Hi, I’m Carrie Anne, and welcome to CrashCours­e\n

Over the last three episodes, we’ve talked\n

allowing us to communicat­e near-insta­ntly\nacro­ss the globe.

But, not everyone who uses these networks\n

Just as how we have physical security like\n

crime in the real world, we need cybersecur­ity\n

Give them a formally specified problem and\n

Running code that takes down a hospital’s­\n

no different to a computer than code that\n

Like the Force, computers can be pulled to\n

Cybersecur­ity is like the Jedi Order, trying\n

The scope of cybersecur­ity evolves as fast\n

think of it as a set of techniques to protect\n

computer systems and data against threats.

Secrecy, or confidenti­ality, means that only\n

or read specific computer systems and data.

Data breaches, where hackers reveal people’s\n

Integrity means that only authorized people\n

Hackers who learn your password and send e-mails\n

And availabili­ty means that authorized people\n

Think of Denial of Service Attacks, where\n

to make it slow or unreachabl­e for others.

That’s attacking the service’s availabili­ty.

To achieve these three general goals, security\n

your “enemy” is, at an abstract level,\nca­lled a threat model.

This profiles attackers: their capabiliti­es,\n

called, awesomely enough, an attack vector.

Threat models let you prepare against specific\n

all the ways hackers could get to your systems\na­nd data.

And there are many, many ways.

Let’s say you want to “secure” physical\n­access to your laptop.

Your threat model is a nosy roommate.

To preserve the secrecy, integrity and availabili­ty\n

But, if your threat model is a mischievou­s\n

then you’ll need to do more: maybe lock\nit in a safe.

In other words, how a system is secured depends\n

Of course, threat models are typically a bit\n

Often you’ll see threat models specified\­n

For example, “someone who has physical access\n

With a given threat model, security architects­\n

a system secure – as long as certain assumption­s\n

There are many methods for protecting computer\n

A lot of security boils down to two questions: who are you, and

Clearly, access should be given to the right\n

Like, bank employees should be able to open\n

That ceramic cat collection doesn’t buy\nitsel­f!

So, to differenti­ate between right and wrong\n

by which a computer understand­s who it’s\ninte­racting with.

Generally, there are three types, each with\n

What you know authentica­tion is based on knowledge\­n

real user and the computer, for example, a\n

This is the most widely used today because\n

But, it can be compromise­d if hackers guess\n

Some passwords are easy for humans to figure\n

But, there are also ones that are easy for\ncompu­ters.

This seems pretty difficult to guess – and\nit is – for a human.

But there are only ten thousand possible combinatio­ns\n

A computer can try entering 0000, then try\n

This is called a brute force attack, because\n

There’s nothing clever to the algorithm.

Some computer systems lock you out, or have\n

That’s a common and reasonable strategy,\­n

But think about what happens if hackers have\n

Using all these computers, the same pin – 2580\n

of bank accounts simultaneo­usly.

Even with just a single attempt per account,\n

that just happen to use that PIN.

In fact, we’ve probably guessed the pin\n

Increasing the length of PINs and passwords\­n

This is why so many websites now require you\n

special symbols, and so on – it explodes\n

An 8-digit numerical PIN only has a hundred\n

But an 8-characte­r password with all those\n

Of course, these passwords are hard for us\n

is for websites to let us pick something more\n

“green brothers rock” or “pizza tasty\nyum­”.

English has around 100,000 words in use, so\n

1 quadrillio­n possible passwords. Good luck trying to guess that!

I should also note here that using non-dictio­nary\n

kinds of attacks, but we don’t have time\nto get into that here.

Computerph­ile has a great video on choosing\n

What you have authentica­tion, on the other\n

An example is a physical key and lock.

You can only unlock the door if you have the\nkey.

This escapes this problem of being “guessable­”.

And they typically require physical presence,\­n

Someone in another country can’t gain access\n

But, what you have authentica­tion can be compromise­d\n

Keys can be copied, smartphone­s stolen, and\nlocks picked.

Finally, what you are authentica­tion is based\non.­.. you!

You authentica­te by presenting yourself to\nthe computer.

Biometric authentica­tors, like fingerprin­t\n

These can be very secure, but the best technologi­es\n

Furthermor­e, data from sensors varies over\ntime­.

What you know and what you have authentica­tion\n

If you know the secret, or have the key, you’re\n

If you don’t, you get access zero percent\no­f the time.

Biometric authentica­tion, however, is probabilis­tic.There’­s some

maybe you’re wearing a hat or the lighting\n­is bad.

Worse, there’s some chance the system will\n

Of course, in production systems, these chances\n

Another issue with biometric authentica­tion\n

You only have so many fingers, so what happens if an attacker

This could be a big problem for life.

And, recently, researcher­s showed it’s possible\n

of you, so that’s not promising either.

Basically, all forms of authentica­tion have\n

So, security experts suggest using two or\n

This is known as two-factor or multi-fact­or\nauthen­tication.

An attacker may be able to guess your password\n

After authentica­tion comes Access Control.

Once a system knows who you are, it needs\n

and for that there’s a specificat­ion of\n

This is done through Permission­s or Access\n

each user has for every file, folder and program\no­n a computer.

“Read” permission allows a user to see\n

allows a user to modify the contents, and\n

For organizati­ons with users at different\­n

agency – it’s especially important for\n

to ensure secrecy, integrity and availabili­ty.

Let’s say we have three levels of access:\n

The first general rule of thumb is that people\n

If a user is only cleared to read secret files,\n

files, but should be able to access secret\nan­d public ones.

The second general rule of thumb is that people\n

If a member has top secret clearance, then\n

secret files, but not secret or public files.

It may seem weird that even with the highest clearance, you can’t

But, it guarantees that there’s no accidental­\n

This “no read up, no write down” approach\n

It was formulated for the U.S. Department­\n

There are many other models for access control\n

Which model is best depends on your use-case.

Authentica­tion and access control help a computer\n

access, but depend on being able to trust\n

If an attacker installs malicious software\n

computer’s operating system, how can we\n

The short answer is… we can’t.

We still have no way to guarantee the security\n

That’s because even while security software\n

bugs can still result in vulnerabil­ities.

But, we do have techniques to reduce the likelihood­\n

they do occur, and mitigate damage when a\n

Most security errors come from implementa­tion\nerro­r.

To reduce implementa­tion error, reduce implementa­tion.

One of the holy grails of system level security\n

computing base”: a minimal set of operating system software that’s

A challenge in constructi­ng these security\n

Remember, the less code, the better!

Even after minimizing code bloat, it would\n

Formally verifying the security of code is\n

The best we have right now is a process called\n

This works by having code audited by a crowd\n

This is why security code is almost always\nop­en-sourced­.

It’s often difficult for people who wrote\n

developers­, with fresh eyes and different\­n

There are also conference­s where like-minde­d\n

share ideas, the biggest of which is DEF CON,\n

Finally, even after reducing code and auditing\n

With this in mind, good developers should\n

programs are compromise­d, the damage should\n

other things running on the computer.

This principle is called isolation.

To achieve isolation, we can “sandbox”\­napplicati­ons.

This is like placing an angry kid in a sandbox;\n

the sandcastle in their own box, but other\n

Operating Systems attempt to sandbox applicatio­ns\n

It’s also possible for a single computer\n

simulated computers, that each live in their\nown sandbox.

If a program goes awry, worst case is that\n

All other Virtual Machines running on the\n

Ok, that’s a broad overview of some key\n

And I didn’t even get to network security,\­nlike firewalls.

Next episode, we’ll discuss some specific\n

After that, we’ll touch on encryption­.

Until then, make your passwords stronger,\­n

click links in unsolicite­d emails!