WEBVTT

00:00.840 --> 00:07.110
Now that we had a basic overview on Cubes as an operating system and this lecture, we're going to dive

00:07.110 --> 00:07.650
deeper.

00:07.650 --> 00:13.620
We're going to learn about the structure of the operating system and how to launch different applications

00:13.620 --> 00:15.930
and use them in a secure manner.

00:16.440 --> 00:22.380
So in the previous lecture I said we can access all the applications from the top left menu in here.

00:22.470 --> 00:29.100
And other than the tools, like I said, each entry in here is actually a virtual machine.

00:29.100 --> 00:35.400
And then each one of these virtual machines contain different applications that you might want to use.

00:35.820 --> 00:42.660
Now, like we said before, basically a virtual machine is another completely separate operating system

00:42.660 --> 00:48.090
that runs within our current operating system within this computer right here.

00:48.180 --> 00:55.080
So each one of these entries in here is another operating system and hence the name Virtual Machine.

00:55.080 --> 00:58.410
It is as if it's a completely different computer.

00:58.410 --> 01:03.930
It has its own storage, it has its own RAM, its own CPU, its own resources.

01:03.930 --> 01:11.550
And therefore, this implementation is very, very secure because none of these virtual machines can

01:11.550 --> 01:13.410
communicate with each other.

01:13.410 --> 01:19.740
So if one of them gets hacked or an application that is stored in one of these virtual machines gets

01:19.740 --> 01:24.870
hacked, it will not be able to compromise the other virtual machines.

01:25.590 --> 01:30.180
Now, you'll notice there are different types of virtual machines in here.

01:30.180 --> 01:35.430
We have disposable virtual machines, domain service and template.

01:35.850 --> 01:40.230
The disposable virtual machines are amnesiac virtual machines.

01:40.230 --> 01:47.490
So these machines are designed to be used to run untrusted files or files that you think might be malware

01:47.490 --> 01:48.420
or viruses.

01:48.420 --> 01:54.540
Because once you run these files and then even if these machines get hacked, the virus or the backdoor

01:54.570 --> 02:00.090
cannot move or the hacker cannot move and compromise other machines because like we said, everything

02:00.090 --> 02:02.010
is a completely separate machine.

02:02.010 --> 02:08.460
Not only that, once you turn off this disposable machine, everything that was stored on it, including

02:08.460 --> 02:10.830
the virus or the backdoor, will be removed.

02:10.830 --> 02:15.270
So when you start it again, it will start a completely brand new machine.

02:16.110 --> 02:21.600
Next, we have the domain virtual machines and you can see these have different colors.

02:21.600 --> 02:28.560
And the idea of these machines are normal computers or normal virtual machines that can be used for

02:28.560 --> 02:29.550
normal usage.

02:29.550 --> 02:31.530
So you have one that's called personal.

02:31.530 --> 02:37.050
You should use this for whatever personal use you use a computer for, for listening to music, watching

02:37.050 --> 02:44.580
YouTube, watching my videos, whatever you usually do on a personal computer, you have an untrusted

02:44.580 --> 02:45.150
domain.

02:45.150 --> 02:50.160
This is a virtual machine that is designed for you to do untrusted things.

02:50.160 --> 02:52.350
For example, doing the normal web browsing.

02:52.350 --> 02:57.480
If you are searching for something and you're not sure if you're going to land in an untrusted website,

02:57.480 --> 02:59.790
then you can use this untrusted machine.

02:59.790 --> 03:04.470
Don't open your email or any accounts on this because it's untrusted.

03:04.470 --> 03:08.430
You're going to be doing untrusted tasks and open untrusted websites.

03:08.430 --> 03:14.340
Therefore, even if this machine gets hacked, your personal data on your personal computer will not

03:14.340 --> 03:18.840
be compromised because they are two completely separate virtual machines.

03:20.820 --> 03:27.930
We have a wall domain, and this domain is a virtual machine that is not connected to the Internet.

03:27.930 --> 03:35.250
And the whole idea of this is you store your most important and most secretive files or data so you

03:35.250 --> 03:41.040
can store your secret keys, you can store your passwords, you can store documents that are very important

03:41.040 --> 03:43.110
and you can't risk them being leaked.

03:43.500 --> 03:47.280
And again, the whole idea is this is not even connected to the Internet.

03:47.280 --> 03:51.780
And it's a completely separate computer, completely separate virtual machine.

03:51.780 --> 03:57.390
Therefore, it is very, very, very difficult or next to impossible to hack into.

03:58.110 --> 04:00.360
Finally, we have a work domain.

04:00.360 --> 04:06.750
Again, this is just another virtual machine that is designed for you to use for your work tasks so

04:06.750 --> 04:12.240
you can open your work email, you can do you can log in to your work if your work needs you to log

04:12.240 --> 04:13.740
in to a certain platform.

04:13.740 --> 04:16.980
And again, this is a completely separate virtual machine.

04:16.980 --> 04:22.740
So if any of the other machines get compromised, your work, whatever you have in this virtual machine

04:22.740 --> 04:28.230
will not be compromised because it is a completely separate virtual machine, a completely separate

04:28.230 --> 04:29.010
computer.

04:29.790 --> 04:36.330
Now, this whole idea of separation between domains and between virtual machines is what cubes is made

04:36.330 --> 04:39.240
of, is what cubes is designed to do.

04:39.240 --> 04:43.110
And even if you think this is a little bit vague, don't worry about it.

04:43.110 --> 04:47.730
I'm going to give you examples in the next lecture where I'm going to have different virtual machines,

04:47.730 --> 04:50.550
and the whole idea will become very, very clear.

04:52.080 --> 04:54.030
Other than the domain virtual machines.

04:54.030 --> 04:56.970
We have a number of service virtual machines.

04:56.970 --> 05:01.440
Now, these are virtual machines designed to carry out system services.

05:01.440 --> 05:07.080
So even though these are virtual machines, you don't usually use them to carry out different tasks.

05:07.080 --> 05:11.270
So we don't use them to access the Internet or we don't use them to store files.

05:11.280 --> 05:16.800
The idea of these virtual machines is to provide services for the operating system.

05:16.800 --> 05:21.900
For example, this firewall right here is literally the operating system firewall.

05:21.900 --> 05:28.020
But to improve the security of the operating system, the whole firewall is stored in a completely separate

05:28.020 --> 05:29.100
virtual machine.

05:29.280 --> 05:31.140
Same goes for the CIS net.

05:31.410 --> 05:37.980
This net is basically a virtual machine that is designed to encapsulate your networking, the networking

05:37.980 --> 05:39.030
of this computer.

05:39.030 --> 05:45.450
So for any reason, if someone manages to exploit your networking, it will be very difficult for them

05:45.450 --> 05:50.070
to escalate their privileges and gain access to the other virtual machines.

05:50.670 --> 05:55.380
We also have another network in Virtual Machine, which is the CIS annex.

05:55.380 --> 06:01.650
This is the Unix gateway, which basically forces all traffic to go through the Tor network and we'll

06:01.650 --> 06:05.220
see how we can configure virtual machines to use this gateway.

06:05.220 --> 06:08.850
And basically we'll have an operating system very similar to Thales.

06:10.260 --> 06:14.610
And finally, we have a number of templates, virtual machines.

06:15.000 --> 06:21.330
These are machines that the other virtual machines, such as the domain virtual machines right here

06:21.330 --> 06:22.600
are based off.

06:23.250 --> 06:29.880
So, for example, the work virtual machine and the personal virtual machine are both templates of the

06:29.880 --> 06:32.220
Fedora 30 virtual machine.

06:32.370 --> 06:39.240
So if you update the Fedora 30 virtual machine right here or installed pidgeon on it automatically personal

06:39.240 --> 06:43.360
at work because they are based on this template on the fedora.

06:43.380 --> 06:47.910
They will automatically get updated and they will automatically get pigeon.

06:48.480 --> 06:51.540
And we'll talk about that in more details later on.

06:52.800 --> 06:57.700
Now I know I spoke about a lot of different types of virtual machines and domains.

06:57.720 --> 06:58.920
Don't get confused.

06:58.920 --> 07:04.410
And don't worry, we will be using them a lot in the next lectures and as we use them, the difference

07:04.410 --> 07:08.580
will become clearer and you'll find it very, very easy to understand.

07:09.090 --> 07:15.360
The main idea to keep in mind is the only virtual machines that you will actually be using for your

07:15.360 --> 07:21.150
day to day use are the domain virtual machines, the ones that are colored in here, and start with

07:21.150 --> 07:22.320
the word domain.

07:22.740 --> 07:28.860
Everything else is either a service virtual machine, so it's run a system service or a template virtual

07:28.860 --> 07:29.220
machine.

07:29.220 --> 07:33.270
So it's a virtual machine, which the domains are based of.