WEBVTT

1
00:00:00.110 --> 00:00:01.260
In this lesson,

2
00:00:01.260 --> 00:00:04.260
we will learn about Security Practices.

3
00:00:04.260 --> 00:00:07.830
Security practices involve implementing strategies

4
00:00:07.830 --> 00:00:11.400
such as segmentation, hardening, and monitoring

5
00:00:11.400 --> 00:00:15.120
to protect specialized systems from potential threats.

6
00:00:15.120 --> 00:00:18.390
Segmentation divides a network into smaller,

7
00:00:18.390 --> 00:00:21.690
isolated segments to limit the spread of attack

8
00:00:21.690 --> 00:00:24.600
and reduce the exposure of critical systems

9
00:00:24.600 --> 00:00:26.760
to unauthorized access.

10
00:00:26.760 --> 00:00:30.600
Next, hardening is the process of securing a system

11
00:00:30.600 --> 00:00:33.120
by reducing its attack surface.

12
00:00:33.120 --> 00:00:36.930
Finally, monitoring is the continuous observation

13
00:00:36.930 --> 00:00:38.340
of system activity

14
00:00:38.340 --> 00:00:41.880
to detect and respond to potential security incidents

15
00:00:41.880 --> 00:00:43.440
in real-time.

16
00:00:43.440 --> 00:00:46.020
Let's learn more about segmentation,

17
00:00:46.020 --> 00:00:48.150
hardening, and monitoring.

18
00:00:48.150 --> 00:00:50.730
First, we have segmentation.

19
00:00:50.730 --> 00:00:53.730
Segmentation protects sensitive systems

20
00:00:53.730 --> 00:00:55.610
by dividing a larger network

21
00:00:55.610 --> 00:00:58.560
in into smaller, isolated sections.

22
00:00:58.560 --> 00:01:02.220
This technique makes it more difficult for attackers

23
00:01:02.220 --> 00:01:04.890
to access additional parts of the network

24
00:01:04.890 --> 00:01:07.920
if they manage to compromise one area.

25
00:01:07.920 --> 00:01:10.530
For example, in an office environment,

26
00:01:10.530 --> 00:01:12.900
a company might segment its network

27
00:01:12.900 --> 00:01:17.310
so that employee devices such as laptops and mobile phones

28
00:01:17.310 --> 00:01:19.260
are on a separate network,

29
00:01:19.260 --> 00:01:23.220
from sensitive financial or customer data systems.

30
00:01:23.220 --> 00:01:25.650
A common tool used to do this

31
00:01:25.650 --> 00:01:29.310
is a Virtual Local Area Network, or VLAN.

32
00:01:29.310 --> 00:01:33.750
VLANs allow different devices on the same physical network

33
00:01:33.750 --> 00:01:37.110
to be logically separated into different segments

34
00:01:37.110 --> 00:01:39.900
at layer 2 of the OSI model,

35
00:01:39.900 --> 00:01:43.110
limiting how they communicate with each other.

36
00:01:43.110 --> 00:01:46.800
In practice, segmentation is especially useful

37
00:01:46.800 --> 00:01:50.550
for protecting specialized industrial control systems

38
00:01:50.550 --> 00:01:54.540
or other systems involved in critical infrastructure.

39
00:01:54.540 --> 00:01:56.520
A factory, for example,

40
00:01:56.520 --> 00:01:58.320
might segment its network

41
00:01:58.320 --> 00:02:00.570
so that operational systems

42
00:02:00.570 --> 00:02:02.880
controlling manufacturing machines

43
00:02:02.880 --> 00:02:05.940
are isolated from the broader corporate network,

44
00:02:05.940 --> 00:02:10.080
where email and other non-critical systems exist.

45
00:02:10.080 --> 00:02:11.280
By doing this,

46
00:02:11.280 --> 00:02:13.830
the company can limit potential damage

47
00:02:13.830 --> 00:02:16.140
if the corporate network is breached,

48
00:02:16.140 --> 00:02:19.500
ensuring that attackers cannot easily access

49
00:02:19.500 --> 00:02:22.170
the machine's controlling production.

50
00:02:22.170 --> 00:02:24.180
To implement this isolation,

51
00:02:24.180 --> 00:02:27.990
firewalls can be used in combination with segmentation

52
00:02:27.990 --> 00:02:30.090
to create further separation

53
00:02:30.090 --> 00:02:32.160
between different network segments,

54
00:02:32.160 --> 00:02:33.840
ensuring tighter control

55
00:02:33.840 --> 00:02:38.010
over traffic transiting between these network segments.

56
00:02:38.010 --> 00:02:41.460
Tools like Cisco's Adaptive Security Appliance,

57
00:02:41.460 --> 00:02:44.670
or Palo Alto's Next-Generation Firewalls

58
00:02:44.670 --> 00:02:48.060
can be used to enforce segmentation policies.

59
00:02:48.060 --> 00:02:51.540
They allow network administrators to set rules

60
00:02:51.540 --> 00:02:55.290
about which segments can communicate with each other

61
00:02:55.290 --> 00:02:57.600
and under what conditions.

62
00:02:57.600 --> 00:02:59.910
By carefully managing rules,

63
00:02:59.910 --> 00:03:02.880
organizations can create strong barriers

64
00:03:02.880 --> 00:03:05.280
between different parts of their network,

65
00:03:05.280 --> 00:03:06.990
improving security.

66
00:03:06.990 --> 00:03:09.060
Second, we have hardening.

67
00:03:09.060 --> 00:03:11.700
Hardening improves the system's defenses

68
00:03:11.700 --> 00:03:14.250
by minimizing its vulnerabilities.

69
00:03:14.250 --> 00:03:17.880
This means disabling unnecessary services

70
00:03:17.880 --> 00:03:21.330
or features that could be exploited by an attacker.

71
00:03:21.330 --> 00:03:23.820
For instance, a database system

72
00:03:23.820 --> 00:03:25.980
that is only accessed locally,

73
00:03:25.980 --> 00:03:29.130
should not have a remote login service enabled.

74
00:03:29.130 --> 00:03:32.820
Hardening also involves applying security patches

75
00:03:32.820 --> 00:03:35.520
to address any known vulnerabilities.

76
00:03:35.520 --> 00:03:39.930
So when a manufacturer releases an update for a system,

77
00:03:39.930 --> 00:03:43.080
it's important to apply these patches properly

78
00:03:43.080 --> 00:03:45.660
to ensure the system remains protected

79
00:03:45.660 --> 00:03:48.030
from newly discovered threats.

80
00:03:48.030 --> 00:03:50.280
A real world example of hardening

81
00:03:50.280 --> 00:03:52.650
can be seen in web servers.

82
00:03:52.650 --> 00:03:54.810
If a company runs a website,

83
00:03:54.810 --> 00:03:56.700
it needs to harden its server

84
00:03:56.700 --> 00:04:00.570
by disabling any unnecessary features or services

85
00:04:00.570 --> 00:04:03.000
that are not required for operation.

86
00:04:03.000 --> 00:04:06.060
By doing this, they reduce the attack surface,

87
00:04:06.060 --> 00:04:09.300
meaning, there are fewer web server entry points

88
00:04:09.300 --> 00:04:11.400
for attackers to exploit.

89
00:04:11.400 --> 00:04:14.340
For instance, if the website does not require

90
00:04:14.340 --> 00:04:16.140
File Transfer Protocol,

91
00:04:16.140 --> 00:04:19.080
the administrator should disable that service.

92
00:04:19.080 --> 00:04:23.160
Tools such as Microsoft Security Compliance Toolkit

93
00:04:23.160 --> 00:04:25.650
or open-source solutions like Lynis

94
00:04:25.650 --> 00:04:29.370
can help identify areas where systems can be hardened,

95
00:04:29.370 --> 00:04:33.450
providing guidance on disabling unnecessary services,

96
00:04:33.450 --> 00:04:36.630
or configuring stronger security settings.

97
00:04:36.630 --> 00:04:39.510
Third and last, we have monitoring.

98
00:04:39.510 --> 00:04:42.180
Monitoring is keeping a close watch

99
00:04:42.180 --> 00:04:44.760
on the network and system activity

100
00:04:44.760 --> 00:04:49.200
to identify potential security incidents as they happen.

101
00:04:49.200 --> 00:04:51.360
Real-time monitoring tools

102
00:04:51.360 --> 00:04:55.230
allow organizations to detect unusual behavior,

103
00:04:55.230 --> 00:04:58.440
such as a sudden spike in network traffic

104
00:04:58.440 --> 00:05:01.200
or unauthorized access attempts.

105
00:05:01.200 --> 00:05:03.240
Monitoring can also be done

106
00:05:03.240 --> 00:05:06.420
using Security Information and Event Management

107
00:05:06.420 --> 00:05:07.920
or SIEM Systems,

108
00:05:07.920 --> 00:05:10.260
which collect and analyze data

109
00:05:10.260 --> 00:05:12.660
from across an organization systems

110
00:05:12.660 --> 00:05:15.930
to identify potential security issues.

111
00:05:15.930 --> 00:05:18.540
An example of monitoring inaction

112
00:05:18.540 --> 00:05:20.100
is a retail business

113
00:05:20.100 --> 00:05:22.470
that handles credit card transactions.

114
00:05:22.470 --> 00:05:26.820
By monitoring the payment processing system in real-time,

115
00:05:26.820 --> 00:05:29.280
the business can quickly identify

116
00:05:29.280 --> 00:05:31.230
if an unauthorized person

117
00:05:31.230 --> 00:05:33.390
tries to access the system.

118
00:05:33.390 --> 00:05:36.690
This allows them to respond to potential threats

119
00:05:36.690 --> 00:05:39.720
before they can do serious damage.

120
00:05:39.720 --> 00:05:42.600
Tools such as Splunk or Graylog

121
00:05:42.600 --> 00:05:45.690
can be used to collect and analyze log data

122
00:05:45.690 --> 00:05:47.700
from this type of payment system,

123
00:05:47.700 --> 00:05:49.710
providing real-time alerts

124
00:05:49.710 --> 00:05:52.620
when suspicious activity is detected.

125
00:05:52.620 --> 00:05:55.140
Additionally, intrusion detection systems

126
00:05:55.140 --> 00:05:57.210
like Snort or Suricata

127
00:05:57.210 --> 00:06:00.930
can help identify unusual patterns of behavior

128
00:06:00.930 --> 00:06:03.330
or unauthorized access attempts,

129
00:06:03.330 --> 00:06:06.600
enabling anomalies to be addressed immediately,

130
00:06:06.600 --> 00:06:08.370
and minimizing the risk

131
00:06:08.370 --> 00:06:11.400
to both the business and its customers.

132
00:06:11.400 --> 00:06:14.580
So remember, security practices

133
00:06:14.580 --> 00:06:17.100
focus on keeping systems safe

134
00:06:17.100 --> 00:06:19.560
through strategies like segmentation,

135
00:06:19.560 --> 00:06:21.810
hardening, and monitoring.

136
00:06:21.810 --> 00:06:26.040
Segmentation breaks networks into smaller, separate parts

137
00:06:26.040 --> 00:06:28.740
to limit the impact of attacks.

138
00:06:28.740 --> 00:06:32.700
Hardening secure systems by reducing their vulnerabilities,

139
00:06:32.700 --> 00:06:36.060
often by disabling unnecessary services

140
00:06:36.060 --> 00:06:38.580
or applying security updates,

141
00:06:38.580 --> 00:06:40.950
and monitoring continuously,

142
00:06:40.950 --> 00:06:44.310
tracks system activity to spot and respond

143
00:06:44.310 --> 00:06:47.610
to potential security threats in real-time.

144
00:06:47.610 --> 00:06:50.160
Together, these security practices

145
00:06:50.160 --> 00:06:51.990
provide layered protection,

146
00:06:51.990 --> 00:06:56.013
securing sensitive systems from complex threats.