1
00:00:02,180 --> 00:00:06,600
Now let's move on to the letters of the host and network.

2
00:00:06,640 --> 00:00:10,280
The first rule of operating system protection is regular updates.

3
00:00:13,250 --> 00:00:19,410
The second requires us to assess the level of operating system security for that purpose.

4
00:00:19,410 --> 00:00:26,680
We can use dedicated tools recommended by the systems manufacturer for small networks based on Microsoft

5
00:00:26,680 --> 00:00:27,700
software.

6
00:00:27,790 --> 00:00:34,590
We can use Microsoft baseline security analyzer this program will tell you what you're doing wrong.

7
00:00:35,990 --> 00:00:39,310
It's also advisable to try out programs used by the attackers.

8
00:00:41,400 --> 00:00:47,120
These programs identify weak spots of the system security.

9
00:00:47,200 --> 00:00:52,230
If you find these weak spots before the attackers do you will have the chance to repair them.

10
00:00:56,250 --> 00:01:01,180
Following the principle of least privilege is another rule.

11
00:01:01,280 --> 00:01:07,130
The principle states that each user must be granted only such privileges that are essential to the user's

12
00:01:07,130 --> 00:01:07,800
work.

13
00:01:10,430 --> 00:01:15,840
In particular the user shouldn't be given administrator privileges.

14
00:01:15,850 --> 00:01:17,620
The principle is straightforward.

15
00:01:18,480 --> 00:01:22,890
But the attempts to implement it always face opposition.

16
00:01:22,890 --> 00:01:26,640
There are many reasons for it and we will discuss them during later parts of our seminar

17
00:01:30,600 --> 00:01:33,140
real time system monitoring is also crucial.

18
00:01:34,610 --> 00:01:39,140
Most systems come with tools dedicated for that purpose and we will discuss them later.

19
00:01:47,270 --> 00:01:51,650
Network protection is easier if you divide it into subnets.

20
00:01:51,660 --> 00:01:55,230
This is not strictly speaking a security solution.

21
00:01:55,840 --> 00:02:00,940
But helps to limit the consequences of a potential attack.

22
00:02:00,970 --> 00:02:07,240
A couple of years ago in a certain large company a person who was responsible for the management of

23
00:02:07,240 --> 00:02:16,030
all computers there and thus had maximum privileges open to malicious attachment the effects were disastrous.

24
00:02:17,440 --> 00:02:24,300
That person uses company computer which had administrator privileges to check his email.

25
00:02:24,340 --> 00:02:30,360
It was one of those companies located in a modern premises with transparent glass walls because the

26
00:02:30,360 --> 00:02:33,450
company network wasn't divided into subnets.

27
00:02:33,450 --> 00:02:40,900
The malicious program had from the very beginning access to every computer one by one every monitor

28
00:02:40,900 --> 00:02:48,610
in the room turned off one program started on the computer by the person who had unlimited access privileges

29
00:02:49,140 --> 00:02:51,730
managed to turn off all the computers in the company

30
00:02:54,520 --> 00:02:55,540
managing a network.

31
00:02:55,540 --> 00:02:59,090
We should ensure data confidentiality.

32
00:02:59,130 --> 00:03:02,840
This could be achieved through data encryption by means of proven solutions.

33
00:03:06,320 --> 00:03:12,380
At the application layer this is achieved through SSL and at the network layer by IP SEC

34
00:03:15,710 --> 00:03:23,230
a common method for an attack on computer networks is impersonating a trusted host we'll elaborate on

35
00:03:23,230 --> 00:03:24,500
that later on.

36
00:03:25,850 --> 00:03:33,140
It's relatively easy to prevent this type of an attack updating operating systems improve security because

37
00:03:33,140 --> 00:03:41,290
this problem either doesn't exist at all in the case of newer systems or is limited mutual authentication

38
00:03:41,290 --> 00:03:46,760
between computers the exchange data with one another is an alternative way of preventing such attacks.

39
00:03:48,520 --> 00:03:51,220
Many modern operating systems give you that option.

40
00:03:53,300 --> 00:03:57,560
However it needs to be configured correctly because it's not a default system option.

41
00:04:00,430 --> 00:04:05,680
Network intrusion detection systems should also be used to monitor threats just as was the case with

42
00:04:05,680 --> 00:04:14,110
the layers were discussed before.

43
00:04:14,340 --> 00:04:20,390
We now proceed to the perimeter layer and physical access layer the perimeter is the point of contact

44
00:04:20,390 --> 00:04:25,530
between the relatively secure private network and the non-secure network of the Internet.

45
00:04:30,420 --> 00:04:38,380
Network firewalls used to be reliable protection against attacks at this layer of firewall just like

46
00:04:38,380 --> 00:04:46,400
a literal wall of fire would block all network traffic it prevented any network user from connecting

47
00:04:46,400 --> 00:04:50,880
to the internet and anyone from the internet from connecting with network users.

48
00:04:52,160 --> 00:04:59,910
This was back in the 80s then Web sites came along companies noticed that it was easier to obtain personal

49
00:04:59,910 --> 00:05:04,140
data through the Internet than through a phone call or direct conversation.

50
00:05:06,040 --> 00:05:12,310
Anti-deps started to unblock one direction of communication from the secure computers to the untrusted

51
00:05:12,310 --> 00:05:15,810
ones.

52
00:05:15,820 --> 00:05:18,350
This meant the firewall less tight.

53
00:05:18,640 --> 00:05:22,980
However it still served its purpose and made the network relatively secure.

54
00:05:24,670 --> 00:05:30,340
Later companies decided they wanted their own Web sites and the company internal communication should

55
00:05:30,340 --> 00:05:32,090
take place via emails.

56
00:05:34,630 --> 00:05:42,420
From that point onward each company network included a web server and an e-mail server this required

57
00:05:42,420 --> 00:05:47,540
configuration of the firewall so that it allowed communication from untrusted computers.

58
00:05:49,260 --> 00:05:51,350
This is how the situation looks today.

59
00:05:53,750 --> 00:05:58,670
Network firewalls are still needed because they protect against certain attacks but they no longer guarantee

60
00:05:58,670 --> 00:06:04,170
security.

61
00:06:04,230 --> 00:06:08,810
The so-called demilitarized zone is a better solution.

62
00:06:08,860 --> 00:06:15,640
It's a special kind of sudden that that can easily be accessed by external parties all servers providing

63
00:06:15,640 --> 00:06:22,870
external facing services should be included in the DMZ.

64
00:06:22,910 --> 00:06:27,730
Of course you should monitor the network user's activity nonetheless.

65
00:06:27,750 --> 00:06:32,160
This involves monitoring both incoming and outgoing network traffic.

66
00:06:32,160 --> 00:06:34,510
The latter you can do through proxy servers.