WEBVTT 00:00:00.000 --> 00:00:06.250 align:middle line:90% 00:00:06.250 --> 00:00:11.560 align:middle line:84% In this video, we're talking about patching everything. 00:00:11.560 --> 00:00:15.780 align:middle line:84% So why is patching such a big deal anyways? 00:00:15.780 --> 00:00:20.930 align:middle line:84% Well, according to a ZDNet article from June 4, 2019, 00:00:20.930 --> 00:00:24.830 align:middle line:84% one in three breaches are caused by unpatched vulnerabilities. 00:00:24.830 --> 00:00:28.340 align:middle line:84% Flaws are left open for weeks or even longer when fixes exists. 00:00:28.340 --> 00:00:32.340 align:middle line:84% Security experts admit leaving organisations at risk - 00:00:32.340 --> 00:00:35.470 align:middle line:90% one in three breaches. 00:00:35.470 --> 00:00:40.000 align:middle line:84% So anyone remember Equifax a few years ago? 00:00:40.000 --> 00:00:44.170 align:middle line:84% Well, Equifax had a major data breach in 2017. 00:00:44.170 --> 00:00:47.710 align:middle line:84% Matter of fact, it was one of the largest data breaches ever, 00:00:47.710 --> 00:00:49.980 align:middle line:90% if not the largest. 00:00:49.980 --> 00:00:55.560 align:middle line:84% So in this data breach, 147.9 million Americans 00:00:55.560 --> 00:00:59.100 align:middle line:84% along with 15.2 million British citizens 00:00:59.100 --> 00:01:01.320 align:middle line:84% and about 19,000 Canadian citizens 00:01:01.320 --> 00:01:04.080 align:middle line:90% were compromised in this breach. 00:01:04.080 --> 00:01:07.530 align:middle line:84% So credit card numbers, social security numbers, 00:01:07.530 --> 00:01:10.320 align:middle line:84% all sorts of information got leaked. 00:01:10.320 --> 00:01:13.140 align:middle line:84% Now, this was caused because of vulnerability in the Apache 00:01:13.140 --> 00:01:16.500 align:middle line:90% Struts that was identified. 00:01:16.500 --> 00:01:19.140 align:middle line:84% But it wasn't initially patched until it was too late. 00:01:19.140 --> 00:01:21.880 align:middle line:90% 00:01:21.880 --> 00:01:27.000 align:middle line:84% So the point is, there's a lot of different breaches 00:01:27.000 --> 00:01:27.500 align:middle line:90% out there. 00:01:27.500 --> 00:01:29.570 align:middle line:84% There's a lot of vulnerabilities. 00:01:29.570 --> 00:01:32.600 align:middle line:84% We have application vulnerabilities, Adobe issues, 00:01:32.600 --> 00:01:36.470 align:middle line:84% patches in 2020 in July, critical security patches 00:01:36.470 --> 00:01:38.150 align:middle line:90% for multiple software. 00:01:38.150 --> 00:01:40.880 align:middle line:84% To be fair, Adobe releases a lot of security patches 00:01:40.880 --> 00:01:43.270 align:middle line:90% for a lot of their software. 00:01:43.270 --> 00:01:46.405 align:middle line:84% Zoom recently has been coming up with more and more flaws from 00:01:46.405 --> 00:01:47.950 align:middle line:84% - the more that people are using, 00:01:47.950 --> 00:01:50.680 align:middle line:84% the more flaws that are being found. 00:01:50.680 --> 00:01:52.755 align:middle line:84% Critical bugs and backdoors found 00:01:52.755 --> 00:01:55.037 align:middle line:84% in GeoVision's fingerprint and card scanners 00:01:55.037 --> 00:01:59.710 align:middle line:84% - Microsoft constantly releases vulnerability patches. 00:01:59.710 --> 00:02:01.960 align:middle line:84% And for the June 2020 security patch, 00:02:01.960 --> 00:02:04.510 align:middle line:84% there was 129 vulnerabilities that 00:02:04.510 --> 00:02:11.110 align:middle line:84% were patched in that one patch alone, 129 vulnerabilities. 00:02:11.110 --> 00:02:15.250 align:middle line:84% And highly critical SAP bug was found. 00:02:15.250 --> 00:02:18.260 align:middle line:84% They could allow attackers to take over corporate servers. 00:02:18.260 --> 00:02:20.200 align:middle line:84% These are all really scary things. 00:02:20.200 --> 00:02:21.970 align:middle line:84% So it's not just your operating systems 00:02:21.970 --> 00:02:24.490 align:middle line:84% that need to be patched, but also your application software. 00:02:24.490 --> 00:02:27.000 align:middle line:90% 00:02:27.000 --> 00:02:30.470 align:middle line:84% So what is the cost if we don't patch 00:02:30.470 --> 00:02:32.930 align:middle line:84% and we end up with a some sort of breach? 00:02:32.930 --> 00:02:37.490 align:middle line:84% Well, in the case of Equifax, loss of public trust. 00:02:37.490 --> 00:02:39.328 align:middle line:90% Their stock prices dropped. 00:02:39.328 --> 00:02:41.120 align:middle line:84% They ended up with a congressional hearing, 00:02:41.120 --> 00:02:43.130 align:middle line:84% because there were so many users that 00:02:43.130 --> 00:02:48.000 align:middle line:84% had their accounts breached - $700 million settlement 00:02:48.000 --> 00:02:52.690 align:middle line:84% for that - and customer's risk of identity theft. 00:02:52.690 --> 00:02:55.470 align:middle line:84% So that's a lot of people that were potentially exposed 00:02:55.470 --> 00:02:59.040 align:middle line:90% for identity theft. 00:02:59.040 --> 00:03:04.610 align:middle line:84% So this was all because of CVE-2017-5638. 00:03:04.610 --> 00:03:07.580 align:middle line:84% And if you remember the Exploit Database, 00:03:07.580 --> 00:03:13.080 align:middle line:84% you all remember what a CVE is in the vulnerability code. 00:03:13.080 --> 00:03:21.750 align:middle line:84% So CVE-2017-5638, that was a critical Apache Strut 00:03:21.750 --> 00:03:24.120 align:middle line:90% 2.x vulnerability. 00:03:24.120 --> 00:03:27.750 align:middle line:84% And that patch was about 65 megabytes. 00:03:27.750 --> 00:03:31.770 align:middle line:84% So let's think about that - 65 megabytes. 00:03:31.770 --> 00:03:34.330 align:middle line:84% That would probably take a corporate network 00:03:34.330 --> 00:03:37.770 align:middle line:84% a handful of seconds to download the patch. 00:03:37.770 --> 00:03:40.140 align:middle line:84% And even on a bad day, it'd still probably take 00:03:40.140 --> 00:03:43.680 align:middle line:84% a couple seconds to actually grab that 65 megabyte 00:03:43.680 --> 00:03:45.510 align:middle line:90% vulnerability patch. 00:03:45.510 --> 00:03:47.760 align:middle line:84% And that 65 megs, probably not going 00:03:47.760 --> 00:03:50.160 align:middle line:84% to take very long to actually install that patch, 00:03:50.160 --> 00:03:52.650 align:middle line:84% to actually fix that vulnerability. 00:03:52.650 --> 00:03:56.710 align:middle line:84% However, that didn't happen until it was too late. 00:03:56.710 --> 00:03:59.140 align:middle line:84% So we need to start to think about a patch cycle. 00:03:59.140 --> 00:04:00.932 align:middle line:84% And we need to start thinking about a patch 00:04:00.932 --> 00:04:04.090 align:middle line:84% cycle for a lot of things - your switches, your servers, 00:04:04.090 --> 00:04:07.460 align:middle line:84% your wireless access points, your computers. 00:04:07.460 --> 00:04:10.670 align:middle line:84% Anything that has a patch, including application software, 00:04:10.670 --> 00:04:13.020 align:middle line:84% you need to think about patching this. 00:04:13.020 --> 00:04:16.550 align:middle line:84% So we want to get in some sort of cycle. 00:04:16.550 --> 00:04:20.175 align:middle line:84% Now, on workstations, we can do automatic updates. 00:04:20.175 --> 00:04:21.800 align:middle line:84% You can set it to automatically update. 00:04:21.800 --> 00:04:23.980 align:middle line:84% Now, if you don't want to, you could always 00:04:23.980 --> 00:04:26.810 align:middle line:84% - there's other software out there. 00:04:26.810 --> 00:04:28.910 align:middle line:84% Or you can do a group policy, for example, 00:04:28.910 --> 00:04:30.210 align:middle line:90% if you're on Windows. 00:04:30.210 --> 00:04:33.950 align:middle line:84% You could set up a scheduling system to look for an update. 00:04:33.950 --> 00:04:34.910 align:middle line:90% Don't install it yet. 00:04:34.910 --> 00:04:36.900 align:middle line:84% Pause a couple days, or even a week, 00:04:36.900 --> 00:04:39.830 align:middle line:84% depending on what your situation is. 00:04:39.830 --> 00:04:41.900 align:middle line:84% In some medical and financial sectors, 00:04:41.900 --> 00:04:44.780 align:middle line:84% they may wait a few days to actually apply a patch, 00:04:44.780 --> 00:04:47.420 align:middle line:84% because they want to see if it breaks anything. 00:04:47.420 --> 00:04:51.020 align:middle line:84% If people start reporting that, well, this Microsoft patch, 00:04:51.020 --> 00:04:53.690 align:middle line:84% people can't log in anymore - gives them time 00:04:53.690 --> 00:04:57.260 align:middle line:84% to actually fix the update and then download the fixed one 00:04:57.260 --> 00:04:59.810 align:middle line:90% and apply the update. 00:04:59.810 --> 00:05:03.860 align:middle line:84% Server settings - servers can also be set auto update. 00:05:03.860 --> 00:05:08.780 align:middle line:84% Or a lot of times, people will evaluate on a regular schedule 00:05:08.780 --> 00:05:10.970 align:middle line:90% when to update these things. 00:05:10.970 --> 00:05:12.560 align:middle line:84% Network switches and our hardware 00:05:12.560 --> 00:05:16.080 align:middle line:84% should be evaluated and updated on a regular schedule. 00:05:16.080 --> 00:05:18.350 align:middle line:84% You might not be able to apply a, say, 00:05:18.350 --> 00:05:22.850 align:middle line:84% firewall or core network switch update every week 00:05:22.850 --> 00:05:25.100 align:middle line:90% or every month, whatever it is. 00:05:25.100 --> 00:05:27.770 align:middle line:84% However, you should end up in some sort of cycle 00:05:27.770 --> 00:05:30.410 align:middle line:84% that you're going to say, on these dates, 00:05:30.410 --> 00:05:33.375 align:middle line:84% we're going to check if there's an update for our course, which 00:05:33.375 --> 00:05:35.875 align:middle line:84% we're going to take the network down for this amount of time 00:05:35.875 --> 00:05:37.370 align:middle line:84% and we're going to apply the update, 00:05:37.370 --> 00:05:38.662 align:middle line:90% because it needs to be updated. 00:05:38.662 --> 00:05:41.730 align:middle line:90% It needs to be secured. 00:05:41.730 --> 00:05:44.490 align:middle line:84% And that brings us to emergency patching. 00:05:44.490 --> 00:05:46.440 align:middle line:84% We should keep an eye out for critical flaws 00:05:46.440 --> 00:05:48.690 align:middle line:84% and that you need to be addressed immediately. 00:05:48.690 --> 00:05:51.780 align:middle line:84% This is going to change our update cycle. 00:05:51.780 --> 00:05:54.090 align:middle line:84% But it's also going to be very necessary. 00:05:54.090 --> 00:05:57.510 align:middle line:84% If there is something, a critical vulnerability, 00:05:57.510 --> 00:06:00.810 align:middle line:84% say, in the case of Equifax, that 00:06:00.810 --> 00:06:03.610 align:middle line:84% was a very serious exploit that should 00:06:03.610 --> 00:06:04.860 align:middle line:90% have been patched immediately. 00:06:04.860 --> 00:06:06.540 align:middle line:90% But it wasn't. 00:06:06.540 --> 00:06:08.610 align:middle line:84% We need to keep these things in mind. 00:06:08.610 --> 00:06:14.460 align:middle line:84% And we need to patch, pause and patch, as necessary. 00:06:14.460 --> 00:06:18.060 align:middle line:84% So to prepare ourselves, we can search things 00:06:18.060 --> 00:06:20.028 align:middle line:84% like vulnerabilities on Exploit Database. 00:06:20.028 --> 00:06:21.695 align:middle line:84% We can subscribe to security newsletters 00:06:21.695 --> 00:06:23.680 align:middle line:84% to keep yourselves aware of, what 00:06:23.680 --> 00:06:25.680 align:middle line:84% these critical flaws that are coming out that we 00:06:25.680 --> 00:06:27.360 align:middle line:90% need to apply immediately? 00:06:27.360 --> 00:06:29.100 align:middle line:84% We can manually scan for new patches. 00:06:29.100 --> 00:06:30.900 align:middle line:84% And we can actually take a look at what's 00:06:30.900 --> 00:06:32.108 align:middle line:90% going to be in those patches. 00:06:32.108 --> 00:06:35.100 align:middle line:84% And we can figure out if we need to apply it right away or not. 00:06:35.100 --> 00:06:37.620 align:middle line:84% We could check out the news for security-related issues. 00:06:37.620 --> 00:06:39.630 align:middle line:84% And we could rely on our network security team, 00:06:39.630 --> 00:06:42.960 align:middle line:84% if we have one, to let us know when we need to patch it. 00:06:42.960 --> 00:06:46.560 align:middle line:84% We need to break that cycle and patch early. 00:06:46.560 --> 00:06:48.540 align:middle line:84% So patching is one of the easiest things you 00:06:48.540 --> 00:06:50.100 align:middle line:90% could do to prevent an issue. 00:06:50.100 --> 00:06:52.710 align:middle line:90% 00:06:52.710 --> 00:06:53.918 align:middle line:90% So this was about patching. 00:06:53.918 --> 00:06:56.210 align:middle line:84% Next video, we're going to be talking about antiviruses 00:06:56.210 --> 00:06:57.872 align:middle line:90% and console tools for it. 00:06:57.872 --> 00:06:58.830 align:middle line:90% Thank you for watching. 00:06:58.830 --> 00:07:00.880 align:middle line:90% I'll see you in the next video. 00:07:00.880 --> 00:07:02.000 align:middle line:90%