Hi, everyone. And welcome back to Geek Time. 欢迎回来【极客时间】. Hi, Brad.

Hey, lulu, how's going?

It's being great. And Brad, I would like to propose a topic today.

Ok

Let's talk about one of your majors, which is Cyber Security, right?

Ok, good topic.

网络安全. Let's start with the basic. What is Cyber Security? I mean we can translate it. But exactly what is the security about? Is it about data? Is it about I don't know, finance? What is it about?

So, cyber security is the total your security of your data and your devices. But when we think about it, right, there's you can look at it as two main ideas.

You're protecting your data, whether it's your personal data or the company data or protecting critical infrastructure, companies, computers, your computer, or country's electric grids, their voting machines, their financial systems.

So, it's not just data ,it’s devices as well.

Okay. Am I to understand it's like several tiers, so you protect personal data, you need to protect like organizational data, like a company or organization, and you also have to protect sort of infrastructure in a country, in a community, like you said, electric grids and then voting machines, financial systems to make sure the country or the community or the region runs smoothly, operate smoothly.

Right.

Can I ask you just out of curiosity? What does this cyber security major fall under? What is like the big faculty or the big...?

So this one is between two faculties usually, most of its under IT, like information technology. But oftentimes with cyber security, it's not just on the IT side of things. It's also on the administrative side of things. So they often will combine the two. So my focus was yeah...

Like public admin.

Yes, kind of.

I see, and would you say it is a popular major to choose based on your observation?

It's fairly popular. I think a lot of people tend to go with just more of the basic IT support. I think cyber security is a little bit more daunting for some just because they look at it and they think that's got to be really difficult, but I think it's not any more difficult necessarily than the other IT majors.

So let's start with basic two more advanced security measures or settings. Obviously for most dummies, like me the first layer is password, but I know that is not really safe.

Yes,when you have a network,of course you need to have a password. And then when you think about passwords, you don't want to just have numbers because then this makes it very simple to decode or decrypt your password.

You add in letters and then symbols and then the more you add, the more complex it becomes, the more safe it is. But aside from passwords, a lot of times, people can or systems will use what's called a white list and what's called a blacklist.

What you allow and disallow.

Yes, right. A white list would just be we only allow these devices, right? And so anything that's on our white list as it is, are the only things that can enter. Or they might use a blacklist where they just say these devices can't be...can’t come onto the network.

A white list is a little bit safer, but it also makes it a little bit more difficult if you want to add a new device because you have to go into the system, you have to allow that device.

Yeah, unfortunately, I think a lot of people nowadays do not really have the basic awareness. I'm not even talking about the know how but the awareness of cyber security and we opt for convenience rather than total security.

Then of course on top of that, we have things like the antivirus software. Most people might run one or two different ones on their systems. But if you're like, really into cyber security, we use something called sand boxing.

Sand boxing?

Yes. So basically you have your operating system on your computer. When you log onto your computer, you use your computer. But you can actually kind of create what's called a virtual machine. And it's basically like a secured area on your computer where anything you open on that will be separate from the rest of your system.

And so it's basically we call it sand boxing because anything that you do on that will be like there is..

More secure?

It's basically a demarcation area where nothing you do there will affect the rest of your system. It's just a virtual system.

Do you use that on your computer, sand boxing?

I have done it when I was in the program. I don't do it for a lot of things just because there's not really any need. But if you watch videos on the internet, some people will mess with the scammers. And so they'll log into a virtual machine, and then they'll let the scammer log into their virtual machine and then play around in the virtual machine and just basically waste their time. The scammer thinks they're in a real computer.

So it's basically it's a way that you can protect your own system. If you're like, you're not sure, I think maybe this is a bad thing. You can use a sandbox as a way to protect yourself from it, but most people are probably gonna use it.

Yeah, I just checked briefly, I just did a little bit of research as you're talking, sandbox在中文是沙河. So any of you are IT experts, leave us common in a common section so that you can educate the rest of us what sandbox really is in Chinese or in English. It's up to you.

Now getting back to the topic. Brad, so far we've been talking about what we use as security measures. But what do we defend against? Is it like hackers?

Yeah, definitely, there's hackers out there. Hackers can use a lot of different tools to attack a network. They might use viruses, they might use malware which is basically a particular type of virus.

恶意软件.

People will download something and it will have a virus preload in it.

Then of course there's more direct like network attacks. Sometimes like if you see a website or a service go down, it might be because that network is being attacked by like a DNS attack. And basically it's a denial of service attack.

Basically, they have so many people or so many systems trying to log into the site at once that the site can't handle the traffic and..

It just collapses.

Yes.

But I think for just ordinary people like myself, because I'm not the owner of a huge company that we have a huge system or the government system to be attacked.

But for most of us, I would think perhaps there's also risk that we're being exploited by some of the apps that we install?

Yes. There's... a lot of times when someone designs an app, there might be some sort of security flaw on the app which allows someone to taking access to your system. And so basically, you can hackers or other people can use applications to just use a back door to get into your system. Of course you could use a combination of any of these things to access a network or a system.

Any other types of attacks?

Not necessarily, you know you can combine them all in letters called a multi vector attack, but basically you do a network attack while you're exploiting apps in your just looking at multiple angles all at once, because if you just try to do one thing, it'll take you a long time to get access to a network.

But if you try to do everything all at once, one of them is basically going to get you into the system.

Multi vector attack is混合矢量攻击. So it's a combination, it's like a combo attack.

Yes, combo breaker.

One of them is going to get you.

Now earlier on, we talked about how we set like passwords, white list, black list to protect ourselves. But in general, how would organizations like the bigger systems ,what kind of security measures do they have apart from like fire walls that we all know?

Like the basic measure is the firewall. Most people should be using a firewall these days. Firewalls will do like the blacklist, the white list and everything like that. But most companies or corporations probably are using some sort of intrusion detection system.

Now what they use this for is to monitor the networks because oftentimes if someone is accessing their network and they're not just doing normal day to day activities, they are going to be using a lot more resources. And so something like that is gonna instantly catch someone's attention. It's like why is this person using this many resources and so they're gonna look for things like that.

Oh, red flags.

Yes, they're gonna look for red flags, but later on, after there, if some sort of system has been hacked or attacked, they're gonna go in and look through the records. And then you basically do what's called forensics. You might think of people doing forensics at a murder scene. But there's actually digital forensics. And that's one of the classes I had to take in school.

I've heard about it. It's called cyber forensics, 网络鉴证.

Yes, cyber or digital forensics.

Basically your forensics personnel, but not for the crime scene, but for cyber crime scenes.

Yes. So like when you take a picture with a digital camera, oftentimes it will have GPS allocation and all these other things. And when you do digital forensics, you can actually look and find those bits of information.

And you can find if a file has been tampered with, based on like certificates and other things, but you can look at ...you go, ok, so this file was accessed. And it was tampered with so you can go through it and look for all that kind of stuff. It's very interesting.

Wow. The cyber forensics also teach you whether a picture is photoshopped?

Not necessarily like, typically after you photoshop a photo there will be some sort of tag on it so you can look at that, but there's ways to hide that you can just upload the original file.

But there is a whole another field of science to detect whether or not something is a deep fake or a photoshop.

Yeah actually that's another thing maybe in the future we can talk about deep fake.

Yeah. The most important thing though with any institution, the weakest link is not the computer system. The weakest link is the people at the corporation. They are probably the ones that always make the mistake. They leave their computer open. They.. you see a USB stick sitting somewhere and they are like what’s this? and plug into their computer ,or they see an email...

There was a famous thing that happened recently in the US. A company had said, hey, anyone who clicks this link will a get a bonus at the end of the year.

Freebie thing.

And the thing was a lot of people looked at it and they say, okay, it's from a legitimate email address and so they clicked on it. And then they said anyone who got this isn't or anyone who clicked on this isn't going to get the bonus.

And a lot of people got mad because it was like, if of course they saw a different email address and they said okay, that's not really legit, but it was from their boss.

So it wasn't a very good situation, but most of the time people are clicking on links they shouldn't click on and that's the big problem.

Yeah. So it still boils down to awareness basic awareness of cyber security. All right!

Exactly.

Now that's a lot, but let's wrap up here for our basic episode on cyber security. In the advanced episode, let's get a little bit more into it and talk about, for example, why is cyber security such a big issue with all these experts with all these programs around? Why are the attackers still winning or gaining upper hand a lot of the times.

All right. Meanwhile, if you have anything to say on the topic of cyber security, leave us comment in the comment section. Thank you, Brad, for coming to the show.

No problem. thank you,Lulu.

We'll see you next time.

See you next time everyone.