1
00:00:00,650 --> 00:00:06,710
Now that we covered the basics of cubes and we covered the basic structure and how all the applications

2
00:00:06,710 --> 00:00:12,830
are isolated into different virtual machines and the meaning of each of these virtual machines and this

3
00:00:12,830 --> 00:00:19,100
lecture I want to actually go ahead and start using applications so that it's easier for you to understand

4
00:00:19,100 --> 00:00:21,460
what we mean by the different domains.

5
00:00:21,470 --> 00:00:27,350
How do they work and how to use them to carry on your daily tasks.

6
00:00:27,390 --> 00:00:34,670
This will also make the whole concept of isolation and the different security domains easier to understand.

7
00:00:34,700 --> 00:00:38,990
So as usual we're going to go to the top left menu to launch an application.

8
00:00:39,390 --> 00:00:45,620
And like I said in the previous lecture the actual virtual machines that you'll be using to carry out

9
00:00:45,860 --> 00:00:52,100
normal day to day tasks are the colored ones the ones that start with the world domain.

10
00:00:52,160 --> 00:00:58,190
So let's go to the personal virtual machine or the personal domain and let's launch one of the applications

11
00:00:58,190 --> 00:00:59,000
in here.

12
00:00:59,000 --> 00:01:01,990
So we have a files manager we can launch Firefox.

13
00:01:02,060 --> 00:01:04,580
We can launch the settings or a terminal.

14
00:01:05,060 --> 00:01:10,940
So let's click on Firefox because we want to access the Internet and you'll notice here on the top right

15
00:01:11,180 --> 00:01:16,700
it's gonna say that it is starting the personal virtual machine or the personal domain.

16
00:01:16,820 --> 00:01:22,400
So the first time you launch an application within a domain you'll notice that there will be a little

17
00:01:22,400 --> 00:01:23,770
bit of a delay.

18
00:01:23,780 --> 00:01:29,060
The reason for this is like I said each domain is its own virtual machine.

19
00:01:29,060 --> 00:01:35,360
So the first time you launch an application within that domain the first thing that cubes will do is

20
00:01:35,360 --> 00:01:42,260
start a virtual machine and start a completely separate computer and then launch the application that

21
00:01:42,260 --> 00:01:43,440
you requested.

22
00:01:43,450 --> 00:01:48,700
Within this domain within this new virtual machine wants done.

23
00:01:48,710 --> 00:01:52,250
As you can see you'll get your application which is Firefox in this case.

24
00:01:52,400 --> 00:01:54,030
And let's see if it's connected.

25
00:01:54,050 --> 00:02:00,580
So let's go through Z security and perfect as you can see we have a normal Internet access.

26
00:02:00,640 --> 00:02:06,160
Everything is working as expected and you can use this browser the same way that you use any other web

27
00:02:06,160 --> 00:02:07,520
browser.

28
00:02:07,540 --> 00:02:13,570
Now let's go ahead and go to the personal again and this time I'm going to launch my files and you'll

29
00:02:13,570 --> 00:02:18,970
notice that this will be almost instant because the virtual machine is already running.

30
00:02:18,970 --> 00:02:23,200
Therefore I can open the file manager within that virtual machine.

31
00:02:23,230 --> 00:02:28,090
So there is no need to start the virtual machine from scratch.

32
00:02:28,090 --> 00:02:33,160
Now in here we have a normal file manager that you can use to navigate through your file system and

33
00:02:33,160 --> 00:02:34,470
access your files.

34
00:02:34,480 --> 00:02:39,580
We have our downloads in here your music your videos and so on.

35
00:02:39,600 --> 00:02:44,760
Double click to enter right click to copy paste cut get properties and so on.

36
00:02:45,210 --> 00:02:50,960
So using this is very similar to using any other file manager.

37
00:02:51,010 --> 00:02:53,210
Now let's put this here to this side.

38
00:02:53,360 --> 00:02:59,450
And what I'm gonna do is I'm going to go back to my applications and this time we're going to go to

39
00:02:59,450 --> 00:03:06,730
the work domain or to the work virtual machine and again let's go ahead and launch a Firefox instance

40
00:03:07,860 --> 00:03:12,790
now again this is the first time we will launch Firefox from within the work domain.

41
00:03:12,810 --> 00:03:15,470
Therefore this will take a bit of time to boot.

42
00:03:15,480 --> 00:03:23,550
The work virtual machine first and then open firefox and perfect as you can see we have Firefox running

43
00:03:23,550 --> 00:03:30,490
in here and let's go to Google this time and as you can see we have Internet access.

44
00:03:31,090 --> 00:03:35,790
Now keep in mind this window right here the Firefox window the blue one.

45
00:03:35,890 --> 00:03:41,070
It is a completely separate virtual machine and then the yellow window right here.

46
00:03:41,080 --> 00:03:48,760
This is a work computer a work virtual machine a work domain that is completely separate from the personal

47
00:03:48,760 --> 00:03:49,620
domain.

48
00:03:49,630 --> 00:03:56,020
Therefore if this personal domain gets hacked or if the work domain gets hacked the hacker will not

49
00:03:56,020 --> 00:04:03,610
be able to navigate to the other domain because these are two completely different and isolated virtual

50
00:04:03,610 --> 00:04:04,310
machines.

51
00:04:04,390 --> 00:04:06,250
They use their own resources.

52
00:04:06,250 --> 00:04:09,390
They use their own run their own CPO their own file system.

53
00:04:09,430 --> 00:04:18,030
So it's as if you're running two different instances of Firefox on two completely different computers.

54
00:04:18,200 --> 00:04:24,350
Now in order to make it easy for users to distinguish between the different domains and different virtual

55
00:04:24,350 --> 00:04:30,650
machines every time you launch an application within a domain it will have a specific color.

56
00:04:31,250 --> 00:04:37,580
So if we go back to the menu in here you'll see that the personal domain has this greenish kind of yellow

57
00:04:37,580 --> 00:04:38,910
color.

58
00:04:38,960 --> 00:04:44,210
You'll also notice that this is the same color in here in the window and you will notice that at the

59
00:04:44,210 --> 00:04:47,990
start of the title bar it says personal.

60
00:04:47,990 --> 00:04:51,200
This is the same for the personal file manager that I opened.

61
00:04:51,290 --> 00:04:53,630
Again it's this greenish yellow color.

62
00:04:53,750 --> 00:04:56,240
And it also starts with the word personal.

63
00:04:57,230 --> 00:05:01,640
If you look at the work domain you'll see that it is blue.

64
00:05:01,640 --> 00:05:07,880
If we look at the entry in here and my applications you'll see the like is blue as well and you'll see

65
00:05:07,880 --> 00:05:13,520
that it says work at the title bar before the name of the application.

66
00:05:13,550 --> 00:05:20,540
So if I go ahead now and open my file manager and work you will also see that the window is going to

67
00:05:20,540 --> 00:05:23,000
be blue as you can see in here.

68
00:05:23,000 --> 00:05:25,670
And again it starts with the word work.

69
00:05:25,850 --> 00:05:32,840
Therefore when you're using cubes it will be very easy for you to know which security domain or which

70
00:05:32,840 --> 00:05:35,960
virtual machine you're running in.

71
00:05:35,960 --> 00:05:41,360
Now if you've done any of my other courses or if you have any experience with using virtual machines

72
00:05:41,930 --> 00:05:46,730
you're used to the way that when you start a virtual machine you will see a new desktop.

73
00:05:46,730 --> 00:05:52,880
So if you're starting a Linux virtual machine for example you will see and you'll next desktop within

74
00:05:52,880 --> 00:05:55,250
your current operating system.

75
00:05:55,250 --> 00:06:01,160
This is not the case with cubes because at any instance you could have four or five virtual machines

76
00:06:01,160 --> 00:06:02,800
run in at the same time.

77
00:06:02,960 --> 00:06:07,010
Therefore it would get very confusing and very hard to manage.

78
00:06:07,010 --> 00:06:13,430
Instead they use this coloring scheme and the titles that you see in here to help the user understand

79
00:06:13,490 --> 00:06:17,510
which security domain or which virtual machine they're running in.

80
00:06:17,510 --> 00:06:21,350
And this design is really nice in my opinion because it is seamless.

81
00:06:21,350 --> 00:06:25,530
You don't actually see a new desktop every time you launch an application.

82
00:06:25,580 --> 00:06:32,420
You only see the application window and the color indicates what security domain or what virtual machine

83
00:06:32,570 --> 00:06:34,430
you're running in.

84
00:06:34,840 --> 00:06:40,360
Now to make this virtual machine idea stronger and to help you understand it better.

85
00:06:40,360 --> 00:06:41,930
Let me give you an example.

86
00:06:41,980 --> 00:06:47,350
So let's say I wanted to download this image right here and this page so I'm just gonna right click

87
00:06:47,350 --> 00:06:54,760
the image Save image as and we're going to save it in my download so I'm just going to click on Save.

88
00:06:54,760 --> 00:07:00,400
Now this is just an example of downloading a file regardless of what it is I'm just downloading an image

89
00:07:00,610 --> 00:07:02,170
as an example.

90
00:07:02,230 --> 00:07:08,470
So the image is downloaded to my downloads directory and if I go to my file manager the yellow file

91
00:07:08,470 --> 00:07:12,160
manager because remember we downloaded it from the personal web browser.

92
00:07:12,250 --> 00:07:15,640
So it gets downloaded to the Personal File system.

93
00:07:16,150 --> 00:07:21,830
So I'm in the Personal File system and if I click on my downloads I have the image right here.

94
00:07:21,970 --> 00:07:23,170
So that's perfect.

95
00:07:23,200 --> 00:07:31,060
Now if we go to the other file manager that we opened the work file manager which is in blue in here

96
00:07:31,360 --> 00:07:35,390
if I go to my downloads you'll see that I don't have the image.

97
00:07:35,560 --> 00:07:42,400
And the reason for this is again this is a completely separate virtual machine that has its own resources

98
00:07:42,570 --> 00:07:45,000
that has its own file system.

99
00:07:45,040 --> 00:07:50,140
So whatever I do in here whatever I do within the personal domain even if I run any viruses even if

100
00:07:50,140 --> 00:07:53,830
it gets hacked this is a completely separate computer.

101
00:07:53,860 --> 00:08:01,120
Therefore whatever happens in here cannot move and affect this machine and vice versa.

102
00:08:01,120 --> 00:08:05,010
So even the history for example we access the security dot org in here.

103
00:08:05,050 --> 00:08:07,490
So it should be in my Firefox history.

104
00:08:07,660 --> 00:08:14,590
So if I do control he's in here and look at today you can see that we access that security.

105
00:08:14,590 --> 00:08:21,550
Now if we go to the Firefox web browser in here and we do control hate to see our history you will not

106
00:08:21,550 --> 00:08:28,180
see that security because again this is a web browser that is running in my work virtual machine.

107
00:08:28,270 --> 00:08:33,880
And this is a completely separate machine that does not know what happens outside of it.

108
00:08:33,880 --> 00:08:40,420
And it is through this separation that cubes excel and improves our security because like I said the

109
00:08:40,420 --> 00:08:44,750
idea is you use the separate domains to carry out separate tasks.

110
00:08:44,830 --> 00:08:47,430
So you use the work domain to do your work stuff.

111
00:08:47,500 --> 00:08:53,110
You use the personal domain to do your personal stuff and you use the untrusted domain to do all of

112
00:08:53,110 --> 00:08:59,110
the other stuff that does not involve logging into accounts and that you might be opening untrusted

113
00:08:59,210 --> 00:09:05,650
websites and files and this way everything is separated and if any of these domains gets compromised

114
00:09:05,890 --> 00:09:09,530
it does not affect the other domain.

115
00:09:09,550 --> 00:09:14,920
Now once you are done with using a certain domain for example let's say I'm done with my personal tasks

116
00:09:15,160 --> 00:09:21,640
and I close my browser and I closed my file manager as well and I don't want to do anything personal

117
00:09:21,700 --> 00:09:22,730
anymore.

118
00:09:22,900 --> 00:09:28,500
If you want to free up some space you can click on the cubes icon in here on the top right.

119
00:09:28,510 --> 00:09:32,290
This will list all of the virtual machines running at the moment.

120
00:09:32,290 --> 00:09:38,500
So if you want to free up some space we can see that the personal virtual machine is used in 842 megabytes

121
00:09:38,530 --> 00:09:39,570
of my memory.

122
00:09:39,730 --> 00:09:44,950
So if I wanted to free up some space if I'm not going to use this virtual machine anymore you can just

123
00:09:44,950 --> 00:09:49,370
click on shut down in here to shut it down.

124
00:09:49,400 --> 00:09:55,310
So this is it for this lecture I just wanted to show you an example to help you understand the way cube

125
00:09:55,310 --> 00:09:57,290
separates the different domains.

126
00:09:57,290 --> 00:10:02,060
I wanted you to understand the different virtual machines and how they cannot interact with each other

127
00:10:02,330 --> 00:10:04,660
and how that improves our security.

128
00:10:04,890 --> 00:10:10,220
And in the next lectures I'm going to show you how to carry out different tasks within this operating

129
00:10:10,220 --> 00:10:17,150
system and the separation will become clearer and you'll see how cubes can really improve our security.