1
00:00:00,930 --> 00:00:04,170
He was botnet or but networks.

2
00:00:06,000 --> 00:00:12,510
Now, what is a botnet, a botnet repairs to a group of computers which have been infected by malware

3
00:00:12,510 --> 00:00:18,930
and have come under the control of malicious of the term botnet is came from the word robot and network,

4
00:00:19,140 --> 00:00:21,810
and each infected device is called out.

5
00:00:22,650 --> 00:00:28,830
But it's can be designed to accomplish illegal or malicious tasks, including sending spam, stealing

6
00:00:28,830 --> 00:00:35,110
data, ransomware, fraudulently clicking on ads or distributed denial of service attacks.

7
00:00:35,460 --> 00:00:37,560
How is a botnet control now?

8
00:00:37,560 --> 00:00:43,050
A core characteristic of botnet is the ability to receive updated instruction from the bot here.

9
00:00:43,090 --> 00:00:43,310
The.

10
00:00:44,560 --> 00:00:50,770
The ability to communicate with each one in network or in the network allows the attacker to alternate

11
00:00:50,770 --> 00:00:58,180
attack vectors, change the targeted IP address, terminate an attack and other customized actions,

12
00:00:58,540 --> 00:00:59,950
botnet designs, very.

13
00:01:00,040 --> 00:01:03,850
But the control structures can be broken down into two general categories.

14
00:01:04,800 --> 00:01:07,540
The first one, which is the client server botnet model.

15
00:01:07,980 --> 00:01:13,810
Now the client server model mimics the traditional remote workstation workflow where each individual

16
00:01:13,840 --> 00:01:20,010
machine connects to a centralized server or small number of centralized servers in order to access information.

17
00:01:20,370 --> 00:01:28,080
And in this model, each book will connect to a command and control center, which is C called CMC Resource,

18
00:01:28,080 --> 00:01:33,360
like a Web doing or an I.R.S. Chenin in order to receive instruction.

19
00:01:33,540 --> 00:01:40,680
Now, I won't do man or an agency in order to receive instruction by using these centralized repositories

20
00:01:40,680 --> 00:01:46,560
to serve up a new commands for the botnet and attacker simply needs to modify the source material that

21
00:01:46,560 --> 00:01:51,590
each botnet consumes from a command center in order to update instruction to the infected machine.

22
00:01:52,080 --> 00:01:55,590
So the centralized server in control of the botnet.

23
00:01:55,620 --> 00:02:01,620
Maybe it is a device owned and operated by the attacker, or it may be infected device.

24
00:02:01,860 --> 00:02:07,650
So the first topology actually, which is the Star Network topology for this client server, as you

25
00:02:07,650 --> 00:02:08,000
can see.

26
00:02:08,010 --> 00:02:14,510
But here we have what's OK and here is the server, which is the server centralized.

27
00:02:15,150 --> 00:02:20,070
We have multi cell phone network technology, which is like this, but we don't have access to a single

28
00:02:20,100 --> 00:02:23,150
CMC or C a server.

29
00:02:23,190 --> 00:02:24,980
We have multiple server.

30
00:02:25,080 --> 00:02:31,860
OK, also we have the hierarchical network topology, which is we have the sanctionable and we have

31
00:02:31,860 --> 00:02:34,170
boats and these boats have boats and so on.

32
00:02:34,200 --> 00:02:34,650
All right.

33
00:02:35,700 --> 00:02:36,020
Cool.

34
00:02:36,420 --> 00:02:42,300
Now we have the other model, which is the peer to peer botnet to circumvent the vulnerabilities of

35
00:02:42,300 --> 00:02:48,500
the client server model, but need to have more recently been designed using components of decentralized

36
00:02:48,500 --> 00:02:52,290
Internet to be a file sharing in the control structure.

37
00:02:52,290 --> 00:02:58,170
Inside the botnet eliminates the single point of failure present in a botnet with a centralized server.

38
00:02:58,470 --> 00:03:03,860
So making mitigation efforts more difficult because this is a virtual beat after all, not like this

39
00:03:03,870 --> 00:03:04,700
client server.

40
00:03:04,710 --> 00:03:10,410
If the server goes down, then the whole infrastructure go down not to be so we have a massive amount

41
00:03:10,410 --> 00:03:14,450
of infrastructure or not as works as our devices.

42
00:03:14,490 --> 00:03:20,930
It works as a botnet now built to be robots can be both client and command centers.

43
00:03:20,940 --> 00:03:22,360
So that's what we have to be.

44
00:03:22,390 --> 00:03:23,960
It is very dangerous.

45
00:03:23,970 --> 00:03:28,410
So working hand in hand with their neighboring nodes to propagate did.

46
00:03:30,020 --> 00:03:36,140
Also appear to be an botanists maintain a list of trusted computers with which they can give and receive

47
00:03:36,140 --> 00:03:43,130
communication and update their malware by limiting the number of other machines that would connect to

48
00:03:43,370 --> 00:03:50,150
each, but is only exposed to adjacent devices, making it harder to track and more difficult to mitigate.

49
00:03:52,240 --> 00:03:59,620
Lacking a centralized command server may appear to be a botnet more vulnerable to control by someone

50
00:03:59,740 --> 00:04:06,490
other than that botnet creator to protect against loss of control, decentralized botnet are typically

51
00:04:07,180 --> 00:04:09,940
encrypted so that access is limited.

52
00:04:11,450 --> 00:04:14,550
Now, here is a graph for the bulletin, it appears to be.

53
00:04:14,570 --> 00:04:19,810
As you can see, all of them is working either as a boat or as a ACNC ever.

54
00:04:19,940 --> 00:04:22,870
So that's what make the beer to be is very dangerous.

55
00:04:23,870 --> 00:04:28,720
So it's not just if we get rid of that server, then everything go down.

56
00:04:28,720 --> 00:04:35,720
No, actually, each device infected with this man when we act as CNE or AZABAL, which is a huge problem

57
00:04:35,720 --> 00:04:36,260
we have here.

58
00:04:37,200 --> 00:04:40,950
Now, how can you protect your devices from becoming part of the botnet?

59
00:04:41,920 --> 00:04:48,250
The first thing, create a secure password, so for many, that vulnerable device is reducing exposure

60
00:04:48,250 --> 00:04:54,730
to botnet vulnerability can be as simple as changing the administrative credentials to something other

61
00:04:54,730 --> 00:05:01,600
than the default username and password and creating a secure password mix brute force, cracking difficult,

62
00:05:01,870 --> 00:05:08,040
creating a very secure mass brute force and getting virtually impossible the other way.

63
00:05:08,140 --> 00:05:11,680
Allow only trusted execution of the quote.

64
00:05:12,790 --> 00:05:19,090
If you adopt a mobile phone model of software execution only allow application Mayron granting more

65
00:05:19,090 --> 00:05:23,470
control to terminate software deemed as malicious but included.

66
00:05:24,070 --> 00:05:31,000
So only an exploitation of the supervisor software or the kernel may result in exploitation of the device.

67
00:05:32,230 --> 00:05:34,510
Baryonic system-wide restores.

68
00:05:35,540 --> 00:05:40,310
They're starting to nonvote state after I said time would remove any gunk.

69
00:05:40,460 --> 00:05:43,580
System has collected botnet software included.

70
00:05:43,880 --> 00:05:50,000
The strategy when used as a preventative measure, ensures even slightly running malware gets thrown

71
00:05:50,000 --> 00:05:50,930
out with trash.

72
00:05:52,580 --> 00:05:58,970
Implement a good ingress and egress filtering, other more advanced strategies include filtering practices

73
00:05:58,970 --> 00:06:01,340
at network character and firewalls.

74
00:06:01,610 --> 00:06:04,430
A principle of secure network design is layering.

75
00:06:04,650 --> 00:06:12,080
You have the least restriction around publicly accessible resources while continually beefing up security

76
00:06:12,080 --> 00:06:13,730
for things you deem sensitive.