2 hours 27 minutes
welcome back to intermediate endpoint Security Course. In this lesson, I'm going to continue talking about what do you need to manage on the endpoints? And I will focus on the operating system updates, installed software and passwords.
So when we talk about updating operating system, we have two things we have, ah, test compatibility off applications you're using with the current version off operating system. This is mainly
talking about windows, but also Mac os.
Um, so Apple computers sometimes do have this this problem, especially if you're have some kind of software that is written custom for you for seven application. So, um,
what we have as an issue in especially windows
is that if you're using Windows 10 home or Windows 10 pro version, then you cannot avoid your PC being updated. With all the windows up, the eggs exist.
What you can do is you can defer the update, and you see it on this screenshot from when those ah, those from advanced options in Windows Update settings
that you can choose. How many days do you want to prolong or they want to defer the update from the dates available and your PC has downloaded because if update is today and I have kept my PC off for
five weeks or two weeks, for example, I was on holiday and I didn't bring my business PC on holiday or I didn't bring any PC on holiday.
And then when I get back, then it will update it with Donald Template. And from that date, you will have the what's called the time the definite time.
So how many days, Um,
you you should do that at least for a couple of days
if you're if you're running a company and you don't have Windows 10 enterprise license because in that case you can test
on a one or a couple of PC's. What happens when you do the update? YSL the software Working properly, You have to test this after we have to have standard suit of tests for tests for for your custom software. So I'm not talking about. For example,
if you're using my Windows Microsoft windows
and you're using Microsoft office now, you don't have to worry about Microsoft Office problem. They will work. But if you're, for example, in the health care industry and you have some kind of specialized software that will take care of patient records
in May. Not work or some drivers. My may no longer work.
these things simply happen
from time to time with major window window updates. Because when the Microsoft is changing requirements that drivers have to comply in order to run under that
major update version of Windows.
So some things might not work. And I had the situation in my professional life when customers have, ah led to the PC update by itself, and then suddenly all yours beekeepers working. So
this is this is a thing connected toe major windows updates. So you have to test these things.
also you can there for security updates, which I don't recommend because, uh, these things should be implemented. Assume it's possible. Of course. Sometimes it might happen that some things might not work
after these updates, but its so rare that I don't recommend differing security updates.
So this is one thing about updating Europe braking system. Of course, if you have Windows 10 Enterprise Edition, you can switch the updates completely off, and I know some banks that they're doing it because they have,
um, core banking applications that barely function and some new update might stop it. Or, for example, people using Windows machines toe,
um, run CNC manufacturing. You locked the windows there for goods, and you don't update anything ever.
Then we talk about it installed software and management. So you need something called desktop management applications. And these things can manage drivers. They can manage operating system updates, they can manage applications and they can manage user data. And this is very nice thing, because if you manage all these things,
then you have a situation in which you know exactly you can have this report, which says, Ah, this many PCs running Windows, this many pieces rundown Apple operating system
and you can have all the statistics. But the most important thing is that you can manage what the users can install, so user doesn't have ah
by default. In these situations, they don't have any rights, and they have to go for installing applications to some kind of product basket and pick what they need.
And somebody has in The company has decided what kind of software they need, so they cannot install whatever they want, even if its legal, if even if they pay for it. No,
it has to be tested and
placed in them
in the present basket of software, and then you can install it.
Eso did the desktop management applications? These air? They usually have agent installed on every device. When we talk about PC's in General Onda, um,
then they can collect all this data. And also you have some kind of application there,
which is basically a connection to your basket of products within which we can install. For example, some people
in some companies they knew needed virtual ization like remember air in stolen and pieces. Some other don't. So you don't put it on initial image of for all the PC's. You just let all the people that need virtualization under because
they need work. You just let them install it later.
And now we come to the
very important thing, which is user passwords and behavior, and passwords are going to talk about a little bit more. So the rule is longer passwords, the better.
Why? Because if somebody gets, for example, password hash from a server or from your PC in order to break your passport, the shorter it is it takes less time, and this time grows exponentially with number of characters you place in your password, so if you have eight
eight letter password or a character password,
it really depends on the machine. They're running, but it can be as low as 20 seconds to break your password.
If you have 12 then it's significantly more if you have 30 can take them weeks, even months.
Eso The rule is longer password. There are better, but they're difficult to remember, and writing them them on a piece of paper is not a smart idea. So the suggestion I may cannot just means more, more and more security as experts suggest that instead of password, you use a pass phrase.
Essentially, it's a sentence that you can easily remember.
For example, I for me, it would be very easy to remember sentence that my name is Millan and I was born in Belgrade in 1996.
Now these Airil data that is easily available from your online, but nobody knows the structure of the sentence I'm going to use because I might use it like this. I was born in 1996 in Belgrade, and my name is melon, so I could change these things. Also, I could put
underscores instead of spaces and stuff like that,
or change some things. So it's a it really doesn't matter. It's just the length is what is important.
Aan den. The other thing that you need, which is sitting on the
on the server, is software that monitors behavior, and it's looking at threat behavior. Analysis is an intrusion prevention. Again, these Softwares software solutions are the subject of completely separate courses, so I'm not going to go into detail.
One thing that can improve
ah, safety off Logan is to use multi factor identifications of password is something you know.
But then biometrics, like your fingerprint or your iris scan or your face is something that you are,
part of who you are and what you are. And Key card, for example, is something you have. So if you
I can arrange that your PC requires all these things to authenticate Soto logging on your PC, it can exponentially complicate things for from cybercriminals toe. I do the unauthorized logging on your system. So
if if the system requires
that you typing password but at the same time, you have to put your finger on
biometric sensor soul. So fingerprint reader on your machine onda a same time put the key card with smart ship in your, uh, smartcard reader on your know, for example, or on your keyboard.
Then they basically need to obtain your
fingerprint and your key card and to know your password. So it's ah,
it's then a serious criminal operation to do that compared to just hacking your password.
So this is the end of the lesson. And let's Jude, let's do the short learning trick. And the question is, which of these password is the best?
So the 1st 1 I'm not even going to try to read it, the 2nd 1 in which we replaced letters with numbers and this is the 4th 1
now the 3rd 1 Sorry. And the correct answer is the 3rd 1 because it's the longest one, so it will definitely take the longer time to crack than the other two.
So in this video, you have learned about how to manage operating system updates, software updates and passwords and Loggins,
and the next lesson. I'm going to talk about fleet planning and bring your own device ing. Choose your own device concept