If you are in any IT role, or even just want to get a better understanding of network security, this video series is a must watch.
Network Chuck is a YouTuber with a knack of explaining complex concepts in a clear and understandable way. Any one at any skill level will take something away from this video series.
Links to all the videos below.
In this first episode, Chuck introduces us to the changes coming to security+, and the fact that security exams are starting to focus more on cloud hosted solutions like Azure and AWS.
Social engineering. Your best technical security efforts and firewalls can be thwarted if a user is convinced to give their info away willingly, or run insecure code. User training and is just as important as technical security measures.
Phishing – this is a form of social engineering where the victim is sent a malicious link, that looks like a legitimate website, but they frequently use, urging them to fill in their password for some important reason. A Spear Phishing attach is more target – going after a specific person with information gained from their website, Facebook or Linked-In profile. Lesson learnt: Never click a link in an email or text message. Always go to the site using your own bookmark or by typing it in directly into the address bar. Also shows how easy it is to install Blackeye – a tool that creates phishing sites that look exactly like legitimate sites with just a few commands.
Practical example of a Social Engineering attack – Pretexting. The victim is told a story on why it is important to provide sensitive information immediately to prevent a charge or cancellation of service etc. Lesson learnt: Never give out information over the phone or email. If called, get the persons Name and call them back on a number you have or get from the companies website directly.
Watering hole social engineering – This is where you visit a website you frequently visit and feel safe on, and the website was compromised. These are difficult attacks for end users to protect from since the real legitimate site is hacked. We are also introduced to Type Squatting – were hackers buy domain names that are similar to well known sites, and make them look like the legitimate site and get you to enter your personal details.
Hoaxes and influence campaigns that promise you great returns on investments, or try to blackmail you with false accusations.
More practical examples of social engineering attacks.
Take a tour in a data centre and learn how their networks are configured. A bit more technical this time, but if you got this far you already know Chuck is awesome at explaining technical concepts.
Wide Area Networks and how remote branches and head office and your data centre are connected to each other in a secure way.
Coming soon.. be sure to subscribe to Network Chuck to be notified of new videos, and show your support for the GREAT work he is doing.