1 00:00:00,000 --> 00:00:06,000 Now that we cover the basics of cubes and we cover the basic structure and how all the applications 2 00:00:06,000 --> 00:00:12,000 are isolated into different virtual machines and the meaning of each of these virtual machines. 3 00:00:12,000 --> 00:00:18,000 And this lecture, I want to actually go ahead and start using applications so that it's easier for 4 00:00:18,000 --> 00:00:24,000 you to understand what we mean by the different domains, how do they work and how to use them to carry 5 00:00:24,000 --> 00:00:26,000 on your daily tasks. 6 00:00:27,000 --> 00:00:33,000 This will also make the whole concept of isolation and the different security domains easier to understand. 7 00:00:34,000 --> 00:00:38,000 So as usual, we're going to go to the top left menu to launch an application. 8 00:00:39,000 --> 00:00:45,000 And like I said in the previous lecture, the actual virtual machines that you'll be using to carry 9 00:00:45,000 --> 00:00:51,000 out normal day to day tasks are the colored ones, the ones that start with the word domain. 10 00:00:51,000 --> 00:00:58,000 So let's go to the personal virtual machine or the personal domain, and let's launch one of the applications 11 00:00:58,000 --> 00:00:58,000 in here. 12 00:00:58,000 --> 00:01:00,000 So we have a file manager. 13 00:01:00,000 --> 00:01:04,000 We can launch Firefox, we can launch the settings or a terminal. 14 00:01:04,000 --> 00:01:11,000 So let's click on Firefox because we want to access the Internet and you'll notice here on the top right, 15 00:01:11,000 --> 00:01:16,000 it's going to say that it is starting the personal virtual machine or the personal domain. 16 00:01:16,000 --> 00:01:22,000 So the first time you launch an application within a domain, you'll notice that there will be a little 17 00:01:22,000 --> 00:01:23,000 bit of a delay. 18 00:01:23,000 --> 00:01:28,000 The reason for this is, like I said, each domain is its own virtual machine. 19 00:01:28,000 --> 00:01:35,000 So the first time you launch an application within that domain, the first thing that cubes will do 20 00:01:35,000 --> 00:01:41,000 is start a virtual machine, start a completely separate computer, and then launch the application 21 00:01:41,000 --> 00:01:47,000 that you requested within this domain, within this new virtual machine. 22 00:01:48,000 --> 00:01:52,000 Once done, as you can see, you'll get your application, which is Firefox in this case, and let's 23 00:01:52,000 --> 00:01:54,000 see if it's connected. 24 00:01:54,000 --> 00:01:55,000 So let's go to that security. 25 00:01:57,000 --> 00:01:57,000 I'm perfect. 26 00:01:57,000 --> 00:02:00,000 As you can see, we have a normal Internet access. 27 00:02:00,000 --> 00:02:05,000 Everything is working as expected, and you can use this browser the same way that you use any other 28 00:02:05,000 --> 00:02:06,000 web browser. 29 00:02:07,000 --> 00:02:10,000 Now let's go ahead and go to the personal again. 30 00:02:10,000 --> 00:02:16,000 And this time I'm going to launch my files and you'll notice that this will be almost instant because 31 00:02:16,000 --> 00:02:18,000 the virtual machine is already running. 32 00:02:18,000 --> 00:02:25,000 Therefore, I can open the file manager within that virtual machine, so there is no need to start the 33 00:02:25,000 --> 00:02:27,000 virtual machine from scratch. 34 00:02:27,000 --> 00:02:33,000 Now in here we have a normal file manager that you can use to navigate through your file system and 35 00:02:33,000 --> 00:02:34,000 access your files. 36 00:02:34,000 --> 00:02:36,000 We have our downloads in here. 37 00:02:37,000 --> 00:02:39,000 Your music, your videos, and so on. 38 00:02:39,000 --> 00:02:44,000 Double click to enter, right click to copy, paste, cut, get properties and so on. 39 00:02:45,000 --> 00:02:49,000 So using this is very similar to using any other file manager. 40 00:02:50,000 --> 00:02:53,000 Now let's put this here to the side. 41 00:02:53,000 --> 00:02:59,000 And what I'm going to do is I'm going to go back to my applications, and this time we're going to go 42 00:02:59,000 --> 00:03:02,000 to the work domain or to the work virtual machine. 43 00:03:02,000 --> 00:03:06,000 And again, let's go ahead and launch a Firefox instance. 44 00:03:07,000 --> 00:03:12,000 Now, again, this is the first time we launch Firefox from within the work domain. 45 00:03:12,000 --> 00:03:19,000 Therefore, this will take a bit of time to boot the work virtual machine first and then open Firefox 46 00:03:20,000 --> 00:03:21,000 and perfect. 47 00:03:21,000 --> 00:03:26,000 As you can see, we have Firefox running in here and let's go to Google this time. 48 00:03:28,000 --> 00:03:30,000 And as you can see, we have Internet access. 49 00:03:30,000 --> 00:03:37,000 Now, keep in mind, this window right here, the Firefox window, the blue one, it is a completely 50 00:03:37,000 --> 00:03:38,000 separate virtual machine. 51 00:03:38,000 --> 00:03:40,000 Then the yellow window right here. 52 00:03:40,000 --> 00:03:48,000 This is a work computer, a work virtual machine, a work domain that is completely separate from the 53 00:03:48,000 --> 00:03:49,000 personal domain. 54 00:03:49,000 --> 00:03:55,000 Therefore, if this personal domain gets hacked or if the work domain gets hacked, the hacker will 55 00:03:55,000 --> 00:04:03,000 not be able to navigate to the other domain because these are two completely different and isolated 56 00:04:03,000 --> 00:04:04,000 virtual machines. 57 00:04:04,000 --> 00:04:09,000 They use their own resources, they use their own RAM, their own CPU, their own file system. 58 00:04:09,000 --> 00:04:16,000 So it's as if you're running two different instances of Firefox on two completely different computers. 59 00:04:18,000 --> 00:04:24,000 Now in order to make it easy for users to distinguish between the different domains and different virtual 60 00:04:24,000 --> 00:04:25,000 machines. 61 00:04:25,000 --> 00:04:30,000 Every time you launch an application within a domain, it will have a specific color. 62 00:04:31,000 --> 00:04:37,000 So if we go back to the menu and here you'll see that the personal domain has this greenish kind of 63 00:04:37,000 --> 00:04:38,000 yellow color. 64 00:04:38,000 --> 00:04:42,000 You'll also notice that this is the same color in here in the window. 65 00:04:42,000 --> 00:04:47,000 And you will notice that at the start of the title bar it says Personal. 66 00:04:47,000 --> 00:04:51,000 This is the same for the personal file manager that I opened. 67 00:04:51,000 --> 00:04:56,000 Again, it's this greenish yellow color and it also starts with the word personal. 68 00:04:57,000 --> 00:05:01,000 If you look at the work domain, you'll see that it is blue. 69 00:05:01,000 --> 00:05:07,000 If we look at the entry in here, in my applications, you'll see the lock is blue as well and you'll 70 00:05:07,000 --> 00:05:12,000 see that it says work at the title bar before the name of the application. 71 00:05:13,000 --> 00:05:20,000 So if I go ahead now and open my file manager in work, you will also see that the window is going to 72 00:05:20,000 --> 00:05:22,000 be blue, as you can see in here. 73 00:05:22,000 --> 00:05:25,000 And again, it starts with the word work. 74 00:05:25,000 --> 00:05:32,000 Therefore, when you're using cubes, it will be very easy for you to know which security domain or 75 00:05:32,000 --> 00:05:34,000 which virtual machine you're running in. 76 00:05:35,000 --> 00:05:41,000 Now, if you've done any of my other courses or if you have any experience with using virtual machines, 77 00:05:41,000 --> 00:05:46,000 you're used to the way that when you start a virtual machine, you will see a new desktop. 78 00:05:46,000 --> 00:05:52,000 So if you're starting a Linux virtual machine, for example, you will see a new Linux desktop within 79 00:05:52,000 --> 00:05:54,000 your current operating system. 80 00:05:55,000 --> 00:06:01,000 This is not the case with Cubes because at any instance you could have four or five virtual machines 81 00:06:01,000 --> 00:06:02,000 running at the same time. 82 00:06:02,000 --> 00:06:06,000 Therefore, it would get very confusing and very hard to manage. 83 00:06:06,000 --> 00:06:13,000 Instead, they use this coloring scheme and the titles that you see in here to help the user understand 84 00:06:13,000 --> 00:06:17,000 which security domain or which virtual machine they're running in. 85 00:06:17,000 --> 00:06:21,000 And this design is really nice, in my opinion, because it is seamless. 86 00:06:21,000 --> 00:06:26,000 You don't actually see new desktop every time you launch an application, you only see the application 87 00:06:26,000 --> 00:06:33,000 window and the color indicates what security domain or what virtual machine you're running in. 88 00:06:34,000 --> 00:06:40,000 Now to make this virtual machine idea stronger and to help you understand it better, let me give you 89 00:06:40,000 --> 00:06:41,000 an example. 90 00:06:41,000 --> 00:06:46,000 So let's say I wanted to download this image right here in this page. 91 00:06:46,000 --> 00:06:49,000 So I'm just going to right click the image save image as. 92 00:06:50,000 --> 00:06:52,000 And we're going to save it in my download. 93 00:06:52,000 --> 00:06:54,000 So I'm just going to click on Save. 94 00:06:54,000 --> 00:06:58,000 Now, this is just an example of downloading a file regardless of what it is. 95 00:06:58,000 --> 00:07:01,000 I'm just downloading an image as an example. 96 00:07:02,000 --> 00:07:08,000 So the image is downloaded to my downloads directory and if I go to my file manager, the yellow file 97 00:07:08,000 --> 00:07:13,000 manager, because remember we downloaded it from the personal web browser so it gets downloaded to the 98 00:07:13,000 --> 00:07:15,000 personal file system. 99 00:07:15,000 --> 00:07:21,000 So I'm in the personal file system and if I click on my downloads, I have the image right here. 100 00:07:21,000 --> 00:07:23,000 So that's perfect. 101 00:07:23,000 --> 00:07:30,000 Now if we go to the other file manager that we opened, the work file manager, which is in blue in 102 00:07:30,000 --> 00:07:35,000 here, if I go to my downloads, you'll see that I don't have the image. 103 00:07:35,000 --> 00:07:41,000 And the reason for this is, again, this is a completely separate virtual machine that has its own 104 00:07:41,000 --> 00:07:44,000 resources, that has its own file system. 105 00:07:44,000 --> 00:07:50,000 So whatever I do in here, whatever I do within the personal domain, even if I run any viruses, even 106 00:07:50,000 --> 00:07:53,000 if it gets hacked, this is a completely separate computer. 107 00:07:53,000 --> 00:08:00,000 Therefore, whatever happens in here cannot move and affect this machine and vice versa. 108 00:08:00,000 --> 00:08:04,000 So even the history, for example, we access this security dot org in here. 109 00:08:04,000 --> 00:08:07,000 So it should be in my Firefox history. 110 00:08:07,000 --> 00:08:13,000 So if I do control H in here and look at today, you can see that we accessed that security. 111 00:08:14,000 --> 00:08:21,000 Now if we go to the Firefox Web browser in here and we do control H to see our history, you will not 112 00:08:21,000 --> 00:08:28,000 see that security because again, this is a web browser that is running in my work virtual machine and 113 00:08:28,000 --> 00:08:33,000 this is a completely separate machine that does not know what happens outside of it. 114 00:08:33,000 --> 00:08:40,000 And it is through this separation that Cubes excel and improves our security because like I said, the 115 00:08:40,000 --> 00:08:44,000 idea is you use the separate domains to carry out separate tasks. 116 00:08:44,000 --> 00:08:47,000 So you use the work domain to do your work stuff. 117 00:08:47,000 --> 00:08:53,000 You use the personal domain to do your personal stuff, and you use the untrusted domain to do all of 118 00:08:53,000 --> 00:08:59,000 the other stuff that does not involve logging into accounts and that you might be opening untrusted 119 00:08:59,000 --> 00:09:00,000 websites and files. 120 00:09:00,000 --> 00:09:02,000 And this way everything is separated. 121 00:09:02,000 --> 00:09:08,000 And if any of these domains gets compromised, it does not affect the other domain. 122 00:09:09,000 --> 00:09:14,000 Now, once you're done with using a certain domain, for example, let's say I'm done with my personal 123 00:09:14,000 --> 00:09:21,000 tasks and I closed my browser and I closed my file manager as well, and I don't want to do anything 124 00:09:21,000 --> 00:09:22,000 personal anymore. 125 00:09:22,000 --> 00:09:27,000 If you want to free up some space, you can click on the cubes icon in here on the top. 126 00:09:27,000 --> 00:09:28,000 Right. 127 00:09:28,000 --> 00:09:32,000 This will list all of the virtual machines running at the moment. 128 00:09:32,000 --> 00:09:38,000 So if you want to free up some space, we can see that the personal virtual machine is used in 842 megabytes 129 00:09:38,000 --> 00:09:39,000 of my memory. 130 00:09:39,000 --> 00:09:44,000 So if I wanted to free up some space, if I'm not going to use this virtual machine anymore, you can 131 00:09:44,000 --> 00:09:47,000 just click on shutdown in here to shut it down. 132 00:09:49,000 --> 00:09:50,000 So this is it for this lecture. 133 00:09:50,000 --> 00:09:57,000 I just wanted to show you an example to help you understand the way Cube separates the different domains. 134 00:09:57,000 --> 00:10:02,000 I wanted you to understand the different virtual machines and how they cannot interact with each other 135 00:10:02,000 --> 00:10:04,000 and how that improves our security. 136 00:10:04,000 --> 00:10:10,000 And in the next lecture, I'm going to show you how to carry out different tasks within this operating 137 00:10:10,000 --> 00:10:10,000 system. 138 00:10:10,000 --> 00:10:17,000 And the separation will become clearer, and you'll see how cubes can really improve our security.