WEBVTT

1
00:00:00.110 --> 00:00:01.200
In this lesson,

2
00:00:01.200 --> 00:00:05.040
we will learn about integrity risk considerations.

3
00:00:05.040 --> 00:00:07.020
Integrity is the assurance

4
00:00:07.020 --> 00:00:10.380
that data remains accurate and unaltered

5
00:00:10.380 --> 00:00:14.220
and that any unauthorized changes are detectable.

6
00:00:14.220 --> 00:00:16.290
Integrity risk considerations

7
00:00:16.290 --> 00:00:19.830
are actions taken to protect data and systems

8
00:00:19.830 --> 00:00:22.260
from unauthorized modifications

9
00:00:22.260 --> 00:00:26.460
that could compromise their accuracy and trustworthiness.

10
00:00:26.460 --> 00:00:31.460
Integrity risk considerations include interference, hashing,

11
00:00:31.710 --> 00:00:34.830
remote journaling, and anti-tampering.

12
00:00:34.830 --> 00:00:38.580
Let's explore each of the integrity risk considerations

13
00:00:38.580 --> 00:00:41.880
in more detail, and then conduct a demonstration

14
00:00:41.880 --> 00:00:45.510
to see how hashing can detect a small data change

15
00:00:45.510 --> 00:00:47.220
in a group of files.

16
00:00:47.220 --> 00:00:49.800
First, we have interference.

17
00:00:49.800 --> 00:00:52.290
Interference is any unauthorized

18
00:00:52.290 --> 00:00:56.520
modification or disruption of data or systems

19
00:00:56.520 --> 00:01:00.120
which compromise its accuracy and integrity.

20
00:01:00.120 --> 00:01:03.360
Interference can occur through malicious attacks,

21
00:01:03.360 --> 00:01:06.690
accidental changes, or system errors.

22
00:01:06.690 --> 00:01:09.510
To protect against data interference,

23
00:01:09.510 --> 00:01:13.590
organizations should implement strict access controls,

24
00:01:13.590 --> 00:01:17.640
user authentication protocols, and system monitoring

25
00:01:17.640 --> 00:01:21.300
to detect and prevent unauthorized changes.

26
00:01:21.300 --> 00:01:25.680
Additionally, using backup systems and failover strategies

27
00:01:25.680 --> 00:01:28.260
can help recover from interference

28
00:01:28.260 --> 00:01:31.770
and restore systems to their unaltered state.

29
00:01:31.770 --> 00:01:33.780
Second, we have hashing.

30
00:01:33.780 --> 00:01:36.570
Hashing is a cryptographic technique

31
00:01:36.570 --> 00:01:39.300
used to maintain data integrity

32
00:01:39.300 --> 00:01:43.830
by creating a fixed-size fingerprint or hash value

33
00:01:43.830 --> 00:01:46.290
from an input of any size.

34
00:01:46.290 --> 00:01:50.190
Hashing algorithms are considered trap-door algorithms

35
00:01:50.190 --> 00:01:53.550
because they are one-way mathematical functions.

36
00:01:53.550 --> 00:01:57.990
In other words, a hash output cannot be reverse engineered

37
00:01:57.990 --> 00:02:00.390
to discover its original input.

38
00:02:00.390 --> 00:02:03.060
So they're called trap door algorithms

39
00:02:03.060 --> 00:02:05.700
because once you fall through a trap door,

40
00:02:05.700 --> 00:02:08.400
you can't climb up back through it.

41
00:02:08.400 --> 00:02:13.200
Common hashing algorithms include MD5, SHA-1,

42
00:02:13.200 --> 00:02:16.380
SHA-256, and SHA-3.

43
00:02:16.380 --> 00:02:20.190
MD5 and SHA-1 were once widely used.

44
00:02:20.190 --> 00:02:22.350
However, they aren't used much now

45
00:02:22.350 --> 00:02:24.630
due to known hash collisions.

46
00:02:24.630 --> 00:02:27.660
A collision occurs when two unique inputs

47
00:02:27.660 --> 00:02:30.210
result in the same hash output.

48
00:02:30.210 --> 00:02:32.040
When hash collisions occur,

49
00:02:32.040 --> 00:02:35.640
the integrity of data can no longer be confirmed.

50
00:02:35.640 --> 00:02:39.960
These collisions made MD5 and SHA-1 algorithms

51
00:02:39.960 --> 00:02:43.350
unsuitable for ensuring data integrity.

52
00:02:43.350 --> 00:02:46.800
SHA-256 and SHA-3 on the other hand,

53
00:02:46.800 --> 00:02:49.980
produce unique, unpredictable hashes

54
00:02:49.980 --> 00:02:54.540
that make unauthorized data alterations easily detectable.

55
00:02:54.540 --> 00:02:56.790
In a few minutes, we will demonstrate

56
00:02:56.790 --> 00:03:01.410
how hashing can identify a small change in a group of files.

57
00:03:01.410 --> 00:03:04.140
Third, we have remote journaling.

58
00:03:04.140 --> 00:03:07.680
Remote journaling refers to the continuous transmission

59
00:03:07.680 --> 00:03:11.370
of transaction logs to a remote location.

60
00:03:11.370 --> 00:03:14.460
Remote journaling ensures that a secure record

61
00:03:14.460 --> 00:03:16.050
of all system activities

62
00:03:16.050 --> 00:03:20.220
is maintained in real time in a remote location.

63
00:03:20.220 --> 00:03:24.840
Unlike data backups, which involve copying entire data sets,

64
00:03:24.840 --> 00:03:29.430
remote journaling focuses on safeguarding individual logs

65
00:03:29.430 --> 00:03:32.640
that track system changes, transactions,

66
00:03:32.640 --> 00:03:34.920
or other critical events.

67
00:03:34.920 --> 00:03:37.140
In the event of a system failure,

68
00:03:37.140 --> 00:03:42.060
security breach, or disaster, these remotely stored logs

69
00:03:42.060 --> 00:03:46.710
allow organizations to reconstruct recent system activities.

70
00:03:46.710 --> 00:03:50.130
While remote journaling doesn't restore lost data,

71
00:03:50.130 --> 00:03:51.570
it plays a key role

72
00:03:51.570 --> 00:03:55.050
in ensuring the accuracy of system records.

73
00:03:55.050 --> 00:03:58.710
Fourth and last, we have anti-tampering.

74
00:03:58.710 --> 00:04:03.360
Anti-tampering measures are designed to detect or prevent

75
00:04:03.360 --> 00:04:07.680
unauthorized modifications to hardware or software.

76
00:04:07.680 --> 00:04:09.210
Anti-tampering measures

77
00:04:09.210 --> 00:04:13.080
ensure systems remain secure and trustworthy.

78
00:04:13.080 --> 00:04:15.330
These anti-tampering measures

79
00:04:15.330 --> 00:04:17.880
can include physical protections,

80
00:04:17.880 --> 00:04:21.720
such as seals or locks on hardware components,

81
00:04:21.720 --> 00:04:23.610
or software mechanisms,

82
00:04:23.610 --> 00:04:26.910
like checksums and tamper-evident logs.

83
00:04:26.910 --> 00:04:31.080
For example, tamper-evident logging records any attempts

84
00:04:31.080 --> 00:04:34.950
to alter system files or configurations,

85
00:04:34.950 --> 00:04:39.180
alerting administrators to potential security breaches.

86
00:04:39.180 --> 00:04:43.740
Now let's conduct a hashing algorithm demonstration.

87
00:04:43.740 --> 00:04:48.180
I am operating on a Kali Linux virtual machine.

88
00:04:48.180 --> 00:04:51.780
I've created an Integrity_Monitoring folder

89
00:04:51.780 --> 00:04:54.390
with four simple files in it.

90
00:04:54.390 --> 00:04:57.960
The contents of each file are five paragraphs

91
00:04:57.960 --> 00:05:00.360
of Lorem Ipsum text.

92
00:05:00.360 --> 00:05:03.060
My goal during this demonstration

93
00:05:03.060 --> 00:05:06.360
is to identify a compromise of integrity

94
00:05:06.360 --> 00:05:08.850
in one of these files.

95
00:05:08.850 --> 00:05:13.380
Because hashing algorithms can accept any size input,

96
00:05:13.380 --> 00:05:17.760
I could hash a single file or an entire hard drive.

97
00:05:17.760 --> 00:05:22.590
In this case, I will hash each of the files individually,

98
00:05:22.590 --> 00:05:26.460
then hash the individual file hashes as a group

99
00:05:26.460 --> 00:05:29.310
to create a single resulting hash

100
00:05:29.310 --> 00:05:32.850
that represents the contents of all files

101
00:05:32.850 --> 00:05:35.730
in the Integrity_Monitoring folder.

102
00:05:35.730 --> 00:05:38.190
When the hash operations are complete,

103
00:05:38.190 --> 00:05:40.800
I'm going to save that resulting hash

104
00:05:40.800 --> 00:05:44.103
in a file called Hash_Monday.txt.

105
00:05:45.480 --> 00:05:48.843
So I'm going to enter in my hashing command.

106
00:05:57.750 --> 00:06:01.667
As I said, this one's going to end with Hash_Monday.txt.

107
00:06:06.270 --> 00:06:07.350
There we go.

108
00:06:07.350 --> 00:06:11.580
This command generates a SHA-256 hash

109
00:06:11.580 --> 00:06:15.660
for all the files in the Integrity_Monitoring folder,

110
00:06:15.660 --> 00:06:17.610
combines those hashes,

111
00:06:17.610 --> 00:06:21.390
and then computes a final SHA-256 hash

112
00:06:21.390 --> 00:06:24.270
from the individual file hashes.

113
00:06:24.270 --> 00:06:29.270
The resulting hash is saved into the Hash_Monday.txt file.

114
00:06:31.740 --> 00:06:34.170
So if this was Monday's hash

115
00:06:34.170 --> 00:06:37.110
and there was no change in file integrity

116
00:06:37.110 --> 00:06:39.510
between Monday and Tuesday,

117
00:06:39.510 --> 00:06:42.810
then Tuesday's hash result would be the same.

118
00:06:42.810 --> 00:06:46.800
I'll simulate this by running the hashing algorithm again

119
00:06:46.800 --> 00:06:51.693
and sending the output to a file called Hash_Tuesday.txt.

120
00:06:59.070 --> 00:07:01.980
All right, now I'm going to compare the value

121
00:07:01.980 --> 00:07:05.703
between the two files with the diff command.

122
00:07:10.170 --> 00:07:14.043
As you can see, the two files are identical.

123
00:07:17.070 --> 00:07:20.250
Now, let's presume that on Wednesday

124
00:07:20.250 --> 00:07:24.420
the integrity of SimpleFile_2 is compromised

125
00:07:24.420 --> 00:07:27.990
and a single letter in the file is changed.

126
00:07:27.990 --> 00:07:31.353
So I'm going to open up SimpleFile_2.

127
00:07:38.070 --> 00:07:41.430
There it is, and I'm going to delete

128
00:07:41.430 --> 00:07:46.430
the first character in the file and save that file.

129
00:07:51.360 --> 00:07:53.880
Now back in the command line,

130
00:07:53.880 --> 00:07:57.810
I'm going to run a hashing and comparison command again,

131
00:07:57.810 --> 00:08:00.420
but I'm going to do it in one action.

132
00:08:00.420 --> 00:08:02.730
So I'm going to use the and operator

133
00:08:02.730 --> 00:08:06.960
to link the two commands together one after the other.

134
00:08:06.960 --> 00:08:11.960
So this will be SHA-256.

135
00:08:12.570 --> 00:08:14.430
I'm going to hash everything again,

136
00:08:14.430 --> 00:08:19.143
but now it's going to be the Hash_Wednesday file.

137
00:08:23.700 --> 00:08:27.270
And after that, I'm going to find the difference

138
00:08:27.270 --> 00:08:30.240
between the Hash_Tuesday.txt

139
00:08:30.240 --> 00:08:33.243
and the new Hash_Wednesday.txt file.

140
00:08:35.310 --> 00:08:36.900
Ah, there we go.

141
00:08:36.900 --> 00:08:38.820
Now you can see that the hashes

142
00:08:38.820 --> 00:08:42.510
within the Tuesday file and the Wednesday file

143
00:08:42.510 --> 00:08:44.760
are not identical.

144
00:08:44.760 --> 00:08:47.820
So by monitoring the hash values

145
00:08:47.820 --> 00:08:50.580
of the files within a folder,

146
00:08:50.580 --> 00:08:53.580
we were able to detect a single change

147
00:08:53.580 --> 00:08:55.740
in one of those files.

148
00:08:55.740 --> 00:08:58.800
This is the end of the demonstration.

149
00:08:58.800 --> 00:09:03.150
So remember, integrity risk considerations

150
00:09:03.150 --> 00:09:06.150
focus on protecting data and systems

151
00:09:06.150 --> 00:09:08.730
from unauthorized modifications

152
00:09:08.730 --> 00:09:12.990
that could compromise their accuracy and reliability.

153
00:09:12.990 --> 00:09:17.430
These considerations include measures like interference

154
00:09:17.430 --> 00:09:22.170
where unauthorized changes can disrupt data or systems.

155
00:09:22.170 --> 00:09:24.030
Mitigating interference

156
00:09:24.030 --> 00:09:27.270
requires access controls and monitoring

157
00:09:27.270 --> 00:09:29.430
to prevent alterations.

158
00:09:29.430 --> 00:09:32.100
Hashing is a cryptographic process

159
00:09:32.100 --> 00:09:34.890
that generates a unique digital fingerprint

160
00:09:34.890 --> 00:09:37.320
for data of any size.

161
00:09:37.320 --> 00:09:40.680
Hashing ensures that any unauthorized changes

162
00:09:40.680 --> 00:09:43.650
are detectable no matter how small

163
00:09:43.650 --> 00:09:48.390
through comparisons of the original and current hash values.

164
00:09:48.390 --> 00:09:51.180
Next, remote journaling helps maintain

165
00:09:51.180 --> 00:09:53.580
transaction logs off site,

166
00:09:53.580 --> 00:09:56.010
ensuring the availability of logs

167
00:09:56.010 --> 00:09:58.560
in the event of a system failure.

168
00:09:58.560 --> 00:10:02.490
Last, anti-tampering measures detect or prevent

169
00:10:02.490 --> 00:10:06.510
unauthorized modifications to hardware or software

170
00:10:06.510 --> 00:10:08.850
through mechanisms like checksums,

171
00:10:08.850 --> 00:10:12.723
tamper-evident logs, and physical protections.