WEBVTT 00:00.600 --> 00:06.550 Automation is used all over the world of I.T. and it's certainly used within the world of I.T. Security. 00:06.720 --> 00:12.760 So what I want to do in this episode is talk about some of the automation strategies we use to secure 00:12.760 --> 00:14.040 our infrastructure. 00:14.340 --> 00:19.360 Now unlike what people think we don't just do automation because we're lazy. 00:19.530 --> 00:23.280 Automation provides two big features that we really like. 00:23.280 --> 00:30.300 Number one automation gives us the ability to do something at a very specific time every time with complete 00:30.340 --> 00:32.540 clockwork if we need something done every day. 00:32.640 --> 00:36.060 Automated if you need something done every hour automate it. 00:36.060 --> 00:41.800 Secondly automation does something the exact same way every time. 00:41.940 --> 00:48.000 So unlike three or four commands that I might type in as a human we can create automated scripts that 00:48.000 --> 00:52.860 will automatically do these things for us and they'll do it the same way every time. 00:52.860 --> 00:58.320 So automation gets it every time we want it and automation does it the same way every time. 00:58.320 --> 01:03.450 So with that in mind I want to just run through some scenarios that you'll be running into. 01:03.450 --> 01:08.010 I promise you that you'll run into at least two of these on the security plus exam. 01:08.010 --> 01:09.720 So let's just go through some of these. 01:09.720 --> 01:15.000 The first one I want to talk about where automation is incredibly handy is let's imagine a situation 01:15.000 --> 01:20.760 where you have a classroom with 24 computers in there and at the end of the day you need to reset all 01:20.760 --> 01:22.000 of these systems. 01:22.080 --> 01:28.080 I at total seminars we use a tool called Ghost Norton's ghost has been around forever and it's a wonderful 01:28.080 --> 01:34.290 tool that allows us to take one image and we take that image and restore it out to all of the individual 01:34.290 --> 01:38.740 computers with just a few clicks on one keyboard. 01:38.740 --> 01:43.870 We also see these types of restoring done like for example within Windows itself. 01:43.870 --> 01:46.560 In this case we don't actually use an image per se. 01:46.600 --> 01:50.980 What will go ahead and use installation media so I guess that would be an image but what we'll do instead 01:50.980 --> 01:55.090 is we'll have a template and this template is going to have things like what are you going to name the 01:55.090 --> 01:56.010 computer. 01:56.200 --> 02:00.420 What different applications do you want to have installed those types of things. 02:00.490 --> 02:06.550 And then it will take that image and then using a template file customize that image to be able to do 02:06.550 --> 02:09.750 whatever type of image restoration we need to do. 02:09.970 --> 02:14.950 Another big place we see automation is in continuous monitoring of network devices. 02:15.280 --> 02:19.110 Using tools like SMP we have applications. 02:19.120 --> 02:19.750 Here's one. 02:19.750 --> 02:25.540 This is Zabol that we use here at total seminars that allows us to monitor all of our many different 02:25.540 --> 02:29.440 network devices scattered throughout the office. 02:29.450 --> 02:34.220 Number three would be something as simple as automatic updates of operating systems. 02:34.220 --> 02:39.560 I don't we don't think about it so much but Windows Update is a wonderful tool and it is a complete 02:39.590 --> 02:43.680 automation process and it doesn't really just stop with the OS. 02:43.700 --> 02:50.120 Microsoft will update all of its applications and also it's hard to find a system that doesn't do this 02:50.120 --> 02:51.010 anymore. 02:51.020 --> 02:56.510 Drivers get updated individual applications may not use Windows Update but they use their own update 02:56.510 --> 02:57.350 process. 02:57.350 --> 03:02.150 Even games today all get pretty much automated updates. 03:02.180 --> 03:05.990 Next is going to be monitoring host for application wireless. 03:05.990 --> 03:09.780 Now in other episodes we talk about the idea of application whitelist. 03:09.920 --> 03:14.990 But a lot of these tools will do continuous monitoring where they're going to be watching every individual 03:14.990 --> 03:22.160 host monitoring for unauthorized installations keeping track of inventory and all of this is done completely 03:22.190 --> 03:24.120 automatically. 03:24.190 --> 03:26.550 Then we have things like application development. 03:26.560 --> 03:32.200 Now I'm no programmer but we sure do write a lot of code here in total seminars and to have automated 03:32.200 --> 03:35.870 tools that take care of the application development process. 03:35.950 --> 03:41.740 It really speeds things up in other episodes we talk about things like fuzzing for example the ability 03:41.740 --> 03:45.640 to test for bad inputs into web applications. 03:45.640 --> 03:51.970 So a lot of times with an application development we use can use integration tools that will do things 03:51.970 --> 03:53.690 like fuzzing static testing. 03:53.710 --> 04:00.130 All of this is handled automatically during the actual upload or downloading of code from the developers 04:00.130 --> 04:01.130 themselves. 04:01.210 --> 04:08.170 Last is not so much a strategy but more of make sure you're aware of the tools and that is the idea 04:08.170 --> 04:11.050 of built in tools versus shells. 04:11.170 --> 04:16.870 So many applications have automated scripting tools built into them that you can take advantage of but 04:16.870 --> 04:22.480 also keep in mind that pretty much every operating system has some type of shell like for example the 04:22.480 --> 04:27.850 popular Windows power shell which allows us to generate amazing scripts to do just about anything we 04:27.850 --> 04:28.990 want. 04:29.050 --> 04:34.690 Keep in mind of these different types of automation strategies I guarantee you'll be seeing one if not 04:34.690 --> 04:48.680 two of these on the exam.