1
00:00:01,290 --> 00:00:04,060
Welcome to the module focusing on the security of data

2
00:00:07,370 --> 00:00:13,940
in this module we'd like to think about why ensuring and maintaining confidentiality integrity and authenticity

3
00:00:13,940 --> 00:00:18,560
of data should be in the main purpose and role of computer security policies.

4
00:00:21,360 --> 00:00:24,100
Let's start by reaching back to the essence of this problem.

5
00:00:26,750 --> 00:00:30,010
What is computer security usually fail against attacks.

6
00:00:32,980 --> 00:00:37,110
The reason is that system users are often unaware of the threats they're facing.

7
00:00:39,700 --> 00:00:46,060
And if they're unaware they can't counteract the threats.

8
00:00:46,070 --> 00:00:53,370
The second aspect of data security that relates both to users and administrators is a failure to clearly

9
00:00:53,370 --> 00:00:56,250
identify the resources that require protection.

10
00:00:59,020 --> 00:01:03,580
There's a common thinking pattern that picture's a safe computer network separated from the big bad

11
00:01:03,580 --> 00:01:07,360
internet with a firewall.

12
00:01:07,380 --> 00:01:09,670
This has been outdated for some time now.

13
00:01:12,760 --> 00:01:17,860
You can't base your security policy on this type of assumption.

14
00:01:17,870 --> 00:01:26,940
One problem that relates only to computer systems administrators is their unchecked belief in technology.

15
00:01:26,990 --> 00:01:31,820
We tend to think subconsciously that since we've paid a lot of money for security solutions provided

16
00:01:31,820 --> 00:01:36,080
by a popular brand they'll be completely reliable and efficient.

17
00:01:37,800 --> 00:01:45,110
If you don't know the mechanisms behind a solution or technology or don't even know attack vectors running

18
00:01:45,110 --> 00:01:47,740
a piece of software or tool won't make you secure

19
00:01:51,150 --> 00:01:55,800
users and administrators need to keep track of new developments and utilities in the system security

20
00:01:55,800 --> 00:02:00,120
field and deal with threats differently than is shown in the slide.

21
00:02:03,290 --> 00:02:07,020
Why is this also hard.

22
00:02:07,030 --> 00:02:14,920
The main reason for this difficulty is a new growing trend known as the consumerization of I.T..

23
00:02:14,940 --> 00:02:18,480
The tables have turned since the development of high tech software and devices

24
00:02:21,630 --> 00:02:22,410
in the past.

25
00:02:22,410 --> 00:02:27,050
New technologies were enterprise led and only after time emerged on the consumer market

26
00:02:30,320 --> 00:02:33,420
devices were customized for the needs and goals of businesses.

27
00:02:36,710 --> 00:02:41,070
Today there's no recognizable boundary between consumer and corporate technology.

28
00:02:43,280 --> 00:02:46,420
Appliances and software are being designed with users in mind.

29
00:02:48,970 --> 00:02:51,000
What are the effects of this reversal.

30
00:02:53,830 --> 00:03:01,460
It's harder to say whether the smartphone you're holding is a company device or a private device.

31
00:03:01,530 --> 00:03:08,750
The same technology can be used at work and for Play it wasn't quite this way a while back.

32
00:03:10,230 --> 00:03:15,030
And this shift seems to have blurred the lines between business computer systems and home systems.

33
00:03:17,250 --> 00:03:24,830
New developments mean that more and more people can work from home and we use our own devices a laptop

34
00:03:24,830 --> 00:03:26,570
or a smartphone for work.

35
00:03:29,430 --> 00:03:32,870
System administrators have limited control over these devices.

36
00:03:33,900 --> 00:03:35,340
If there's any control at all

37
00:03:38,690 --> 00:03:43,940
administrators can't force us to stop using our own devices because our productivity would be lowered.

38
00:03:45,530 --> 00:03:48,800
We can do some tasks remotely while traveling or on holidays

39
00:03:51,700 --> 00:03:55,010
companies can't ban sending e-mails from outside their offices.

40
00:03:56,930 --> 00:04:00,070
While this would improve security it just simply isn't feasible.

41
00:04:02,660 --> 00:04:08,080
Given this new emerging reality I.T. security staff have to reformulate their strategies and actions

42
00:04:12,020 --> 00:04:17,690
a good solution for this problem was introducing a new term.

43
00:04:17,730 --> 00:04:22,500
It's ridiculous to say that our security measures are ineffective because script kids launch exploits

44
00:04:22,500 --> 00:04:23,190
remotely

45
00:04:26,450 --> 00:04:29,380
advanced persistent threat has a different ring to it though.

46
00:04:31,950 --> 00:04:36,300
Saying that we can be susceptible to threats that are advanced and persistent is not equivalent to an

47
00:04:36,300 --> 00:04:37,510
admission of guilt.

48
00:04:39,630 --> 00:04:42,870
Apt was coined and defined in 2006 by the US Army

49
00:04:45,740 --> 00:04:49,970
when the military began to realize that existing computer security models were ineffective

50
00:04:53,360 --> 00:04:59,410
funds on fighting launched attacks were irrationally high compared to the results.

51
00:04:59,540 --> 00:05:01,330
Something had to be changed.

52
00:05:02,750 --> 00:05:07,430
Originally referred to persistent threats or those threats that were a long term risk

53
00:05:10,600 --> 00:05:15,880
are a good example of persistent activity is the slew of attacks on American high tech companies that

54
00:05:15,880 --> 00:05:23,300
were detected by Google and occurred from 2006 to 2007.

55
00:05:23,360 --> 00:05:28,130
In this attack e-mail boxes of the company's staff had been monitored for over a year.

56
00:05:31,290 --> 00:05:36,330
Today advanced persistent threats are understood as attacks that successfully launch malicious software

57
00:05:36,330 --> 00:05:37,860
on targeted computers.

58
00:05:39,390 --> 00:05:44,660
Malicious software is a broad term.

59
00:05:44,810 --> 00:05:48,440
We'll show you why launching a program can cause an attacker to take over a system

60
00:05:52,100 --> 00:05:56,910
local attacks and large scale attacks that exploit vulnerabilities in security systems.

61
00:05:58,210 --> 00:06:00,690
We'll talk about this vector in the following modules

62
00:06:07,480 --> 00:06:13,870
by and large advanced persistent threats include internal attacks.

63
00:06:13,940 --> 00:06:21,890
For the most part internal attacks render any technological protection measures useless.

64
00:06:21,900 --> 00:06:27,180
The last category of threats cluster Zepps or the attacks that target trusted communications channels

65
00:06:29,930 --> 00:06:33,230
the amount of information exchanged between computer systems is huge

66
00:06:36,130 --> 00:06:40,020
intrusion detection systems implemented in banks and insurance institutions.

67
00:06:40,910 --> 00:06:43,880
Often react only the active suspicious user actions

68
00:06:46,360 --> 00:06:51,860
attackers exploit the tendency of special's ideas tools to react to unauthorized claims payments.

69
00:06:52,460 --> 00:06:54,340
But ignore information extraction.