2 hours 39 minutes
welcome back to acid security course. And in this lesson, I'm going to talk about specific tasks versus rolls scenario in
acid security focused field.
So if we are talking about this specialized as a security portion off I d.
I'm going to talk about security tasks in protection of acids and how the people performed these tasks.
So let's go first. Bye. List of tasks. And, uh,
you'd have to protect from attacks outside in.
So you have Ah, dear as DDOS attacks Ah, um,
Then you have a man in the middle attacks
which are there when somebody is basically
some kind of piggybacking on the connection that one of your users is doing between from the outside of the company network. Why are some kind of connection or to different parts of the company communicating, which are physically on the different geographical locations?
Then we have passed for the tax. We have eavesdropping attacks. And then, of course, there are zero day attacks which are usually used in what's a cold
targeted attacks. So when when somebody finds something that hasn't some some exploits ah, whole or begin in, for example, operating system,
that hasn't been published yet. So there is no patch for operating system and they use it just to attacker one or more companies. So these air typical hacking types of attacks.
Then they have to protect from attacks that are physically from inside to out
which is, for example, fishing. Yes, fishing comes from the outside, but the physical execution of the attack comes by.
Basically, Mallory, that is caught by fishing is acting from inside the company network and sending information outside in some ways or doing damage inside, but then communicate the ites outside for for
some kind of connection with whoever is performing the the attack.
Then we have U S B flash mob ER, which can be done by people just not knowing that they have infected U S B flash.
Or it can come from this Gruntal employees that they are going to know that they're going to be fired or they're performing bed or they have some dispute with their manager. So these people might intentionally infecting that for were used be a member and USB flash, or
they can intentionally open mellower sites,
our or phishing emails, whatever. So so they can do that. They can even raise data. Uh, bye bye. Intention? So we have these tasks coming from outside in. So in case of outside in attacks, we have to protect their network of firewalls
are operating systems. Make sure that all the holes have been plugged
in and then re very protect from out attacks inside out. You basically have to protect the endpoint. So PCs and printers and copiers inside the company from acting as a as a back door or some something that sends information that shouldn't be sent
outside of the company.
So when you have, ah,
hierarchical structure and even if you have any other kind of structure in the company,
there are two kinds of people. There are people who focus on their jobs. And when you ask them to do something else, they usually say that's not my job.
And also, they have a tendency to use the sentence. That's the only way to do it.
because they have learned one way to do things,
uh, they're focusing on doing it really well, and they don't want to get outside their comfort zone and do things the other way around. So they were following what they have been learning in the past and there
doing just that.
These people are
really dangerous for a company unless everything is functioning perfectly. And you have enough people in enough budget to hire enough people to have them performed there just there. Tasking, nothing else. Why? Because if you're looking from the outside and
the way these hierarchical structures are organized
Um uh, if you're a hacker, you will know if your if your cyber criminal, you will probably know how these things work and you will trying to find a way to basically attack in the field, which is on the on the on the border line off to jurisdictions.
It's like in tennis when people play doubles. And the best way to win a point is to put the ball between
two players on the opposing team,
because then they don't cannot agree. Who is going toe hit the ball, and sometimes none of them hits the bull and you score. So the same thing is happening here
if you're doing something that might be somebody's else in jurisdictions. So so if two people who should be working to together both say that's not my job,
you have easy way of getting in.
On the other hand, you have people who have the attitude. Let's sit and talk
and they say, How can we adapt to the new threat landscape? And when they sit to the table, there is no not usually not somebody at the head of the table. They sit, you know, like a roundtable like in the nights.
So in this case, you have people who are pretty much equal in in their approach off course. There are some people who have higher knowledge, and they have greater respect of their colleagues. But anyone's idea is welcome. And they are there now for focused on them,
performing tasks in the best possible way and not just holding on to their jurisdiction.
So this is this is very important thing, and this is something that if you're in in any way in charge of organizing some kind off security structure or strategy, you should look for the people on the lower end of this slide.
So in this video, I have been talking about
what are the security tasks that are focused on acid
and what kind of attitude of people that are tasked with this protection of assets. You can expect