In this video, you will learn to define a client as it relates to a computer system, define the characteristics of client system administration, describe why effective client system administration is important to cybersecurity. Hi there. Today, we're going talk about client system administration. When we talk about a client, it really is in the context of a client accessing a server. So a client will be anything that really accesses a server application like a web server, a mail server or a file server. A client can be anything like a desktop computer, a laptop, tablet or even smartphones, anything that is used to access resources but sit on a server is really considered a client from an IT perspective. A single server can really have many clients that talk to it and many clients can access that one server at one time, so it's not a one-to-one relationship, it's typically a many-to-one server relationship, and one client can also access multiple servers that have different purposes. So for the purpose of this discussion, that's really what we're talking to when we talk about a client, it's any system that will access resources on a server. So when we talk about the context of client system administration and cybersecurity, we're really looking at it in a couple of different ways and you're all going to be familiar with cloud and mobile computing, we all have our smartphones that we access apps and most of those apps will operate in a typical client-server methodology, where the app is actually accessing some kind of server resources that are hosted somewhere else typically in the Cloud, on an AWS or Azure or an IBM Cloud or any of the other myriad of Cloud hosting providers that there are. New devices and new applications and new services are coming in the organizations all the time as people load applications, as new line of business applications are coming online, it's really an on-demand kind of world that we live in and that leads to lots of potential threats that could be present as those new applications come online. Really endpoint devices are the front line of attack, that's how most bad actors or hackers will try to get into an organization is by accessing an endpoint or a client and then branching out from there. So malware will be installed based on a website that someone goes to or a phishing attack, or a spear phishing attack, or ransomware, any of those kind of attacks can lead to large problems within an organization. Let's talk a little bit about the common types of endpoint attacks and this is just a very small list, there are a lots of the endpoint attacks. But phishing or spear phishing is an email which imitates a trusted source designed to target a specific person, that's spear phishing. So think of a spear as in a very sharp point and that sharp point refers to the specific person that you're trying to attack. I've also heard the term whale hunting where a person will try to attack a very specific person in an organization like a C-level executive and that's what we refer to when we talk about whale hunting. When we're talking about a spear phishing attack versus just a normal phishing attack, spear phishing is going after a particular person in an organization again, that pointed attack or a specific department versus a phishing attack which is mass email that would go out to everybody within an organization and anybody who clicks on it would be the target of that attack. A watering hole is malware that would be placed on a site frequently visited by an employee or a group of employees. So we're trying to just get anybody who would go to that site, they click on a bad link that installs some malware on the endpoint and then I'm in the organization and can branch out from there and trying to get the information that I want. Then these ad network attacks or using ad networks to place malware on a machine through ad software. So I click on a link on a website that again downloads some malware on an endpoint and then again I'm in the organization to do whatever activity I want to, install malware, install ransomware, we've all heard about these ransomware attacks that are focusing on public sector entities like the City of Atlanta had a very large one last year, the City of Lake Florida had one earlier this year, so they're becoming much more prevalent and really are becoming a big deal for organizations. Island hopping is a supply chain infiltration, I'm really not as familiar with that as I'm with some of the other ones but I'm assuming that would be where we try to infiltrate someone's supply chain to disrupt business operations or to get information about the organization supply chain in order to cause problems or to get information that we could potentially sell. Really when we're talking about endpoint attacks and malware, the whole goal of this is to make money,. I mean, whether it is to disrupt competitors, business operations or it's to directly blackmail the company to get money from them to not release that information or to decrypt information that we've encrypted through the malware and that's really what ransomware is. But the whole goal of this is to make money, that's why people do it. It used to be when you talk about hacking, when we talk about moving it and I'm going to date myself here like war games, it wishes to get in to see if I could get something. Now, what we're seeing are organized attacks to specific organizations for the sole purpose of getting money from that organization, either in the form of disrupting their business activities or a direct, you pay me and I'll give you back your information. So that's really what we're seeing in the threat landscape when organizations are trying to hack other organizations and disruptive business activities.
