1 00:00:02,770 --> 00:00:04,790 Let's start with the basics. 2 00:00:05,080 --> 00:00:09,080 Historically speaking the first security boundary is the physical computer. 3 00:00:10,750 --> 00:00:15,530 A boundary in this case must separate all local computer processes from the outside world. 4 00:00:17,810 --> 00:00:22,850 Once a computer is connected to a LAN and the Internet everything that is external to the machine is 5 00:00:22,850 --> 00:00:28,890 treated as an trusted you'd probably experience this multiple times launching a program from one that 6 00:00:28,890 --> 00:00:36,200 word share if a file is contained in a directory outside of your computer trying to run it will be prompted 7 00:00:36,200 --> 00:00:42,080 with at least one pop up warning stating that the file comes from an untrusted site and can be potentially 8 00:00:42,080 --> 00:00:43,490 harmful to your computer. 9 00:00:44,760 --> 00:00:50,280 Copying the file or downloading it from the internet using Windows Explorer or Internet Explorer 1 to 10 00:00:50,280 --> 00:00:56,950 automatically make it trusted well with explorers mark such files as files that have crossed a security 11 00:00:56,950 --> 00:01:01,580 boundary even if they're currently stored on a C or D drive. 12 00:01:01,880 --> 00:01:07,970 All attempts to run them will display the same warning messages unless you check the files as trusted. 13 00:01:08,040 --> 00:01:09,360 We'll talk about that later 14 00:01:13,240 --> 00:01:17,540 protecting this data entails the control of all data transmissions. 15 00:01:17,590 --> 00:01:24,070 This can be implemented through the use of system firewalls firewalls have been controlling both incoming 16 00:01:24,070 --> 00:01:34,380 and outgoing traffic for some time already. 17 00:01:34,400 --> 00:01:39,590 The goal of establishing this boundary is not however securing a system against local attacks. 18 00:01:41,590 --> 00:01:46,300 The fact that a physical computer is a boundary doesn't mean that it can actually safeguard a system 19 00:01:46,300 --> 00:01:49,260 against people who have access to the computer's keyboard. 20 00:01:49,760 --> 00:01:57,440 Obstacle this boundary is the most vital security wise violating it involves the risk that the system 21 00:01:57,440 --> 00:02:04,290 is infected with an exploit that can be remotely executed or used to take over remote systems. 22 00:02:04,300 --> 00:02:06,130 This is the critical security level 23 00:02:09,710 --> 00:02:11,810 if a breach of this boundary is detected. 24 00:02:11,960 --> 00:02:21,500 A software developer has to release a critical security patch. 25 00:02:21,580 --> 00:02:28,790 The second security boundary is the operating system a single computer can feature more than one system 26 00:02:29,920 --> 00:02:33,200 this technology is known as virtualization. 27 00:02:33,250 --> 00:02:39,860 It's hardly anything new being first developed as an IBM solution in the 60s. 28 00:02:39,910 --> 00:02:45,910 Soon after the first system was virtualise IBM scientific journal described the first exploit that crossed 29 00:02:45,910 --> 00:02:53,160 the boundaries set by an operating system by exploiting a bug in the input output control system. 30 00:02:53,350 --> 00:02:57,920 The exploit enabled the uncontrolled spending of data between virtualise to operating systems 31 00:03:01,110 --> 00:03:10,080 virtualization is managed by a program or a service called a hypervisor. 32 00:03:10,130 --> 00:03:15,260 There's a particular assumption that arose around the model that makes each operating system a separate 33 00:03:15,260 --> 00:03:21,290 system with separate security regardless of whether it's running on a physical computer or in an environment 34 00:03:21,320 --> 00:03:22,970 virtualise by a hypervisor 35 00:03:26,400 --> 00:03:30,520 people believe that it's enough to secure the host system updated. 36 00:03:30,630 --> 00:03:32,100 Run an antivirus. 37 00:03:32,100 --> 00:03:38,490 Pay attention to the files launched in the host you think that these actions will also protect everything 38 00:03:38,490 --> 00:03:42,040 that has been virtualise in the host. 39 00:03:42,060 --> 00:03:48,610 This is a falsehood over Duell systems require the same level of protection and security as a system 40 00:03:48,610 --> 00:03:50,700 that is running on a physical computer. 41 00:03:53,270 --> 00:03:58,130 Violating the security boundaries set by a system entails an immediate release of an important security 42 00:03:58,130 --> 00:04:01,520 update from Microsoft. 43 00:04:01,620 --> 00:04:04,500 This is a significant boundary that requires protection 44 00:04:10,620 --> 00:04:17,000 we'll look at the third boundary a bit more closely this boundary is defined by a user session 45 00:04:20,450 --> 00:04:25,490 it relates to keeping the programs launched by a user on a system from accessing the programs launched 46 00:04:25,490 --> 00:04:26,870 by another user. 47 00:04:28,100 --> 00:04:36,090 This is critical for example in a terminal environment if a user session did not define a security boundary. 48 00:04:36,260 --> 00:04:39,170 Windows wouldn't be able to operate as a terminal server. 49 00:04:40,600 --> 00:04:45,670 This means that if a company has a president and an I.T. staff member would simultaneously connect to 50 00:04:45,670 --> 00:04:51,160 a server they would both have control over each other's processes and be able to read the data modified 51 00:04:51,160 --> 00:04:54,130 by the other user. 52 00:04:54,140 --> 00:04:56,400 This shouldn't happen. 53 00:04:56,430 --> 00:04:58,230 How was the boundary implemented. 54 00:04:59,640 --> 00:05:05,920 Note that all processes launched by the user are running the user session we'll discover this in a moment. 55 00:05:07,460 --> 00:05:11,600 An operating system is still able to tell when a session process has been launched. 56 00:05:13,000 --> 00:05:14,300 System processes. 57 00:05:14,440 --> 00:05:19,860 For example the services that are automatically run with the start of the system have been separated 58 00:05:19,860 --> 00:05:24,730 to run inside their own sessions before the separation. 59 00:05:24,730 --> 00:05:30,830 They executed in the session of the first user who logged in this constituted a critical breach of the 60 00:05:30,830 --> 00:05:36,540 boundary modern systems have amended this situation. 61 00:05:40,520 --> 00:05:47,670 All user processes are now tagged with a specific level of privileges this permissions attachment means 62 00:05:47,670 --> 00:05:54,800 that the process can only be accessed by the user who launched it access control is can be assigned 63 00:05:54,880 --> 00:05:59,060 not only into files folders and registry keys but also to processes 64 00:06:01,680 --> 00:06:07,060 when those tags processes in such a way that only the user who launched them can access the process. 65 00:06:10,850 --> 00:06:17,220 To enforce data isolation processes are bound to their own name spaces to user name spaces. 66 00:06:21,850 --> 00:06:26,570 We've mentioned that this boundary is of key importance to a terminal server. 67 00:06:26,620 --> 00:06:33,790 There is a problem however if a user session really defined the security boundary this would mean that 68 00:06:33,790 --> 00:06:38,880 an administrator doesn't have full control over his own computer since he can't interfere with the process 69 00:06:38,980 --> 00:06:41,440 launched by other users. 70 00:06:41,450 --> 00:06:42,740 This shouldn't happen. 71 00:06:44,500 --> 00:06:51,310 A user session has been set to define a security boundary Well only for standard users. 72 00:06:51,550 --> 00:06:57,130 Users with raised permissions for example administrators are able to cross the boundary within the rules 73 00:06:57,130 --> 00:06:59,900 provided for the boundary. 74 00:06:59,940 --> 00:07:01,640 This is supported by Microsoft 75 00:07:06,960 --> 00:07:11,950 violating a user's session boundary will also entail a release of an important security update.