1 00:00:00,350 --> 00:00:03,160 There are a lot of security threats out there. 2 00:00:03,160 --> 00:00:05,190 They're all out there trying to go and break into 3 00:00:05,190 --> 00:00:08,210 your systems, your computers, and your servers. 4 00:00:08,210 --> 00:00:11,770 We're going to cover four of the main categories right now. 5 00:00:11,770 --> 00:00:13,660 The first is Malware. 6 00:00:13,660 --> 00:00:17,040 Malware is a shorthand term for malicious software. 7 00:00:17,040 --> 00:00:19,510 This can be things like viruses, worms, 8 00:00:19,510 --> 00:00:23,230 Trojan horses, spyware, rootkits, adware, 9 00:00:23,230 --> 00:00:25,890 ransomware, and many other different types. 10 00:00:25,890 --> 00:00:28,810 We're going to spend a lot of time talking about malware. 11 00:00:28,810 --> 00:00:31,430 In fact, we're going to spend the entire portion 12 00:00:31,430 --> 00:00:33,810 of section two covering malware. 13 00:00:33,810 --> 00:00:36,670 And we're going to spend an entire lecture on each one 14 00:00:36,670 --> 00:00:39,410 of these different types that I just listed. 15 00:00:39,410 --> 00:00:42,150 Next, we have Unauthorized Access. 16 00:00:42,150 --> 00:00:43,550 Just like in the last lecture, 17 00:00:43,550 --> 00:00:45,230 when we talked about authorization, 18 00:00:45,230 --> 00:00:47,820 well, if you can break through the authorization, 19 00:00:47,820 --> 00:00:50,240 you can gain unauthorized access. 20 00:00:50,240 --> 00:00:51,950 This occurs when you can get access 21 00:00:51,950 --> 00:00:54,070 to a computer resource or data, 22 00:00:54,070 --> 00:00:57,010 and it occurs without the consent of the owner. 23 00:00:57,010 --> 00:00:59,220 So, if you can sneak by that security guard 24 00:00:59,220 --> 00:01:00,960 and get in past the front door, 25 00:01:00,960 --> 00:01:02,890 that's breaching your physical security, 26 00:01:02,890 --> 00:01:05,800 and that would be a form of unauthorized access. 27 00:01:05,800 --> 00:01:07,980 But, if you're able to guess a user's password 28 00:01:07,980 --> 00:01:10,600 and pretend to be them and log on to their system, 29 00:01:10,600 --> 00:01:13,490 well, that's also considered unauthorized access, 30 00:01:13,490 --> 00:01:15,503 except it's in the logical realm. 31 00:01:16,390 --> 00:01:19,370 The third category is called System Failure. 32 00:01:19,370 --> 00:01:21,420 This occurs when a computer crashes 33 00:01:21,420 --> 00:01:23,740 or an individual application fails. 34 00:01:23,740 --> 00:01:25,870 In the old days, we used to call this 35 00:01:25,870 --> 00:01:28,940 the dreaded blue screen of death, or BSOD. 36 00:01:28,940 --> 00:01:30,610 That's because on Windows XP, 37 00:01:30,610 --> 00:01:32,110 whenever the system would crash, 38 00:01:32,110 --> 00:01:33,800 you would get a bright blue screen 39 00:01:33,800 --> 00:01:36,700 with tiny white text telling you why it crashed. 40 00:01:36,700 --> 00:01:38,310 And on a lot of Windows systems, 41 00:01:38,310 --> 00:01:40,090 this would happen quite frequently. 42 00:01:40,090 --> 00:01:42,670 And so, it became a running joke in the community 43 00:01:42,670 --> 00:01:44,530 called the blue screen of death. 44 00:01:44,530 --> 00:01:46,380 The fourth category of security threats 45 00:01:46,380 --> 00:01:48,120 are Social Engineering. 46 00:01:48,120 --> 00:01:50,230 Social engineering is the act of manipulating 47 00:01:50,230 --> 00:01:52,960 a user into revealing confidential information 48 00:01:52,960 --> 00:01:55,450 or performing other actions that are detrimental 49 00:01:55,450 --> 00:01:57,830 to either the user or their company. 50 00:01:57,830 --> 00:02:00,440 One of the ways this occurs is through phishing. 51 00:02:00,440 --> 00:02:03,180 You might get an email that tells you that you've won money, 52 00:02:03,180 --> 00:02:05,020 or that your PayPal account has been hacked, 53 00:02:05,020 --> 00:02:07,600 or a myriad of other pretext. 54 00:02:07,600 --> 00:02:09,540 In that email, there's also a link, 55 00:02:09,540 --> 00:02:12,240 and if you click that link, it brings you to a login page 56 00:02:12,240 --> 00:02:14,390 that looks just like your bank or PayPal 57 00:02:14,390 --> 00:02:16,500 or whatever they're trying to simulate. 58 00:02:16,500 --> 00:02:18,010 So, you put in your username 59 00:02:18,010 --> 00:02:19,890 and your password and click Login. 60 00:02:19,890 --> 00:02:22,170 But instead of giving that information to your bank, 61 00:02:22,170 --> 00:02:24,360 you just instead gave it to a criminal. 62 00:02:24,360 --> 00:02:26,370 This is a form of social engineering 63 00:02:26,370 --> 00:02:28,530 using technical capacity. 64 00:02:28,530 --> 00:02:31,390 Another example would be if I started going to your office 65 00:02:31,390 --> 00:02:32,930 and I showed up at the front door 66 00:02:32,930 --> 00:02:34,740 with a big brown box in my hands 67 00:02:34,740 --> 00:02:37,610 and I'm wearing a brown shirt, like I'm a delivery man. 68 00:02:37,610 --> 00:02:38,970 You might open the door and let me 69 00:02:38,970 --> 00:02:41,510 past security to go deliver my package. 70 00:02:41,510 --> 00:02:43,820 But, I wasn't really authorized to be there. 71 00:02:43,820 --> 00:02:46,130 In fact, I don't work for the delivery company. 72 00:02:46,130 --> 00:02:48,040 I'm instead just trying to get in your building 73 00:02:48,040 --> 00:02:51,340 and past security so that I can break into your network. 74 00:02:51,340 --> 00:02:54,240 Social engineering is a really fun topic to talk about, 75 00:02:54,240 --> 00:02:55,310 and we're going to spend some time 76 00:02:55,310 --> 00:02:57,893 on this later on in the course.