CompTIA Security+ Mastery

The Complete CompTIA Security+ SY0 701 Crash Course

Estimated read time: 1:20

Learn to use AI like a Pro

Get the latest AI workflows to boost your productivity and business performance, delivered weekly by expert consultants. Enjoy step-by-step guides, weekly Q&A sessions, and full access to our AI workflow archive.

Summary

This crash course by François B. Arthanas is designed for the latest Security+ SY0-701 exam. It aims to not only help you pass the certification but also deeply understand cybersecurity's essence. Divided into five domains, it covers the foundational concepts, terminologies, and frameworks like the CIA triad (Confidentiality, Integrity, Availability) and Zero Trust architecture. It stresses the importance of understanding your organization's critical data, risks, and vulnerabilities, and applying appropriate security measures. The course also emphasizes practical application of security principles in various business contexts.

Highlights

François emphasizes the need for understanding cybersecurity as a core foundation beyond just passing an exam 📚
Security should enable the business, not impede it – know your valuable data and protect it 💡
Zero Trust architecture is essential and here to stay, especially with more remote work setups 🌐
Critical security questions: What's your critical data? Where is it? Who has access, and who should have access? 💭
Gap analysis helps you understand where you are security-wise and where you need to improve 👣
Always prioritize risk management in security strategies – what can you control and mitigate effectively? ⚖️

Key Takeaways

Understand critical cybersecurity concepts like the CIA triad and Zero Trust architecture 🛡️
Focus on the importance of knowing your organization's critical data as a first step in implementing security measures 🔍
Security is not just a technical problem, it's a business problem – governance is key 🏢
Prevention is ideal, but detection is a must in cybersecurity defenses 🔓
Gap analysis helps identify security weaknesses and supports proactive security management 👀
CompTIA Security+ 701 emphasizes practical, real-world applications of cybersecurity principles 💼

Overview

This comprehensive course on CompTIA Security+ SY0-701 led by François B. Arthanas is structured to help candidates not just pass the certification but gain a substantial understanding of cybersecurity roles and responsibilities. From basic concepts to advanced frameworks, this course covers it all with a strategic focus.

The course follows a practical, real-world approach, emphasizing the need to identify and secure critical data. It introduces the latest cybersecurity frameworks and philosophies, such as the CIA triad and Zero Trust, preparing students for real-world application and compliance demands.

Risk management, regular security assessments, and a strong understanding of cybersecurity’s impact on business processes are underscored as vital areas of focus. This course prepares candidates for the 701 exam through engaging content and expert insights from François, ensuring a comprehensive understanding of cybersecurity in modern contexts.

Chapters

00:00 - 03:00: Introduction to CompTIA Security+ SY0 701 Course The chapter introduces the CompTIA Security+ SY0-701 course, focusing on mastering the latest technologies in cybersecurity.
03:00 - 10:00: Course Roadmap and Domain 1 Overview The chapter 'Course Roadmap and Domain 1 Overview' outlines the instructor's approach to teaching the Security Plus course. Unlike traditional methods that involve reading from scripts or books, the instructor aims to ensure genuine understanding of cybersecurity concepts. The training is structured to align with the five domains of the PL 701 Security Plus certification exam.
10:00 - 15:00: Introduction to Cybersecurity Framework The chapter titled 'Introduction to Cybersecurity Framework' serves as the starting point for a training program designed to equip individuals with the knowledge necessary to pass a cybersecurity exam. It introduces the first domain, 'General Security Concepts,' which covers essential security technologies and terminologies. The chapter aims to break down information into manageable parts, making it easier for learners to follow along while ensuring comprehensive coverage of core concepts.
15:00 - 40:00: Cybersecurity Principles: CIA Triad and Practical Perspectives This chapter emphasizes the foundational importance of the CIA Triad in cybersecurity. It underscores the critical role of confidentiality, integrity, and availability in forming the basis for all cybersecurity principles and practices. Newcomers to the field are encouraged to grasp these concepts thoroughly as they form the bedrock on which all further cybersecurity knowledge is built. Understanding the CIA Triad is portrayed as essential not only for this particular training but for advancing in all areas of cyber learning and practical application.
40:00 - 65:00: Understanding Security Controls and Risk Management The chapter titled 'Understanding Security Controls and Risk Management' introduces the foundational concepts, principles, and terminologies of security. Though not directly examinable, these are essential for understanding the broader subject. The initial focus is on setting the groundwork for comprehending security principles, starting with the very first topic presented in the course.
65:00 - 90:00: Zero Trust Architecture: Concepts and Case Studies The chapter introduces the concept of Zero Trust Architecture, emphasizing the foundational approach one should take towards security. It criticizes the common tendency to impulsively secure systems with flashy tools without first understanding the core principles of security.
90:00 - 115:00: Zero Trust Implementation: Google Case Study and Federal Directives The chapter begins by emphasizing the importance of identifying and protecting valuable data within an organization. It suggests that the primary role of security professionals is to secure this data, despite the fact that security efforts often do not directly contribute to a company's revenue.
115:00 - 122:00: Components of Zero Trust Model: Control, Data, and Monitoring Plan This chapter focuses on the components of the Zero Trust Model, emphasizing control, data, and monitoring plans. It discusses the crucial role of security in enabling business operations without causing interruptions, highlighting the balance between maintaining robust security measures and allowing businesses to function effectively. The essence of security as an enabler rather than a barrier to business success is emphasized, suggesting that security should be integrated in a way that supports business objectives, rather than hindering them.

The Complete CompTIA Security+ SY0 701 Crash Course Transcription

00:00 - 00:30 good morning or good afternoon or good evening to you welcome to this ptia Security Plus Mastery course this training is designed for the 701 version of the exam what that means is that you are going to learn the greatest and the latest Technologies in cyber security so few things about this class this is not going to be your
00:30 - 01:00 typical Security Plus training where somebody is reading some kind of a script to you or some kind of a book to you no no no my goal in this class is to not only help you pass that certification but also make sure you understand what cyber security is all about let's get started welcome back now this training is divided into the five domains that you will find in the ca security PL 701 version of the exam and
01:00 - 01:30 the I I've covered this training in their domains to help a little bit easier uh for the people to follow along but also make sure that we've covered everything that you need to know for you to be able to pass that exam so we're going to kind of uh start with the domain one which is the General Security Concepts and this is where we get to introduce to you all the core uh security Technologies and terminologies that you need to understand for this
01:30 - 02:00 exam I like to think that this is the most important kind of a domain of them all I'm not saying the other ones are not important but what I'm saying is that for the people the new people that are getting started in cyber security this is the most important of them all because you get to learn the core Foundation of cyber security and what you learn in this domain is why you build on top of in the rest of the training but also in the other training that you're gonna uh take in your cyber
02:00 - 02:30 security Journey so here is the kind of the course road map for the first part of domain one what we're going to do is introduce you to security principles right terminologies uh terms Concepts things that you absolutely need to understand so first thing we're going to talk about is this right here now this is not part of you know the exam I put this here
02:30 - 03:00 because I wish every time I started like a security training somebody would have just tell me this right so what the heck is this well this is uh the idea of how you should approach security often times we want to just jump in and start securing things we think that security is about using the shiny tools and implementing the firewalls and doing all these kind of things without really taking a step back
03:00 - 03:30 look at the big picture so I'm going to start the training by giving you the big pictures of knowing where your valuable data is not just any data valuable data right it's important for you to know that because the company will pay you the company will hire you because they want you to you know secure them and often times you know security doesn't make a company money at all often times actually security it's a uh it's
03:30 - 04:00 something that slows business down right if they can not pay for security they would love to do that so what you need to do is to uh make security where where it will allow the business to do what the business does best I often tell people that security is the enabler right we are the enabl we allow the business to do what the business does without any Interruption and that's why
04:00 - 04:30 I started the training with this by telling you once you get hired at the company you need to know the data that you're working with and specifically find the most important data of them all then Focus your security on that data because the bed guys are coming for that data and if you can keep that data secure your company will love you for it so it's not part of the class but uh not part of the class is not part of Security Plus but it's how I'm going to start this class then we want to talk about the cyber security n
04:30 - 05:00 framework specifically the second version of this framework uh in 20 2023 I'm I'm recording this in 2024 by the way 2023 they drafted the the framework but now the framework is fully out and then you can use it they introduced governance to this framework and I think that was very important for them to do that because often times security has been seen as a technical problem but now that mindset is shifting right where
05:00 - 05:30 governance where we need uh the the people who have skin in the game right the leaders of the business to come in and give us that strategic uh leadership that they should be providing give us the funding many times when you ask for money for Security money they don't give it to you right and a lot of security people we also have the behavior of asking money so that we can comply with something which is also not good because compliance is not security we you know
05:30 - 06:00 we'll get there but uh the cyber security framework makes easier for you to understand security it goes in and talk about like I think it's about five six domains where it starts with identifying what you have and try to protect it and monitor it and so on and so forth so governance was introduced into this second version and uh it's making security a business problem now instead of looking at security as a um
06:00 - 06:30 as a te a technical problem then we will dive into the uh the concepts the terminologies that you are going to see on that exam starting with the Cornerstone of cyber security and that is the CIA confidentiality Integrity availability right often students you know when I'm teaching this live they're like oh is that the central intelligent agency right the three later agency in the US I'm like no it's not right this is the confidentiality Integrity availability it's the Cor Stone of cyber
06:30 - 07:00 security right this is what cyber secur is built on top of so we're going to talk about this but I I will take a different approach on this I would talk about this from a practical perspective for example if you're Amazon right you are like an online retailer well which one of the CIA should you focus on which one should you put more more resource towards you know that's kind kind of a spoiler alert Amazon will probably focus on the availability because they don't have a physical store they want that website to be
07:00 - 07:30 available when these people want to purchase things from their website and let's say you are a central intelligent agency you are one of the agencies you know what confidentiality would be absolutely something you focus on so I'm going to talk about this from a practical perspective not just what they stand for but in what industry should they use this then we're going to talk about a few other other definitions threat what is a threat a vulnerability a risk talk about non repudiation authentication kind of the the terms
07:30 - 08:00 that you need to understand for the rest of this training but also for your career as well because as you communicate with other professionals these are some of the things that they assume that you know we will talk about ITA or I quadruple a depends on who you ask the identification authentication authorization and accounting very important for you to understand this uh insecurity then we'll talk about Gap analysis right look you
08:00 - 08:30 got to know how risky your environment is you got to perform those Gap analysis those Gap assessment for you to understand this right here it's a New Concept that was introduced into the 701 version of the exam so I don't think you will see you know a lot of questions on the exam about this specifically one but it's important for us to kind of perform a gap analysis and then we're going to finish this lesson by talking about one of my favorite topic especially now uh that's known as a zero trust right zero trust
08:30 - 09:00 architecture we'll talk about this uh from a different uh perspective than what I have seen other people kind of telling you what this is yes you're going to know what zero trust is and yes yes by the way yes there going to be a lot of questions on that exam about zero trust so please do pay attention to zero trust once we get there and start talking about it but I'm going to let you hear from John a Kinder the creator of zero trust I'm going to hear I'm going to let you hear from him telling you what zero trust trust is in his own
09:00 - 09:30 words and if you you know want to dig a little bit deeper you follow up with him and and and you watch the rest of uh you know that presentation as as it take a little bit deeper but just talking about zero trust itself it's a little bit boring one the thing that you're going to see over throughout these courses I will kind of uh uh uh relay the information to a really we example so that I can help you kind of a so that the information can stick with you I
09:30 - 10:00 kind of like that kind of stuff so we're going to talk about zero trust from Google perspective Google implemented what they normally called um uh Beyond Corp they did that after what was known as operation Aurora after getting attacked back in 2009 going to 2010ish and then they implemented zero trust without knowing what they were you know without knowing really you know it was zero trust so we're going to take a look at that as a case study and try to see what we can learn from that and then President Biden recently introduced a
10:00 - 10:30 few uh directives uh he he signed a bunch of things executive orders uh requiring all the government agencies to adapt zero trust so as you can see zero trust is here and is here to stay then I'm going to talk about some of the things that you're going to see on that exam the control plan the data plan the monitoring plan these are specific terminologies are called out on the exam so you need to know them but I'm going to finish this particular section by talking about the Moment of Truth by taking some time and tell you the hard
10:30 - 11:00 truth about cyber security that's not going to be on that exam this is just me kind of a mentoring you telling you that security does not make a company money often times security it's like an expense to these people so therefore you need to understand how to to present security to them and I'm going to kind of a share a light of the revolution of security like like where are we going then finish this by talking about about uh your cyber security care like what
11:00 - 11:30 should you focus on I put all this stuff at the beginning because I know most people uh tend maybe to just not watch the other stuff or maybe by the time they get there they're really tired so again this is I here at the beginning so that you you can understand as much as as you can with that let's go ahead and jump right in and take a look at the rest of the content now before we go on and talk about the cyber security framework and the rest of this course
11:30 - 12:00 there are four fundamental questions I call these core questions that you need to keep in mind if you have a job already in cyber security you should start asking yourself these questions and if you don't have a job I want you to ask yourself these questions once you get hired and the first one is what is your critical data you got to know what's critical to your organization so you can only do so much and then you don't want to focus your resources and all the hard work on the wrong thing and
12:00 - 12:30 the best way to secure the organization is by knowing what's important to them what's critical to them and one way of you knowing what's critical to them is knowing how they make money see I'm not trying to turn you into some kind of business Executives who know the finances of the organization no no no no I want you to understand how do the company makes money what resources do they use to make money what websites what database what application they use to make money and then Focus your
12:30 - 13:00 security on that the second question is where that data is located is it in the cloud is it in some kind of a a server in some kind of a location building somewhere you need to know where that data is located because it's going to help you to know how to secure that physically because we are going to talk about physical security so kind of a keep the bed guys to lay their their hands on that data based on where it's located third question is who has access
13:00 - 13:30 to that I'm hoping you're writing these questions down because that's the whole purpose of this questions being here it's for you to write them down and then be coming back to these as you learn as you advance your carean cyber security so the third question is who has access to that data see often people get promoted in Industries and then we don't remove their access and Company get hacked now or or or that user who got promoted get hacked their accounts gets hacked and now the attack has access to
13:30 - 14:00 all these other things that they should not been having access to in the first place number four is who should have access to it see once you know who has access to it you need to ask okay do they do should they have access to this critical data keep these four questions in mind as we go on and talk about the rest of this course now back to the cyber security framework so why is this important as a business if you are trying to secure yourself the cyber
14:00 - 14:30 security framework is the best way to start and this framework starts by talking about the first one which is identification identify if you're going to go in and secure yourself you have to identify what you have going back to that critical question of know your critical data so identification is important you are not going to secure the things you don't know they exist you know for the Defenders out there but the same question apply to or the
14:30 - 15:00 same concept apply to the attackers as well they are now going to attack that which they don't know it exist in the first place so identification is very important identify what you have identify those critical Hardware those critical software that your company depend on then start your security from there and this isn't really enough for me because often people like oh did you just came up with that no no no this is enough for me there are a lot of resources that back this up that identification is one of those things
15:00 - 15:30 that we in cyber security tend to skip but it's the most important thing of them all and two things to back this up including the CIS I will included the links to this in the description so if you look at the bottom of uh where you're watching this video from you should find the links to all these resources so when we take a look at the CIS this is the center for Internet Security they have a top 18 they used to call this a top 20 but they recently changed it to top 18 when we look at this which is very important in cyber
15:30 - 16:00 security by the way control number one and control number two says inventory of your Hardware inventory of your software and these are the critical controls which means if you do these you will win so the first one and two they're saying hey you got to inventory your Hardware but you also got to inventory of your software which basically goes back to that idea of identification you are not going to secure that which you don't know it exist and you're not going to attack that which you don't know it
16:00 - 16:30 exist in the first place and another thing that I want to kind of share with you is a talk that was given by Rob Joyce he's was the leader of he's the leader of the NSA tow Group which is like the elite hacking group uh in the US right now I think he's he's some kind of executive some kind of a director of somewhere of the NSA I believe now but at the time when he gave out this talk he was like in charge of the group and here's what he said and I want you to watch this as a part of your resources
16:30 - 17:00 and kind of getting to know more stuff and here's why he said if you really want to protect your network you really have to know your network you have to know the devices the security Technologies and the things inside it so that's it right he said if you really want to protect your network Know Thy Network you're not going to secure the things you don't know and them the attackers they also try to go in there and know the network before they can attack anything on that Network so that's step one step one or phase one is
17:00 - 17:30 identify what's critical to your organization specifically in terms of hardware and software and then once you know what's important to you once you know your assets you have to protect it right the protection this is where you go in you putting things like firewalls in place we'll be talking about firewalls if you don't know what that is you put things like Access Control list in place right you're trying to go in there and do the protection cyber security people we love this why because that's our mindset our mindset is
17:30 - 18:00 protect protect protect protect but I want you to understand you're not going to be protecting what you don't know you have in the first place but protection is really important and that's the second phase the third phase is detection see often people think that well I'm going to protect the network and making sure that the bad guys doesn't get in but here is I have B you know bad news for you uh your protection will fail you right your protection will fail you
18:00 - 18:30 there's no doubt and if the the attacker really wants to get to you they will get to you we have a group of attacker known as a I'll be teaching you this in a little sections a a advance persistence threat right if this group of attacker is after you there's little you can do you can slow them down but eventually they will get in so here is the issue though once the attacker gets into your environment well we don't want them to be in there for like 60 days for months
18:30 - 19:00 right we don't want them to be in there for months we want to be able to detect them as soon as we can and that's where this saying from a lot of the S instructors comes back in and says prevention is ideal but detection is a must often times attackers will get into environment spend monsy in there without us noticing that they're in our environment we want to make sure we kind of reverse that where okay well they
19:00 - 19:30 will get in but let's identify them let's detect them as soon as we can right so right here in the detection that's where we use things like intrusion prevention systems right IPS intrusion detection systems right and some other kind of a Technologies to help us detect bad things as they uh happen right so number four me phase number four here it's response once we detect that the bed guys are here we got to respond this is
19:30 - 20:00 where we go in we try to fix the issue this is where we go in we try to sort of um stop the bleed if you will we are going in and we're responding to the incident step number five is recovery if the attacker managed to damage anything this is where we recover from the damage we restore the system from the backups we restore the system for images You Name It We Do all to try to recover and get back up and running as soon as we
20:00 - 20:30 can now uh the subse security framework version one had just these three which by the way version one came out in 2014 all right 2014 is when the nist came out with the version one version 1.1 came out in 2018 2018 and then now in 2023 they are they just recently released the draft for version 2.0 and what they introduced in
20:30 - 21:00 version 2.0 is the governance so what is this governance governance is when the organization leadership goes in and provide the leadership that they should be providing so they they they uh uh give us funding make sure that we're funded as a cyber security program they give us the direction like where are we going so they provided that strategic leadership for the cyber security department they uh help us with the policies right remember policy just a document that tells us hey these are the
21:00 - 21:30 things that we should be focusing on that give us guidance if you will and so on and so forth so this is very critical because now cyber security is become it's not a technical problem anymore it's a business problem and we've seen that with the the the like of uh the government suing a solo wind something that I'm going to be talking about in a later on uh here where they're holding the the leadership of a solo wind accountable for the attack that happened in 2020 20 the CIA Triad what is it and why
21:30 - 22:00 should you care again CIA has nothing to do with the central intelligent agency this is the confidentiality integrity and availability Triad implies three if you were to Google this right now you will see this CIA Triad presented as a triangle as a three-legged store as a three pillar what that means is that all of these three things have to be present
22:00 - 22:30 for something to even be considered being secure so in this certification this Security Plus uh uh certification it doesn't really go in and say domain 1 CIA domain 2 CIA domain 3 CIA domain four domain 5 CIA but this confidentiality integ availability is one of those core Foundation thing that you are going to find in all the domains
22:30 - 23:00 questions that are going to come up on that exam are going to be referencing these three things although in the exam objective it doesn't really go in and say domain 1 2 3 4 5 it's it's all CIA so you will see this everywhere so what is it and why should you care well confidentiality a lot of people get it a lot of us understand it whenever somebody says hey we got to keep this thing confidential we understand it besides this is cyber security confidentiality is the one that is tied
23:00 - 23:30 close to cyber security it's all about maintaining the secrecy of something what is the that thing that we're maintaining the secrecy of well this could be like protected information we usually call this pii where anything that I identify an individual we're going to keep it that secure Health Care information uh card holder information customer data citizen data Trade Secrets intellectual properties we want keep all these confidential things secret and the
23:30 - 24:00 way we do that is by accomplishing a confidentiality keeping secret secret making sure that only those that are authorized to access that which is secret are the ones that are accessing that secret information now some of the things that come in mind when you think about confidentiality includes encryption when you encrypt something you are given a key unless you have that key you won't
24:00 - 24:30 be able to decrypt that thing and that's really accomplishing C shell that's really keeping secret secret another one that we can use including you know Access Control making sure that we're only giving people access they need you know to access things right not accessing things that they should not be accessing to in the first place we do that through things like iup something that we're going to talk about in more depth things like identification authentication
24:30 - 25:00 authorization and accounting all these things when are we going in and asking people hey who are you are you supposed to be have having access to these things we are in reality accomplishing confidentiality confidentiality goes beyond encryption and goes into physical security see when you have servers in a building you want to make sure the bad guys cannot lay their hand on that physical server so we're going to have things like door door locks fences all
25:00 - 25:30 kind of things in place physically to prevent the bad guy from laying their hands on that physical server when we do that we're accomplishing confidentiality so let me show you something here one of the way of us accomplishing confidentiality there's a website known as a r 13 again I will put this in the resource section when you go to R 13 you can literally say things like hey AB BC d EFG and then you can use rot one think about r one as the key
25:30 - 26:00 let me put that here think about rot one as the secret as the key so right now I'm I'm just saying Rod one meaning substitute this by one I will be coming back to this once we talk about cryptography and go deeper into encryption but I just want to show you this in the real world so you can have kind of a an an idea how we usually accomplish this so you go and you say AB BC d EFG and then you're substituting
26:00 - 26:30 one that's really what r one is the secret the key we're substituting one so we're going in we're saying hey this is AB bcde EFG basically we're substituting one so this is an encrypted messages right this is right here it's an encrypted message right here and then this right here it's what we call a clear text which is an unencrypted messages if I'm confusing right now that's okay we will be coming back to this in a little bit right so but a clear text it's a message that you can understand that you can see that makes
26:30 - 27:00 sense to you so for example let's say that I go in here and delete this and says we are going we are going to attack look at this this is an encrypted message this is something that you can read and understand so unless you have the key unless you know that I use r one so you can reverse this you won't be able to make sense of it let's get back to to the slides
27:00 - 27:30 here so remember again re remember confidentiality we're trying to maintain a secrecy of something we're trying to keep confidential information confidential making sure that only the people that are authorized to accessing this thing are the ones that are accessing that particular thing another piece in the CIA is the I the Integrity Integrity has to do with the modification of data what we're trying to do with Integrity we're trying to make sure that data has not been changed have not been altered by the
27:30 - 28:00 unauthorized Personnel right keeping things original that's really what we care about when it comes to Integrity what way of us accomplishing Integrity is by using what we normally call hashing algorithms when you go and you hash something you are given a hex decimal number this includes letters and numbers and and things along those lines and then you use that oneway string we call
28:00 - 28:30 that a oneway string that hex decimal number that you were given you use that to check Integrity you use that to check to see if things have been changed to see if things are original so two hashing algorithms that we have including sha and the Sha have the different variations we you have sha zero sha one sha two they even have sha three but sha two is the most common ones we're going to talk about that in more depth but shot stands for secure hashing algorithms then we have md5 message digest five they used to have
28:30 - 29:00 the previous version of this and you know like md4 md3 md2 and on and on and on imagine you were trying to download a software or you're trying to download a tool that you want to use actually let me go ahead and demonstrate this for you my Linux imagine you're trying to download this uh virtual box well one of the things that you can do you can download it right by clicking on this little icon here but the question is how do you know what you are downloading
29:00 - 29:30 it's original how do you know this file that you're getting has not been tampered with that nobody have messed around with this well one way that offensive security the creator of Kali did they show you the sum they show you the hash specifically they're using the Sha 256 right and then they literally give you this one-way strength we call this a check sum right which is another way of saying hash they produced this to tell
29:30 - 30:00 you that look once you finish downloading this you can verify the sum right if everything is identical right if what you get is identical to this then you should down you should trust this file you should know that this file have not been tampered with have not been changed you should know that the Integrity of this file is still intact so let's let's go ahead and do that go ahead and just download this I think
30:00 - 30:30 I've already downloaded that earlier so if I go to my download folder here actually let me just go in from the VMS so if I see this so you can start looking at this if I see into downloads I can spell downloads right I S into downloads now I am in the download directory if I to LS LS means hey list what's in here show me what's in here I can see that the col is in here so if I say sh uh 256 sum if I can be
30:30 - 31:00 typing CH 256 sum and then just point it to that where I say Ki then I can hit tab to kind of finish the whole thing if I hit enter right now it's gonna go ahead and try to generate the hash right if the hash matches with what they have here then now I can trust this file I can know that this is original have not been tampered with it so we
31:00 - 31:30 use hashing you know we use hashes to be able to verify Integrity of something there we go it came back so as we can see here after running let's verify just the last four here 17 d1f let's go back to the website 17 d1f Bingo right it's original have not been tampered with that means now I can go ahead and then use this I can go
31:30 - 32:00 ahead and just do whatever I wish with this I can trust it nobody have tampered with this if somebody could have tampered with this it will look completely different the thing about hashes is that even if you change one value the whole thing will look different so let's go to Google let's bring up something like md5 uh hash online right so you can kind of get to see this in action that's that's not a good example
32:00 - 32:30 let me just bring up something that looks pretty good there go this is pretty good right this is pretty pretty good because I want to make sure you can see things as I'm changing them on the fly so imagine I'm trying to generate a hash for this email and the email says hello word right this is the message and this is the hash specifically I'm using md5 it doesn't matter the same concept apply if you're using things like shaan chapter
32:30 - 33:00 56 or any one of the thousands of different hashing algorithms that that they have so hello Ro brings me this if I were to go ahead and send you this with this after you ran this similar to what we did with Kali you generated the the this check sum if you produce the same thing as you're looking at here then you can trust is hello world but if someone on the way if the
33:00 - 33:30 message on the way coming to you someone went in and make some changes to it even if they add a DOT even if they add a DOT the entire hash will look different keep an eye on that so whatever they do the whole hash changes right even if they add a little something even if they had they add whatever they add to the original message the whole has will look completely different right that's why hashing are used to verify Integrity
33:30 - 34:00 it's because when you change you make any change the hash will tell you look you should not trust this message you have been tampered with it's not original right somebody have tampered with this message now back to the slides here let's get back to this another one we have is availability availability it's all about making sure that things are accessible when needed by by those who need it those that are
34:00 - 34:30 supposed to be accessing the data is it available to them I like to say that availability is the enemy of security because check this out if we didn't need to make things available then we're secure if something is not available that means even the attacker can't access it and if they can't access it that means they can't hack it so the the issue though with security is that we have to make things
34:30 - 35:00 available that's where the trade-off begins of making sure that okay these things are available therefore let's make sure they're available in a secure way manner so what are some of the ways that we ensure availability like making sure things are available to those that are supposed to be accessing those things well we can have things like redundancy redundancy if is when you make when you use two of something instead of using one right for example raid absolutely raid comes in mind raid this is a a redened area of independent
35:00 - 35:30 discs this is where we go in we use it two hard drops instead of using one the idea is that if one hard dve fails the other one is available the other one can kind of a keeping things going another thing that we make sure with availability is making sure that we can with withstand A Fault part of the fault tolerance keeping things running even if there's a fault even if there's something that wants to shut down we're keeping things running having like a
35:30 - 36:00 power redundancy like UPS this is interruptible power supply I know the people in the US is that the United Postal Service no it's not it's not this is the uninterruptible power supply like having a a backup generators all these things are fantastic to ensure availability to make sure that things are available when they are needed most people are like okay Fran we got it right we understand that confidence potentiality Integrity
36:00 - 36:30 availability it's super important and then we got to keep this in mind as we take the exam but even after we get hired as we're spinning up the new application as we're setting up the new system we got to keep a confidentiality integ availability in mind absolutely correct but really good cyber Security Professionals take this one step further they focus on all three they understand that it's really important that they maintain all these three but they try to
36:30 - 37:00 put them into priority order see if you're working for the intelligent agencies one of the US government agencies for example one of the thing I care about the most is confidentiality for them confidentiality is important than these other two thing than than Integrity than availability if your business it's in a finance imagine if you work for the bank for them making sure the Integrity of the money
37:00 - 37:30 is very important than anything else right again I want you to understand me I'm not saying you should not do the other two I'm saying that depending on the company that you're in you might prioritize one over the other often people that are in charge of securing the industry they were focusing on the resources on the wrong thing right necessarily the wrong thing more like not the right thing so they might have
37:30 - 38:00 like something that looks like this where they have the confidentiality here they have the Integrity here and they have the availability here so if you are in the intelligent agencies if you work for one of them you want to focus all your resources the budget on the confidentiality that's the thing that that organization care about more than anything but if you're a bank you want to maybe put a more money more resources against the Integrity see people really
38:00 - 38:30 don't want their money to keep changing right they don't want people modifying the money as the money it's in the bank right so as a financial institution you want to focus on that but if you're amazon.com if you are on a e-commerce website you want to focus your resources on things like availability right put more emphasiz on the availability there was this guy who got hired he was one of the ciso when you're ciso you are at the top of cyber security meaning you're in
38:30 - 39:00 charge of the cyber security department this guy got hired and they gave him uh $20 million to secure the Enterprise and guess what three years later the security did not get improved and then the you know the CEO of the organization was concerned be like hey I just spent $20 million on securing this you know an organization why are we not
39:00 - 39:30 secure come to find out the ciso they hire they hire him from Wall Street and guess what Wall Street care about the most Integrity right they care about the money making sure that things are original making sure that things have not been changed have not been altered so this ciso prioritized all the resources on Integrity while the company that hired him wanted him to focus more on confidentiality so it's important as you go in you kind
39:30 - 40:00 of do the security over the organization to prioritize this thing it doesn't not mean right it doesn't not mean you're gonna kind of skipe one or the other no no no we want to do all of them in fact that's where the defense in depth comes in look there's not a single concept or a single tool a single thing that's going to secure everything right you are going to use multiple
40:00 - 40:30 stuff to keep yourself secure the same thing goes for the CIA you want to integrate all of these elements you want to use all of them at the same time but prioritizing the things that really matters to your organization more than anything if there is one word that I'm going to come back to over and over it's going to be risk now we even have a a lesson a modu dedicated just to risk
40:30 - 41:00 management which I will come back to that and talk about this in more depth but in this particular slide I just want to introduce these to you these terminologies so you have them in the back of your mind as we go on and talk about the the rest of this content so what is risk well risk is the probability for loss but before I dig deep into risk let's talk about these other kind of a terminologies so that we can kind of build up our definitions the first one is
41:00 - 41:30 threat what is threat well threat is something that can mess you up it could be like a threat agent it could be a human it could be a computer virus it could be a guard made something like a a natural disaster earthquake tornadoes you name it all these things are threat right just remember threat is something that can mess you up it's something that mean you no good could be like like I said a computer code right like a
41:30 - 42:00 malware like a malicious software right that is designed to steal data from your environment it could be a threat agent like a human right who is coming after you who's coming to attack you it could be an a defense persistent threat we're going to come back to this AP in chapter two Insider threat natural disaster nation state you know all of these thing
42:00 - 42:30 all these are threat and threat actors remember this is someone or something that has the resources the capabilities the means the motivation to attack you usually we are not in control of threats if someone want to attack you they will attack you often most cyber Security Professionals they make a mistake to kind of a focus on the threat try to stress over threats and that's
42:30 - 43:00 not good because threats are outside of our control it's okay to do threat assessment to kind of know who is the enemy know who's out there that has the intentions to attack us but it's not okay to lose sleep over it the reason is that's outside of our control as Security Professionals so the thing that's within our control is a vulnerability what is a vulnerability
43:00 - 43:30 well a vulnerability is a weakness it's a flaw into a system right uh this is some something that the threat can exploit often you will see you know people or books right saying that a threat can exploit the vulnerability what that means is you got to have a weakness you got to have a flaw in your system in your design of the Network in your policies for a threat to be able to
43:30 - 44:00 cause the harm to be able to harm you so what could be a vulnerability well a vulnerability could be unpassed system a vulnerable system right a system that's not up to date it could be a zero day literally like a weakness that you don't even know it exist and it could be those users that are not trained all of these things are vulnerabilities here is The Sweet Spot we are in charge of the
44:00 - 44:30 vulnerability like I mentioned earlier we're not in charge of threat but we are in charge of the vulnerability which means we can control this we can decide to PCH the system we can do some threat hunting and figure out what are the zero days that what are some of the vulnerabilities that are here that we don't even know that they exist in the first place we can train our users right the biggest problem is that most of cyber Security Professionals they tend to to focus on the things that they
44:30 - 45:00 cannot control we can control the vulnerabilities we should always focus on the vulnerabilities let me tell something most of the attack that have happened in the past they have used the vulnerabilities that were years old like literally when these companies getting attacked it's not because it's a some kind of a zero they that that they didn't even know it exist it's it's not a new new vulnerability it's another a new weakness it's a weakness that have
45:00 - 45:30 been being exploited for months if not years if not weeks so therefore we need to always keep our system up to dat because that's what we can uh control now exploit is just a technique it could be a code meaning a virus a maler code that a threat can use to take advantage of the vulnerability like I mentioned you will hear people saying hey a threat exploting of ability what really that means is that they're using some kind of
45:30 - 46:00 a technique some kind of a code in order to attack you in order to take advantage of these vulnerabilities now back to that risk a risk like I mentioned earlier is the probability for loss it's the likelihood right it's something that haven't happened yet right if something is certain right if we know for sure this thing will happen or it's going to happen it's not a risk a risk is the probability is the the likelihood of a threat happening all right of someone
46:00 - 46:30 attacking us but for something to be classified as a risk both a threat and a ver ability have to exist they both have to exist for something to be classified as a risk so on that if you were to Google this or on that exam you will see where they said a risk equals threat times a vulnerability what they're trying to tell you is that for something to be classified as a risk a threat has
46:30 - 47:00 to exist a vulnerability has to exist meaning we got to have the weaknesses but also there has to be someone out there or something out there who can take advantage of those weaknesses who can exploit those weaknesses if both of these two things are there then we have a risk we have a probability right there's a likelihood of this thing happening to us so what we want to do in the real world is
47:00 - 47:30 focus on the thing that we can focus on the vulnerability focus on the thing that's within our control like I said earlier the threat is always there so we want to focus on the vulnerability that has the highest impact so once we do vulnerability assessment within our organization we're going to find the vulnerabilities that has the highest the biggest impact to our organization and then start fixing those vulnerabilities first now our
47:30 - 48:00 vulnerabilities are created equal then we want to focus on the vulnerability that can cause the most harm to our organization now continuing to this risk concept you need to understand that security deals with managing risk we are in the business of risk management like I mentioned earlier if there's one word that I'm going to use with the highest frequency in this training it's going to
48:00 - 48:30 be risk and risk management the reason is the reason is that's the business we're in we are in the business of managing risk so remember risk is the probability for threat Crossing or touching the vulnerability for threat exploiting the vulnerability remember threat is outside of our control but we can control the vulnerability and when we go with in and try to manage these vulnerability trying to mitigate these vulnerabilities we need to focus on the
48:30 - 49:00 vulnerabilities that matter to our organization the vulnerabilities with the highest impact if there is a vulner bitly there is a weakness that's going to cause us a loss of $10 million and there's another vulnerability that's going to cause us $1 million guess which one we're going to focus on first this right here right take care of that first right there even jobs right you can get hired and become like a vulnerability assessor vulnerability management uh
49:00 - 49:30 Personnel who just on a day in and day out your job is to deal with the vulnerability is to deal with fixing vulnerabilities to the organization so remember it's impossible to mitigate all the vulnerability all the risk right your job is to constantly right track down manage mitigate control these organiz I mean these vulnerabilities or this risk I should say the risk to the organization so risk
49:30 - 50:00 mitigation is really all about balancing the security with functionality remember if something is super secure that means is useless so our job is to manage the risk to the organization and the way we do that is by balancing between functionality and security every time you add a functionality to your environment every time you make something easy to use you are reducing
50:00 - 50:30 the security this is one of the reason why we're going to be hired for a very long time because these systems must be available for the people to use them if they're available that means somebody can get to them some bad guys somewhere can get to them and that's where we come in to stop these bed guys from getting into these uh systems so you see a lot of things coming up with this AI you know people are talking about oh artificial intelligent it's taking everybody's jobs
50:30 - 51:00 well folks I'm here to tell you security is AI proof right it's a Recession Proof it's AI proof because even these AI systems they need to be secure they need to be protected which is where we come in other terminologies that you need to be aware of that's going to be on that exam is non-repudiation and authenticity well I will be coming back to authentic in the little chapters once we start talking about the
51:00 - 51:30 I quadruple a right or iple a i quadruple a right this is the identification authentication authorization and accounting we will be coming back to this because this is one of those Core Concepts right Core Concepts that you need to know when it comes to security we need to authenticate people we need the need to know right really the to know we need list privileges right giving people only access they need to
51:30 - 52:00 do their job and nothing less and nothing more and for us to do that we need to be able to identify them we need to know to authenticate people we need to know who they are for us to accomplish that but authenticity is making sure that the data the message the identities are real they are reliable they have been they have been tampered with no nobody have messed around with this like we can trust this thing that's coming to us like I said
52:00 - 52:30 for us to be able to do that is by knowing is by knowing who that thing is coming from so did that email really came from your boss right did that email really came from your boss for us to be able if we're not so sure we might do something like digital signatures right digital signatures where we have the boss sign that email digitally now we can prove now we can be like oh okay well the that really did came from my boss right does that patch really come
52:30 - 53:00 from Microsoft well what what Can Microsoft do Microsoft can sign the patch where where we go in we identify we we we look at the Integrity of the patch we look at the hash of the patch and then be able to kind of be sure that this patch did came from Microsoft another term or concept that's going to be on that exam that's very critical it's non-repudiation non-repudiation it's all
53:00 - 53:30 about making sure that the person The Entity the device whatever that is cannot deny sending a message or performing some kind of action right or performing some kind of action if you did send that message we can prove you are the one who sended that message you cannot go in and deny it because there's a proof there's some kind of a time stamp there's there's a
53:30 - 54:00 way of us right proving you are the one that performed that action see in the real world if you go into the bank and sign the bank put your signature on the back of on the back of the check right as you're going in and you try to deposit uh the check to to the bank once you sign the check deposited the check you cannot repudiate that you can't go
54:00 - 54:30 back and like you know what that's not my signature you know the bank are going to tell you look hey this is your signature we can prove it because you did sign here and this is your signature and your signature is supposed to be unique to you so in the digital world what we normally use is digital signatures where we are going in and authenticate you identify Who You Are authen at you and then uh have you know
54:30 - 55:00 give you some kind of a digital identity right where once you sign anything once you sign that or once that identity is attached to you you cannot deny performing an action every time we see that particular thing we know okay well this is fr right once we talk about cryptography this is going to come a little bit more clear because in cryptography we're going to talk about something like a private kit like a private private key once we see that private every time we see the private key we know is you because that
55:00 - 55:30 identify you that has back to you the same thing applies when you have let's say like an an ID badge when we set up our cryptographic in ID badge and then we assign that ID badge to your name your identities we can prove you are who you say you are and then we can kind of have that accountability we can preventing you the person denying taking
55:30 - 56:00 some kind of action so non repudiation is very important it's all about making sure you cannot deny performing some kind of action and it's pretty good because often people will do things uh and and and try to hide their identity right they they'll perform some kind of action and they and they might lie computers do that all the time computers can spoof other people's identity where I'm performing this action but I am lying about it I'm saying oh this is coming from me and this is my IP address
56:00 - 56:30 in reality it's not coming from that particular IP address so man repudiation goes in and take that out the window and by saying hey look we're going to authenticate you and there for that reason once we've already authenticate you you cannot deny taking certain actions right so when someone digitally sign a document something like a ducky sign or when they digitally sign a document that provides a proof of their identity therefore they cannot come in and deny this they cannot repudiate that
56:30 - 57:00 action whatever they do once they they've already authenticated we can prove they are who they say they are when it comes to security we have to recognize that there is not a single device or a single product single measures that's going to stop all the threats from attacking your organization right see look threats comes in different ships in different sizes really we have internal threats really
57:00 - 57:30 people working for you we have external threats right people outside of your organization things like a Nation States a country after you we have script kitties those wannabe attackers we have activists you have these criminal syndicates criminal gangs all of these groups and and these things are threat to your organization and there's not a single product that can stop all of them
57:30 - 58:00 from attacking you okay here's the thing what if I would tell you right now that I Mr franois have a magical box like a box that can protect you from everything right if I tell you that well some of you will say no no no Fran stop lying to us well that box does not exist there's not a single box that can protect us from all external threat from all the
58:00 - 58:30 threats well in fact that box do it exist if you want to go to Google right now if we go to Google and go to something like uh UTM there's this thing known as UTM UniFi threat Management Systems there um there's one it's known as OPN sense UTM let me get here right so this is Unified threat management which means it's a one single box that comes with a bunch of security uh capabilities right
58:30 - 59:00 scroll down a little bit here you start seeing this oh well look at some of the features of this OPN OPN it's it's a free UTM it's a free it's open source you can download this and start playing with this if you go to the download section here quickly you can added this to your virtual box and start playing with it so you go here to the architecture you pick that make sure MD it's it's selected and once you come here pick a DVD and then make sure you download the iso or here you can pick the location
59:00 - 59:30 and where you want to download this from but make sure you download the iso then you can go to your virtual box and then install this on top of your virtual box but if I go back to the features for just a second look at this this thing this OPN can work as a firewall it does work as a multi right VPN Hardware fell over for things like you know redundancies sd1 right idas intrusion detection intrusion prevention systems to FAA to factor
59:30 - 60:00 authentication routing protocols web filtering in you know intuitive user inter you know interfaces multil language like on and on next Generations firewalls and captive portal load balancer net flow monitoring apis and much more so do these box exist yes they do so what is the problem here though well the problem is there is not
60:00 - 60:30 a single product that can secure your environment well one with with a product like that one there's the single point of a failure now single point of a failure is the enemy of security so if Mr franu here comes to you and tell you hey look I have this magical box that can protect you from all these threats I am probably lying to you there's not a single product that's going to secure you from the entire uh uh there's not a
60:30 - 61:00 single product that's going to secure you from all threats so what we do we use what we normally call defense in depth defense in depth is the idea that we're going to use multiple things to secure your business and when we're talking about defense in depth we start thinking about security controls categories right categories are the big pictures see when it comes to security
61:00 - 61:30 categories or security controls categories these are very important because they go in and tell you different ways multiple ways you can secure your organization instead of just relying on one method relying on one measures to secure your environment so imagine our computer right as a big house well how would you secure the house well some of you some of you might say okay well to keep this house secure there are a few things I need to do well
61:30 - 62:00 first of all I'll need to have multiple locks right to different doors within the house second I might have some rules of Who coming in who's going out before you can come into the house well you need to knock on the door and I need to know you are you know I I need to authenticate you basically I need to know you're one of the member of the house before I let you into the house well I even have daily habits of making sure before we go to bed that I check everything making sure that all the doors are locked making sure that
62:00 - 62:30 everything is really you know locked up and then I might have fences I might have walls all kinds of stuff in order to keep this house secure in order to secure this house well that's the same thing with security categories see security categories are the big pictures they're the big pictures we have a functions we have things that are a subset of these big pictures but what we have is couple of them we have technical control like I said this is the category
62:30 - 63:00 so when something is classified as a technical control that means it's a control that is implemented with technology well something like a firewall absolutely comes in mind encryption Group Policy objectives right intrusion prevention intrusion detection systems list privileges only giving people access they need through group policy only giving people access they need to do their job and nothing less
63:00 - 63:30 and nothing more antivirus programs all of these things are technical controls right we try to stop things using Technologies when I was working for Virginia College we had students this Virginia College was a school so we had a students who will come to school earlier and then they will use School computers to start playing games that you know before the class starts of course well one of the thing that we we
63:30 - 64:00 we once we understood that one of the thing that we did was inside of Group Policy Group Policy is a technology that's inside of active directory ad active director which is like a a very critical technology within a Microsoft ecosystem a very critical technology for you to learn right majority of company use active directory and then when you are securing you're going to be securing active directory environment so that's a pretty pretty good technology to learn if you don't know that yet so back to my story well
64:00 - 64:30 we just learned that these students will come in and they'll spend too much time and playing video games before the class starts so one of the thing that we did went to grow policy and then we we restricted what time they can sign into the systems so instead of signing in at 6:00 a.m. well we restricted that they can only sign in at 9:00 a.m. when the class is about to start so that was a technical control he went in tell the students look no no no no you cannot
64:30 - 65:00 sign in at 6: a.m. you can only sign in at 9 a.m. technical control it's a tech it's a control that's implemented with technology another control see just having a technical control is is not enough remember the defense in depth concept right using multiple things to protect you using multiple areas of security to protect you another thing we can put in place to secure our environment it will be managerial
65:00 - 65:30 controls and kind of a relaying this back to that house an know this big house that you're trying to to secure in terms of a technical controls well we might have locks you know door locks all these things are like technical things they're physical but they're also technical things that we can put in place fences uh all these things we we can put them there to help us secure the organization and then we can configure them technically you
65:30 - 66:00 know we can Implement some kind of a technical uh Security on these things so that for example in the door lock before you get into the house you have to put in the number you have to swipe your badge all kinds of stuff right so another thing we have it's managerial controls well these are the policies they set the direction they set the rules right the direction of the businesses so in in the settings of the house these will be the rules of the house okay so you can only right come in
66:00 - 66:30 if you are one of the family member right you can only have the house key if you are this type of a person that's the managerial controls right setting the the rules of the game or the rules of the house in this case the rules of our security so in security the way we set up the the rules we use policies policies are documents piece of papers that we put in place that we write up and tell everybody hey look from now on
66:30 - 67:00 this is what we're going to be doing that's everybody agrees right and then you read over that you sign it you said hey I agree one of the classic policy must companies tend to have is 90 days password policy right saying hey look your password is going to expire every 90 days that's a pretty good pretty good rule right so what happens what happens is we're have a piece of paper that says that we're going to say hey look read over this sign right here that after 90 days
67:00 - 67:30 you're going to change your password well that's going to be the managerial control that piece of paper that document that they're going to read and sign and then another one we have its operational controls well these are the daily habits in the house right going in and checking to see if things are locked going in and checking making sure everything is really you know still protected pretty much everybody's doing what they're supposed to be doing well in security uh back to that password
67:30 - 68:00 policies we can have a manager going in and then asking people hey have you changed your password well 90 days is almost up are you changing your password hey hey everybody make sure you change your password tomorrow because tomorrow is the last day to change your password so that's operational controls this is these are the controls we put in place on a daytoday basis like they get enforced on daily basis operational when the company is running these are the controls that gets enforced on daily basis and then you have your physical
68:00 - 68:30 controls these are fences guard CCTV you know B Man Trap you name it it's anything that you can look at and feel touch smell right it's a physical control right we will be coming back to all of these in in this section as well later on I have a section we're going to talk about physical security in more depth but the reason why we have this here is to make sure that there keeping your organization super secure and there's not a single one of
68:30 - 69:00 these that can secure you for example what if the uh uh the Intruder goes over the fence then what well we want to make sure there's a door lock right we want to make sure there's like a door first of all and there's a lock on the door and that door it's asking them to swipe their bedge or scan their finger and something like that before they can get into the house or that building and once they get into the the building then what right we're going to need to make sure we have multiple defenses multiple
69:00 - 69:30 things in place to secure the organization the very first control we have here is the preventive control most people like to think that this is the most important control of them all and it makes sense because this is cyber security and in cyber security we want to prevent prevent prevent we want just to prevent everything from you know coming in all the bad guys from coming in so we're trying we're going in we're
69:30 - 70:00 trying to prevent attacks from you know happening from being successful these controls preventative controls are applied before the attack happens so we go in we configure that firewall we added the access control list the ACL we put that in place right and the idea is to try to prevent the bed guy from coming in so we might go ahead and do system hardening go ahead and patching that system right configure
70:00 - 70:30 the you know set up some change management security awareness training where before you can make any changes you have to request the change somebody have to approve the change right uh going in and and and and set up monthly or or yearly awareness training to tell people hey look you should not be clicking on these fishing emails and things along those lines when we do all that stuff we are trying to prevent bad things things from happening before they happen here is the harsh truth though
70:30 - 71:00 any preventative measure it's going to fail you right it's going to fail you although we put a lot of faith in these preventive measures we need to understand we need to make peace with if they want to get in if the bad guys are really really persistent they really want to get in they will get in so pre vention is ideal but detection is a remember that right so you won't prevent
71:00 - 71:30 100% of everything let's say that you are preventing 80% of the bad things that are happening within your environment which is a pretty good thing to do by the way well you need to know that the other 20% the other 20 20% I manag to get in we need to detect them and once we detect them we need to do something about it so prevention is a deal but detection is a must we got to detect these bad things but here's the thing
71:30 - 72:00 though detection without response is useless uh there's a guy Rob Joyce which I introduced that guy to you already he recently retired I was looking at his LinkedIn and he's Rec talking about he was you know retiring I'm looking forward to see what he does next by the anyway one of the thing that he said was that whenever they do you know pen testing for these government agencies and then they tell these agencies hey look you are vulnerable here go ahead and fix this so they went in they detect
72:00 - 72:30 better things they detect weaknesses they detect all these vulnerabilities they come back next year those vulnerabilities are still there which means they didn't do anything about these things so that goes in and tell you that look you can detect all you want but you want to make sure you want to go in and response you want to make sure you want to go in and uh apply the fix you know or or update those systems and configure that control
72:30 - 73:00 to make sure that that 20% doesn't really get in and even if it does get in we can detect it as soon as we can and then respond to it as soon as we can remember many organization lack effective detection they focus primarily on preventative prot type we have is deterrent with trying to deter someone remember prevention deterrent controls are different right most people they
73:00 - 73:30 trying to use this interchangably right deterrent is try to discourage someone preventative is try to prevent something from happening right so you got to understand deterrent doesn't stop anybody really it's more of a psychologically discouraging them from attacking you think about like a warning like a signage like like a signage that goes in and tell you hey be aware of the dog right
73:30 - 74:00 really if you trass if you try to to trespass this is the word I was looking for if you try to trespass to that yard it's not that warning sign is going to move and then stop you but he might discourage you though it might deter you from wanting to trespass right so there's a lot of deterrent controls in fact in security we do this quite a lot in fact some of this some of this might
74:00 - 74:30 help you big time uh there was a a case in um there was a case uh uh in court some guy attacked this organization and they got in they attacked the organization they got in they did the damage but because the organization didn't have a banner like when you try to log in into you know these computers because they didn't have a banner that says hey don't don't even
74:30 - 75:00 think about signing in don't even try to do anything here if you do that we're going to do this right because they didn't have the banner there the attacker got away free literally he never get charged because of the warning because of the banner so this is important deterrent is important right to try to discourage someone to try to tell them hey look you are trespassing right you're trying to log into the computer that you're not supposed to be logging in so the idea of deterrent
75:00 - 75:30 control is to try to discourage right dis discourage malicious activity by having some kind of a banner that says hey look don't try this if you do this here is the consequence here is the consequence or be aware of the consequence but if the attacker move forward with that the deterrent control it's not going to prevent anything right it's just there to discourage them
75:30 - 76:00 psychologically to give them that little warning hey be aware of this if you do you know if you you do try to do what you're thinking about doing corrective control corrective control well if something goes wrong if you're under attack well corrective controls jumps into the action they're like the emergency exits in your house in in the building where people can run out right get out if the house is on fire so the
76:00 - 76:30 idea of corrective control is is to try to Resort things into the normal operations basically take things back to normal we're trying to correct theault we're trying to kind of making sure we stop the bleed we stop the attack from moving forward so it's going in it's it's reacting to an attack and it takes some kind of a corrective action so things like intrusion prevention systems absolutely comes in mind it's going to
76:30 - 77:00 prevent the attack from a moving forward so a user downloads a spyware the it technician runs a spyware program try to correct the problem right that's a corrective control right there right human usually are part of this corrective control they're going in they're fixing things the idea again is to restore things into normal operations so we might go in and and look at the
77:00 - 77:30 things that are in the backup to try to restore things from the backup if the attacker managed to do some kind of a damages so we're going to come back to this once we talk about risk management where we're going to talk about okay well if somebody attack you well how do you get back up and running how do you go back to normal states this actually that's going to be part of the incident response process right inant response not risk management really and then we have our recovery or recovery controls well recovery controls they're designed
77:30 - 78:00 they're designed to restore systems operating systems to a normal state after the attack or after the system failure we're going in we restore things back to normal see corrective controls is going to immediately jump into action and try to stop the bleed try to contain the problem right making sure that it doesn't really move forward to other uh systems and the recovery controls we're going back we're recovering things we
78:00 - 78:30 are recovering controls uh to try to kind of bring things back to normal State the it system goes in the it technician excuse me the it technician go goes and reimage the system try to recover that system after the system failure after the attack or the it system goes in and remove the infected computer from the system from the network or the environment well another
78:30 - 79:00 control is comp setting control well campus setting control acts as alternative right as alternative controls when the primary one is not there or it can't be used for some reason and you will see this on that exam where they're going to ask you here we're trying to implement this um uh encryption or this type of a firewall but you know the firewall is not ready what can we do well you're going to do something else you can just not do
79:00 - 79:30 anything so that's something else you do is what we normally call a compensating control right compensating control is an alternative it's it's it's something that can composite the primary control if the primary control have some weaknesses or if you just want to make it more robust composting control is what we use imagine if multifactor authentication I know I haven't talked about this yet but we will multifactor authentication can be used if the password if just using the password is
79:30 - 80:00 not enough we can use a multiactor authentication where we send uh text messages to people or we can use something like a Google authenticator Microsoft authenticator uh as we authenticating you're authenticating based on something you know something I will be coming back to all that in one of these lessons video cameras are are are great as a detective controls but security guards are better so again security guards will be that compensating controls because
80:00 - 80:30 they do more than what video cameras will do when CCTV will do a security guard can composting the CCTV literally or because they they can watch they can uh uh deter they can discourage someone they can prevent someone right on and on and on and on so imagine if the door lock is broken and they cannot be fixed immediately so what can you do in that case well some of you like you know what let's place a security guard in front of that you know
80:30 - 81:00 that door temporarily that will be a compensating control remember compensating controls are like Back Ops plans when if the primary thing is not working or for some reason you can't use or some reason the primary thing is not enough you will put a compassing controls in place in order to keep your security going in order to keep your you know your environment protected d directive control directive control provided the guidance think about these
81:00 - 81:30 as the rules the policies right that we establish we put in place in order to provide the instructions in order to basically provide the guidance that's needed that's going to be guiding our kind of a security efforts so think about security policies standards procedures guidelines you name all these are the directive controls we're trying to set the direction right for our security so training programs it's absolutely comes in mind because when
81:30 - 82:00 you train people you're going when you're giving them the tools you're trying to patch their brain uh I had a mentor who once said that look uh we can basically patch everything we can patch operating systems we can patch applications but one of the the the the the thing that we cannot patch is a a a human brain when when when he say that I'm like hm that actually makes sense and then I like H you know what maybe we can PCH the human brain by training them
82:00 - 82:30 because remember 94 all the attacks when you look at the Verizon mdbr DB report which I'm going to share with you 74 not 94 74% of all the attacks start with a human brain it's human it starts with tricking the human right getting the human into do doing something and the only fight we have against this is
82:30 - 83:00 training our people right often a lot of cyber security people they end up doing some training for the organization weekly monthly poly it really doesn't matter uh the thing is you're going to go in you're going to train people you're going to try to patch their brain because that that's the only the only solution we have to fight against things such things such as social engineering in attacks where they're trying to trick the human into doing some kind of action which is it accounts for 74% of all the
83:00 - 83:30 attack 74% of all the attacks start with the human getting tricked so the directive controls in terms of security awareness training programs really do helps in that regard so we're going in we're setting the rules for the game we're setting the rules for the game that's part of that directive controls they're guiding us uh they're guiding the employees remember these are the policies right they're got they're guing the organization on what to do what to not do and what we need to keep in mind
83:30 - 84:00 in terms of security think about change management right whenever people are going in and trying to apply a change if we have a change management policies in place they're going to have to follow the rules you're going to have to follow that document on how to go by requesting the change how to go by approving the change and everything in between there is this concept that's known as uh that's known as um what's the name of it uh if I can remember it got it Shadow
84:00 - 84:30 it right Shadow it we're going in we're shadowing the IT team it there we go that's a shadow it so imagine if you're a regular employee and you just want to use Adobe acrobot right Adobe Reader something like that well if it's going to take a long time for the it to get that installed in your computer you might just want to go online and then download that program and start using it well you're shadowing it you're doing what the IT people would
84:30 - 85:00 normally do but guess what that's going to change some things to the computer because you're installing something to the system so we might not want you to do that right we might not want you to shutle the IT team so we're going to ensure you go in you request the change the reason is because you're not it if you just go online downloading stuff what if you download something that a virus mhm but the IT team will know to check and making sure that uh the thing
85:00 - 85:30 that they're installing in your machine doesn't have any viruses so one of the biggest thing and I've mentioned this already that you need to be aware of is that when it comes to all these controls categories and control types you need to know that you cannot use one over the other right we have to use both of them at the same time and that's known as a multi-layer sec security also known as a defense in depth where the idea is go in and
85:30 - 86:00 Implement a bunch of these controls to help protect your environment each control types play a unique role in protecting your environment and then we need to have all of them so that we can create a comprehensive uh defense against the enemy against the advisories one of the New Concept that was added into this Security Plus 71 version is Gap analysis right performing a gap analysis to try
86:00 - 86:30 to identify your weaknesses to try to understand where you are and where you need to be or where you need to go so the idea of a gap analysis is to identify the differences right the different gaps between your current security States and then your desire state for you to be able to do that f you need to establish a baseline a baseline is it's what's normal it's like okay what's normal to your organization
86:30 - 87:00 and this is really important for for you to be aware of because whenever there's things like a zero days vulnerabilities right zero days attacks said I don't know why it says that but it's it's a zero days right zero days so uh for you to be able to identify that thing that's not normal that zero day you need to know how normal your systems were which is part of that Baseline establishing a baseline so that whenever you do this
87:00 - 87:30 analysis this a gap analysis you will know hey this is not normal right this is not how normally our systems will function so what we normally do it's part of the uh a behavior based analysis which I'm going to come back to once we talk about EDR intrusion yeah I say intrusion but endpoint detection and response EDR endpoint detection and response also part of that xdr right extended detection and response so once we talk about that I'll come back to this as
87:30 - 88:00 well once we talk about IPS and IDs literally you know this is also part part of that it's a behavior based right horis based uh uh detection what we're doing we're learning this is by the way this is becoming very important in this age of AI where there's a lot of automation that's taking place we're going and we're learning the environment we're learning what's normal to the environment so that whenever we see something that doesn't look normal we can be able to identify that kind of
88:00 - 88:30 stuff right so for example the last three months our system's been functioning at 50% capacity for example right 50% when everybody's working it doesn't go up more than 50% well imagine one day you go to work and then your systems are functioning at 90% capacity well that's not normal right you're going to go in and be like whoa whoa whoa whoa where the gaps are right what is the difference here right what's making all this big difference so again
88:30 - 89:00 we going to to establish a Baseline and then identify the gaps right identify the differences and then analyze the gaps try to figure out okay what exactly taking place here then you're going to develop the plan of action you're going to implement the changes then you're going to re-evaluate adjust assess and then go back to go get back to it again again it's a gap analysis we're trying to you know kind of identify the differences the benefit of doing this is that it's going to improve your security absolutely remember guys there are some vulnerabilities that you don't even know
89:00 - 89:30 they exist for you to be able to know is by doing this Gap analysis in fact Gap analysis is part of what we normally call Proactive proactive prevent proactive approach to your security meaning you're not waiting for them to attack you you're going in you're assessing your environment you're trying to identify okay look what is the difference here okay what from now to you know a few days ago what changed what is the difference and
89:30 - 90:00 that's a good thing in in terms of security because over the years security have always been a reactive where they attack us we react to it and so now that is changing and which is part of that threat hunting the idea is we're going in we're hunting you for these bad guys we're identifying the differences we're identifying the gu apps so that we can improve our security yeah it's pretty good for compliance as well risk management resource optimization
90:00 - 90:30 strategic planning again we're trying to identify the difference and that's important for our security and that led me to this is your trust uh section well you are going to understand that trust is a vulnerability to a computer system and that's not for me this is from John the creator of Zer trust and I remember last year I went to a conference in Atlanta I live in Atlanta Georgia I went to a conference for about 8 hours straight people were talking about how
90:30 - 91:00 their product is a zero trust product how their application is a zero trust application and I remember sitting there I'm like oh my God all right this zero trust is a basw word now right they they just need to put this in front of their product and voila now their product is a Zer trust product uh there was there was this gentleman from uh point I probably shouldn't be mentioning you know company names but this gentleman got on stage and like oh fire
91:00 - 91:30 is a zero trust firewall now I'm like look man checkpoint been around for about 20 years right I don't understand how you know this firewall all a sudden now it's a zero trust uh kind of a firewall but again you cannot blame marketing people they tell you what they want you to hear so you can you know purchase the product anyway Zer trust is not a product it's not an application it's a philosophy it's a Phil philosophy it's a strategy that assumes that uh whether you're inside or outside of the organization we
91:30 - 92:00 should not trust you by default right it's trust no one and always verify uh let's keep going and and and dig a little bit deeper so what the heck is it what is this is your trust well John uh kerack I don't know if I'm saying his last name right uh he deserves a lot of credit for basically pushing zero trust for putting zero trust out there uh the at the time where people didn't even know what this was right like I said Google was doing some of this back in
92:00 - 92:30 200 um 2009 is when they get attacked by you know China it's an AP defense persistance threat but later uh was linked back to the you know Chinese government anyway Google get attacked it wasn't just Google uh this was uh it's it was known as operation Aurora which was an attack on a lot of these tech companies Adobe was the victim obviously Google and a few other companies as well
92:30 - 93:00 so this was a 2009 going to 2010ish and then this guy named John was working for Forest as a researcher at Forest and then he came up with this concept it's known as a zero trust architecture then he said that trust is a vulnerability into a computer system he said that computers often don't trust the outside but once you're in you're trusted by default once you're authenticated you're
93:00 - 93:30 trusted and then and then he raised a bunch of a really important question that look when you take a look at incidents that have happened in the past of people like Edward Snowden if you don't know Edward Snowden is this whistleblower guy who was working for the NSA who copy a lot of the secrets and U blew them up and and you know telling the world how the US was spying on its citizens but also on its allies I'm going to pause that story there
93:30 - 94:00 because I'm going to talk about this story in a lat sections but the idea was that Snowden after authenticating into these systems he was trusted he could have copied things moved things around and nobody knew nobody was keeping an eye on what these people were doing so the idea of a zero trust is that even though you you've authenticated even though you're already into the system environment we're not going to trust you we're going to always verify what you're doing cuz here's the thing about
94:00 - 94:30 attackers attackers they love to blend in they love to steal the credential of a legitimate user and then access the systems as that legitimate user and that that's not good so zero trust became very popular do it to things like you know working from home do it to things uh where cloud computing and people are working from different locations so John uh this guy Dale posted a video of John talking about zero trust on
94:30 - 95:00 LinkedIn and I remember sharing this this is a while back I think it's like two years ago now uh where I shared that because it was a really good explanation of him going in and and and and talking about this and I think I have the video up let me go ahead and just put that up here uh for you there we go so you can see a little bit of it let me talk about zero trust uh the quickest I possibly can so what is zero trust well trust is a human emotion that we've injected into digital
95:00 - 95:30 systems for absolutely no reason so it turns out the trust in digital systems is a vulnerability and it's a very dangerous vulnerability in fact it's the most dangerous vulnerability in the world because it's the only V that's also an exploit at the same time there we go there we go straight from the horse's mouth where he's telling you that he's the creator of zero chice like I said he's telling you that look trust it's a human emotion that because we created computers that we injected into
95:30 - 96:00 these computers and therefore computers should not be trusting anyone either human or other computers once they're you know they're into the environment so let's take a step back a little bit cuz I just you know went straight to the point of what your trust was but let's see how we got here when you take a look at traditional networks and how the networks were
96:00 - 96:30 designed right traditionally you start seeing how back in the 90s back in the 90s how the networks were designed for trusting everybody who gets in but not trusting anyone who comes from the outside right and this was made very uh common by a worm that's known as a a moris worm that took place back in the
96:30 - 97:00 '90s uh this University student r a warm his name is I can't remember his first name but his last name is uh Morris uh which is what they call him the Morris worm anyway uh this gentleman released u a worm and if you don't know what a worm is a worm it's a bed program that self propagate meaning if it gets into the computer it's going to replicate itself it's going to affect other machines uh
97:00 - 97:30 that connected on that same network anyway in the 90s the entire internet was a flat Network meaning everything was connected to everything else so this warm got released and then it literally infected the 60 60% of the computers at the time this is how dangerous this thing was like 60% of all the computers at the time got infected with this swm and then this gentleman names Bill Cheswick who
97:30 - 98:00 was working at the AT&T Bell lab uh released a piece of paper he wrote a paper that was very influential at the time known as the design of a secure internet gateway and one of the thing that he pointed out is the things that we're doing now he said that the way the networks are designed it's hard on the outside but soft on the inside meaning
98:00 - 98:30 once the a person or the bed guy gets into the the inside that's it you know they're trusted they can do whatever they want so the question he was trying to ask was that okay what happens when someone gets inside of the network should they just do whatever they want right and you can see the in the '90s thinking like this it was revolutionary it was revolutionary so what he said what Bill said was that we
98:30 - 99:00 would like the internal machines be protected even if the Invader breaks into the you know the machines themselves become root meaning become the administrator then or or creates and runs the corner right runs the system that manages the computer so that that's really the idea behind zero trust zero trust is okay once you get into the environment we're going to keep an eye on you we're
99:00 - 99:30 going to keep an eye on you so that if you're a bad guy right you don't get to copy all the fire like what Snowden did we can get alerted right there then if you are behaving differently than what that account or that computer will normally uh behave right so as you can see uh people were thinking about these things back in the days and here I put a think about the target attack in
99:30 - 100:00 2014 target G breached and come to find out the bad guys got into then I think the attack started in 2013 anyway the attacker got into the uh the AC system HVAC system meaning the the vendor that provided the AC for the entire uh the all the Target stores the attacker gets into their
100:00 - 100:30 system they break into the AC vendor system and then from that AC system the attacker were was able to get to the register of Target here is the bad problem and here's how this is related to what we're talking about they did that didn't happen to just one register and one AC no they were able to access all the registers in all the Target stores around the world
100:30 - 101:00 specifically in the US because you know Target is a US company well the question is why wasn't an edac system communicating with the register and a better question is why was that taking place not just in one store but in all the stores throughout the US and the answer is and the answer is a flat Network these networks of the old days they were designed with
101:00 - 101:30 everybody communicating with everybody everything talking to everything which means if the attacker gets into one system or if they manage to break into one thing then they have access to everything else and that's what zero trust is trying to avoid it doesn't matter if you are supposed to be here or if you're some kind of a bad guy who happened to be here trust is saying that even if you're inside we won't trust you by default we're going in we're verifying everything that you're doing
101:30 - 102:00 so it's that continuous authentication asking who are you who are you who are you who are you right that's really what Zer trust is trying to accomplish so the model again zero trust is is not a product zero trust is not an application it's a paradism shift all right it's a philosophy a strategy that emphasize that TR should never be you know implicit and it should always be verified we don't care uh the account
102:00 - 102:30 you have we're going in we're treating all the traffic as hostile right we're continuously verifying uh who you are where are you authenticating from what computer are you using what IP addresses are you authenticating with on and on and on uh as you're accessing resources on that Network so here's a few things that you need to remember for that exam when it comes to zero trust one I've said this probably like 10 times already we trust
102:30 - 103:00 nothing we verify everything that's the model that's the idea behind zero trust but zero trust do provide what the normal called a secure Zone secure Zone it's part of what we nor call a data plan which something I'm going to teach you in a minute here data plan where we're constantly segmenting the environment sort of like my micro segmentation we're constantly micro segmenting the environment creating these secure zones that once you're
103:00 - 103:30 accessing some kind of a location well we've trusted you to ask to ask to access that location you stay there whenever you want to access something else we going in we're authenticating you again so there's that continuous authentication we're trying to say who hold on a minute were you supposed to be accessing this or do you normally access the things that you you are accessing so uh that's kind of the idea with with this secure Zone and you're going to see
103:30 - 104:00 that on that exam but I will be coming back to the concept of the secure Zone in more dep list privilege is at the core of a zero trust right giving people or things access they need nothing less and nothing more right list privilege many times when people are using computers oh my God we just give them too much privilege like they have like permissions to a lot of things things that they should not be having access to
104:00 - 104:30 in the first place so zero trust model goes in and says hold on a minute man you can only access things that you're allowed to access and nothing less and nothing more right things that allow you to do your job nothing less nothing more right again that micro segmentation then again that breach mentality right assuming Bridge mentality where we're going in and we're shooting the network as if the attacker is already here and this is not I like this not because it's part of the Aero trust but because this
104:30 - 105:00 is by backed up by some kind of industry data this you know assume Bridge mentality when you read the research from mandiant mandiant every year goes in and gives out a research let me see if I can bring it up on Google here all right ment M Trend Google Bent by the way uh 2024 let me see if I'll get a
105:00 - 105:30 PDF if I don't I'll probably put this in a in a research section here we are right uh they have this thing known as Duell time there we go there we go I think I it came up here right so Dell time now number of days attacker is on your environment um from compromise to detection meaning how long does take us to see or to um how long
105:30 - 106:00 does it take us to uh know that some attacker is in our environment right so when somebody gets into our computer system how long does it take us for us to know that they're there the Dell time and the ment goes in many times it take it tells us days few years ago few years ago it used to be months
106:00 - 106:30 literally months but there we go this is what I was looking for the 2024 version of uh uh this um a research goes in and tells us 16 days back in 2022 and now it's down to 10 days this is how long the bad guys are in our environment before we detect them before we know that they're there in the first place this is insane imagine 10 days somebody
106:30 - 107:00 in your environment doing God knows what all right and this is real data this is real data this is based on a lot of data from a lot of companies so if I go back to this a little bit the idea here of assum bridge is that we're going in we're assuming that the network is already compromised and then we're doing those red hunting we're trying to identify the bed guys uh you know try to identify what we normally call it ioc's
107:00 - 107:30 let me using the terminology that's going to be on that exam ioc's indicator of compromise right IP addresses that belongs to bed guys domain names that belongs to the bed guys hashing right uh hashes that belongs to the bid guys we're always hunting constantly hunting ing for the bed guys as well so zero trust model has that integrated within it so again zero trust is not a product
107:30 - 108:00 zero trust is all about reducing the scope of a threat with the micro segmentation if they attack you here well at least they only have access to this right nothing else as well right and then we're going into reinforcing companywide uh Access Control policy Zer trust is a huge on access control right authenticating and giving people access to certain things zero trust is like at the core access control is at the core of what zero trust is again insuring security is not just
108:00 - 108:30 about keeping threats out but also about managing them once they're in those 10 days of the bad guys in our environment before we know that they're there it's insane we want to reduce that to immediate there's other resource uh here that uh uh that goes in and talk about how long it takes them to actually steal stuff once they're in your environment sometimes it takes them hours not days hours they're in they copy things they move remember before they attack you
108:30 - 109:00 they've already done their research it's called ENT open source intelligence they or reconnaissance they they've done research they know who you are they know your weaknesses and all that good stuff and you know they get there they just grab things then they run so we want to make sure we stop that and Zer trust do help us with that as well so here's the case study of Google how Google approached zero trust and this is what I was kind of a mentioning uh you know at the
109:00 - 109:30 beginning Google implemented what they normally call Beyond Corp Beyond Corp is Google's approach to zero trust and they did this back in 2009 uh Without Really knowing what Zer trust was at the time and the reason it was because the operation Aurora operation Aurora was the a AP is that advanced persistance threat that's linked to China they reported it China by the way have done this quite a lot I'm I'm sorry if you're in in
109:30 - 110:00 China and you're watching this you're like what is he talking about but uh for E uh economic advantages there's a lot of reports that came out saying how you know the Chinese defense positions threat Chinese uh hacking groups uh go into these big tech companies and stealing intellectual properties and things like that that's beyond this course actually it's not even part of this course but anyway operation Aurora it's this AP events position through it went in and start attacking a
110:00 - 110:30 lot of these tech companies Google being one of them so what Google did was that oh hold on a minute they sit down and rethink their security their entire security and then beyond Corp was born and here's what they came up with they said they're going to remove trust from the network yeah they noticed back in you know 20 10ish this is when people start you know accessing you know networks using mobile phones and you know laptops and things like that so
110:30 - 111:00 they saw that the future of work is you know remote people working from anywhere people are in different parts of the world and accessing the resources so they removed trust from the network and they said okay it doesn't matter where you're authenticating from we're going to securely identify that device so we're going to look at things like IP address where you're authenticating from the the MAC address that is associated with that computer and so on and so forth and if that looks different you know we will going to it's
111:00 - 111:30 it's going to raise some red flags and we will you know take a look at that right I securely identified the user with multiactor authentication MFA and so on so forth implementing inventory based access controls absolutely and an encryption context aware look zero trust is really a fency way of us saying a back some that we call aback right attribute based Access Control in another word it's it's really
111:30 - 112:00 just about authenticating people resources subject objects and then continuously authenticating them right literally at the end of the day that's really what this is and that's why aback is the attribute based Access Control we're going in we're authenticating People based on all different attributes based on different uh context uh as well so Google pioneered this they come up with the Beyond Corp without knowing that's what they were doing without knowing that John at Forest was
112:00 - 112:30 working on something that similar to what Google was doing already the other thing I should mention about this is that Google still now 10 years later 10 years this is 2024 like 14 years later they haven't accomplished zero trust so zero trust is not something that you can completely fully Implement like I said it's a philos it's idea it's it's it's a it's a strategy it's something that you build on top of and then you
112:30 - 113:00 continuously right uh keep doing it's it's not something that you do and then done no it's not President Biden President Biden also you know put a few executive order in place so 2021 he went in he said huh yeah we got to secure these federal agencies so there was an executive order that he put in place to kind of a requiring federal agencies to develop a
113:00 - 113:30 plan to implement a zero trust and here is something that he did he gave them a few months like literally he said by may we need to make sure that now only you have the budget on how not only you tell me what the budget is going to be on how you're going to implement zero trust but also we want you to go in there and put in MFA I'm sure the agencies were doing a lot of this already but you know him
113:30 - 114:00 going in and saying that they're putting this into into an executive order kind of it tells you the importance of this but he give him about a few months which is really not normal for government governments usually move very very slow but he went and he said by this time we are requiring everybody to at least be doing multiactor authentication by the end of uh year uh you know 2024 and then there's a after he did that there was a lot of uh um uh uh
114:00 - 114:30 documents that came out from nist from caesa from uh GSA uh and and and a few other kind of agencies they all came out they put their guidance if you will of how they're going to implement the Zer or how zero trust should be implemented uh in government agencies but also in uh private corporations as well this is not going to be on that exam the operation Aurora and the zero trust uh Federal
114:30 - 115:00 zero trust is not going to be on that exam I just put this here so that you can see if you need additional reading or if you want to put this into practic into real world perspective you can see how this is being done so here's what's going to be on that exam the control plan the data plan and the monitoring plan this is going to be absolutely on that exam you know come here they really kind of you know pick the things that normally people will not uh care about and and they just you know ask questions
115:00 - 115:30 on those things anyway uh I say things people don't care about but things that are not practical in the real world right anyway uh the control plan the control plan is like the brain of zero trust this is where all the decisions are made or in the control plan um it decides who gets access based on all all kinds of a factors right so just think of the control plan as the brand I just want to start there as the
115:30 - 116:00 Brand This is where the decisions big decisions are being made uh so it is in charge of the policies the Adaptive identity here the scope reduction the policy access controls and things like that so uh the control plans decides the access but it does not enforce it that's where the data plan comes in the data plan is where all the action all the enforcement actually takes place right
116:00 - 116:30 uh and this is where the secure zones are those micro segmentations that I was talking about this is where it goes in and says okay the control plan decided this is what needs to be done the data plan goes in and put that into action right put it like reinforce uh the policy in there as well now the monitoring plan is just observing things right it just monitoring watching things and then kind of reporting hey this has just happened this is just happened so
116:30 - 117:00 on so forth so let's take a look at this in a little bit more in more depth the control plan again this is where the decisions are made right this is where the decisions are made about who's accessing what what resources is being accessed it's accessed by who from where what computer they're using as they accessing this what IP addresses right all those decisions are made into the control plan so there's that AB adaptive identity where they're dynamically authenticating you they're
117:00 - 117:30 continously authenticating you based on what you're accessing and how you are behaving so there is the machine learning right and artificial intelligence kind of integrated into that uh as well uh it's policy driven again there's a bunch of rules uh that helps the control plan make those decisions and again it's in charge of a reducing the scope like I mentioned earlier minimizing the impact see zero trust doesn't it's it's not like the Silver Bullet where once you try to
117:30 - 118:00 implement zero trust nothing bad is going to happen it's nothing like that it's just that it tells you that look even after someone managed to get in some bad guys managed to get in we don't want to be too exposed we want to minimize the kind of impact this threat will have as it's exploiting the vulnerability right and then there's the policy administrator where it's kind of managing and and uh uh Distributing the access policies and there's the policy
118:00 - 118:30 engine that evaluates each request and then uh kind of a look at it and be like okay well this is uh supposed to be happening kind of making those decisions in real time as well then you have your data plan again like I said this is where all the decisions are actually being enforced uh this is the actual point where the users the ENT entities the resources uh that that's all accessing each other this is where the enforcement takes place this is where the actual security uh happens
118:30 - 119:00 you got to remember this for your exam guys you got to remember this for your exam for example one of the question that they might ask you was is uh well in the control plan uh what is taking place over there and then you will see one of the answers as being secure zones absolutely right secure zones is what is taking place inside of that data plan we're going in we're creating these micro segmentation parts of the network especially in the cloud uh
119:00 - 119:30 automatically and we're dynamically changing these things around uh based on how people are authenticating and based on how people are behaving it's not just for people but a system as well all right based on how systems are also behaving we're going in we're doing some micr segmentation we're going in we're creating secure zones where we said okay you're here unless you're behaving differently you're not going anywhere else based on how you're authenticated you can only access these things right that kind of stuff and then you have the policy enforcement point where this is
119:30 - 120:00 that point where the enforcement is actually taking place right um it acts upon the decisions from that control plan right uh where it's going is allowing or denying things uh based on what the control plan uh said so the the the policy enforcement point you can think of that as the firewalls the gateways the the network segmentations the things that we actually uh uh you know put in place uh
120:00 - 120:30 for uh the um uh the enforcement to take effect and lastly we have the monitoring plan uh the goal of monitoring plan is to observe ctia 701 the exam objective it doesn't specifically call this one out so it might it might not be on that exam specifically but but it's another one that is taking place inside of a zero trust and the idea here it's acting as a
120:30 - 121:00 Sim you could have like a Sim product that is actually doing this where it's continuously observing things it's continuously looking at the logs all the activities that are taking place in a systems and then give us the insights of who's accessing what or what is you know taking place the beauty of the monitoring plan it's real time basically give you the feedback in real time telling you look this thing that just happened and the other thing within the monitoring plan if we have a baseline if you have a baseline that we
121:00 - 121:30 have created this is going to tell us once it sees an anomal it's going to tell us oh that that does it not look normal at all right this user just did something that they have never done for the past three months for the past 90 days right that kind of stuff so it's it's observing it's keeping the eye on things it's logging everything and keeping record and track of everything it's alerting it's notifying us uh and and and so on and so forth so to finalize this I'm going to leave you
121:30 - 122:00 with this remember control plan decides what needs to happen data plan put that into action and then a monitoring plan watches it observe it inside of that trust that zero trust model this is what is taking place