1 00:00:00,000 --> 00:00:07,000 Now that we had a basic overview on Cubes as an operating system and this lecture, we're going to dive 2 00:00:07,000 --> 00:00:07,000 deeper. 3 00:00:07,000 --> 00:00:13,000 We're going to learn about the structure of the operating system and how to launch different applications 4 00:00:13,000 --> 00:00:15,000 and use them in a secure manner. 5 00:00:16,000 --> 00:00:22,000 So in the previous lecture I said we can access all the applications from the top left menu in here. 6 00:00:22,000 --> 00:00:29,000 And other than the tools, like I said, each entry in here is actually a virtual machine. 7 00:00:29,000 --> 00:00:35,000 And then each one of these virtual machines contain different applications that you might want to use. 8 00:00:35,000 --> 00:00:42,000 Now, like we said before, basically a virtual machine is another completely separate operating system 9 00:00:42,000 --> 00:00:48,000 that runs within our current operating system within this computer right here. 10 00:00:48,000 --> 00:00:55,000 So each one of these entries in here is another operating system and hence the name Virtual Machine. 11 00:00:55,000 --> 00:00:58,000 It is as if it's a completely different computer. 12 00:00:58,000 --> 00:01:03,000 It has its own storage, it has its own RAM, its own CPU, its own resources. 13 00:01:03,000 --> 00:01:11,000 And therefore, this implementation is very, very secure because none of these virtual machines can 14 00:01:11,000 --> 00:01:13,000 communicate with each other. 15 00:01:13,000 --> 00:01:19,000 So if one of them gets hacked or an application that is stored in one of these virtual machines gets 16 00:01:19,000 --> 00:01:24,000 hacked, it will not be able to compromise the other virtual machines. 17 00:01:25,000 --> 00:01:30,000 Now, you'll notice there are different types of virtual machines in here. 18 00:01:30,000 --> 00:01:35,000 We have disposable virtual machines, domain service and template. 19 00:01:35,000 --> 00:01:40,000 The disposable virtual machines are amnesiac virtual machines. 20 00:01:40,000 --> 00:01:47,000 So these machines are designed to be used to run untrusted files or files that you think might be malware 21 00:01:47,000 --> 00:01:48,000 or viruses. 22 00:01:48,000 --> 00:01:54,000 Because once you run these files and then even if these machines get hacked, the virus or the backdoor 23 00:01:54,000 --> 00:02:00,000 cannot move or the hacker cannot move and compromise other machines because like we said, everything 24 00:02:00,000 --> 00:02:02,000 is a completely separate machine. 25 00:02:02,000 --> 00:02:08,000 Not only that, once you turn off this disposable machine, everything that was stored on it, including 26 00:02:08,000 --> 00:02:10,000 the virus or the backdoor, will be removed. 27 00:02:10,000 --> 00:02:15,000 So when you start it again, it will start a completely brand new machine. 28 00:02:16,000 --> 00:02:21,000 Next, we have the domain virtual machines and you can see these have different colors. 29 00:02:21,000 --> 00:02:28,000 And the idea of these machines are normal computers or normal virtual machines that can be used for 30 00:02:28,000 --> 00:02:29,000 normal usage. 31 00:02:29,000 --> 00:02:31,000 So you have one that's called personal. 32 00:02:31,000 --> 00:02:37,000 You should use this for whatever personal use you use a computer for, for listening to music, watching 33 00:02:37,000 --> 00:02:44,000 YouTube, watching my videos, whatever you usually do on a personal computer, you have an untrusted 34 00:02:44,000 --> 00:02:45,000 domain. 35 00:02:45,000 --> 00:02:50,000 This is a virtual machine that is designed for you to do untrusted things. 36 00:02:50,000 --> 00:02:52,000 For example, doing the normal web browsing. 37 00:02:52,000 --> 00:02:57,000 If you are searching for something and you're not sure if you're going to land in an untrusted website, 38 00:02:57,000 --> 00:02:59,000 then you can use this untrusted machine. 39 00:02:59,000 --> 00:03:04,000 Don't open your email or any accounts on this because it's untrusted. 40 00:03:04,000 --> 00:03:08,000 You're going to be doing untrusted tasks and open untrusted websites. 41 00:03:08,000 --> 00:03:14,000 Therefore, even if this machine gets hacked, your personal data on your personal computer will not 42 00:03:14,000 --> 00:03:18,000 be compromised because they are two completely separate virtual machines. 43 00:03:20,000 --> 00:03:27,000 We have a wall domain, and this domain is a virtual machine that is not connected to the Internet. 44 00:03:27,000 --> 00:03:35,000 And the whole idea of this is you store your most important and most secretive files or data so you 45 00:03:35,000 --> 00:03:41,000 can store your secret keys, you can store your passwords, you can store documents that are very important 46 00:03:41,000 --> 00:03:43,000 and you can't risk them being leaked. 47 00:03:43,000 --> 00:03:47,000 And again, the whole idea is this is not even connected to the Internet. 48 00:03:47,000 --> 00:03:51,000 And it's a completely separate computer, completely separate virtual machine. 49 00:03:51,000 --> 00:03:57,000 Therefore, it is very, very, very difficult or next to impossible to hack into. 50 00:03:58,000 --> 00:04:00,000 Finally, we have a work domain. 51 00:04:00,000 --> 00:04:06,000 Again, this is just another virtual machine that is designed for you to use for your work tasks so 52 00:04:06,000 --> 00:04:12,000 you can open your work email, you can do you can log in to your work if your work needs you to log 53 00:04:12,000 --> 00:04:13,000 in to a certain platform. 54 00:04:13,000 --> 00:04:16,000 And again, this is a completely separate virtual machine. 55 00:04:16,000 --> 00:04:22,000 So if any of the other machines get compromised, your work, whatever you have in this virtual machine 56 00:04:22,000 --> 00:04:28,000 will not be compromised because it is a completely separate virtual machine, a completely separate 57 00:04:28,000 --> 00:04:29,000 computer. 58 00:04:29,000 --> 00:04:36,000 Now, this whole idea of separation between domains and between virtual machines is what cubes is made 59 00:04:36,000 --> 00:04:39,000 of, is what cubes is designed to do. 60 00:04:39,000 --> 00:04:43,000 And even if you think this is a little bit vague, don't worry about it. 61 00:04:43,000 --> 00:04:47,000 I'm going to give you examples in the next lecture where I'm going to have different virtual machines, 62 00:04:47,000 --> 00:04:50,000 and the whole idea will become very, very clear. 63 00:04:52,000 --> 00:04:54,000 Other than the domain virtual machines. 64 00:04:54,000 --> 00:04:56,000 We have a number of service virtual machines. 65 00:04:56,000 --> 00:05:01,000 Now, these are virtual machines designed to carry out system services. 66 00:05:01,000 --> 00:05:07,000 So even though these are virtual machines, you don't usually use them to carry out different tasks. 67 00:05:07,000 --> 00:05:11,000 So we don't use them to access the Internet or we don't use them to store files. 68 00:05:11,000 --> 00:05:16,000 The idea of these virtual machines is to provide services for the operating system. 69 00:05:16,000 --> 00:05:21,000 For example, this firewall right here is literally the operating system firewall. 70 00:05:21,000 --> 00:05:28,000 But to improve the security of the operating system, the whole firewall is stored in a completely separate 71 00:05:28,000 --> 00:05:29,000 virtual machine. 72 00:05:29,000 --> 00:05:31,000 Same goes for the CIS net. 73 00:05:31,000 --> 00:05:37,000 This net is basically a virtual machine that is designed to encapsulate your networking, the networking 74 00:05:37,000 --> 00:05:39,000 of this computer. 75 00:05:39,000 --> 00:05:45,000 So for any reason, if someone manages to exploit your networking, it will be very difficult for them 76 00:05:45,000 --> 00:05:50,000 to escalate their privileges and gain access to the other virtual machines. 77 00:05:50,000 --> 00:05:55,000 We also have another network in Virtual Machine, which is the CIS annex. 78 00:05:55,000 --> 00:06:01,000 This is the Unix gateway, which basically forces all traffic to go through the Tor network and we'll 79 00:06:01,000 --> 00:06:05,000 see how we can configure virtual machines to use this gateway. 80 00:06:05,000 --> 00:06:08,000 And basically we'll have an operating system very similar to Thales. 81 00:06:10,000 --> 00:06:14,000 And finally, we have a number of templates, virtual machines. 82 00:06:15,000 --> 00:06:21,000 These are machines that the other virtual machines, such as the domain virtual machines right here 83 00:06:21,000 --> 00:06:22,000 are based off. 84 00:06:23,000 --> 00:06:29,000 So, for example, the work virtual machine and the personal virtual machine are both templates of the 85 00:06:29,000 --> 00:06:32,000 Fedora 30 virtual machine. 86 00:06:32,000 --> 00:06:39,000 So if you update the Fedora 30 virtual machine right here or installed pidgeon on it automatically personal 87 00:06:39,000 --> 00:06:43,000 at work because they are based on this template on the fedora. 88 00:06:43,000 --> 00:06:47,000 They will automatically get updated and they will automatically get pigeon. 89 00:06:48,000 --> 00:06:51,000 And we'll talk about that in more details later on. 90 00:06:52,000 --> 00:06:57,000 Now I know I spoke about a lot of different types of virtual machines and domains. 91 00:06:57,000 --> 00:06:58,000 Don't get confused. 92 00:06:58,000 --> 00:07:04,000 And don't worry, we will be using them a lot in the next lectures and as we use them, the difference 93 00:07:04,000 --> 00:07:08,000 will become clearer and you'll find it very, very easy to understand. 94 00:07:09,000 --> 00:07:15,000 The main idea to keep in mind is the only virtual machines that you will actually be using for your 95 00:07:15,000 --> 00:07:21,000 day to day use are the domain virtual machines, the ones that are colored in here, and start with 96 00:07:21,000 --> 00:07:22,000 the word domain. 97 00:07:22,000 --> 00:07:28,000 Everything else is either a service virtual machine, so it's run a system service or a template virtual 98 00:07:28,000 --> 00:07:29,000 machine. 99 00:07:29,000 --> 00:07:33,000 So it's a virtual machine, which the domains are based of.