2 hours 27 minutes
welcome back to intermediate endpoint security course. And in this lesson, I'm going to talk about protecting network, particularly of types of attacks that can come from Ah, PC against network. And then how in general to give you advice is how to protect network from ah infected PC.
So what kind of attacks we have? We have a backdoor attack so somebody can install a backdoor software on a PC. The ways to do it are different. It can come from ah, virus. It can come from, ah, phishing email.
Or it can come from,
ah, physical having physical possession off a PC for a short period of time. People are taking their notebooks all the time. They're taking it to business meetings.
I'm and even there if they're using on Secure Network.
For example, if the business meeting is in the restaurant and you're using unsecure network, there are ways that your PC can be compromised
through that network
it can happen when you're on holiday, because if you are taking your PC to on a holiday, you're not at your home. Not everything is secure. Somebody can just sneak in your room or you can just leave it on the terrorists and somebody can get access to it.
Off course. They would need to know who are they targeting?
But these things happen. So if your hold of valuable information,
then you you're definitely exposed. And of course, Ah, In that way, somebody can install something on your software. And then when you get back in the office or on the comp corporate network,
they can use that back door to access whatever they want. Like they're inside sitting in the office space.
Of course, there are viruses and you can catch worse is in numerous ways. If I'm not going to talk about that, that's Ah,
it's a common thing on golf course there is Ransomware, which is a very, very spread these days on ransomware is a 99% 99% of the cases spread through phishing emails. And this is the most popular thing for
cybercriminals to get some easy money.
You can ah, you send
a bunch of emails, somebody catches up, and then then you see the size of the company. How much money can you extort?
very little effort. Very huge reward. So these things are happening
on an increased rate, the number of phishing attacks and number of friends somewhere. Software that they're they're out there are getting their growing
as we speak.
And this is something that needs to be taken in consideration. Really, really seriously. Of course,
protection against Ransomware is not just the to install. Anti were softer protection against the Ah, Ransomware has to be a multi,
several pats in it. One of that is technical, so solutions after solutions. But then people have to be in company. Please have to be trained and have to be where
off, not doing things that can propagate ransomware or any cut anything regarding fishing. And then again,
also there there should be some kind of business policy saying, if you do these things, if you don't care,
no, you will be punished in some way because people essentially through a certain percentage of people who always are going to click on the clink regardless, if somebody told them, don't do it and it unless their friends afraid of consequences.
Uh, of course, as with every other protection, you should test these things on a regular basis. And as I said, the penetration testing. Whether you pay somebody to do it or you have somebody in your company that is hard to do. These things in the regular basis
is the best way to test if you're
systems are actually working,
and then there are some other things that should you should do on on a regular basis. So long monitoring off on PCs intrusion prevention, behaviour analyses these air old things that should be done them on a regular basis and their software is to do it. So you don't do it manually,
because unless you have
10 or 15 people is in your people in your company,
it's too much work for
people to do it. So you need to have software that will check these things regularly, for example, with behavior analysis.
If somebody's always accessing only certain folders on the company share and doing certain things like working in the office packages and sending emails, and that's all that person is doing. And then suddenly the person
PC starts looking on some other locations
or start so using programs that that person has never used.
E did shoot at least raise some alarms and somebody should then investigate that in more detail.
And, as I said before, any new software or software update should be done in isolated environment if possible, in order to prevent infection spreading on the network from from software update, especially.
Why? Because even if you're a small company and you using only programs and software that you can find on the APP store of the manufacture,
these things air very, very safe because they're thoroughly tested by the the owner of the store. However, the updates are done on 1 to 1 basis between the user specie and the the update manufacturer
and in that case, some kind of formal American leak into your PC. So these things, if possible, should be done
first tested. And then if you see that everything is OK, then you should
allow us after abdicate or even if you can push it manually. That would be the best way.
So this is all about protection off network from PCs in general and just learning. Check with the question. What is not a way to protect network from PC's?
Is it installing the anti virus after and server is that behavior analysis? Is it logged, monitoring and the correct answer is
installing a V software on the server because, yes, there is the element of protection if install antivirus software in the server. But it doesn't protect offer any kind of infection spreading between PC's. So it's not the way to protect network from BC's.
Okay, in this lesson, you have learned how to protect network from compromised BC's
and in the next lesson, I'm going to be talking about protecting users off your PC's.