1
00:00:00,780 --> 00:00:06,480
This course takes you on a journey that starts with the basics and theory of security and then builds

2
00:00:06,480 --> 00:00:13,700
upon it with practical exercises and on to more advanced topics in the later sections and other volumes.

3
00:00:13,770 --> 00:00:19,350
You have to know the basics so that you can make your own informed choices about security.

4
00:00:19,530 --> 00:00:21,660
I don't want to give you just a to do list.

5
00:00:21,690 --> 00:00:25,130
I want you to understand both the why and the how.

6
00:00:25,140 --> 00:00:31,590
So we start with the theory and basics of security and then build on that later with practical exercises

7
00:00:31,920 --> 00:00:34,090
and onto more advanced topics.

8
00:00:34,110 --> 00:00:40,140
But before we start in the theory basics I want to give you a super easy quick security win that you

9
00:00:40,140 --> 00:00:43,770
can set up right now a small practical exercise.

10
00:00:43,770 --> 00:00:45,410
Before we dig into the theory.

11
00:00:45,510 --> 00:00:51,060
So you have an immediate security capability to detect malware and hackers that you can set up in about

12
00:00:51,060 --> 00:00:54,050
10 minutes and you don't even have to install anything.

13
00:00:54,210 --> 00:00:59,370
This way if you forget to do the rest of the course at least you have got some security capability out

14
00:00:59,370 --> 00:00:59,820
of it.

15
00:01:00,000 --> 00:01:01,140
So here goes.

16
00:01:01,140 --> 00:01:09,030
Wouldn't it be cool if we could set up security trip wires to tell is if someone or something was poking

17
00:01:09,030 --> 00:01:16,270
around in our files on a laptop on a phone tablet you know e-mail and or online accounts basically everywhere.

18
00:01:16,290 --> 00:01:21,270
Will it be good if we could have some trip wires alerted is when somebody was doing things that we don't

19
00:01:21,270 --> 00:01:22,180
want them to do.

20
00:01:22,320 --> 00:01:24,070
Well we can set those things up.

21
00:01:24,070 --> 00:01:30,010
So let me show you how to set the security tripwires using a service call canary tokens.

22
00:01:30,010 --> 00:01:35,760
They are made available just for you guys on this course so you can have some quick and easy security

23
00:01:35,760 --> 00:01:37,210
wins.

24
00:01:37,260 --> 00:01:44,070
So if you get your way to w w w Don't Station X don't net slash canary tokens slash you can follow along

25
00:01:44,070 --> 00:01:47,690
with what I'm doing and create your own tokens at the same time.

26
00:01:47,700 --> 00:01:53,550
So here we have our little canary friendly token we see a rather obvious red boat in here and this is

27
00:01:53,550 --> 00:01:58,960
what we need to click on to take us to the domain that will provide us with the tokens.

28
00:01:58,980 --> 00:02:01,740
So here we are this is a domain here that will rotate.

29
00:02:01,740 --> 00:02:04,840
So don't worry about what that is at the moment.

30
00:02:04,920 --> 00:02:08,100
So here we are this is the main thing that you need to interact with.

31
00:02:08,190 --> 00:02:13,890
And I'm going to show you five different ways of setting up traps these traps that are also called tokens

32
00:02:13,890 --> 00:02:15,660
or canary tokens.

33
00:02:15,660 --> 00:02:17,280
We're going to keep it simple.

34
00:02:17,310 --> 00:02:19,440
The early stages of this course.

35
00:02:19,470 --> 00:02:21,900
So first thing we do is really to put in an e-mail address.

36
00:02:21,900 --> 00:02:26,620
Now this is the e-mail address which you want to get send alerts to.

37
00:02:26,850 --> 00:02:29,210
So this needs to be an e-mail address that you monitor.

38
00:02:29,370 --> 00:02:34,530
I like the e-mail address that you have on your phone or something so that you get notified immediately

39
00:02:34,530 --> 00:02:38,130
when there's a security problem you don't want to set up a secondary e-mail address that you never look

40
00:02:38,130 --> 00:02:41,170
at as pointless as be an e-mail address that you monitor.

41
00:02:41,220 --> 00:02:44,720
Even if you set up a new e-mail address as long as it's one that you monitor.

42
00:02:44,730 --> 00:02:46,140
So let me put one in here.

43
00:02:48,410 --> 00:02:53,340
So that's the e-mail address I want to get sent alerts to and then I need to put in here some sort of

44
00:02:53,340 --> 00:02:58,370
comment that lets me know which token which trap has been triggered.

45
00:02:58,470 --> 00:03:03,380
So I'm going to put Word document in a password folder on the laptop.

46
00:03:03,450 --> 00:03:05,990
That's going to make more sense in a second.

47
00:03:06,000 --> 00:03:08,700
Ignore all this for now just have a DNS and hates it.

48
00:03:08,710 --> 00:03:12,120
Yes and generate token.

49
00:03:12,220 --> 00:03:20,280
And if we go down here the first one that I want you to look at is the M-S word token or trap.

50
00:03:20,290 --> 00:03:26,250
So what this has done is this has generated a unique word document for you that we can download.

51
00:03:26,260 --> 00:03:27,670
I'll give you a demo of it.

52
00:03:27,750 --> 00:03:29,310
It will download that now.

53
00:03:30,190 --> 00:03:34,910
And if you see this here this is the Word document that we've just downloaded.

54
00:03:34,930 --> 00:03:42,270
Now if I click on that and that's just opened up there you see what little time is going on there in

55
00:03:42,270 --> 00:03:43,210
the background.

56
00:03:44,270 --> 00:03:46,970
And you see there we've been alerted.

57
00:03:47,160 --> 00:03:54,060
Now any time anyone opens this document you're going to get alerted is a little trap and this little

58
00:03:54,060 --> 00:03:56,340
trap should work on most operating systems.

59
00:03:56,340 --> 00:03:57,640
Most versions of Word.

60
00:03:57,720 --> 00:04:02,600
There's no 100 percent guarantee that it's going to work on every system and with every version of Word.

61
00:04:02,670 --> 00:04:06,860
So if it doesn't work for you then try one of the other tokens that I'm going to show you in a second.

62
00:04:06,870 --> 00:04:09,970
Let me close that and create another example here.

63
00:04:10,110 --> 00:04:12,460
You can change the filename of this document by the way.

64
00:04:12,480 --> 00:04:16,420
Anything that you like make in time step is on to click on.

65
00:04:16,560 --> 00:04:17,900
I opened this one a second

66
00:04:20,550 --> 00:04:26,210
just opened this fully now and this one I put valuable and juicy information in it.

67
00:04:26,240 --> 00:04:34,050
The hacker or other type of threat would be interested in finding Pay-Pal usernames and passwords stock

68
00:04:34,110 --> 00:04:41,220
trading information social media accounts etc. etc. those are the sort of things the threat is going

69
00:04:41,220 --> 00:04:42,570
to be searching for.

70
00:04:42,630 --> 00:04:48,720
If he's on your laptop your device your phone with your e-mail is going to be searching for key words.

71
00:04:49,060 --> 00:04:54,210
And if you want an idea of the sort of things that you want to put in these traps and I put some examples

72
00:04:54,210 --> 00:04:59,260
here we can say personal information financial information file hosting accounts.

73
00:04:59,340 --> 00:05:03,910
And if we go further down here I provide an example file and we just copy this.

74
00:05:03,930 --> 00:05:09,300
We can use it as just an example the sort of information you can see social security numbers credit

75
00:05:09,300 --> 00:05:12,430
card details have put them in the right sorts of formats.

76
00:05:12,630 --> 00:05:14,460
Bitcoin wallet IDs.

77
00:05:14,610 --> 00:05:15,670
You get the idea.

78
00:05:16,890 --> 00:05:23,250
So we can imagine now a hacker was snooping around in an area that we specifically put aside just for

79
00:05:23,250 --> 00:05:26,650
the hackers to find and we've put in that word document.

80
00:05:26,850 --> 00:05:32,490
And he has now clicked on it and this is the alert we get so we know he's snooping around and we know

81
00:05:32,490 --> 00:05:37,860
he's sniffing around we know what he's doing because we set up that comment there and if we click here

82
00:05:38,700 --> 00:05:41,040
we can look to see where he's come from.

83
00:05:41,040 --> 00:05:47,930
We can track him down and it provides further information on how he triggered the alert.

84
00:05:47,940 --> 00:05:50,970
But what is important is that you react to the alert.

85
00:05:51,170 --> 00:05:56,330
And later during the course we're going to talk more about response and recovery strategies as you get

86
00:05:56,330 --> 00:05:58,450
through to the more advanced sections.

87
00:05:58,730 --> 00:06:05,000
And if you look at the second type of token that we can create or trap a PTF so we can download this

88
00:06:05,000 --> 00:06:09,220
PTF version and it works pretty much exactly the same as the Word document.

89
00:06:09,380 --> 00:06:19,740
We opened this PTF document and we will get alerted that someone has opened it and boom there we go.

90
00:06:19,940 --> 00:06:22,160
I know there are PTF trap.

91
00:06:22,340 --> 00:06:28,220
So I think you get any idea and so you want to sprinkle as many of these tokens these traps throughout

92
00:06:28,250 --> 00:06:34,010
your laptop your phone or tablet in your e-mail on your online accounts.

93
00:06:34,010 --> 00:06:39,320
So for example you could put it in your Dropbox and maybe the staff at Dropbox are looking through your

94
00:06:39,350 --> 00:06:40,340
documents.

95
00:06:40,340 --> 00:06:42,010
They open the Word document boom.

96
00:06:42,050 --> 00:06:43,860
You know someone snooping in there.

97
00:06:44,030 --> 00:06:49,640
And as I say they need to be interesting enticing and valuable and he can get that sort of information

98
00:06:49,640 --> 00:06:50,870
from here.

99
00:06:50,870 --> 00:06:56,460
Now let me show you another sneaky way of setting up a trap fake e-mail of passwords.

100
00:06:56,480 --> 00:07:03,650
Number one oh by the way if you put it on that one you'll get more information in the alert about who

101
00:07:03,650 --> 00:07:04,640
the hacker was.

102
00:07:04,730 --> 00:07:09,040
With this type of traveling about set up now so choose that one.

103
00:07:09,050 --> 00:07:15,950
So generate if you pop down here we're going to go to Web books and we're going to use two Web books

104
00:07:15,950 --> 00:07:16,710
here.

105
00:07:16,980 --> 00:07:19,650
Let's just grab that you are real.

106
00:07:19,730 --> 00:07:21,400
So there is a clickable link.

107
00:07:21,460 --> 00:07:24,440
If the hacker clicks on you're going to be alerted.

108
00:07:25,450 --> 00:07:27,840
Let's open up our e-mail here.

109
00:07:27,960 --> 00:07:28,940
Right.

110
00:07:28,960 --> 00:07:31,150
Let's just pop that in there for now.

111
00:07:31,320 --> 00:07:34,380
Then we're going to send this to our self.

112
00:07:34,540 --> 00:07:39,730
We could send it from a different account but all that matters is that the two e-mail addresses the

113
00:07:39,730 --> 00:07:44,590
account that you're wanting to be monitored you wanting to know if a hacker is in there we need to create

114
00:07:44,590 --> 00:07:46,810
an enticing subject so

115
00:07:49,580 --> 00:07:51,230
and then just as an example.

116
00:07:51,340 --> 00:07:57,290
But this one I'm going to go here and I'm going to copy all of this stuff here into this e-mail

117
00:08:02,440 --> 00:08:07,880
obviously you're going to put your own sort of information in here and things related to you know I've

118
00:08:07,930 --> 00:08:10,620
just taken that link there.

119
00:08:11,450 --> 00:08:14,240
Now putting that link here.

120
00:08:17,020 --> 00:08:18,990
I can actually change this to anything I want.

121
00:08:18,990 --> 00:08:27,370
After this here can change this to whatever I want so I can put log in if I want to him now and see

122
00:08:27,370 --> 00:08:33,570
what I'm doing is I'm creating an enticement here by private files or back I put everything username

123
00:08:33,580 --> 00:08:34,900
and password.

124
00:08:34,900 --> 00:08:39,520
So if the person opens his email and then clicks on this link it will trigger the alert.

125
00:08:39,670 --> 00:08:42,800
Will get you something even more tricky here.

126
00:08:42,910 --> 00:08:47,030
We want to definitely catch this hacker within Thunderbird.

127
00:08:47,110 --> 00:08:52,030
There is a feature by which you can insert a link to an image.

128
00:08:52,030 --> 00:08:56,190
Now we don't want to attack an image we want to insert a link to an image.

129
00:08:56,220 --> 00:09:01,700
So if you're going to insert an image and we own click this.

130
00:09:01,760 --> 00:09:03,720
We don't want to attach.

131
00:09:03,720 --> 00:09:11,970
We go on there and then we can put image gif and see we're already alerted.

132
00:09:12,070 --> 00:09:20,140
That's our quick services and we do not want to use any alternative text out there and you'll see you

133
00:09:20,140 --> 00:09:25,000
can't see the image because that is a one by one pixel invisible gif.

134
00:09:25,000 --> 00:09:28,570
Now let me show you how this works so when can send that to ourselves.

135
00:09:32,420 --> 00:09:33,370
So there we go.

136
00:09:33,370 --> 00:09:36,370
That's our little trap there that we can choose to open it.

137
00:09:36,370 --> 00:09:42,640
Leave it as an open e-mail or we can leave it as an open e-mail but no matter what if someone's in e-mail

138
00:09:42,670 --> 00:09:46,560
and they're searching for whatever it is that they want to be searching for maybe they're interested

139
00:09:46,560 --> 00:09:48,110
in PayPal accounts.

140
00:09:48,340 --> 00:09:48,960
Well there we go.

141
00:09:48,960 --> 00:09:54,730
That comes up searching for bank information credit card information that's going to come up and all

142
00:09:54,730 --> 00:09:57,440
they need to do is just open it.

143
00:09:57,530 --> 00:10:01,310
They want me to click on a link to them.

144
00:10:01,330 --> 00:10:03,200
No they're poking around in there.

145
00:10:03,260 --> 00:10:08,710
So let's say that doesn't work for whatever reason it should then there's still things like that to

146
00:10:08,710 --> 00:10:12,630
entice them like on that boom caught him again.

147
00:10:12,640 --> 00:10:17,370
Now in order for us to have inserted that image I went on this insert image.

148
00:10:17,410 --> 00:10:22,150
Now you may not have this functionality available in the e-mail client that you use.

149
00:10:22,210 --> 00:10:25,720
It may not even be available to do this but it doesn't matter.

150
00:10:25,720 --> 00:10:28,750
You can still download Thunderbird if you like.

151
00:10:28,780 --> 00:10:29,650
It's FREE.

152
00:10:29,710 --> 00:10:36,190
And just send an e-mail or e-mails using Thunderbird just for this one task if you can't work out how

153
00:10:36,190 --> 00:10:40,010
to embed that invisible web book into your email.

154
00:10:40,510 --> 00:10:45,490
So as I said you want to sprinkle these tokens throughout your laptop on your laptop phone tablet in

155
00:10:45,490 --> 00:10:49,210
your e-mail in your accounts make them enticing make them valuable.

156
00:10:49,210 --> 00:10:55,250
And then when you get an alert respond to that and respond in the ways I recommend throughout this course.

157
00:10:55,390 --> 00:11:00,110
Changing your password and all this sort of thing is disconnecting from the network.

158
00:11:00,400 --> 00:11:03,090
So there you go that's your security quick win.

159
00:11:03,130 --> 00:11:05,260
Go ahead and set those up right now.

160
00:11:05,440 --> 00:11:07,690
You will have after you set this up.

161
00:11:07,750 --> 00:11:11,610
Better security detection capabilities than most companies do.

162
00:11:11,620 --> 00:11:16,960
You might not believe that if you're not in the security industry but that is a sad and true analysis

163
00:11:16,990 --> 00:11:20,510
of the state of most organizations detection capabilities.

164
00:11:20,510 --> 00:11:21,720
Just think of Edward Snowden.

165
00:11:21,760 --> 00:11:27,050
He was poking around in the NSA for months as an insider threat and nothing like this.

166
00:11:27,130 --> 00:11:28,500
Alerted the NSA.

167
00:11:28,600 --> 00:11:29,550
Pretty crazy.

168
00:11:29,740 --> 00:11:34,020
Later on in the course we will discuss canary tokens a more advanced level.

169
00:11:34,060 --> 00:11:38,920
When you get there you'll understand more about how they work and will understand about the importance

170
00:11:38,920 --> 00:11:45,250
of detection controls which these are versus preventative controls which are used to stop a hacker getting

171
00:11:45,250 --> 00:11:46,420
in in the first place.

172
00:11:46,450 --> 00:11:48,520
The preventative controls are very important.

173
00:11:48,520 --> 00:11:50,260
We use a defense in depth approach.

174
00:11:50,260 --> 00:11:51,580
All of which we're going to go into.

175
00:11:51,610 --> 00:11:53,640
So that was form.

176
00:11:53,740 --> 00:11:59,130
Now let's dig into the theory and the basics and start our journey into cybersecurity.