 Welcome back. Today we're going to talk about cybersecurity, just very basically how cybersecurity works and some main concepts in cybersecurity. I really recommend, I guess after this course or during this course, looking up more about cybersecurity and how cybersecurity works. I'm just going to give the basics now to get us started, but it's a whole field by itself and very very interesting, very related to digital forensic investigation. So cybersecurity attempts to protect networks, computer programs and data from attack, damage or unauthorized access. Basically, cybersecurity is trying to protect the information that you need to be protected, that you want to be protected. This is extremely difficult to do, as we talked about in the first lecture. Cyber criminals are very active and there's a lot of cyber crimes going on. And cybersecurity also usually involves thinking about security first, and most people and most organizations don't really think about security first. They think about profits or quickness or access, all of these things. And cybersecurity makes things more difficult for them and for the attacker. So cybersecurity is normally kind of an afterthought, which is why we have so many cybersecurity issues or cyber crimes happening now. So cybersecurity is very difficult to do. We want full easy access on demand. So think about if you come home and you get on your computer, you don't really want to type in a password. You don't really want to take time to load up a website. You just want everything now. So whatever you want, you want it immediately. The problem is if you can access it immediately, criminals can probably also access it immediately. So if you don't have proper security in place or any type of restrictions, then criminals or whoever is trying to use your data will also not be restricted, probably not be restricted. We don't want others to have full easy access on demand. So we want easy. We want other people to not have it easy. But trying to do both of those things is very difficult. A balance must be found between openness and the level of risk that we're willing to take. So on your home computer, you might have pictures of your family. You might have some kind of semi sensitive documents, like a picture of your bank account or something like that. But the information to you maybe is not so valuable, and to a criminal is also not very valuable. So the risk to you is relatively low. Now, if we think about an organization who has all of their intellectual property on a hard drive, if they lose that intellectual property or it's somehow leaked out, maybe their business goes bankrupt, right? So their intellectual property or protecting their intellectual property is very high risk because it could make criminals a lot of money and it could result in the business going out of business. So we need to think about security in a little bit different ways in both of them, but we need to think about security in both of them at least a little bit. And right now, most people aren't thinking about security. So think about your phones, for example. How many people have actually put any type of security programs on your phones or even passwords on your phones more than just a quick kind of scrolling lock or something like that. How much do you think about updating your phone software, updating the apps on your phone, keeping them up to date, not installing random applications that you don't know where they came from? So most people are not really thinking about security very much because they think nothing will happen to them. But we know that cyber crime happens all the time to a lot of people in a lot of different ways. So cyber crime is actually pretty likely. One of we're talking about cybersecurity. We can talk, there's a relatively easy cybersecurity model you can think of. It's called the CIA model. It's a model used to guide information security policies within an organization. So there's a lot of different models and some are, I think, better than the CIA model, but I'm just saying it now because it's very easy to get your head around so you can start to think about security. So first off is confidentiality. The C in CIA is confidentiality. And confidentiality means only those who should have access can access sensitive information. So only those who should have access can access the information. Again, think about your phone. Is there anyone who maybe shouldn't be able to access everything on your phone that could if they wanted to? Or your computer. Is there anyone who could definitely access all of the files on your computer even though you probably don't want them to access everything? Or cloud storage, emails, chats, anything like that? Most likely there's somebody who knows how to get into your system or knows how to get information from your system that you might not want them to get everything, right? So maybe you're lacking confidentiality, some confidentiality. Now, this is a big problem in organizations because confidentiality means we have to restrict people from accessing different things, but people want access to everything very easily. So again, we have to strike this balance. Next is integrity in the CIA model, maintaining the consistency, accuracy, and trustworthiness of data over its life cycle. So how do we know that the data has not been modified? How do we know it hasn't been tampered with or changed in some way? For example, your bank account. How do you know that somebody has not gone in and modified the amount of money that's in your bank account illegally or taken some money out? Or if you send an email to somebody, how do you know that somebody didn't stop the email in the middle whenever it was being transferred and then change something and then send it? All of these things are possible, but we have more or less some ways to check the integrity of the data that we're sending to make sure that data is not modified whenever it's not modified whenever it shouldn't be modified. And availability. Those who should have access can access data whenever they want. So this, I think the most common way or a well known way that availability is manipulated is through denial of service attacks. So if you think about a government website or just a website, if you want to stop people from accessing the website who should be able to, you do a denial of service attack and then they can't access the information on that website. So it brings the website down. So confidentiality, integrity, availability, if you can, basically information security is trying to maintain all three of those things. Now, all three of those also require some type of balance. You can't necessarily have all of them at the same time, but you should be thinking about all of them whenever you're trying to think about securing data. So now what is data? Data, CIA applies to data and information that's in storage or in transit. So if something is in storage, it's on your hard drive, it's on your computer or your phone, and it's not going anywhere. It's not being sent anywhere. We have to think about protection of data on a storage device a little bit differently than protection of data that we're sending. So for example, if you write a letter and you put it in a desk drawer, somebody could come in, open the desk and take the letter out and read it. But if you send the letter, you put it in an envelope and you send it through the mail, then there's different risks. Somebody could intercept the letter and then open it up and then read it. So the idea is that the information in the letter has different risks depending on what you're doing with it. If it's just in the desk drawer, it's probably more secure than if it's being sent unless people can get into your house. So for example, storage would be hard drive, tape backup. In transit would be anytime you send data over a network, over the internet, to a cloud storage device, anything like that. The lifecycle of the data describes its use for the time it was created and the time it was deleted. So data has a lifetime, basically. Data and information. Information, so for example, information that we know today. Yesterday it would have been very valuable, but today maybe everyone knows it, so there's no value in that information anymore. Information and data have a lifetime and usually the older the information gets, the less valuable it becomes, depending on what the information is. So this includes how data is stored, analyzed and transmitted. The value of data. Data has a value in the form of information it provides. So whoever controls data really controls the information and they control a lot of things if they can control the data. The value of data is usually limited in time, like I said. Cyber crimes attack each area of the CIA model. So for example, stealing credit card numbers or other personal information for sale could affect the confidentiality of the credit card number. So if we're attacking confidentiality, we might be stealing personal information and then selling it, so then that way it's not confidential anymore. Stealing trade secrets for sale or blackmail, stealing passwords to access resources or social engineering, which we'll talk about more in another lecture. Integrity changing the contract payment accounts electronically. So if I can access contracts that you have where you say that you'll pay me a million dollars, maybe I can access that contract and change the bank account so you send the million dollars to somebody else. So that's attacking the integrity of these accounts and cyber criminals do this all the time. They intercept the transaction or they intercept the contract, change information and then send it on. Using a virus to modify data of a competitor or just trying to manipulate the competitor's data in some way. Availability, like I said, DDoS attacks make the competitor lose money or reputation, face, things like that. CryptoLocker blocking access to data on hard drives. So right now crypto lockers are fairly common where you get a virus and it encrypts all of your data and then it asks for money to decrypt the data. We'll talk a little bit more about them but basically don't pay those. If your information gets encrypted, don't pay because most of the time they won't unlock your data anyway. So you're unlikely to get your data back even if you do pay. CryptoLocker blocking access is an attack on availability so you want to access your files but you can't. The best way around that is just keep a backup of all of your data that's important to you. Confidentiality relies on the identification of an object or person that we need to keep confidential. We need to, we can keep it confidential through something called access control lists. We restrict who's accessing the information. We can keep it confidential through data encryption. So if we encrypt the data other people can't access it unless they have the key. IDs and passwords and biometrics. So again in confidentiality all of those methods have their own weaknesses but it's what we can do now at least to try to keep things a little bit more confidential. Think about have you actively used encryption on your files to keep them confidential? Probably not. They're probably unencrypted and anyone who gets access to your computer can probably get access to your sensitive data. Integrity usually relies on change detection and backups so we just try to monitor and see when files or when data is being changed or modified in some way and how. We use something called check sums which we'll talk a lot more about later. Data backups things like that to ensure that if something is modified we can still recover it. Integrity should be maintained while data is stored which is not very difficult and while in transit while we're sending it which is pretty difficult because once we send it away from our network we don't really have control of it anymore. So integrity is a very big challenge in transit. Availability usually maintained through hardware duplicates and updated software. So making sure that you have some sort of redundancy in place that way if the information that you're looking for is somehow compromised or the computer breaks or whatever there's another computer that can take over for it. So big companies have a lot of different servers and if one server hard drive fails then all of the other servers take over for this hard drive so they have basically full-time availability. Ensure the hardware is in working order update all system software. Software that's not updated is more vulnerable to different viruses or exploits which means that I could potentially take over the computer and take it down or compromise confidentiality or integrity or availability. Configure redundancy so again other computers that can take over if one computer fails or backups in case some data is lost or modified in some way and consider disaster recovery. Disaster recovery and information security is a big field so for example if a neighbor if there was a earthquake and neighbor in in Chunchon kind of fell into the earth and their servers stopped they probably have some sort of backup recovery in another town maybe not even in Korea that could take over for all of the services that they're providing. Consider software-based solutions like denial of service prevention and firewalls we'll talk more about that in a little bit. Cyber security attempts to make it difficult for the majority of attackers so you're not going to be able to prevent all different types of attacks but you can make it difficult for the majority of attackers there's lots of people that are trying to compromise systems for a lot of different reasons and our job basically is to not be the easiest target and right now it's very easy to take over a lot of different systems because people don't update they use bad security practices or don't think about security at all so attackers can can compromise their systems pretty easily. Computers on the internet are being attacked all the time usually by viruses or botnets so automated programs designs to take over systems or compromise systems in some way computers are being attacked all the time. Whenever I put a computer online within the first five to ten minutes people are already scanning me and trying to attack it's just automated systems learning about computers that are online. Attackers focus on easy insecure systems so if you have not thought about security at all your system is probably easy and insecure okay many systems have almost no security configured basic security practices can prevent the majority of attacks so if you just do basic basic security things like keeping your system up to date then a lot of security attacks will be stopped immediately. Attackers also focus on high profile systems where they can potentially gain a lot of money and potentially a lot of fame so if somebody can gain money or fame they're more likely to do those types of attacks than just taking over some random person that's generating no value for them. Basic level cybersecurity again the biggest thing is update all of your software keep everything up to date. Windows 7 for example is now out of service so Microsoft no longer supports Windows 7 so I've seen people who are still running Windows XP which hasn't had any security updates for I think a couple of years now so if you're running Windows XP you are completely vulnerable and your systems probably already taken over. If you're running Windows 7 now it receives no security updates so you should be updating basically to Windows 10. You need to be at Windows 10 right now and keep Windows 10 up to date if you're using Windows but that's the same for OS X Mac or Linux any system that you have keep it up to date otherwise you're more likely to be compromised in some way especially if you're using it to browse the internet and things like that. All software on the computer can become a vulnerability if it's not updated regularly so keep software up to date not just the operating system even programs Microsoft Office hand go word processor whatever you're using update it access controls restricted accounts so another big problem is that computers let users do basically anything they want on the system so restrict the accounts so you can't do everything right that means that if somebody tries to take over your system they can't do everything either like install more viruses or whatever they want to do reduce access rights for your accounts and require passwords for the administrator account to get privileges to be able to install software that should be restricted does the device need direct access to the internet most likely no very few I think in only very special cases do you need to be directly connected to the internet so instead you can use some sort of firewall or maybe a wireless router with a firewall configured as a first layer and then it becomes much more difficult to connect to your computer and take over your computer directly so very rarely do we need direct connections to the internet we can use some sort of firewall or intermediary basically yeah and then for I guess businesses more than more than normal users check your logs very often so if you're running a server check your logs and figure out what are people trying to do whenever they connect to you is anyone attacking you what types of attacks are they can you prevent them any strange logins any strange connections or errors antivirus antivirus is very questionable you should use antivirus and you should keep it up to date but at the same time it's not a cure-all like new types of viruses have found ways very good ways around antiviruses so you should have them but you shouldn't keep all of your trust in them using antivirus plus good security practices I would prefer good security practices over an antivirus actually but you still should have it if you can make sure it's up to date here I said you use regional and global antivirus for better protection so for example there's v3 in Korea it's a Korean antivirus company and for Korean or Asia I guess base attacks it's pretty good but it will miss a lot of global stuff so I recommend if you're going to use an antivirus try to pick a local one and try to pick a global one and run both of them at the same time and keep them up to date again good security practices restricting access to your system will probably work better than antiviruses and it's cheaper don't use secure systems to visit unknown or unrelated websites so I've seen some for example cafes or restaurants where they have a point of sale system running windows and they will use that to visit a music streaming website okay but their point of sale system is where they do all of the credit card transactions so if they visit a website that has a virus on it their computer gets a virus and now whoever owns that virus can get all of the credit cards from that computer so just think about what do you do with your computer and is there any information on here that is high value or high risk if it is don't go to unknown websites online with it yeah many current attacks focus on compromise of the browser the browser is the main way to connect to the internet now so a lot of viruses use the browser vulnerabilities to try to get into your system always use the newest updated browser if anyone is using internet explorer anymore it has been irrelevant for a very very long time and very insecure at least use microsoft edge which is the new kind of like new internet explorer do not use internet explorer it's no longer basically even supported what's what i've seen in terms of security google chrome seems to be one of the most security conscious with probably firefox second and then i think edge is starting to come up and opera so i would go with probably google chrome and firefox make sure you keep them up to date google chrome updates itself automatically you don't have to do anything you just have to start it so make sure that you have automatic updates you're using the latest software and especially the latest browser if you're using internet explorer still you're very insecure and it's very likely that you're going to be taken over so i know that's a lot of different things to talk about with cyber security but like i said cyber security is a very big field there's no one way necessarily to do it right it really depends on the risk you have so what do you want to protect yeah so i really recommend looking more into information security how to protect yourself that will help you whenever you're doing an investigation to figure out why was this victim compromised how were they compromised things like that so yeah information security very big very interesting area we just kind of scratch the surface so please look up some more about it thank you very much