WEBVTT

00:00.289 --> 00:02.730
>> In this section,
we're going to

00:02.730 --> 00:04.200
start talking about attacks.

00:04.200 --> 00:06.330
There are so many
different types

00:06.330 --> 00:07.799
>> of attacks out there,

00:07.799 --> 00:10.515
>> network attacks,
malware attacks.

00:10.515 --> 00:13.560
It really helps to
break them down

00:13.560 --> 00:15.030
>> and look at the
different types,

00:15.030 --> 00:17.685
>> so that way we know
how to mitigate them.

00:17.685 --> 00:20.220
Our agenda is as follows.

00:20.220 --> 00:21.870
We're going to start by talking

00:21.870 --> 00:23.595
about the types of attackers,

00:23.595 --> 00:25.785
and we'll look at the
types of attacks.

00:25.785 --> 00:28.214
Knowing the attackers
and types of attacks,

00:28.214 --> 00:29.430
and the motivations for them

00:29.430 --> 00:31.139
>> will be helpful for us.

00:31.139 --> 00:33.900
>> We'll look at the
different attack vectors,

00:33.900 --> 00:36.300
areas from which
these attacks come.

00:36.300 --> 00:38.160
We'll talk about their payloads,

00:38.160 --> 00:40.450
we'll look at
network-based attacks,

00:40.450 --> 00:43.310
attacks on passwords,
wireless attacks,

00:43.310 --> 00:46.110
and then application attacks.

00:48.200 --> 00:51.645
Now, we'll talk about
types of attackers.

00:51.645 --> 00:55.835
The term hacker was
originally a positive term,

00:55.835 --> 00:57.755
and then it became negative,

00:57.755 --> 01:00.500
and now it's become
positive again.

01:00.500 --> 01:02.870
People talk about
having life hacks,

01:02.870 --> 01:04.269
>> and that's a good thing.

01:04.269 --> 01:06.020
>> People who do
hacks have found

01:06.020 --> 01:07.714
>> clever ways to do things,

01:07.714 --> 01:09.500
>> and that's the
way the term hacker

01:09.500 --> 01:12.124
>> was viewed in relation
to computer skills.

01:12.124 --> 01:14.995
>> But then, it became
negative in meaning.

01:14.995 --> 01:17.270
Technically, a hacker is someone

01:17.270 --> 01:18.694
>> who's extremely skilled,

01:18.694 --> 01:22.115
>> and then attacker is
someone with malicious intent.

01:22.115 --> 01:24.665
Under the category of hackers,

01:24.665 --> 01:27.410
a white hat hacker is
an ethical hacker.

01:27.410 --> 01:30.200
It's also synonymous
with a pen tester.

01:30.200 --> 01:32.240
A black hat hacker is someone

01:32.240 --> 01:34.235
who hacks with malicious intent,

01:34.235 --> 01:36.260
usually for personal gain.

01:36.260 --> 01:39.220
A gray hat hacker is
somewhere in the middle.

01:39.220 --> 01:41.240
Sometimes, you'll
hear about somebody

01:41.240 --> 01:43.400
who takes a new
release of software,

01:43.400 --> 01:44.870
and then they hack it to see

01:44.870 --> 01:46.864
>> if there are any
vulnerabilities.

01:46.864 --> 01:49.550
>> If there are, they
contact the software vendor

01:49.550 --> 01:51.559
>> and inform them of
the vulnerabilities,

01:51.559 --> 01:53.375
>> and suggest that
they fix them.

01:53.375 --> 01:55.055
But if the vendor ignores it

01:55.055 --> 01:56.795
and doesn't act
upon that warning,

01:56.795 --> 01:58.520
then the gray hat releases

01:58.520 --> 01:59.915
that information to the public

01:59.915 --> 02:01.645
by posting it on the Internet,

02:01.645 --> 02:04.990
and then that leads to
malicious activity.

02:05.510 --> 02:09.020
Script Kiddies as
a derogatory term.

02:09.020 --> 02:11.540
It means someone
with no real skills,

02:11.540 --> 02:13.730
someone who copies
and paste scripts

02:13.730 --> 02:15.199
>> and runs basic scripts,

02:15.199 --> 02:17.830
>> but doesn't understand
what they are doing.

02:17.830 --> 02:19.550
The thing about Script Kiddies

02:19.550 --> 02:20.840
>> is that they
can be dangerous,

02:20.840 --> 02:22.460
>> because they don't
know what they are doing,

02:22.460 --> 02:24.200
>> and don't understand
the potential damage

02:24.200 --> 02:25.954
>> they could cause.

02:25.954 --> 02:29.210
>> Hacktivists are people
who perform hacking

02:29.210 --> 02:32.314
>> in order to serve a
political or social agenda.

02:32.314 --> 02:33.875
>> You may have heard
of some of them,

02:33.875 --> 02:36.045
like Anonymous and LulzSec.

02:36.045 --> 02:38.645
During the 2016 US election,

02:38.645 --> 02:40.070
there were some
hacktivist attacks

02:40.070 --> 02:41.360
>> to protest the
way the founder

02:41.360 --> 02:43.189
>> of WikiLeaks
was being treated.

02:43.189 --> 02:45.620
>> For example, the
Democratic National

02:45.620 --> 02:47.679
>> Committee was hacked.

02:47.679 --> 02:51.245
>> State-sponsored attacks
in cyber warfare are real,

02:51.245 --> 02:53.150
and it's incredibly
critical that we defend

02:53.150 --> 02:55.430
ourselves and our
nation's secrets,

02:55.430 --> 02:58.640
and our power grids, and
water supplies, etc.

02:58.640 --> 03:00.980
Much of that is controlled by

03:00.980 --> 03:02.480
computer systems that can be

03:02.480 --> 03:05.000
attacked in
state-sponsored attacks.

03:05.000 --> 03:06.830
We've also seen
the reports about

03:06.830 --> 03:09.095
Russia interfering
with our elections.

03:09.095 --> 03:12.890
These are things that we want
to take really seriously.

03:12.890 --> 03:15.645
When we talk about
state-sponsored attacks,

03:15.645 --> 03:17.060
these are usually attacks

03:17.060 --> 03:19.220
called advanced
persistent threats.

03:19.220 --> 03:21.470
The attackers have
plenty of time.

03:21.470 --> 03:23.690
If they don't find
what they want today,

03:23.690 --> 03:25.250
then they can wait
until next week,

03:25.250 --> 03:27.920
or next month, or next year.

03:27.920 --> 03:31.640
They often have pretty
high-end sophisticated tools,

03:31.640 --> 03:32.900
and they just keep chipping away

03:32.900 --> 03:35.400
until they have what
they are looking for.

03:35.860 --> 03:40.059
Do not underestimate the
power of internal threats.

03:40.059 --> 03:42.710
Eighty percent of all
fraud is initiated

03:42.710 --> 03:44.479
>> from within an organization,

03:44.479 --> 03:46.490
>> and two-thirds
of security-related

03:46.490 --> 03:48.805
incidents are unintentional.

03:48.805 --> 03:50.330
We've got the potential

03:50.330 --> 03:53.374
>> for malicious attackers
inside the organization.

03:53.374 --> 03:55.850
>> But we also have
people with no ill intent

03:55.850 --> 03:57.680
>> who accidentally
delete files,

03:57.680 --> 03:58.955
>> or modify records,

03:58.955 --> 04:01.405
or give out too much
information on the phone.

04:01.405 --> 04:03.710
There are so many
security incidents

04:03.710 --> 04:05.675
that have no malicious intent,

04:05.675 --> 04:08.020
and we've got to
protect those too.

04:08.020 --> 04:09.995
When we're talking about fraud,

04:09.995 --> 04:11.450
we have to think
about the principle

04:11.450 --> 04:12.829
>> of least privilege.

04:12.829 --> 04:14.540
>> Just give people
the bare minimum

04:14.540 --> 04:16.055
to do what they need to do.

04:16.055 --> 04:17.690
Use need to know,

04:17.690 --> 04:19.130
so that only people who have

04:19.130 --> 04:20.510
>> a specific need for data

04:20.510 --> 04:22.639
>> have access to that data.

04:22.639 --> 04:26.450
>> Separations of duties is
huge in preventing fraud.

04:26.450 --> 04:28.775
Make sure no one is unchecked.

04:28.775 --> 04:30.560
We always want to
make sure no one

04:30.560 --> 04:32.405
has too much power
in the network.

04:32.405 --> 04:35.015
Good policies,
background checks,

04:35.015 --> 04:36.680
those are the things
are going to be

04:36.680 --> 04:39.870
the best way to mitigate
internal threats.