How To Sign Alaska Banking Form

How to industry sign banking alaska form computer

hello class dr mike here so with introduction operating systems and we're looking at an inner sort of introduction to security and uh we're gonna i'm gonna highlight some of the important parts and go a little bit in depth on some of the areas i think it's worth talking about security is a huge topic and you're definitely going to see more and more of it introduced into at different levels through different courses but this is an introduction to security and start with threats and first off um what are the threats from security well job loss integrity loss probably identity theft and financial loss are some of the biggest ones uh of course i'll be seeing with different issues with uh ransomware loss of files or data and of course with um data breaches loss of your data whether it be financial health or just general account data or pii which is personalized personal identification information phone numbers email addresses so so first off start we'll start with the simple stuff malware so look at some terms here malware is just that it's a silver militia software it has many forms it has many uses again find the most common we'll see in today of course is ransomware but uh you know malware itself can also be um a back door so that's hidden away uh rootkit as you see here listed um so malware has many forms and we're gonna look we're gonna refer this many forms and we do it's gonna talk about the term vectors this is of course the form of malware how it's used for a vector survey attack trajectory or how an attack happens click bait social media um you know a trojan horse things like that these attack vectors come in many many ways social networking is a huge one of course that probably goes along with macros or embedded documents which is part is again as a piece of malware using a lot of attacks so many of the ransomware attacks actually come from that but there's also a malware that's used electro um worms that will actually search the network for um open the same vector will be the same open and secure port you may not sure what port means right now we'll refer to that later in the course but so a worm can be used to move around the network an email could be a vector for an attachment that has malware so again another huge one is stealing passwords definitely passwords uh either with keystrokes uh password crackers um there are password dictionaries out there lots of them that are used for pasture cracking so what do i have here i have a weak pass which is a website i use for my hacking that's got all kinds of password dictionaries some are really huge 12 gigabytes that's text so this of course can be used to generate and you can see here's some samples so if you have password one two three four password one you're gonna be at the top of most lists so i'm gonna come back to passwords here a little bit for now let's move on so zero zero to exploit again this is an overview this is a vulnerability that's been found but it's not known to the publisher these are very difficult to prevent are usually disclosed in what's called the dark web and usually purchased the the exploits usually purchased for this uh it can be very expensive now flip that a vulnerability that's that's discovered and a vulnerability has many forms it could be a piece of code it could be an insecure configuration um it could be a okay sort of even a business process example would be if i call the help desk and i pretend to be somebody and then i can get information about that different users account so you know how we exploit our vulnerabilities present themselves are a lot of different areas now zerta exploit really specifically talks about code or software or operating systems that have an exploit that has not been known yet to the um again the manufacturer or the owner of the software virus again a virus this is sort of a generic term basically it's bad code it's malware malware and virus really are the same thing so again a wide range wide range of things that can income from it it could be very stealthy it could be very ransomware it can equip everything and lock you out of your system to you know stealthy back door that lives under forever so texas already a worm again it's a piece of malware that used to move around the network usually it is network aware and usually replicates itself there's some examples there you can look up and the text might actually talk about those in a little more depth so there's some other terms here a botnet or a bot so what does that mean so in turn what we have is a piece of malware usually it's hosted out here somewhere let's say this is a it's a virus it's hosted out on a web server using the main code the viruses and then the vector that gets into let's just make a company here this company here someone at the front desk gets a piece of email so this is our vector and that email has an attachment say a word doc so sweet dog the doc has a macro virus so here's our virus now the course the whole virus is actually not stored in here usually it's the stage one stage two stage one is a very small piece of code that one is open it leverages in this case it could be a zero day it could be a known exploit uh which will be uh visual basics for applications of eba or macro code and it runs and it will go out and fetch and install and run the virus code now this could be let's take the term of a stealthy code it actually opens up back door so it's going to open a back door for use um we'll say our evil hacker or put horns on them excuse my drawing skills now part of that could be so again we see a macro code which is a stage one code which enfetches a virus which is an exe and then in there could have our worm which will search out the network and maybe find this exec code could have exploits in it could be a zero day it could be uh just known exploits and so it can make its way through part or your entire network now it could just live here and it could offer what's called zombies these become zombies and every these zombies all communicate out let's draw it over here instead to what's called a bot herder or a botnet and then this becomes our zombies the bot herder served as someone who controls it so maybe our evil hacker could control the spot net sometimes you can rent these out use for all kinds of other attacks but these we use for in that case or you know this could detonate we could detonate the cxe file and then ransomware across the network wide we lock out everybody's files and we hope to get some money which is usually one of the main drivers behind a lot of that especially ransomware's money so it's over idea there but what a bot net is uh spyware spyware is sort of on the edge of being a virus and not you can some people go as far as say google chrome spyware i use google chrome a lot for education stuff i have different browsers for different different reasons some for personal use um you know using facebook could be almost considered spyware things that you plug into your browser and maybe offer you the weather and in turn collect information about your where you're doing tracking for example and not really maliciously not done to sort of uh exploit you as individual but using marketing to get maybe uh click information um or for advertisements that gather information about where you've been so spyware is sort of on the edge there it's really more of a privacy important thing though is it without permission that's actually the bad part so if i install a let's say on my mobile device i go ahead and install a solitaire app and it wants access to my instant messages well why so where as i install or i want location data why would as you know solitary location data whereas if i install an app um weather app that needs location data well that makes sense whether location information for a weather app might make sense so it is a fine line there something could just be malicious malicious of nature adware really is this too um probably the first line of defense as a regular user is to show up and use a secret secure browser and to use plug-ins so things like um ghostery or new block origin to block out some of these questionable cookies crustable tracking and external scripts that might run from third party things of course pop-ups are usually now off by default but in case a lot of times let's take this example here we'll do a new one though browser hijacking itself and actually have a demo that i usually do in class but i also posted here it is why i hijack a browser and what happens is if i want to infiltrate company x y z here so i could try attacking the network but it's not that easy they have good firewalls they have good defense they're patched they don't have wi-fi open outside of the building so to get into xyz i might do other things i might watch their traffic and i don't know exactly what the traffic is but i might watch it going to certain websites i notice a lot of traffic goes to even physical traffic let's just say let's just let's expand this let's use our hacker mentality here i sit at watch company xyz and i see a delivery truck that comes every afternoon from let's say a chinese restaurant in town well i'll go find that restaurant's webpage online and now again company xyz is secure all their website material everything solidly locked it's gonna take a lot of work to get in however i noticed this this restaurant website is woefully insecure so i could call this poison the well i'll hack this website here and i will inject much as code that when someone inside the company clicks their order i hope they have a chance to get into that method so it's over a side channel attack i'm not directly attacking him directly i'm coming through this channel here some examples in cyber security history sounds like funny history the target hack um it came through an hvac vendor which targeted had an insecure we had a poorly fragmented network they didn't having proper subnets so the the payment systems on the same subnet as the hvac system so it was easy to transverse and move around the network so again you come in through a side channel so browser hijacking is a big one for that that's one little quick idea you can do it spam you know spam is usually spam just noise junk mail but spam could also hold links to websites or other malicious malware instant messages i get those tours so often you know so and so click here i'm not clicking on that so probably the biggest one this is really the biggest attack vector social engineering okay hear about this in other classes um there's all kinds of examples of you know hacks that happen over the phone someone gets a phone call saying this is your bank you know we think your account's been not compromised can we get your login information you know it could be a email it comes in all kinds of all kinds of ways it can be done by from a team of people from one single person the idea is they want to uh reveal information about themselves and maybe not everything maybe the the attack only wants to reveal your login id but they don't want your password it might be the gut information about you and on that let's talk about social engineering too is this scraping the social media itself this is something i've done last year was pretty couple years ago here um in an attack which was find out the company i'm trying to attack find they have all their marketing managers stuff have of course social media accounts and on their twitter account i can determine oh their their college their favorite book you know maybe from their facebook information where they live you know things like that uh i looked at one attack where you know all the else the uh one of the high levels of the companies had a sibling who's on facebook that was a photographer could i use as a attack vector can i somehow maybe hack the siblings account you know daughter or son and use that to send an image a picture that has been embedded with malware and it won't be unusual for a uh if your brother sister you know you know son or daughter sent you that was a photographer sent you an image so you can see there's a level of trust there you try to breach that's what social engineering is to either gain that trust or leverage that trust to get information and to attack um an accountant typically so then any theft this one thing we've all seen it's just that someone wants to steal your identity probably the biggest way there is for financial so tracking your your bank account activity is very critical so uh of course um other things are child porn things like that distasteful content then come through malicious tools not too much so a lot of times really the work for unless this tool use is to go ahead and you know either hack ransomware get access get passwords but it can be used for also defacement so so again let's go back and talk about the link real quick i do have an example here so this is a real example from when i was a uh adjunct actually as a professor i got an email in a box and it said damn so dear staffs by the away i should uh and students so right away should tip you off itdesk requested all students and ad staffs to verify upgrades v there account to ensure account safety verify my account now of course right away i know not to link on this don't click on links you're not used to you may not use you're not you're not sure what they are especially they're questionable in fact you can right click and copy the link and paste it like i did here and look at it and you can see it's actually redirect to this and that actually didn't go to this website this funnydos.com this guide i never actually i just submitted this to uh the help desk as a phishing attack but um eventually to see what this was and other times the tech like this might actually have a web page i set up that looks like maybe a sinclair website logo and everything and it'll ask for your information you put in your username password and actually follow through the attack say well thank you you're very your account is now verified you can for your freedom free to continue as usual unbeknownst though i miss now just fed them my name and password so and this again this comes through email in the email attack vector is still a great one because um it's a level of trust with email so a ring of trust uh example if you get an email from crazydoctor mike you know and from you know computer sales it'll probably end up in your spam folder anything if you've got anything who's this crazy doctor mike i don't need to buy computer parts delete it um right me even though it was maybe we had a few links to malicious software so some malware i want to get on your computer but if you get an email from your professor that's from an sinclair.edu you go well trust that and i send you a link i'll probably link on it i trust you know this professor dr mike here professor mike's is giving me a link that's not malware so email is email is a very very valuable tool for getting in uh this is a horrible looking thing that's vision privacy i mean it's about information personal financial information health information that's another malicious way the tools are used cookies this is a good one so cookie use uh this is where a browser plug-in i have here like u-block origin or i have ghostery or some other ones can block cookies so in fact let's see there's done right now for let's open up like um let's just do weather dayton right weather.com let's see all right so u-block origin is blocking look at these always dot wx dot co rubyproject.com that's probably root by project capital google double click doubleclick.net ah yeah so i went to weather.com but look at all these different sites that are somehow interjecting things into my session and you can see of course um you know it looks like weather.com though so what's going on there what does that mean so i come in there are two types of cookies there's first party cookies which come from the website so let's use amazon we all love amazon right so amazon.com first-party cookies they're okay they're good i use that i needed for um to create secure connections i needed to uh when i go to runs on website it says welcome back mike here's your in your in inbox you can unbox your shopping cart or inboxes anything anything that's for interactive um we'll use cookies and these are okay first-party cookies are fine what third-party cookies are they come from external sources like double-click maybe some other adwares and someone could be tracking and not in the malicious sense um performance tracking like how fast did it take this page to load some websites don't have that way to create their own they'll sort of bring this third party and say hey help track my you know my performance you know how many how long does someone spend on the home page how many minutes or seconds before they click and where they click to again the idea is not malicious they use this to go ahead and track page views things like that and to help optimize their website but all hands they might actually come in as a third-party cookie um again probably because adware advertising definitely definitely one that will look at surf habits things like that this is like our double click here it's advertising so when i come to it for my web browser here externally i can block third-party cookies so these are third-party cookies and i do that with a lot of tools again we saw here um i trust siteboard so i even then there's statistics google stats ajax things like that so this was definitely needed but you can trust certain sites with some of these tools i can actually uh right here i can trust the site not to reload it to trust it but and so things like my bank i might trust maybe elearn for example i trust most of the time third-party cookie blockings can be fine but it could be if you interact with a certain website let's say let's go back to your bank you might want to allow that allow the third-party cookies from the bank at least to allow you know and for to like trust them through these type of blockers just to help ensure you don't have any issues with the website so again i had very little issues with blocking um like i block i have a raspberry pi running something called pile i block ads and run my entire home network here the only thing that has issues with that is my amazon kindle so so i had to do a dns redirect for that one but in any case i'm getting off topic here cookies other things to look at computer hardware theft so yes we think cyber you know passwords you know encryption you know but what about just locking your doors locking your hardware using a passcode on your mobile devices a good passcode by the way not one two three four so um because physical loss of that is definitely one also probably the biggest things is backups back up your files if you don't back up your files think about it right now do you back up your files if you say no then the files you back the files you use right now will be gone it could be gone in 10 seconds it could be gone in 10 hours 10 days 10 months 10 years but no one knows when things will break hard drives go bad corruption software corruption i haven't corrupted game saves before after a game patch so if you're a gamer you probably heard that before back up your files and use some caller 321 backup so it's good to backup three backups for your file three three versus your files so let's talk about backups here this is sort of a prevention here for you and i don't i didn't come up with this but the three two one backup strategy this actually came from a photographer which i wish i would have now remember this i like this site the photographer because you imagine that's a photographer those photos are that's the lifeblood of a photographer right well you imagine if you're a photographer you have a wedding party you just spent you know they just gave you a couple thousand dollars you have hundreds of photos and they all go corrupt because of something like this you know you spill coffee on your keyboard you know so that's that's me bad so three two one three copies of your file total two local which is um of course the original file and then a local backup maybe on an external hard drive and we have of course the first copy of the file so two local copies two copies local and then one copy off site somewhere a cloud provider because this this hard drive you use your backups on supposed to be you for backup could go bad right so there's all kinds of providers there's different ways you can back up your files it's important these are done automatically both the automatic whether you use something like i have idrive or use just tons of third parties free non-free create your own um definitely want to make sure you back up your files so i'll take a prevention tip there talk about keeping keeping track of threats so and i know i've skipped over this i'll come back to it when we look at the textbook summary um understand current threats biggest thing about understanding threats i'll just put this up here third post i use start post a lot i use your rss feed uh for this but also uh the news unfortunately cyber security threats can be very click-baity but that's the term i'm gonna trademark that um you know so i actually had the local news called me once and actually interviewed me saying we heard that all wireless is now insecure there's been a hack found and they did a story on the news well yeah it was but with a caveat first off it was discovered by a security researcher and the researcher posted just just a summary of their findings without the details and without the malicious code they used to do it and second when they did post they did in the summary to be able to do it took a took like ten or eight eight or ten steps had you know involved removing a router putting one in place uh and then you know basically cloning that router and then inserting the zero key for the wpa key insertion it was a very complex attack and so and then third thing is they disclosed this to things like you know android ios developer and you know apple google and router providers isps all got it operating systems got it you know windows and mac and they patched it they had a patch schedule so patching is very important by the way we'll see that in a second so so you can see the story was like oh everything's hackable well everything is hackable i guess in a way but in reality all your wireless is now hackable no not exactly that so you'll see posts about you know um current threats and vulnerabilities i mean all iphones are now hackable okay well yeah and you look at the details and say well yeah if someone has admin access on your phone they can install this well if someone has admin access or has my physical phone i'm already screwed so so being informed is important because hoaxes are actually an attack vector i could put out a hoax saying all iphones are now hackable here's a way to prevent it well in my prevention is a hack so uh you can see how that comes to play so again um keep a track of threats inner subways do this and the textbook talks about it so defense again i think i've talked about some of this already um but we'll look at it things look for so again have good news be paranoid but again be smart nothing's free i mean um whether you if you use ian google yahoo apple microsoft they'll have some sort soil collection if it's free you are sort of the product you're paying with some of your data it's up to you as a person to determine what you think is going to be the best you know value of that you know i have a lot of work work stuff here i use google docs i don't mind with that because i get something from it so social media again i think i've mentioned before think about what you admit about yourself out in the world your favorite books or may seem benign in nature it could be very handy to an attacker so and of course uh let's see affect yourself look security emails don't click on emails you're not sure about again this is five minutes or reading what i just said be careful what you um you know your behavior online about what you made about yourself uh don't click on stuff there's actually in the in the book it talks that there's actually in the textbook here it does have a link to our references the sonic wall fishing iq test which i think the url and the textbook might be different now just google sonic wall phishing iq test and take this little quick test you know i'm looking okay well is this legitimate or is this a uh is this legitimate or is this phishing so you know what would you think just based on looking at this i'll say legitimate this is fishing i say because there's two p's in p-pal that's not saying it's incorrectly spelled right but again it looks looks official fishing so go through this and actually also get stuff wrong too i've taken this several times you know onedrive sharing email executive team i can't tell take as like they'll say it's good mobile man soft reactivate now suspicious login blog from your bank that's a big one if you ever think your bank you get a voicemail phone call or email saying your your bank account's locked call your bank directly so you guys go through this thing let's say everything else is phishing i'll just say that um oh even that i got something right so i'll tell you why so it's a pretty good little test so this is referenced in the textbook in the phishing test section and again i think they url might be a little different just google sonic wall fishing test and you'll find it so pretty pretty little uh great little thing to do and usually we do this i'll do this in class and face-to-face so watch that click bait don't click on stuff uh policies make sure you understand policies you should have your own policies actually have like strong passwords having backups for your files these are not official policies you have a written policy for but understand too is the policies of every organization again i know i'm really coming to personal security this class has really mentioned industry into more enterprise organizational mindsets with operating systems um but pretty straightforward probably you should have a policy for everything as an organization passwords properties internet you know don't go gambling don't download porn you know have strong passwords and then also then use a technical way to sort of enforce those it could be setting windows active directory to ensure strong passwords make sure they expire every 90 days or so on so uh also um when you log into windows maybe you only have certain credentials you can only access certain things so we'll talk about that in a second and that can be done through security policies here so a written policy for the organization that's tr that's sort of given to you when you start a new job you sign something you understand this policy that's also enforced if all possible from within the technical aspects some sort of technical enforcement that can be audited too very important if you look at cyber security auditing is very very critical firewalls so firewalls they're everywhere let's see there's something here okay it's good in one so i wonder how the firewall works let's take this image here actually mark this image up here so what a firewall does is firewalls run in different layers which i don't have my you will have an external firewall to the outside world you might actually have more of them too it's actually possible to have something called a dmz you have another firewall here and in here you put things like your web servers email and so on you should have firewalls too on your client should be one here on your servers you definitely have firewalls so firewalls come in in layers and what if our oh how far all works in general let's just close that for now is this so we have ports on our computers you can see those later in the course there are 0 to 65 500 and shoot and 63 i think i can look that up now say 65k it's a lot of ports these are usually broken into different parts i'm not gonna get too much into detail more than that but they're numbered and these numbers align up with sort of a think of a service a service being an app or something underlying on the operating system we talked about last week underlying services right like dns for example domain name system port 53 port 80 is our http server so we know and 443 let's take those ones for now https very important secure service so we know if traffic comes into port 80 anything with https or http goes to our web browser our operating system does that right by default open up traffic in a web browser for that for that port so what a firewall does is besides breaking these into smaller chunks a basic firewall really says do i allow port 80 in or out and in our case um we'll do blue we'll say yes do we allow port 443 out and in or yes do we love dns yes let's say we have um port uh 22 for example which is our secure shell or something you may not use and don't even know what these are you can hear about these more and more so your your college courses here let's say you don't need this so so we don't want this running so first off we turn it off but also our port we block we block 22 so without getting too much deeper than this our web traffic comes in packets and those packets have the port number where it's from and where it's to as well as almost like almost like an envelope a firm address we turn it you know who's to who it's from and then part of that address information ip address and things like that is our port number so when that packet hits our firewall we can say nope you're not allowed when a packet comes in for port 80 it's allowed and it comes in and it gets handled by the operating system so that's basically the basics of a firewall that's called packet filtering it talks about here let's see packet filter right there um packing filtering is how a basic firewall works there are more advanced firewalls that are more uh smarter per se they can do session based firewalls versus session lists and just you know and now we'll get to the details of that that's against further courses but understand it uses packets for that to determine all this down here so all right so again operating system should have them uh personal firewalls on our devices windows has it it has a basic firewall and then you can actually go into the details and you can edit change firewall rules so about security software i know i'm still running okay it is so um windows 10. it's like windows 10. so windows comes with microsoft defender which in my experience is very very good um there's a lot of them out there and there's one the book which is called house call from trend micro that you can download and run it um for mac android and other things here windows 64-bit windows 32-bit and so on uh free tool for that it's great um we see windows defender if i look at my settings security update security and windows security you can see our virus protection threat account protection right there virus protection threat and there is our scan information so this is built in operating system scans automatically update to the windows and i've actually did a hack where we try to get around this and it's very very very tough it's not easy to throw a macro virus to this thing this thing was very um very well made so again i'm not here to to sell you this i mean it comes with windows so it's a fantastic operating system for that and it's fantastic to protect that operating system so windows defender but there's all kinds out there anti-spam email scanners those might be on servers anti-virus you should have it we call endpoints which is our desktops and personal firewalls too so skip over that let's talk about couplings here as a it's something you're going to see also in other courses but we will just believe we talked about this authentication multi-factor authentication probably one of the best protections you can have personal and for a corporation so first off what is first factor first factor is something you know in our case the good old password and user id right pretty common username password and our second factor is something you have so i'll type this could be a access to a device it could be an actual key like a key fob you shouldn't see it too much anymore those are sort of gone to the wayside you see these little plastic devices that have like a rotating code and actually use a lot of places too steam guard even my star wars zeal republic and my mother be playing has has its own authentication secure key so these are come to apps also but they could be on a device you ave like a phone um or it could be an email address you own or it could be of course a phone number an sms text message and you'll get some sort of authorization key that's temporary sent to those or rotates in some way this is something you have again a device an email sms third factor is something you are it's you it's physical biometric it could be your eye fingerprint and so on we see this now with almost all modern cell phones we have that in place and last thing there is actually a fourth factor it's on the slide here but i will reveal to you and it is where you are example this is uh like lastpass lastpass for strong passwords has uh the ability to block any traffic from certain ip regions of the world like i'm not allowing anyone in from the ukraine region from china or certain certain in certain parts of the world unless you plan to travel there you need to sort of tell them you are even someone has my id password they have maybe they did a chip burner on my phone and they have my phone now they try to log it in from outside of an ip address range that's allowed also maybe like on base maybe you can't log into a certain service unless you're on the ip address ip network of within the base for example military base so so that's our authentication how to authenticate authorization is pretty straightforward after you give proper credentials then you're let in and you're lending to a certain level that's basically it so it comes to personal security and even corporate security the accounts you use every day should not be what they call root or administrator accounts should we have none but not administrator so if at all possible and you see this in linux mac windows as well as get to the corporate side access to certain services should all be limited to the least amount of security that's needed for that role for that person so authorization again what you're allowed to access with those credentials authentication again strong passwords besides multi-fact authentication having a strong password is going to be key you can test out your passwords in a lot of ways a lot of a lot of things like lastpass onepass have or strength checkers this is grc.com and this is called haystack so you can google that grc gibson research corporation if you want you could actually do like how strong is the word password if i was to do a massive crack against it or even a fast attack i can crack it in two seconds probably a lot more than that if i put a one on it though 17 minutes if i put a special character on it nine months if i make one of these uppercase so passwords um it's about entropy entropy is actually a physics term but to crack passwords it's about the size of pool of randomness so entropy is really just we highly increase randomness is entropy it's a it's that again if you come in if i have lowercase a through z you just have that's it right it was you know our 26 characters if i add an uppercase a to z that i double it i double match for p buy it in numbers zero through nine add ten more to that entropy plus ten you can see my entropy grows as i add stuff the amount of randomization grows if i add special characters i forgot maybe there are total but dollar sign pounds i again we grow our entropy it gets larger spaces things like that numbers you can see if they just have password as you saw it's a very low entropy easy to crack there's less combinations that can be used for cracking if it's uppercase it gets larger numbers i make an even larger pool if i have special characters i have a larger pool to crack so again entropy is a huge part of this randomization definitely is a part of this you can see here now that doesn't mean that this is a big secure password because it's based off a dictionary word so there's some level of measurement not be down here um but if i just did you know like roll my face on the keyboard that's definitely a secure password so so use a password tool like lastpass something to have have a strong master password that's multi-authenticated and then have lastpass or someone pass store those long unique passwords for every site so very important strong passwords secondly unique password you know unique password for each site do you want to use the same password you use for a gaming form you'll use for your bank bad idea so um sticky notes for passwords is news and i get ideas sometimes especially if someone can walk by and see them strong passwords talk about already and also if you do have to create an unnecessary online account delete the account you don't need anymore online again probably be more important is have a separate password for that account so if i had to create a gaming form account somewhere um you know i'll have a special username and password just for that account so whether i want to keep it or not and also then do you need to provide information to account you know this just you know does the social screen number of driver's license number do they need the information try to limit with what you what what a accountant needs to have and also tip birthdays purchases birthday attacks are great birthday information is important you know you can use all kinds of attacks the pastor reset attack is an easy one so there was a governor of alaska named sarah palin her yahoo account was hacked and all the attacker did was use the password reset built into yahoo and the wiki page about sarah palin and there was information about her husband when she went to school and her birth date and the date she was married i believe it was her anniversary date all she knew was that as the pastor recent question so think about that information you put online again and how it will reflect to example password recess by the way password reset questions are still horrible not not a good way to do them but a lot of companies still have those employees so again security accounts try to use you know non-root or non-administrator accounts and if you have administrator accounts make sure they're password protected only a super user when needed guest accounts are nice especially for like chromebooks or even any computer where you want someone to use your computer let me use a guest account and standard account is a set which you should be using for most stuff so windows has a way to do this in computer management you can see here you can add or you delete users and also within here itself you need a control panel so we can hear we can add users we add users to an account um secure i'll do password oh look at that security questions why um anyways i'm not gonna control that but when you do next here we go it's a local account different account types administrator standard and so on there's also domain accounts so domain accounts will be for use like corporations or the school itself um and those of course will be done through active directory computer accounts there are some a lot of accounts are used just by the computer itself for example on linux servers you'll have an apache account an actual account for this the apache service there's no apache user per se there's actually a person who sits down that logs in under apache but these things will be needed to help sort of sandbox or isolate those services in case they get breached user account control that's how the hypothesis is are you sure you want to change this you can see that here in windows can if i go let's go to settings user account control i can type oh unt there you go there it is if i change this make it harder you're gonna get this a lot more often so leave it set default don't turn it off and don't turn it too high it also gets really gets annoying mac os has something like this you can unlock certain aspects of the control panel or preferences panel we'll get the mac later we'll see that secure mac talkbox already encryption uh if all possible encrypted sensitive data your secure key is definitely important to keep it see keep it secret it might be tied to it'll be tied to a uh maybe a passphrase or password and then also when you do use traffic it's probably the biggest one right here if i've got a website i need to create an account and it does it over http that means everything i type and return back on that web page is unencrypted so anything that i deal with should be https that s means secure file encryption operating systems can encrypt the windows home directories with the within mac with bitlocker mac uh i'm sorry windows or bitlocker mac has file vault and probably the last thing so hopefully we'll get the end here is be careful when you remove how you delete data if you delete a file it's not actually gone it's still on your hard drive it can be forensically retrieved so there's ways to securely delete stuff or if you're going to give a computer to a school or a church or you're going to donate it you should be sure that that information is overwritten or wiped or even remove the hard drive and put it to some empty one in so physical security talks about it ready in a corporate sense you can have the best security in the world for you know cyber security but you have a horrible physical security some can walk in and get access to a server so against our prevention protected by that array so that wraps up here uh you can see that in the summary here of the chapter defense heavy definitely i may not cover everything i think i covered in the 52 minutes now it's a little bit long i think i wanted to um it's a it's a heavy chapter but it's good stuff so if anything come away from this with some personal security at least i understand how it applies also in the corporate world so anyways i will look forward to seeing hopefully some folks in class someday but anyways enjoy this lecture thank you