WEBVTT

00:00.510 --> 00:06.690
Now that we cover the basics of cubes and we cover the basic structure and how all the applications

00:06.690 --> 00:12.120
are isolated into different virtual machines and the meaning of each of these virtual machines.

00:12.330 --> 00:18.060
And this lecture, I want to actually go ahead and start using applications so that it's easier for

00:18.060 --> 00:24.750
you to understand what we mean by the different domains, how do they work and how to use them to carry

00:24.750 --> 00:26.730
on your daily tasks.

00:27.300 --> 00:33.840
This will also make the whole concept of isolation and the different security domains easier to understand.

00:34.530 --> 00:38.640
So as usual, we're going to go to the top left menu to launch an application.

00:39.060 --> 00:45.240
And like I said in the previous lecture, the actual virtual machines that you'll be using to carry

00:45.240 --> 00:51.360
out normal day to day tasks are the colored ones, the ones that start with the word domain.

00:51.990 --> 00:58.170
So let's go to the personal virtual machine or the personal domain, and let's launch one of the applications

00:58.170 --> 00:58.800
in here.

00:58.800 --> 01:00.420
So we have a file manager.

01:00.420 --> 01:04.410
We can launch Firefox, we can launch the settings or a terminal.

01:04.860 --> 01:11.130
So let's click on Firefox because we want to access the Internet and you'll notice here on the top right,

01:11.130 --> 01:16.170
it's going to say that it is starting the personal virtual machine or the personal domain.

01:16.620 --> 01:22.410
So the first time you launch an application within a domain, you'll notice that there will be a little

01:22.410 --> 01:23.550
bit of a delay.

01:23.580 --> 01:28.890
The reason for this is, like I said, each domain is its own virtual machine.

01:28.890 --> 01:35.100
So the first time you launch an application within that domain, the first thing that cubes will do

01:35.100 --> 01:41.940
is start a virtual machine, start a completely separate computer, and then launch the application

01:41.940 --> 01:47.310
that you requested within this domain, within this new virtual machine.

01:48.030 --> 01:52.980
Once done, as you can see, you'll get your application, which is Firefox in this case, and let's

01:52.980 --> 01:54.000
see if it's connected.

01:54.000 --> 01:55.770
So let's go to that security.

01:57.110 --> 01:57.740
I'm perfect.

01:57.740 --> 02:00.520
As you can see, we have a normal Internet access.

02:00.530 --> 02:05.960
Everything is working as expected, and you can use this browser the same way that you use any other

02:05.960 --> 02:06.860
web browser.

02:07.340 --> 02:10.790
Now let's go ahead and go to the personal again.

02:10.790 --> 02:16.520
And this time I'm going to launch my files and you'll notice that this will be almost instant because

02:16.520 --> 02:18.740
the virtual machine is already running.

02:18.770 --> 02:25.040
Therefore, I can open the file manager within that virtual machine, so there is no need to start the

02:25.040 --> 02:27.140
virtual machine from scratch.

02:27.920 --> 02:33.170
Now in here we have a normal file manager that you can use to navigate through your file system and

02:33.170 --> 02:34.310
access your files.

02:34.310 --> 02:36.410
We have our downloads in here.

02:37.270 --> 02:39.460
Your music, your videos, and so on.

02:39.490 --> 02:44.890
Double click to enter, right click to copy, paste, cut, get properties and so on.

02:45.010 --> 02:49.540
So using this is very similar to using any other file manager.

02:50.810 --> 02:53.150
Now let's put this here to the side.

02:53.330 --> 02:59.150
And what I'm going to do is I'm going to go back to my applications, and this time we're going to go

02:59.150 --> 03:02.840
to the work domain or to the work virtual machine.

03:02.840 --> 03:06.920
And again, let's go ahead and launch a Firefox instance.

03:07.640 --> 03:12.630
Now, again, this is the first time we launch Firefox from within the work domain.

03:12.650 --> 03:19.730
Therefore, this will take a bit of time to boot the work virtual machine first and then open Firefox

03:20.420 --> 03:21.170
and perfect.

03:21.170 --> 03:26.720
As you can see, we have Firefox running in here and let's go to Google this time.

03:28.080 --> 03:30.660
And as you can see, we have Internet access.

03:30.930 --> 03:37.020
Now, keep in mind, this window right here, the Firefox window, the blue one, it is a completely

03:37.020 --> 03:38.630
separate virtual machine.

03:38.640 --> 03:40.970
Then the yellow window right here.

03:40.980 --> 03:48.180
This is a work computer, a work virtual machine, a work domain that is completely separate from the

03:48.180 --> 03:49.390
personal domain.

03:49.410 --> 03:55.740
Therefore, if this personal domain gets hacked or if the work domain gets hacked, the hacker will

03:55.740 --> 04:03.180
not be able to navigate to the other domain because these are two completely different and isolated

04:03.180 --> 04:04.260
virtual machines.

04:04.260 --> 04:09.300
They use their own resources, they use their own RAM, their own CPU, their own file system.

04:09.300 --> 04:16.410
So it's as if you're running two different instances of Firefox on two completely different computers.

04:18.010 --> 04:24.340
Now in order to make it easy for users to distinguish between the different domains and different virtual

04:24.340 --> 04:25.050
machines.

04:25.060 --> 04:30.820
Every time you launch an application within a domain, it will have a specific color.

04:31.060 --> 04:37.240
So if we go back to the menu and here you'll see that the personal domain has this greenish kind of

04:37.240 --> 04:38.170
yellow color.

04:38.800 --> 04:42.610
You'll also notice that this is the same color in here in the window.

04:42.610 --> 04:47.080
And you will notice that at the start of the title bar it says Personal.

04:47.800 --> 04:51.210
This is the same for the personal file manager that I opened.

04:51.220 --> 04:56.170
Again, it's this greenish yellow color and it also starts with the word personal.

04:57.100 --> 05:01.420
If you look at the work domain, you'll see that it is blue.

05:01.450 --> 05:07.690
If we look at the entry in here, in my applications, you'll see the lock is blue as well and you'll

05:07.690 --> 05:12.610
see that it says work at the title bar before the name of the application.

05:13.360 --> 05:20.560
So if I go ahead now and open my file manager in work, you will also see that the window is going to

05:20.560 --> 05:22.810
be blue, as you can see in here.

05:22.810 --> 05:25.450
And again, it starts with the word work.

05:25.690 --> 05:32.620
Therefore, when you're using cubes, it will be very easy for you to know which security domain or

05:32.620 --> 05:34.960
which virtual machine you're running in.

05:35.770 --> 05:41.590
Now, if you've done any of my other courses or if you have any experience with using virtual machines,

05:41.740 --> 05:46.720
you're used to the way that when you start a virtual machine, you will see a new desktop.

05:46.720 --> 05:52.870
So if you're starting a Linux virtual machine, for example, you will see a new Linux desktop within

05:52.870 --> 05:54.670
your current operating system.

05:55.090 --> 06:01.150
This is not the case with Cubes because at any instance you could have four or five virtual machines

06:01.150 --> 06:02.590
running at the same time.

06:02.830 --> 06:06.520
Therefore, it would get very confusing and very hard to manage.

06:06.820 --> 06:13.420
Instead, they use this coloring scheme and the titles that you see in here to help the user understand

06:13.420 --> 06:17.020
which security domain or which virtual machine they're running in.

06:17.380 --> 06:21.250
And this design is really nice, in my opinion, because it is seamless.

06:21.250 --> 06:26.950
You don't actually see new desktop every time you launch an application, you only see the application

06:26.950 --> 06:33.490
window and the color indicates what security domain or what virtual machine you're running in.

06:34.700 --> 06:40.880
Now to make this virtual machine idea stronger and to help you understand it better, let me give you

06:40.880 --> 06:41.690
an example.

06:41.720 --> 06:46.010
So let's say I wanted to download this image right here in this page.

06:46.010 --> 06:49.820
So I'm just going to right click the image save image as.

06:50.760 --> 06:52.530
And we're going to save it in my download.

06:52.530 --> 06:54.270
So I'm just going to click on Save.

06:54.570 --> 06:58.860
Now, this is just an example of downloading a file regardless of what it is.

06:58.860 --> 07:01.620
I'm just downloading an image as an example.

07:02.040 --> 07:08.460
So the image is downloaded to my downloads directory and if I go to my file manager, the yellow file

07:08.460 --> 07:13.770
manager, because remember we downloaded it from the personal web browser so it gets downloaded to the

07:13.770 --> 07:15.900
personal file system.

07:15.900 --> 07:21.570
So I'm in the personal file system and if I click on my downloads, I have the image right here.

07:21.810 --> 07:23.000
So that's perfect.

07:23.010 --> 07:30.690
Now if we go to the other file manager that we opened, the work file manager, which is in blue in

07:30.690 --> 07:35.190
here, if I go to my downloads, you'll see that I don't have the image.

07:35.280 --> 07:41.730
And the reason for this is, again, this is a completely separate virtual machine that has its own

07:41.730 --> 07:44.850
resources, that has its own file system.

07:44.850 --> 07:50.040
So whatever I do in here, whatever I do within the personal domain, even if I run any viruses, even

07:50.040 --> 07:53.670
if it gets hacked, this is a completely separate computer.

07:53.670 --> 08:00.390
Therefore, whatever happens in here cannot move and affect this machine and vice versa.

08:00.930 --> 08:04.890
So even the history, for example, we access this security dot org in here.

08:04.890 --> 08:07.440
So it should be in my Firefox history.

08:07.440 --> 08:13.890
So if I do control H in here and look at today, you can see that we accessed that security.

08:14.340 --> 08:21.570
Now if we go to the Firefox Web browser in here and we do control H to see our history, you will not

08:21.570 --> 08:28.380
see that security because again, this is a web browser that is running in my work virtual machine and

08:28.380 --> 08:33.030
this is a completely separate machine that does not know what happens outside of it.

08:33.750 --> 08:40.440
And it is through this separation that Cubes excel and improves our security because like I said, the

08:40.440 --> 08:44.670
idea is you use the separate domains to carry out separate tasks.

08:44.670 --> 08:47.370
So you use the work domain to do your work stuff.

08:47.400 --> 08:53.100
You use the personal domain to do your personal stuff, and you use the untrusted domain to do all of

08:53.100 --> 08:59.130
the other stuff that does not involve logging into accounts and that you might be opening untrusted

08:59.130 --> 09:00.450
websites and files.

09:00.840 --> 09:02.880
And this way everything is separated.

09:02.880 --> 09:08.130
And if any of these domains gets compromised, it does not affect the other domain.

09:09.390 --> 09:14.400
Now, once you're done with using a certain domain, for example, let's say I'm done with my personal

09:14.400 --> 09:21.030
tasks and I closed my browser and I closed my file manager as well, and I don't want to do anything

09:21.030 --> 09:22.530
personal anymore.

09:22.710 --> 09:27.750
If you want to free up some space, you can click on the cubes icon in here on the top.

09:27.750 --> 09:28.260
Right.

09:28.290 --> 09:32.100
This will list all of the virtual machines running at the moment.

09:32.100 --> 09:38.490
So if you want to free up some space, we can see that the personal virtual machine is used in 842 megabytes

09:38.490 --> 09:39.480
of my memory.

09:39.480 --> 09:44.730
So if I wanted to free up some space, if I'm not going to use this virtual machine anymore, you can

09:44.730 --> 09:47.700
just click on shutdown in here to shut it down.

09:49.200 --> 09:50.700
So this is it for this lecture.

09:50.700 --> 09:57.150
I just wanted to show you an example to help you understand the way Cube separates the different domains.

09:57.150 --> 10:02.160
I wanted you to understand the different virtual machines and how they cannot interact with each other

10:02.160 --> 10:04.590
and how that improves our security.

10:04.740 --> 10:10.230
And in the next lecture, I'm going to show you how to carry out different tasks within this operating

10:10.230 --> 10:10.770
system.

10:10.770 --> 10:17.340
And the separation will become clearer, and you'll see how cubes can really improve our security.