do is you secure these things to the wall you anchor these damn things to the wall you put the server in it has vendor that has ventilation panels or at least buy them with ventilation panels uh and then you the door comes up the door locks and then you just have kind of this black ugly black box looking thing that does not look like something a crack kit can sell for 25 to local pawn shop um and so this is something uh to consider the other thing to be thinking about nowadays is kind of really cool in 2021 let me tell you doing sis admin work in 2021 is so much better than it was in 2000 there's so many products you can now just basically buy off of amazon that didn't exist before and one of the things is cages so one of my old stories i'm talking about cyber security is one of the first facilities that i went to in the corporate world uh back back when i was still wet behind the ears and i knew everything right i had studied for my mcse and i was a professional right i remember going and uh one of my offices that i had to deal with they had a server room again pretty expensive server room half a million dollar server room that they happen to have mop buckets in you know what i'm saying like high-end equipment high-end telephone systems the whole nine yards right beside the mop buckets right beside the chlorine bleak right beside all the utility closet stuff anyways i went to the manager and i said this this is not good security this is unacceptable i am 24 years old i am an mcse and i am telling you general manager that's been doing your job for almost as long as i've been alive this is unacceptable i still remember the general manager looking at me and saying eli eli now i i have been in this office for like five years now i've been from the top to the bottom and here's the thing i have not found any other utility closet in this building so eli just as soon as you find me your hidden utility closet so i can move all that stuff to it i will be more than happy to move all of that stuff to utility closet that we all know doesn't exist yep you're like oh right so one of the things to be thinking about again in the modern world we can just go to amazon buy a lot of cool stuff like cages now is if you have a room where let's say you have your servers you have your networking equipment and everything else and then it has to be shared with other things because again that is reality whatever if brand new mcses may imagine the reality is in the real business world it doesn't work that way what's really cool now is it's a lot easier to go to a general manager or go to a boss and say okay look this room has mops and it has servers let me just dedicate the back half of the room to the servers we will put up a physical cage so nobody can screw with the servers can i get a thousand dollars to do that yeah sure yeah go do it right so this is something to be thinking about again think about within your environment within the reality that you're dealing with within the situation that you're dealing with how can you make your things more physically secure again it may simply you may already have server racks just put the freaking front and back door on the server racks and actually lock the things makes your environment a hell of a lot more secure relatively simple again your surveillance system or maybe an active directory server or whatever else right you've got your little telephone closet or whatever else just put that server into a metal box lock it so it can't be stolen if you have more you know more sophisticated equipment again even if it's being shared with the mop bucket because that's reality you know you can put up a cage it protects your systems a little bit better things to be thinking about uh locks locks are absolutely wonderful again especially with employees one of the things to realize about employees is most employees are not trying to do the stupid things that they end up doing uh it's kind of funny and like in the modern world we have this really idea that everybody's antagonistic and everybody's going after each other one of the things that i found is in reality most people are actually trying to be very helpful the the ironic thing is one of the biggest problems for businesses is actually people are trying to be too helpful they help they they're so helpful they get themselves into trouble that's one thing to be thinking about again when you're talking about the security of your environment is if you have locks and only certain people have access to get through those locks that solves a lot of your problems with your your employees frankly trying to be too nice right if somebody who walks into the facility and says hey i'm with orkin right so uh insect insect killing company i was hired by the property management company i need to go through the premises and spray poison right what if it's his own thing anyways right the very helpful receptionist oh okay and they may lead the person around to like certain areas but if your server room is locked and your your major facilities and all that kind of stuff you know anything that that needs to be secure is actually locked when the orkin person says oh can i get into this room oh that's locked let me go talk to the manager the receptionist then goes talk to the manager says hey the orkin person is here uh they need to get into a couple of locked rooms and the manager can say what the hell are you talking about what do you mean the organ person is here oh let me go talk to the orchid person and they walk out and say hi who are you now i'm with orkan i was hired by the property manager yeah i don't i don't think you're supposed to be here hold on a second hey property manager yeah why the hell do we have an orchid person here oh you don't know either great out get out right by having things locked you keep people from trying to be too helpful uh you know one of the big things is a lock stop crimes of opportunity and as i would argue most crimes are actually crimes of opportunity a lot of things occur simply because there's the ability for them uh to occur so if you have locks it solves a lot of problems uh one of the things to be thinking about from a cyber security standpoint uh is environmental considerations again we talk about cyber security a lot of people think about you know the chinese hackers oh no the chinese hackers are after us or something like that a big thing to realize is you know sometimes you know the spaghetti monster just hates you it's not chinese hackers no the spaghetti monster just wants to punish you for some reason and uh so you get all kinds of stuff again in the real world you get fires you get tornadoes all those types of things uh when i was creating this presentation so literally on wednesday so i was doing this presentation creating this presentation two days ago uh so a little over a week ago at this point uh we had flash floods through germany where apparently a month's worth of rain came down in something like two hours killed a whole bunch of people and left devastation uh this is italy they basically had the same type of thing and created devastation this place called moab actually really cool if you're in the u.s you've never been to moab go to moab arches national park islands of the sky national park islands of the sky national park a lot of people don't talk about it absolutely amazing anyways they had flash floods and again just since i'm in the asheville area don't don't to make to make people you know realize this isn't something that happens there this is actually a flood it happened four years ago four years ago this happened down in the biltmore area and you can see how high the water is so that's the uh that's the uh the lights on the car as for some reason they try to drive through the water which is oh so smart but think about it right if you have a if you have your server room if you have your network equipment or whatever in an area that can be flooded out if if you're if your systems get wiped out for that reason you can have a lot of problems uh in the real world i had a client of mine made a lot of money off of this client oh sometimes for good reason sometimes for very stupid reasons so anyways i got them as a new client and the previous a consultant that they had hadn't really done a good job so i went through and i cleaned up all of their infrastructure right so i cleaned up their networking i installed a digital surveillance system for them i cleaned up their active directory oh i dealt with blackberry enterprise server did anybody ever have to deal with that that was the most horrible piece of software that's ever existed blackberry their stuff that went on a an exchange server was absolutely horrible anyway so i go through i clean up all this stuff they actually bought some more equipment from me and so basically where all their networking and server equipment was it was in an area of the building that was accessible actually to the public and so i went to the ceo at a certain point in time and said look you've got a lot of valuable equipment down there now it is all technically working everything is working perfectly you're not having any problems anymore but you really got to think about you know what is there what if there's a theft or what if there's any kind of other problem you know that that that's a bad place for for your your equipment to be that it needs to be locked up basically what i was trying to tell them is they just needed to lock up that particular room and not have it be accessible to anybody who wanted to walk in there somewhere in this whole conversation came up the fact that they were in a flood plain so up until this point i had not known that they were in a flood plain i actually lived in baltimore i didn't realize i literally didn't realize they were in a floodplain and apparently they were in a floodplain here's the thing not only were they in a floodplain but they in order to have the building that they were in built they had to agree with the county to let the bottom floor of their building flood if a flood came through so they actually had breakaway walls i did not realize this they had two walls that were basically facing the river and so if the river flooded that flood water would hit those walls those walls were designed to break away to literally allow the flood water to go through the first floor of their building you know the first floor that i had just fixed up all this fancy fancy equipment on and so they then paid me to move everything to literally other side of the building on the second floor when i said what the hell do you mean all your in equipment it's in a flood plain so again in the real world and this is where you have to sit there and again especially if you're a consultant and you're sitting there talking with clients this is why like if you ever meet me in the real world i throw out like a lot of weird questions my wife is always surprised like i'll just throw out all these bizarre questions and one of the reasons that i do is i'm just so used to having reality be very bizarre like things that you would not even imagine being an issue are an issue like what do you mean you're legally required to have the first floor of your building flood what anyway uh past that um one of the big things to be thinking about with cyber security is logs for whatever is occurring within your infrastructure so all of your networking all of your computer equipment is able to create create logs active directory your routers firewalls of 49 yards they're able to create logs the important thing to understand is after an event has occurred the logs are one of the things that are going to help you figure out what happened during the event or while an event is occurring your logs can be used in order to figure out what the hell is happening and then be able to try to close any of your vulnerabilities one of the big issues that we run into with logs though is that many times logs are off by default i don't actually understand why this is in the modern world so if you go back to windows server 2000 basically the modern basically the event system is based off of the old 2000 system that was created the reason they had a lot of logging off back then by default was simply the the resource consumption when you have a one gigahert computer server uh that's basically providing all of these services to the network literally simply logging things on that server many times would use too many resources you could actually crash your server by logging everything so by default they turned all logging off and then you had a most logging off and you had to go through there and actually turn certain login on depending on what you were looking for and so one of the things to be thinking about is with your stuff with your routers with your firewalls with your network equipment with your your active directory systems and everything else do you have logging turned on do you have specific things to look at again like so log on events so do do you log for when there's login failures right if somebody tries to log into the exact same account 50 times that might be telling you there's there's a problem somewhere if you're not actually logging those events though you would have no idea that they occurred if you are not logging what's going on with your systems it is almost impossible to understand what is going on with your systems so do make sure to turn on your logs but do realize it does take resources so do that whole balancing act of turn on the logs you need and make sure your you know servers don't crash and all that kind of stuff beyond that when you start talking about cyber security uh passwords are a big deal one of the things with passwords is make sure you have proper permissions for user accounts one of the big issues right uh system administrators don't actually want to do their jobs a lot of the times oh they'll give you excuses anyways but one of the big problems is is you know when users want to be able to install things onto their computers when people want to add printers or whatever else many times the initial permissions that users are given do not give them the permissions required to to do what they want to do to be able to install adobe reader or whatever else some of the big issues is many times administrators will just give them local administrator permission i will give you full administrative rights on the local computer well here's the thing if your user is able to install adobe reader they're also able to install ransomware right so one of things to be thinking about is is do do the users have the appropriate permissions for the jobs that they they are responsible for um make sure that users are logging in with the lowest required permissions i think one of the main reasons we're getting hit by ransomware i'm just going to throw this out there stifle this one is how many administrators out there check their email with global uh administrator accounts they create their global administrator account so basically they have you know root administration privileges for the entire domain and then they're checking their email on it right so here's the thing if you're logging in with a normal user account so as as an administrator many of the things that you do is just simple normal user functions you check your email you create documentation you connect to the crm solution you're doing a lot of stupid things when you're doing that kind of thing you don't need to be changing group policies you don't need to be changing permissions you don't need to be adding computers to the domain or anything else so one of the problems you you have is that if administrators are using a user account level that's appropriate for what they're supposed to be doing again even if they get a spear phishing attack that has a link to some kind of ransomware executable even if they click on that ransomware executable for some reason most likely it will fail out if you can install adobe you're most likely not going to be able to install that ransomware not only that but if they don't have the full permissions even if the ransomware does get installed your user account that you're logged into doesn't have permission to do much it doesn't have rude access to the profiles folders have root access to the database uh folder it doesn't have root access to anything sometimes people are able to access that to do something such as encrypt or do something stupid one big problem is if you have an administrator account basically the person is checking their email they download and install the ransomware that ransomware then goes out it sees a whole bunch of map drives hey this is a map drive to the root of your database server hey this is a map drive to the to the root of your your your profiles all your profiles hey here's something else all of a sudden that is now completely visible to ransomware the ransomware goes there tries to encrypt whatever refines tries to encrypt that root of the directory it's hey look they they're they're they're they're logged in with an administrator level account so therefore they're able to actually encrypt that root directory and all hell breaks loose so try to make sure people are actually using the permission levels that they should um disable old accounts this is a this is a real thing that happened i think it was last year i did a commentary video about this a little while ago uh but basically you had you had an employee uh they were working for one company and then they went over to their competition right so and it was like really big competition there they're very very very competitive and so when the employee went over the competition they were they were competing for some different types of contracts and the employee that was now with the new the competition was like huh i wonder if my user account still works and so he started doing vpn access to his old company started seeing started seeing all the documentation for what his old company was doing and how they were trying to to get new clients in the whole nine yards he would take all that information he would put that into a nice report and every other day he would basically give a presentation on the inside activities of their competition again if you don't if you don't disable old accounts that's the kind of crap that can happen again like what happens what happens when you fire again because again as a boss one of your jobs as a boss is to lay people off it is your job to fire people somebody's got to fire them it's your job what happens when we fire somebody and then they have a grudge and here's the thing like it's kind of interesting without criminal minds work right is when you first fire somebody a lot of times people are pretty elated when they're first fired like there's this idea thank golly my chains have been you know i have been set free right a lot of people when they have jobs they feel like their bosses are a-holes they feel like their company is keeping them down they feel like they are oh so valuable but for some reason they're not actually leaving the company that they're at for whatever reason to go off recruiter pastors so one of the things that happens is when you fire somebody when you lay them off or terminate them or whatever you want to call right one of the first things is elation yay like a lot of people go out they drink beer oh they're worried about the future and all that kind of stuff but it's okay they are finally set free here's a problem you know that that's how they are initially and then as time goes by they start burning through their savings they start burning through the resources for some reason no other company has realized how amazeballs they are and so they haven't been hired by anybody else and so the resources start dwindling to one of them doing dwindling and then they start looking back at the old company that laid them off or terminated them and they start to get angry or angry and angry and angry and this is one of those times when a lot of times um a workplace violence occurs especially here in the united states many times when somebody grabs a gun and they go into the workplace and start shooting it up what you'll actually see is they were actually fired like two months ago but uh psychologically it took them a while to process to get fully pissed off enough to go back in and shoot up the office well you know we're geeks we're geeks and one of the things about geeks is a lot of geeks really aren't into violence again my generation you know when i was a teenager we were out back just beating the crap out of each other we used to watch bloodsport and then and then we went outside and tried to do bloodsport here's the thing in the modern world a lot of youngins you know they're not they're not so much into that whole violence type of thing and so if they get through that two-month process uh they get to the end of it they get pissed off they get depressed and they want to prove a point to the old company that they're at and they're not thankfully let's let's be clear thankfully they're not willing to pick up a gun and do something um one of the things i can think of is hey i wonder if i still have you know access my user account still has access to the systems at the old company and if the administrator is not doing their job and at that two-month mark when somebody is really really really pissed off it becomes very easy for them to be able to access the network if their account still works and be able to drop things again viruses ransomware all kinds of stupidity they can try to drop into that network just because they are pissed off uh trying to get try to get rid of that that vector of attack right when when an employee leaves basically the hour the employee leaves the company is the hour their account should be disabled and one of the other things to be thinking about with that whole thing is also audit the end use uh end use accounts one of the big problems a lot of administrators don't do their jobs they don't want to do the boring tedious stuff i want to tell you a secret boys and girls it's all boring and tedious but anyways they don't want to do the stuff that they think is boring tedious that's one of the big problems is uh auditing the accounts that are actually used you as a system administrator you come in your predecessor didn't do auditing didn't disable accounts when they were supposed to disable accounts you have a 200 person company and you have 600 user accounts in your active directory you need to go through and if you need to track every user account to a button c if you cannot track a user account to a button c you need to disable that user account if you disable a user account that is actually in use they will then call the help desk and then you'll get a ticket to re-enable the account and then you know it'll be fine but this is one of those just tedious crappy things that's part of your job um two-factor authentication so when we talk about passwords two-factor authentication comes up there's a lot of forms of two-factor authentication this point basically with two-factor authentication you have a username and password which is the first factor of authentication and then there's some other right so a lot of times when people think about two-factor authentication they think about getting like a text message so if you have twitter two-factor authentication facebook youtube whatever else they'll send you a text message there's a lot of other forms of two-factor authentication out there there's rsa keys so the rsa keys that have been around for decades at this point those weird little keys that like usually government employees have that have a little countdown number on them so that's a form of two-factor authentication uh you have a ub keys so this is actually supposed to be pretty good i would not bet my life on it but i've heard i've heard they're actually very good very secure these are like usb keys basically you can plug this into your computer and that acts as a form of two-factor authentication the nice part about this is a actually a physical device so whoever has that ub key that they basically have that two-factor authentication so that that can be used for a lot of different things there's google authenticator again there's there's text messaging the whole nine yards basically one of the things you have to be thinking about two-factor authentication when you're thinking about your infrastructure when you're users is basically what you know what is compatible with what you're doing um again if you have active directory some two-factor authentication will work with active directory others won't uh if you have some kind of web web infrastructure system some some two-founder authentication will work with what you have and some stuff won't so when you're thinking about two-factor authentication basically it's a very paint by numbers thing these are the systems we have these are the two factory authentication schemes they work with pick one of those somebody think about uh so then we get to patch management so patch management is a big thing again one of the huge problems in modern when we talk about cyber security all kinds of problems with it infrastructure is many times computers are simply not up to date operating system packages haven't been installed adobe patches have been installed the whole nine yards one of the cool things now is there's a lot of software out there so this is a little picture from avast there's a lot of automatic patch management software out there that will automatically deploy patches for you and so this is something that you need to be thinking about with your organization so back when i had my company i had my employees one of the big vectors for attacks that we saw at that period of time was actually old java so java became very popular in the early 2000s so let's say 2000 2003 everybody thought java was going to take over the world it was going to become the programming language for desktop apps and then it didn't people like it for servers and stuff but whatever it didn't really pan out for desktop apps the way they thought we all thought it was going to pan out for desktop apps and so after about 2003 a lot of developers stopped developing things for java and so people hadn't installed java onto their computers and then they literally just forgot about it because nothing else used java anymore there's just this time period where people use job and then about 2010 people start using java again for whatever it's just one of those things that happens technology world anyways what hackers realize about 2008 when hackers realized is hey there are a lot of systems out there with java from 2002 installed on them we have the full documentation at this point of all the vulnerabilities of java from 2002 so we're just going to hack the hell out of all these systems that have java from 2002 because never nobody ever bothered to update java this is again this is one of the problems that you can run into so if you have some kind of patch management system it'll go through it'll see all the software it'll patch everything up today and your life will be a hell of a lot easier and again we talk about patch management you know it's one thing oh heehee haha like you think you're a month behind on patches in the real world many times these systems are years years behind on pack i'm not talking about upgrading to the next operating system or something i'm just saying being up to date for the patches of whatever operating system they have see any new patch management again if you if you're doing desktop support so any noobs out there you're actually doing like help desk or desktop support one of the lessons that i learned the very hard way is if somebody's computer is not acting right the first thing that you do is you update the computer you don't know how many times i spent hours and hours and hours troubleshooting a computer because i didn't want to go through the whole basically i would i would set the updates to run automatically but i didn't want to actually have to deal with downloading of them at the time so i'd be like okay i'll set up all the updates to download automatically and then i'll troubleshoot and i'll fix the problem so that it's fixed and then i can leave you know how many times i've spent two or three hours trying to troubleshoot some stupid ass problem getting absolutely nowhere and so finally i would just let all the updates run because i was kind of out of options and then as soon as the computer rebooted the problem was fixed i was like oh yeah batch management big deal uh firewall so firewalls are a big deal everybody thinks firewalls are like this weird panacea it's kind of funny whenever you watch like in the cis or one of these weird shows that talks about technology they're always like they're breaking through the firewalls firewalls don't really work that way basically you have to understand firewalls they're basically blocking tcp ports so tcp ports whenever you have an ip address and 192.168. 192. 192.168.1 let's say that's the ip address of the computer and then you do colon and then specific services live at specific ports uh web services www uh is at port 40 ssl i think is a port 443 smtp has a port s snmp has a port now ftp as a port all the different protocols have reports basically all firewalls do is they block those ports they keep people from accessing the computer from ports that they're not supposed to access normally what you do is you close down all the ports and then you only open the specific ones that people need to access uh should be required on all your servers so all your servers your active directory servers linux servers all that kind of stuff you should have your software firewalls set up at very minimum so that only people on the local area network are able to access the systems again something to be thinking about is if you have a web server you know linux ubuntu whatever else a web server on your internal network again one of things to be asking is why why is ssh open to the entire land why is ssh open to the entire world anybody who can figure out a way to access ssh can try to brute force attack into the web server does that sound smart answer no so something to be thinking about is like okay well if i know um that the administrator computers like put all the administrator computers on a specific subnet or put all the give the administrator computers specific static ip addresses right so i know i'm going to have a couple of of my administrators and they're going to be responsible for the linux servers so the linux server administrators they will have uh ip addresses 192.168.1.10 to 192.168.1.20. so we're just going to say you know anybody that needs to access those servers those are going to be their static ip addresses then you go into your your ubuntu server you set up the software firewall to say only people in 192.168.1.10 to 192.168.1.20 um are able to access the ssh port again it's still there is still some vulnerability there if somebody has the correct ip address they can still try to brute force attack but you you you uh you massively minimize your your plane of attack uh one of the things to be thinking about is though for client systems be careful with firewalls firewalls can create more problems than their work on client systems one thing to think about was with servers you should know absolutely everything going on with your server there should be nothing on your servers that you do not understand every server service that they're providing all the networking that they're doing you should understand the ports you should understand everything going on right these are servers these are things that you spin up you basically have them run 24 7 for three years whatever the hell your refresh cycle is then you migrate to the next thing and throw the old ones away right so you should know everything going on with the servers servers should not be changing every week or every month right you you should have a plan for upgrades or modifications to the servers and it should be something that everybody understands what's going on you don't just install crap on your servers willy-nilly and so firewalls and servers really make a lot of sense one thing i've understand with client systems is not so much i made a lot of money back in the day from norton norton internet security suite i can definitively say factually state they made me enough money to probably buy a car the reason was is norton internet security suite back in the day was so secure so secure that it would lock users from being able to do things like print to their usb printers because the usb port was considered a networking device for some reason and since they did not know how to administer norton none of us really did it was a pain in the ass with minister many times northern internet security suite would just lock people out of lots of things right and so one of the problems you can have on client systems is if you put firewalls on there you make you may create a lot more problems than they're worth i think about this you know one of the clients that i had they had a previous administrator that was really into security really into installing security not really under into understanding what the hell was going on uh and so isa was it internet uh internet services acceleration server i think was called it was a horrible piece of crap one of microsoft's horrible piece of crap it's not a good on paper anyways it's supposed to be like this this anti-virus security component for windows servers oh it's adorable so horrible anyways it blocked a lot of stupid things and the problem is especially with client computers a lot of times the software that they're using does not fully document what ports are being used right so again if you're using smtp snmp any of the normal networking protocols you know what the ports are if you're using any kind of enterprise class equipment there should be documentation for what ports need to be opened the problem is for a lot of a consumer level or a lot of user level software they just don't bother to talk about the force yep they use ports and so i remember one of my clients one of the ways they made money is not only did they have a successful business but they also day trade it so while they're running their successful business with 100 plus employees they would sit there you know buying and selling stocks um and so basically the previous client had made their system so secure that merrill lynch for whatever reason merrill lynch had a web app using like activex controls and for whatever reason that they just failed out whenever they they tried to get another merrill lynch app tried to communicate with maryland servers and failed out because uh isis server was screwing with it so literally getting rid of iso server solved a lot of problems so this is something to be thinking about firewalls again when you think about security right if you put so much security on a client's computer that they are unable to do their work that's not a win that's not a win uh and then the other thing is is when you start messing around with firewalls make sure to allocate enough human resources to deal with problems firewalls are not fire and forget solutions again when you start doing firewalls when you start administering firewalls on your network and your infrastructure what you should do is set up your firewall set up your software firewalls and then basically sit by the help desk and wait for the trouble tickets to come in and then deal with all those trouble tickets and once everything's working again then you go to the next set of firewalls and you go to the next set of firewalls and you go to the next set of firewalls right there there's others always whenever you deal with firewalls there is always going to be unanticipated problems um and so like with anything you just you just get the time for it so i'm gonna spend an hour setting up the firewalls and i'll spend the next seven hours fixing all the problems that were created when i set up the firewalls as long as you understand that's what's gonna go on you'll be fine uh antivirus uh anti-malware anti-spyware again even in 2021 for for some stupid-ass reason many times these are different products uh but some of the things to be thinking about with this kind of stuff is is it free some of the big problems you run into especially with organizations especially with businesses is there's a lot of software out there that is presented as free this is free eli i don't want to spend 50 for kaspersky i want to use a free solution because i'm smart i'm a ceo and the way i became ceo is by not spending money on things i don't need to spend money on whatever problem is is a lot of the licensing again remember as a as a decision maker as an i.t professional your job is to understand licensing as much as anything else a lot of the licensing and what you'll notice is that that free licensing is for personal and family use only not for business or commercial use so i actually grabbed this as a screenshot from avg from two days ago so as of 2021 avg is not free for business for commercial use and so one of the things to be thinking about when you're using these antivirus solutions and people want to use to use the free stuff if you're using it for home or whatever hey go for it but if you're using it for businesses one of your responsibilities is to make sure you are using software legally and how it's supposed to be used so do be careful that whole free thing go and take a look look at license some of the licenses are free clam av you know if you want to use it i wouldn't use it i don't know if you want to use clam av i think that's free for whatever the hell you want to use it for but anyways make sure uh then when you go out there to buy antivirus and a malware out of spyware do you realize there's a difference between retail and corporate edition so a lot of people go out there a lot of business people go out there they go to staples or office depot or whatever they grab the lightest norton box of norton they take it their office and they install it on three computers or whatever else if you're in a small environment that's not a big deal right if you're in an environment with five computers or ten computers using retail editions of software still probably isn't the best way to go but it's not the worst way to go either it's just it is as it is one thing to realize though is if you go with corporate editions of software just like active directory there's things like management consoles and configurations and all kinds of nice fancy stuff they give administrators to make it a hell of a lot easier to administer your your security software and so that's something to be thinking about again if you have a large environment again any more than 10 for the most part do some research but basically any more than 10 you should really look at getting the corporate editions of your antivirus you know your security software because again they give you things like management consoles they give you ways to schedule things they give you ways to deal with configurations for your entire infrastructure not just for individual systems and also from a licensing standpoint you just get licenses for however many computers you're putting the antivirus on right so if you have a retail license if your computer blew screens of death and then you have to wipe and reload it and reinstall everything you may have some issues with all activation and keys and all that kind of crap because you're dealing with a retail license whereas if you're dealing with a corporate edition worst case scenario it'll simply phone up to to to you know the vendors the vendor servers it'll say okay i'm you you know i can see that 10 licenses are currently being used and they bought 10 licenses and everything just works a hell of a lot easier one of those things to think about uh configurations and issues uh one of the big things i would argue with a lot of the antivirus and malware anti-spyware software is they all have problems they all have problems i like beating up on norton simply because i made so much money on norton i quantum valuably made a crap ton of money of norton internet security suite as a fact you can't sue me for facts norton um but the reality is all antivirus all security software has their quirks uh mcafee again back in the day we use mcafee don't look at me that way don't look at me 2008 2008 mcafee was different now i'm talking about 2021 mcafee about 2008 mcafee we used mcafee mcafee had weird configuration problems kapersky had a weird configuration problems so trend micro and all these different things right all antivirus all security software they have their quirk their technology products they've got their quirks one of the things that i would recommend is basically you find one vendor of security software and you basically stick with it until there's a real reason to change so back in the day when i had my company with my employees all that we installed a crap ton of mcafee again dude mcafee from 13 years ago do we play mcafee from the early 2000s not whatever happened to it after intel bought it which is weird you realize that when intel bought mcafee mcafee got quantifiably worse just ah you deal with that as you will anyways but one of the reasons is back then you know every year you know uh pc you know whatever cnet or psn pc news or whatever would come out with their rankings for antivirus software and so norton would be one of the top three mcafee would be one of the top three and then every year a new competitor with cycle three kaspersky trend micro whatever else but that was the thing mcafee was always in the top three sometimes it was number one sometimes number three but it was always in the top three so by simply standardizing on mcafee we knew we had a pretty good security software back then back then in the 2000s and my all my employees knew how to deal with it they understand the quirks of the software they understood the problems that came up and so then they were able to troubleshoot relatively easily when those problems came up so think about standardization and then also something to be thinking about when you're thinking about all this is that there's anti-virus software and there's anti-mouse aware software and there's anti-spyware software so when you go to buy the software many times you can have full security suites where they come with antivirus spyware firewalls backups the whole nine yards or you can buy those products individually what you decide to do is kind of up to you one of the things that i will say with these suites is many times vendors do something really well and a lot of other things really poorly so you might want to mix and match but that's your decision uh then we're talking about antiviruses uh one of the systems one of the cool things you might want to think about is an antivirus firewall so this is a firewall from barracuda that's really cool so basically what this firewall is from barracuda is all of your network traffic goes through this so basically you have a router and you plug the router into this then you plug basically this into your modem or whatever so literally all traffic coming into or out of your network is going through this barracuda antivirus firewall what's cool about this thing is that it's able to look at every single file going through and see if the file matches what it thinks are viruses so email is able to read emails on the fly it's able to read files on the fly anything that it detects is a virus it just flushes and it logs and so one of the nice parts here is if you forget to update virus on antivirus in some of your systems if some of your systems are not up to snuff as far as patch management is all that can is concerned this can be a layer of security for you to try to prevent you know problems on your network one thing again things to be thinking about with cyber security is having a layered approach to what you're doing you have a whole bunch of layers for security so if any one layer of security fails another layer should try to try to protect you from what's going on i was talking with the barracuda folks a number of years ago with this and i thought it was actually kind of cute because for a while they actually trusted barracuda actually trusted their antivirus firewalls to such a degree that they didn't even have antivirus software on their computers they trusted their barracuda anti-virus firewalls so much that they decided we're not even gonna put anti-virus software on our regular computers and so they did that apparently for a while until somebody realized that was incredibly stupid like hey what if somebody comes in with a virus on a usb stick so i don't know just something to think about uh somebody brought up the whole thing with ssl in the class last night director's cut here with the ssl one of the interesting things is this says that it breaks ssl advanced features ensure that organizations adapt to emerging requirements like social network regulation remote filtering and visibility into ssl encrypted traffic so one of the reasons that i bring this up and i thought this was interesting with the conversation that i was having last night is i don't know everybody's all like ssl crazy right now you don't need a vpn just use ssl ssl will save us all all i'm going to put out there again for the whole cyber security thing to be thinking about so i've been looking at a lot of product products and i've been looking a lot of projects that i want to do for silicon dosa in the future and i just this whole concept of visibility into ssl encrypted traffic this this has actually come up a number of places again i can't do a class on it quite yet i can't do a class on it quite yet but i'm not quite sure ssl is nearly as secure as people think it is there's some stuff with like caching servers so again i'm really interested in caching server so caching servers is where you store basically if somebody goes out and download something like a windows update when another client on the network needs a windows update instead of going all the way out to microsoft it can just pull it from the cache server there's some interesting stuff with basically cache servers breaking ssl and all i'm going to all i'm going gonna say with this is again it's like i haven't done enough research i've been busy with other things with breaking ssl i'm just gonna point out i don't think ssl as security people think it is i was just saying uh anyways well be careful now but anyways uh servers let's talk about servers for a little bit uh one of the big things with servers one of the things i love is active directory um active directory is absolutely awesome to me a lot of people out there are like blockchain as excited as so many people are about blockchain and cryptocurrency that's how exciting i am about active directory that's the kind of cool kid i am active directory is absolutely amazing especially in enterprise type environments basically it's a centralized account and permission management system and it's well worth the money that you're going to spend with microsoft a lot of folks out there have a little hissy fit it's going to cost anywhere between six hundred or thousand dollars per active directory server plus about a fifty dollar per cal client access license so every computer that's gonna be accessing that active directory server but this gives you one centralized place to deal with your permissions to deal with your security deal with your users to deal with your groups it has so much functionality to it it is absolutely and utterly amazing if you have just individual systems running around your network you really may think want to think about upgrading to active directory not only that with windows systems windows gives you everything including the kitchen sync with their servers so if you need vpn services routing and remote access is built into active directory servers and so your vpn services have active directory already built into them uh print services file services all kinds of network nik teaming and all kinds of amazing stuff are built into microsoft servers so this is something to think about i know a lot of the younger folks out there think microsoft is like old that's what those all people use and look look uh credit where credit's due yes outlook is old we have moved beyond outlook i i will admit to that outlook was like the iphone for my era it was absolutely amazing activesync was great i get it outlook and experience servers are no longer the cool thing but i will tell you microsoft does a lot of really good products active directory is one of them and something you should be thinking about for your network if you do have a small network though one of the things you might think about is more server type devices so i have synology here qnap drobo i actually have experience with all these types of nas type devices and so in these nas's they're called network attack storage and so for a long time all they were storage basically just file servers right easy file servers you could put on the network uh time has moved on 2021 at this point and so these file servers actually have a hell of a lot more capability than they used to have uh they have full-fledged web servers on them they can have database servers on them they actually have their own app stores just like your iphone as an app store like qnap and some of these things actually have their own app store so you can install mongodb and all kinds of wacky things one of the things you might think about is if you have a small environment or if your environment really doesn't do a hell of a lot maybe you just have max if you don't want active director you just have max you might think about doing one of these server devices uh from a security standpoint um they have a lot of security built into them they even have things like high availability so signology the the two uh synology nas units i have have high availability what that means is you have them both up and running if one of them fails the other one takes over being the active server and your users don't even realize anything occur right so if some power supply fails a hard drive fails something like that the entire box uh takes over responsibility uh and users just keep doing whatever that is that they're doing uh drobo is kind of cool it has something called beyond raid so let's say you have a file server you're storing files and at first all you need something like eight terabytes of storage so you throw in you know eight one terabyte drives as time goes by you need more and more storage the nice thing with beyond uh beyond raid is you simply literally just pull out a hard drive you pull out a one terabyte hard drive and you shove in a 16 terabyte hard drive and beyond ray does all the auto configuration it'll take a long time because it's 16 terabytes uh it'll it'll put that into the beyond raid array and then you will now have all that new storage so if you need a device in order to upgrade storage as you go drop might be one of the ways to go qnap so again this was one of the big things so people asked me in the class last night they're like well which one do you prefer i'm like oh oh you're not gonna do that one too man and i owned robo i owned robo and for storage solutions i think drobo is the best performance you don't always get the best out of drobo but just for pure storage drobo is great uh signology um i like scientology again have signology too high availability is absolutely awesome probably out of all of these i would actually go with signology realistically at the end of the day um qnap yeah qnap yeah so so basically qnap uh user interfaces are basically designed uh by linux administrators that barely know english here's a problem with qnap qnap is actually very good products once you figure out how the hell to use them uh the way that i explain it is qnap actually sent me this really cool device i was so excited to get this device right so basically this device what it is is it has a 16 power over at the 16 poe ports uh it has a full-fledged server built into it uh so you can you can like do virtualization you can build your own server the whole night is built into the device and then it has its own q os or whatever the hell it's called with its own functionality right so basically you get this one box that has power over ethernet it has the ability to create your own server plus it has you know the qos and all the functional functionality that comes with that like what could be the problem there here's the thing they basically digitally duct taped everything together so every single one of those components has its own login screen oh you need to get on the switch that has its login screen oh you need to get into qnap qos or whatever the hell it's called that has this login screen oh you want to get in the server component that has its login screen it is so duct taped together that if you want to access like the server from a network device that's plugged in the poe switch you literally have to plug a port from the poe switch into it into the port on the server that's literally physically sitting on the exact same box and so that's the problem with cuna is that the q amps bad oh the user interface design is horrible you almost wonder if you're getting punked like when you sit there and you start to try to configure for qnet you're waiting for like ashton kutcher to like pop out punk like it should not be this difficult that's the cruiser pops up so one of the big things uh when you're when you're thinking about cyber security is resiliency and basically up time for all of your systems a very important thing to be thinking about is high availability if you don't have high ability very high availability built into your infrastructure right now you should definitely have it basically the idea with high availability is that you have virtual machines generally virtual machines that are running on different pieces of hardware if one piece of hardware fails all the virtual machines migrate over to a different piece of hardware and everything keeps running and the users don't even realize what's going on uh you can do this with hyper-v you can use this with vmware synology actually has lots and lots of companies have a high availability and basically the idea here is that the entire physical machine can fail a crackhead and steal the entire physical machine and the other physical machine will just keep on running right along giving all the services to the end users again a big thing to be thinking about back in the old days was not losing data like the the thing thing we used to worry about was losing data right that was the the primary concern we had nowadays the primary concern is is keeping the data available keeping the services available for your users at all times if you have data that's somehow stored in a hard drive and stored in tape drive or something like that even though you have the data it's not accessible it's not usable to your end users and for them for that period of time it's actually worthless if you have something like high availability entire machine fails everything flips over the new machines you can keep riding along basically now now you can figure out how to fix this physical machine you can sit there with a cup of coffee you can sit there you can do your google searches you can you can figure out what vendors are selling the the parts you need at the white right price you can wait you know seven days for them to ship you the part for economy rate shipping and it's all okay because all your systems are running fine right your users don't know the difference which is a hell of a lot different than if you know your system fails you have the backup but now you have to you have to physically fix that system in order to restore the backup onto the system and all the time and energy that that's going to take along the same uh same ends again as i would say back in 2000 we were very worried about backups tape backups all that kind of stuff in the modern world i would argue disaster recovery is where really where we need to be thinking about and with disaster recovery scenarios the idea is how can we get usable systems up and running as fast as possible this is with veeam so veeam i like veeam veeam is a very good product i think is definitely something that you should be looking at for your infrastructure and what's cool with veeam veeam is basically a backup solution it backs up from a vmware hyper-v whatever the hell newton mix is windows server 1x nas is the whole nine yards but the cool part is uh is that it backs up into a virtual machine so when it backs up it gives you a virtual machine that you can spin up just like any other virtual machine that's not the coolest part about it the coolest part about it though is that veeam has third-party partners that basically they provide disaster recovery as a service and so you can back up as a virtual machine to these cloud providers if a wildfire comes through and melts down your entire server room you can spin up the virtual machines within their environments start providing services to all your users all your customers the whole nine yards all your systems are running providing services blah blah blah and you now can figure out how to rebuild your server room at your own leisure of course when you spin up all these servers up in the cloud it's gonna cost you a couple of dollars this is not necessarily something that you want running for a year or whatever but again all of your systems literally get melted you come in you spin up the virtualized instances that were backed up to the cloud you spin them up you make sure that they're communicating properly you change a little routing or whatever else and within an hour from within an hour of your infrastructure literally melting your infrastructure is now working up in the cloud doing what it needs to do disaster recovery scenarios is the big thing for the modern world uh then we go to networks um a big thing to be thinking about with cyber security is layered networks so we did something we did something about 15 years ago that we realized was a stupid idea so there is something called convergence you may have heard of convergence they've stopped talking about it quite so much as they used to the idea with convergence is back in the day computers and telephone systems and access control systems and surveillance systems the whole nine yards use entirely different ways of communicating so computers use cat5 cable and tcp telephone systems use cat 3 cable and digital communications surveillance systems used basically coax cable and analog communication right so basically although these may be computerized devices they may have programming and all that kind of stuff in it how the communication was done the media that was actually being used all of that was entirely different so you know 15 or so years ago voip became prominent people started creating ip surveillance cameras the whole nine yards and folks realized hey if we're going to wire up a facility it's a lot less expensive to wire up a facility with the exact same type of wiring and equipment versus all of these different types of equipment so let's just have a what's called a converge infrastructure so let's have our voice over ip phones and our computers and our surveillance cameras and everything running on the exact same network oh daby wonderful yeah that was great that was great until people started misconfiguring uh their surveillance cameras so you know again 15 years ago most of us were on 10 100 switches at that point gigabit switches were not something that was really standard at that point in time but we did have surveillance cameras that could pump out a lot of data so 1080p cameras or even higher megapixel cameras 12 megapixel cameras some of these cameras would pump out 10 megabits per second maybe 20 megabits per second and so when you have cameras that are able to capture in very high resolution and you have networks that are only 100 megabits per second one of the things that you do is you push what's called intelligence to the edge so with these new computerized cameras uh what you're supposed to do is you're supposed to go in you do the configurations so that the camera will only send back high resolution video when it's necessary if you see motion between these two time periods send back video if you see motion within this sector of an image actually send back video to be stored right you're supposed to do all these configurations well supply supplies supplies you send out a junior junior level sysadmin uh to set up all these cameras within your facility because hey you don't want to do it you're a senior level admin and you give them the configurations that they're supposed to use in order to set up all these cameras and the junior admin doesn't do what they're supposed to do they forget to hit the apply button at some point so these cameras instead of sending video only when they're supposed to send video which will be fine for the entire network you now have 16 or 32 cameras all sending high def video back to their uh their nvr network video recorder all at the exact same time and basically the network comes to a halt because all the bandwidth is being used for streaming these video files back to the the video server so we realized back then is having a fully converge infrastructure was just stupid it would just do it no so what we started doing is start building what we call parallel networks so with these networks they still use tcpib they still use ethernet they still use switches they still use routers the whole nine yards but the idea is okay we're going to have a voip network we're going to have a surveillance camera network we're going to have our normal pc network and our access control network and all that basically down at the bottom they're all going to be connected with routers so that if somebody needs to access one of the networks you know from something else they'll be able to do it but otherwise they're segregated if your surveillance cameras start using all the bandwidth on their switches that just brings down the surveillance cameras it doesn't bring down everything else right one of the things i'll argue in the modern role to be thinking about is to start taking this concept of parallel networks or layered networks uh to a much much larger degree right remember if if a attacker is able to get into your network they are able to attack anything that they can see well here's the thing if an attacker gets into your network and they can see a thousand targets that means they can attack a thousand targets and if you've got a thousand targets most likely some of those targets haven't been fully been updated some of those targets have default usernames passwords the whole nine yards your whole system can compromise relatively quickly so something to be thinking about is segregating off your different systems again your voice over ip your your telephone systems put them into their own network their own subnet their own network have a router have a firewall your your uh your computers again put them in here on the network have it have a router have a firewall computers on different floors of your office why should a computer on the third floor of your office be able to see a computer on the fifth floor of your office remember you're sharing files through a file server individual computers don't necessarily need to see each other so why can they see each other segregate those off so they can't so if somebody's able to compromise a computer on the third floor of the office they can only attack the computers that are on the third floor of the office again surveillance cameras when you think about your web servers a big thing to be thinking about is again like why why can somebody access the root directory over the network of your database server ms equal mysql mariadb mongodb whatever it is one of the reasons is ransomware attacks happen is when normally when you think about permissions you think about the privileges on the database itself what is a user on the database able to do are they able to create tables you know delete tables add things whatever else one of these they don't think about is what what if an account just simply has access to the root folder that the database is stored in and they just encrypt the root folder that's what's happening with a lot of these ransomware attacks and so one of the things to be thinking about is what why can somebody access through smb smb is a server message block it's it's the protocol that's used in the in the windows world to do file transfers and all that why is somebody able to access the root directory using smb uh off a database server on the network that sounds what i would call stupid so you set up a firewall system you have a layer network so your database servers are within this layer it is separated by a router by a firewall and the outside world is only able to communicate with those database servers on the specific ports that you say that they're allowed to communicate on and only to the appropriate clients again let's say all of your unless you have web servers right so you have a web application you have your web servers apache nginx you know iis whatever you're using and you have the database servers over here so one thing you can say is okay the database servers can only be communicated with by the web servers on these specific ports and then they're completely segregated off so even if the system administrator down here their account is hacked while they're logged in as a system administrator if they're not able to actually access with their with their computer the database servers of the time those database servers are going to be protected so something to be thinking about is how can you layer your network so that it's all defended against again when you go back 15 years doing this kind of thing was expensive gigabit switches were expensive routers were expensive firewalls were expensive everything was freaking expensive here's that thing that whole that whole you know naked in the dawn of a new age technology is not that expensive anymore this is ten dollars this is a full flight this is a full-fledged computer it's a raspberry pi uh one gigahertz 512 megs of ram uh you can put like up to a terabyte of storage in this thing got a full wi-fi stack that's ten dollars equipment is not that expensive anymore routers are not that expensive anymore switches are not that expensive anymore creating very you know very different you know spread out or whatever um layered networks at this point it's not actually that expensive from my hardware standpoint it takes time it takes energy it takes caring to do it but actually getting the budget to do it shouldn't be that difficult so one of the things to be thinking about uh one of the other things we consider here is uh vpns or not magic so again with that whole that whole moving to the remote worker architecture vpns will save us again a lot of folks from administrators from 2005 they really like their vpns here's the thing here's the thing about vpns what does vpn do virtual private network it makes the computer that you're in front of in wherever you're at logically appear to be within the local network so if i am in shanghai if i am in houston or wherever else i connect with my vpn i am able to access the internal network of my organization and i'm able to see all of the servers all of the resources that are on offer i can see the exchange server i can see the teamspeak server i can see the oh i don't know the active directory server micro all that kind of stuff is there and so here's the thing if this person's computer is compromised because you know it's late at night it's they have jet lag they've had a couple too many beers they can't go to sleep they decide to use their computer for things that they're not supposed to use their computer for and they get it infected like they do like they do well when they wake up in the morning with that hangover and they connect and turn into the internal vpn whatever their computer has been infected with that can now see the entire internal network does that make sense no not in 2021. so again we talk about these layer networks it's the kind of stuff we think about the other thing to be thinking about is okay so we say well we're going to use a private vpn services right so we're worried about wi-fi we're worried about um if we uh if we access the internet using the wi-fi the hotel or wi-fi uh you know that coffee shops or whatever else so we're going to use a vpn service tunnelbear or whatever else don't get me wrong but i just grabbed tunnelbear i actually like tunnelbear one of the things is there's this idea that vpn services again they're magic eli vpn services protect your network traffic haven't you heard all the youtubers tell you that surf shark is amazing look i like midnight's egg i like midnight's edge just like everybody else likes midnight search arc advertisements are getting ridiculous here's the thing nothing is magical here nothing is magical one of the things to be considering so if your user uses one of these public vpn services surf shark nordvpn tunnelbear i'm not beating up on any particular company one thing you have to realize is you don't understand what their infrastructure looks like this is basically an intentional man-in-the-middle attack all of your traffic is now going through their servers and you are trusting that it's secure in the ways that it's supposed to be realize realize there could be something right on the other side of their servers harvesting all of your information and you have no idea what it is again this is very important to be thinking about if you have regulatory compliance pci compliance hipaa compliance you know some kind of a security compliance you have to deal with with the government this could become a big issue the final literally the final slide that i'll show you today uh there's a there was a ukrainian vpn service that forgot to encrypt their traffic yeah no lie apparently ukrainian police were able to access the internal infrastructure and grab a whole bunch of vpn traffic because they didn't know how to administer their own vpn service tunnelbear is not magic so it's one of those things to be thinking about from a security standpoint how much you trust this again that's where you that's where you think about like with vpn infrastructure is if maybe your users are going to need a vpn service you set up a windows uh routing and remote access server with your in your infrastructure but you have it basically segregated into its own little world so that people can then only bounce out to the internet so i connect to my company's routing remote access windows router remote access server and then from that server i'm then able to connect to salesforce right so therefore i have the vpn security because i'm connecting to our server and then hopefully i have the peace of mind if at least imagining that my server room is secure so that when the traffic bounces out to the internet it's a little bit more secure these are these are some of the things that you really need to be thinking about uh beyond that dns dns is an incredibly valuable tool for cyber security i have a whole class dns for cyber security i did before like two hours talking about this crap but there's a lot of stuff with dns pie holes are really useful so one of the big problems right now with hackers not really with hackers it's really with these ad management companies so one of the things i've actually run into is where hackers try to install viruses or malware or whatever onto your computer literally through ads on a web page right you go to a webpage and that web page is actually made up of many different web pages all those banner ads are more or less their own individual web page and if they're their own with individual web page they're able to try to try to fire off scripts within your browser and cause all kinds of havoc right and so with banner ads not only are they just annoying and take up resources but they can also be vectors for attack so if you have something like a pie hole so what a pie hole does is a dns server that actually has a lot of black lists basically has a black list for a lot of these advertising companies and all that kind of thing so when dns tries to resolve to these advertising companies it just it just basically uh it kills it kills that connection so it's not able to resolve so pi holes can be very useful open dns again if you're worried about your users going to inappropriate sites there's a lot of reasons in the modern world you should be worried about your users going to an appropriate sites not just from a cyber security standpoint like a standard cyber security standpoint but we are in we're in the me too era then again not to not to be snarky on that or anything right like what what happens if your employees are going to porn sites on the clock if i told you how i feel about employees i can't wait till i'm successful enough to have to have employees oh employees anyways open dns is a service they have free services they have enterprise class services what's really cool is you can use them you can actually configure what should be allowed and which should not be allowed to be resolved using dns and so you can have it so it'll only try to filter out malicious dns going back to malware or advertising that kind of thing or you can have it filter out everything including facebook and sex sites in the whole nine yards so basically you can use opendns as a security component so any anytime a computer on the network tries to resolve to one of these sites it just crab cans it uh and then one of the things to be thinking about on your internal network normally if you have an active directory network you'll have this is reverse dns so one of the problems you can have on your network is spoofing so basically the idea is a server pretends to be a server that it's not so if you can somehow convince a one of your local computers that the ip address of a server is a different ip address than it should be then all of your traffic may go to the wrong ip address right so imagine you have an internal web website for some reason and then there's logging credentials there if somebody's able to access your internal network screw around with you know like maybe the host file setting or something like that one of the problems you can have is is instead of going to the server that's your your clients are supposed to go to they'll get redirected to this hacked server and then it might try to harvest credentials one of the cool things is you can do is reverse dns so normal dns resolves a host name or a fully qualified domain name to an iep address so that's one way what reverse dns does is it then resolves an ip address to that host name fully qualified domain name so basically it goes through and it says okay i need the uh the ip address for server it'll give 192.168.1.10 and then i'll say okay i've to got 192.168.1.10 want to resolve to what that host name should be and then it might be something entirely different and so if that fails out then the communication will fail out so one of the things you should take a look at with dns especially on the internal network is something called reverse dns uh past this uh here's something really cool and again this comes i think this is really awesome coming back from my military or whatever experience again when when i look at an infrastructure i own the infrastructure it's my bias that's how i think about things one of the really cool things is uh products from this company called live action so i actually have an interview uh from from one of the engineers a company called savious savvius was purchased by live action and what live action allows you to do is you're able to access real-time and historical forensic analysis so this is pac packet capture software and hardware that can just ingest everything somebody asked what's the difference between live action and wireshark and it's basically the hardware this this this stuff can ingest in like 100 gig network everything that goes through the network this thing can ingest and so basically what it does is all the all the data going through the network it stores that onto its storage arrays and then what's really cool is if you have a problem in your network or if you're running into issues you can go back and historically literally see what happened on the network who did what and how an event transpired right so if you have if you have a server uh where a ransomware attack happened right so you so this server got encrypted by ransomware what you could literally do is you could go back to the moment that that server was encrypted by ransomware you could then see all the communication to that server the commands and everything else you could then track back to the host system that communicated to do the encryption you could then see basically what what that system was communicating and how things were done you can see what websites it went to you could actually see it pull down that the ransomware virus or whatever else and that way you can actually go through and track all of the events that occurred uh for for the the you know the problem to happen um and so this is something that you might think about again if you've got large infrastructure and concern about it is what's really cool here is you can go and you can see exactly what is occurring and so especially for small problems right a lot of times you have small problems on your network before you have the big problem before your database server gets ransomware um before that you probably have a lot of other weird stupid things going on but you may not realize what's occurring you may not realize one of the sysadmins is doing stupid things on the internet logged into their computer as as a global domain admin and so when they're messing around looking at whatever sites they're looking at all of a sudden they're downloading these viruses in their malware and that's going out and it's causing small problems well right now it's causing small problems if you can backtrack and figure out why those small problems are occurring then you might be able to prevent the larger issue from happening one of the big issues one of the big things to be thinking about when you're dealing with your internal infrastructure is to disconnect unused network ports again a lot of people don't want to do this this is dirty tedious work so whenever you're dealing with a switch right whenever you're doing a switch each port on your switch just gonna probably cost about fifty dollars so if you have a 24 port switch i don't know it's gonna cost you six or seven hundred dollars if you have a 48 port switch it's twice as much as that 100 switch twice as much as that 29 yards here's the thing when you go into a facility and you see all those little net network ports on the walls so you go into an office there's always little different panels with network ports you don't want every one of those ports to actually be active because most of the time they're not used right you walk into an office that office may have eight network ports but only a computer plugged into one of them right so you don't want to have seven additional ports on a switch connected to those wall outlets because they're just never gonna be used so what happens is basically you have the ports on the wall and then as you need them to be used you connect the patch panel that corresponds to the port on the wall to the switch and then that now becomes active one of the problems especially with old infrastructure is people move their their offices around people move computers around people come people go you know printers come printers go and so ports on the wall are connected and then the administrators never bother to disconnect them again a big issue that you can run into with a 10 computer or a computer like this is if a nefarious individual can come into your environment they can basically they can get it so this is azul tech well shout out to zultek they make good things this is a full-fledged computer it's a full windows 10 computer got networking the whole nine yards anyways uh imagine a nefarious actor comes into your environment they put a verizon sticker on this or a quest stick or a t whatever isp is in your local area they put that sticker on this they walk up to a port they plug this thing in they see that the lights are blinking and so they suction cup this to the wall or they put it in a very efficient looking manner and then they walk the hell out they were now able to connect to the internal network they were now able to connect a device to the internal network and now this device is going to sit there doing whatever the hell the nefarious person wants it to do basically forever to be honest with you and that can be a big problem and the reason they're able to do that is that ports that should be disconnected back in the patch panel are still connected so that's a big thing again it's just one of those things you just gotta go through and you know do some uh oh do some cleanup every once in a while uh let's look at some tcpip based solutions um one of the things that i find interesting in the modern world especially with web applications is why so many of these things allow me to access the applications from china again we look at a lot of hacking events i don't understand why they care right hey look your twitter account was hacked by somebody in the philippines well here's the thing uh ip addresses so this is an api there's something called ipgolocation.com they've got a free api anyway with basically a very simple api call you can get the geolocation of ip addresses uh so you plug in an ip address it tells you it's in asheville north carolina united states the whole nine yards right so if i'm an american user i'm an american user i'm in the u.s i've never been to the philippines here's an interesting question why is somebody able to access your systems from the philippines if you are a local company in north carolina i can see you saying okay everybody in north carolina should be able to access these systems but why are people in texas accessing these systems are people in mexico being able to access these systems are people in france being able to access these systems if somebody tries to connect to your server you have an api call that sees where that communication is coming from and it's not where you want it to come from and you just crap cannon you just kill the connection then you don't have to worry about the brute force attack if your systems refuse to allow the connection from a user in france or philippines or the china then your systems can't be brute force attacked and so this is something to consider again this kind of technology has been around for well over a decade at this point very robust very useful very inexpensive and so one of those things to be thinking about uh this can be built in or they can be added to normal servers windows servers linux servers the whole nr's ipvan so i used ipband a number of years ago i think i actually did a video on ipband a number of years ago i haven't used it for a while but basically using that exact same technology you're able to do things like ban country so country block list easily block out entire countries list is updated daily automatically again if you're worried about the chinese hackers how about not allowing people from china to access your systems i guess i am yes and and you've got all kinds of stuff in here so you can you can add ip addresses you can block entire countries you can block regions uh all kinds of different stuff here so again one of those types of things if you think about through things fail to ban so failed to ban is actually can be used for apache might actually be able to be used for indianapolis ii so if you have a web application and things like wordpress or some kind of custom web application that your people are using uh basically what this does uh is it bans ips that show malicious signs too many password failures seeking for exploits etc basically what a fail to ban does is it ties directly into the firewall on your linux machine and so if an ip address does something stupid too many times it simply blocks within the software firewall and the connections drop again somebody tries to log in to the same account 10 times fails out 10 times just kill that ip address all right the security stuff really isn't that complicated i swear uh cloudflare i bring this up i don't know how i feel about cloudflare i'm not sure if i'm supposed to say that cloudflare is amazing i don't know so cloudflare is supposed to protect your web applications and all that kind of stuff from ddos attacks so ddos attacks are distributed denial service attacks so bots basically try to attack your web applications for whatever reason cloudflare is supposed to provide robust solutions to keep your websites up it doesn't work that well right so malicious attacks boss ddos basically using cloudflare cloudflare is a content delivery network they have this whole thing where if you use cloudflare it's supposed to make your web applications ever so more robust that's what they say every time i've used cloudflare it's it's made my web applications less stable and not only that like when i go to many sites that use cloudflare those sites seem a lot less stable so cloudflare is one of those things to be very careful about again whenever you look at using a piece of security software there's the pros and the cons right so if you have a website that is getting hammered then using cloudflare makes a lot of sense right maybe you have a political website if you have a religious website maybe whatever you're getting hammered by ddos attacks using cloud fire may protect your system right so any problems that cloudflare may present though those are those are not as bad as the problems that you started with the issue that i see is if you have a site that's not getting hit the high hell and back by boss and ddos cloudflare seems to me my opinion don't sue me seems to cause more problems than it's worth that's my opinion somebody think about it uh ssl so ssl is big especially now that more and more companies are basically creating their own web applications so either internal web applications or whatever else they're hiring coders to go out and buy build custom solutions for their company basically what ssl secure socket layer and what it's supposed to do well what it does let me be clear what it does is it secures uh where it encrypts the traffic from your web browser to the the web server that you're communicating with so when you're communicating all of that traffic is supposed to be encrypted um this can be valuable especially in the modern world with like web applications so if you're communicating with internal web apps one of the problems is a lot of times for internal web apps people don't set up things like ssl because they consider it internal so all the traffic on in your internal network may not necessarily be encrypted and so if somebody's able to put a device in your internal network and sniff all the traffic we're going by it's amazing the amount of data that they can get so using ssl for even internal web apps the whole nine yards makes a lot of sense let's encrypt is actually a free ssl certificate system every so many days i guess 90 days or 30 days something like that basically it has an auto renew feature so an s with ssl you get a certificate so basically this certificate basically means you're the official whatever else it allows for encryption allows for the decryption one of the problems you can run into is if a nefarious actor is able to get a hold of that certificate they can they can decrypt and they can cause problems for you one of the big things is these certificates ssl certificates should be renewed periodically so if you go out and buy an ssl certificate godaddy one-on-one whoever else vera vera whatever basically with that you can renew your ssl certificate basically whenever you want no the issue is a lot of people don't right they get their ssl certificate and then they use the same ssl certificate for five years problem is if that ssl certificate is compromised somehow a year into it then that's four years of people being able to read traffic and do stupid things with that ssl certificate the nice thing about luts and crypt is even if your ssl certificate is compromised periodically it auto updates the ssl certificate so the old ssl certificate gets retired your systems have a new ssl certificate so therefore basically your everything should be secure again so that's one of the benefits of let's encrypt an ssl so final thoughts whoo thank golly it's it is hard to do these classes back after i do this whole class last night and i wake up in the morning to this whole class again i am really gonna enjoy my beer tonight when i go go get my beer anyways so some final thoughts auditing and pen testing so a lot of times in the modern world when we talk about cyber security we have everybody wanting to run out and get get to become you know certified pen testers one of the things that i would say for a lot of companies for a lot of organizations one of the first things that you should do is basically you should do your own auditing and your own pin testing which basically means poke your own system you know what your systems are supposed to do you know what your systems are not supposed to do so every once in a while just grab a cup of coffee and on your down time see if you can do things that you're not supposed to do on your systems that's the thing right if you hire a pen tester the pen desktop doesn't necessarily know your infrastructure doesn't necessarily understand everything that's going on and so realistically you might actually miss vulnerabilities in your network simply because this is not their normal job they pen test this company and they pandesas company and they pentest this company they're not they're not with your company for for eight years they don't know all the systems they don't know all the weird things and so one of the things is if you just sit there and you just sit there and you poke and prod you know you spend 15 minutes every other day and you poke and prod your network uh you might be surprised at all the all the problems that you find one of the big things that i would say is scan your networks for orphan devices again nmap whatever solar winds whatever network scanning software that you want to use one of the big problems is a lot of times on networks there are devices that are just forgotten about sometimes there are servers they're just forgotten about right i remember walking into a server room they're like okay this is the active directory server and this is the exchange server and they had actually an antivirus server it's a norton antivirus server for some reason um there are three other servers that were running these servers were still running they were still active something was occurring the little hard drive was going they had no idea what those servers were somebody had turned them on years and years before and they just kept doing whatever the hell they were doing that's a problem uh many networks have a lot of orphan devices on them that all you need to do is go out and unplug them again old you know hp direct print servers i bet five dollars one of you people if you go out and you actually take a look at your network you're gonna find some dusty grody disgusting ass hp get direct print server that still is blinking away even though no printer has been connected to it for the past 15 years right going out and just doing that basic type of work schedule cleanup days nobody likes to do clean up everybody needs to do cleanup schedule days to go out actually audit all of the ports on the wall make sure that they're no longer active actually go out audit all the user accounts make sure you know a user account you know actually maps to a bud and a seat actually go out and do this type of work just schedule a day every week every month we're gonna have one day of cleanup day and before you say anything i don't care every infrastructure needs a day a month to clean up even if it's just going through and just making sure again you're going to do like a network uh network closet making sure all the wiring is where it should be right if i come into a network closet and i'm trying to do troubleshooting and i pull the wrong cable that can cause problems a lot of reasons people pull the wrong cable is because it's a rat nest of cable and they think they're tracing the right cable to pull it out of the switch and really they just pulled out the active directory cable right all this work needs to be done uh might say poke and prod your own systems uh one of the next things to be thinking about is who's using your company computer you know cartman from the days of world of warcraft it's kind of funny thing you know that's like a 10 year old that that uh that episode might be over 10 years old at this point but anyways one of the big things to be thinking about in the modern world is you give this fancy computer uh to your employee and you have enough problems you have enough problems trying to keep your employee from stumbling napster on the darn thing um what happens when the employee's kid starts doing whatever the employees get like you know how bad it is with whatever the employee is doing with the company of you have you thought about what the employee's kid is doing with a company computer all kinds of bad stuff not only that like that kid might be want to be a wannabe hacker or a wannabe cyber security expert daddy i'm gonna prove to you how smart i am i'm gonna show you how vulnerable your company computer is all of a sudden your employee's kit is trying to do unauthorized penetration testing on your network and fun can ensue so one of the things to be thinking about is again who is actually using the company's computer especially again when people are now working from home so you have kids that might want to use the computer you have spouses that may want to use the computer people that you weigh in no way in hell do you want them touching the system and all of a sudden you now have different threat vectors from these different users of the system and so one of the questions to be asking yourself is how can you try to prevent that type of thing like one of the things that you might want to do is uh they're like e-biometric systems so there's an idea of continuous authentication and with this is you log in so you normally log in you log in with the password you log with the fingerprint whatever else so normally when you do that you do that and then you were logged in for the entire session there's additional software you can add to computers to continuously authenticate the user so basically with the webcam you can have the webcam every two minutes take a picture and verify that the face in front of the webcam is the face that's supposed to be in front of the webcam if if the face in front of the webcam is a you know 16 year old versus your 40 year old employee you just log the entire damn thing off and say this has been uh you know this event has been sent to the local administrator right something to really be considering there uh the next thing to be thinking about and this is where i might i might get some hate in the asheville area whenever i do these slides i realize why my wife it might be right sometimes every once in a while once in a while my wife looks at me and goes you know eli there might be a reason people get irritated at you i'm like but i'm just making a point i am just making a valid point oh but anyways one of the things you might be thinking about you want to consider for your company for your organization is employee internet visibility again when we think about uh hacking attacks we think about hacks against companies um a lot of these hacks can be worth a hell of a lot of money they might be worth money they might would be worth intelligence information due to nation state actors that type of thing and so one of the questions you have to ask is do you want your employees publicly announcing a whole bunch of information about what they're doing with your company um again one of the things that i find really funny in the world is how we like to laugh at people that are dissimilar to us but don't realize how we do the same type of thing right so that's one of the big things in like law enforcement and criminal justice and one of the big things with uh oh civil rights is so there are a lot of criminals that get out on parole and probation and part of the the rules with parole of probation is you can't be around drugs you can't be around guns you can't be around a lot of that kind of stuff and so you have parole and probation officers that simply look at these social media accounts of the people that are on parole and probation and it's shocking how many times a couple of days after they get out on parole and probation you have some thug sitting there with two glocks with a weed plant in the background and everybody likes to laugh about how stupid those thugs are right why why are you publishing that to the world i have a question why are you publishing all this to the world no no that eli but that's a thug that's a thug we laugh at thugs what i am doing is professional right so i just did some google searches because again i just think about this with compromising people again a human intelligence social engineering actually trying to attack people again on the long term we talk about doing social engineering a lot of people think about a single phone call if i'm gonna do social engineering it's not gonna be a phone call i'm gonna do a whole background on somebody i'm gonna move to the area i'm gonna go start drinking beer with a lot of folks i'm gonna do a whole bunch of different things to get in close with whoever my my particular target is so that i can just milk them all day long i mean hey here's the thing if i can get my target to hire me when i'm taking dinner i can get paid money to do what i'm already getting paid money for that is awesome right but anyways in order to do human intelligence you need information uh so basically one of the things that i did so this is github so basically i literally plugged into google i plugged into google was github and i worked for microsoft if i want to try to compromise microsoft stuff whatever it is and so uh robert holt comes up i'm a project maintainer of powershell power cell extension all of this type of different information here and so again depending on what i'm trying to go after as an attacker this might be very valuable might be a good person to suck up to try to throw some code in there again a lot of people are using github now oh my god this whole github thing i don't i don't either github is awesome or it's horrible i don't know but anyways a lot of people are sharing code on github again one person does a project another person forks a project forms a project for project force project here's my question do you think every coder that grabs stuff off of github actually audits everything that's in the code so if i can get on with a project and i can get in there and i can add some additional stuff to a project that's great if i can get you as a sis admin or as the coder to install my malicious crap onto your systems that's great actually today actually today ars technica they they had an article about python molecules apparently 30 000 people have installed compromised uh python modules so you install a python module onto a developer computer and once you do it does whatever it does and it starts harvesting credit card information and all that kind of stuff again a lot i don't know why people people trust folks right but again so this is here again this whole cto and uh in asheville so again let's say i want to compromise compromise and technology systems or companies wherever i am i just plugged in cto nashville keith edenfield popped up here's a whole bunch of different information about the person and that gives me a lovely a lovely starting place to try to go after that particular person if uh if they they offer something that i'm actually interested in and to be clear for anybody at youtube before you kill my youtube channel this is all publicly available i was not logged in i actually used google chrome i was not logged into anything not logged into my linkedin not logged into a github and i literally just googled and this information came up so again imagine if i was actually a malicious actor and i really want to spend a week researching my my targets and really figuring you know who figuring out who i want to go after does this seem smart again again thug with glocks look at that dumbass geek spelling out exactly what they do oh that's professional be careful uh if you're doing a business one of the things i would say is take a look at cyber security insurance so a lot of times when people think about insurance for their their business or their organization they think about uh general liability insurance so general liability insurance is i am repairing uh my client's computer i trip i dropped the computer on the ground and it breaks general liability insurance replaces that computer there's a lot of other insurance out there errors and emissions insurance if you're a consultant you should get errors in emissions insurance so if i do not tell the customer or the client something that i should have told the customer or the client or i screw up a configuration i did not physically break a device i just screwed up a configuration errors in admissions insurance we will cover uh that problem there's cyber security insurance out there so this is just from the hartford i just did a screen grab go out there probably whatever insurance company you're using has something like this and they'll deal with uh you know to protect against those risks add cyber cyber insurance their business cyber assurance can offer broad coverages to help protect businesses from various technology related risks uh blah blah blah cyber liability and data breach insurance so depending what your company is you go there you find the appropriate insurance you pay a few dollars a month honestly honestly it's a goldmine for these insurance let's be clear let's be crystal clear when i say this this is basically a gold mine for the insurance companies they charge you 40 50 a month or 500 a month and basically they never have to pay out for the most part but but every once in a while when something really bad happens they do pay out so that's what you're paying for you're paying for insurance you really are you are paying for if something really horrible happens your company doesn't get bankrupted um and then the final thing is again as i would say with all this with cyber security distrust verify stay suspicious one of the saddest things one of the weirdest things about the modern world is that again there's a side there's this idea that we're all at loggerheads there's this idea that nobody likes anybody anymore and they were all like anti each other i would argue that real problems it's too nice again the difference between what the mainstream media tells you and what reality is what i find in the real world is that people are way too damn nice they're way too compliant they're way too helpful and so if you have a nefarious actor that realizes that's how people really are they can come in and spin a story with very little effort and it's amazing you know what they can get away with again we start talking about the vpn service this idea of magical stuff again whether it's solar winds whether it's vpn where there's anything else there's this idea eli i bought this thing and now we're magically protected is that how it works not how technology works uh this came from arstechnica 726 2021 so for my time period this came out a couple of days ago vpn servers seized by ukrainian authorities weren't encrypted uh privacy tool seller winscribe said said it failed to encrypt company vpn servers that were recently confiscated by authorities in ukraine a lapse that made it possible for the authorities to impersonate windscribe servers and capture and decrypt traffic passing through them so we will just leave you with that as a final thought distrust verify say suspicious if you cannot audit if you don't have transparency into systems you do not know what is actually occurring that is why you need to have multiple layers of cyber security so that even if one layer fails other layers will be able to pick up the load from that failure and you will not have something be catastrophic so there you go there you go introduction to cyber security in a nutshell uh final notes on this i realized as i was doing this class is this should be at least an eight hour class i think one of the problems that i'm having right now is doing these two-hour classes there's a lot of subject areas they just need a lot more time again hacking needs eight hours cyber security needs eight hours interestingly enough as your cognitive services 45 minutes is about good but a lot of these subjects need a whole day that's one of the nice things so i will be moving over to the new office the new office is twice the size of this one so we're going to start doing full entire you know saturday classes full day classes and i think that will be useful for a lot of these subjects because one of the problems you run into is like for me doing this you just get jammed up right you do like an introduction to cyber security and then you realize how much there is to say this was this was 43 slides i would probably eat as easily do three times as many there's just so like as an introduce we're not i'm not even talking about the complicated stuff i'm not i'm not even talking about sitting down at a command prompt and actually starting to do anything just talking about the basics of what's going on there's so much to talk about um so again if you're gonna be doing this stuff wherever you are basically create your own version of silicon dojo there is just something to be thinking about you know there are topics that fit well into an hour and a half and two hours and topics that don't some of these topics don't so just something to consider um yeah that's about it uh if you do want to support silicon dojo again we are free to the end user that does not mean i don't have bills i have rent now to pay i have rent over there to pay i have insurance i do have insurance for this company all of that has to get paid this is not a free endeavor right the idea is that we separate out the payment from the actual education everybody is able authority-less gatekeeper-less education anybody who wants to get educated is able to get educated and that is what i want for our physical facility too i want anybody to be able to walk in as long as they play nice and that's about the only role right don't screw with anybody else in the class you are able to learn so i want to separate out the education from the actual payment there's a lot of good people out there that are just happen to be really crappy you know balancing their checkbook and why why should they not be educated but in order to make that happen i do need funding from somewhere we get our a lot of our funding from crowdfunding so there's there's a link down below now depending on where you're watching there's a link somewhere over to donor box or whatever we're currently using for crowdfunding if you would uh would drop some money into that account they'll be highly highly useful for us especially if you're willing to do a monthly thing again two or three dollars per month if we have a number of people doing that it's pretty quickly we actually get up to a reasonable number and i can do things like hire employees as i say you know with all with all these people out there that are that are demanding a 15 an hour minimum wage great i need to have enough money coming in to pay that it's kind of funny it's kind of how economics works some folks don't seem to grasp that concept in order to pay people fifteen dollars an hour i have to have more than fifty dollars an hour of revenue coming in funny how that is so if you actually do wanna see this grow if you want to see this become something a lot more special again just think about drama throwing in however much money you feel that this is worth beyond that as always i enjoyed doing this particular class i look forward to seeing you at the next one and hopefully sometime here in asheville north carolina

Info

Channel: Eli the Computer Guy

Views: 32,300

Rating: undefined out of 5

Keywords: Eli, the, Computer, Guy, Repair, Networking, Tech, IT, Startup, Arduino, iot

Id: aIq44rZntmg

Channel Id: undefined

Length: 157min 8sec (9428 seconds)

Published: Mon Aug 02 2021