8.2 Defining Network Infrastructure and Network Security Part 2 - MTAN
4 hours 30 minutes
I like to work on your back to Cy Berries Empty. A 98 3 66
network and Fundamentals Certification Prep course. Again, this is modern number eight. In fact, this is the last video in this Siri's
now this particular video focus upon defining network infrastructure and network security.
So let's take a look at the objective.
The object is. This followed the concept of Internet,
Internet and extra net.
That brings us to our first again pre assessment question.
Which DMC configuration used? One firewall and three interface is Is it a back to back configuration? Is it B
three legged permanent configuration, or C
Basic configuration or D perimeter configuration?
It was like to be You're absolutely correct. Now, in a three legged parameter configuration, the DMZ is you attached to a separate connection of the company's firewall. Therefore, the firewall has three connections wanted to cut me land one to the D. M Z and one to the Internet.
So we thought looking at security advice is that world zones
one of zones and put a sure you heard of it's called a perimeter offer time refer to as a D m Z. Then the D M Z refers to a host or network that acts as it's secure an enemy it network or path between your organization, internal network
and the external or no proprietary tight network.
A D M Z serves at the front line network that interacts directly with the external network while logically separating it from the internal network.
A DMZ is DMC, or Demilitarization Zone may also be known as a network permanent or perimeter network.
Then, when you think about a firewall, the firewall is a software used to maintain the security of a private network.
Fire Well, what they do for us. They, In fact, they blocked unauthorized access to and from private networks and often employed to prevent
overs implored to prevent unauthorized Web users or a listen software from gaining access to the private network connection to the Internet.
A firewall. Maybe implement using heart worst software or a combination off both. A firewall obviously, is recognized as a first line of defense in securing your sensitive information for better safety. The data camp, for better safety with the data can be also be encrypted as well.
That's another myth that we can do
now, he is, in his example of a firewall
that basis to packet switching
now Pakistan, which is a firewall technique used to control network access by monitoring your outgoing and Anglo impacts and aligned in the past or hope, based on the source and the destination in an Internet protocol address,
Network Live firewalls to find packet filtering rule sets, which provide highly efficient security type mechanisms.
Packet switches, also known as static filtering.
Then we have net filtering.
Now this option determines how the writer deals with the inbound traffic. The secure option provides a secure firewall to protect the PCs. Other words, the computers on your land from attacks from the Internet. But it may also cause some innit games.
Uh huh. Towards point the point application, a multimedia application not to work.
We also have application level type Gateway.
Now my application level gateway or application level is a firewall proxy that divides network security. What it does for us. It's such a filter income and no traffic to to certain specifications, which means that only transmit network application data is built. It
such that were application includes file transfer protocol, tell net real time screaming type protocol orbit Turn
then we have circuit level gateway,
a circular gateways of firewater but provides users data Graham again. Other words provide user data Graham Protocol and transmission control, protocol, connection security and works between an open system, interconnection network model transport and application layer. Such a succession there,
unlike application gateway circuit level gateways, montedio, TCP data packages,
handshaking and session fulfillment off firewall rules as well its policies.
We also have a proxy server.
A proxy server, in other words, is a server that since between your client networks such as your Web browser and a really server, what it does for us insensitive intercepts all of requests to the real server to see if it can fulfill the request itself. If not what it does for us. For that request to the rial server.
Other words that acts as a go between our mediator.
Then we have cash and proxy.
Now, cash and Proxy is a type of Internet network, cash and technique that enable a proxy server to save recent and freaking website webpages requests and data requests by one arm or client machines.
It means that to accelerate webpage and website request by saving the instance of the frequency use content and resource is locally on your proxy server. Cash and prosecute also be referred to as, well, proxy cashing
and one of the reasons for is a save bandwidth.
We have also a term called RP proxy. A proxy server is a basically another a proxy server going back. A proxy server is basically another computer were served as a hub Do which emit requests our process by connecting through one of these service
Yocum your computer. What it does it send you requested a server
was then process your request and return what you were basically wanted.
So basically it does this student use of that which again is calling a network address. Translation of words. That purpose of that net is the high internal copy configuration.
We have a term car, innit? Content filtering
now content filled it in the most general sense. Involve using the program vent access to certain items which may be harmful if open or access. The most common Adam to field are executed bols e mails or websites. Content filters can be implement either as software or veer a heart were based type solution.
We have network and choosing choosing the Texan prevention
again are in ideas are working. It was true that Dixon used to monitor and analyzed network traffic to protect the system from network based type threats.
A network intrusion detection system reads all inbound packages
and searches for any suspicious patterns. When threats I discover, based on the severity that the system can take action such as notifying, administrator or bearing the source i p address from access and again the network. Now you also have network intrusion prevention system. They're different now.
What a network and choose a Texas of our dozes. Notify you,
however, would have network intrusive adventures system. You can have it set up in Prica. You can configure it yourself. So, for example, when it takes some unauthorized traffic, what it can do is actually shut the port down. So as I was *** important, what happens? The taxis to take place. So again, that's a great device tohave network intrusion prevention system.
Now we look at d m Z we mentioned for Dems refers to a wholesale network access a secure
enemy it network path between an organization that network and external network it serves of the fault line network that interacts directly external networks while logically separated from the internal networks.
Here again, some additional information by Diem's is again our DMC. My house. I'll switch with service. Connect to it. That awful WEP e mailing under service is the two common type of deems the configuration. You're back in configuration. This configuration has a Demsey situated between two firewalled device, which can be
which could be black box application myself in its service.
In that security and ancillary of service, you have a three legged one again. In this scenario, the DMZ is you'd attached to a separate connection off a company wept. Other words, You're coming firewall there for five hours. Three. Connection wanted the company land and one to the D M Z and one to the Internet
Again. Obviously, the most important thing with a network is documentation of your network again. But obviously, if it gets into the wrong hands, that could be Deccan Depp definitely, definitely not have a good day if that was to be the case. So that raises to our post assessment question again for this final presentation of this particular Siri's.
The course of this follows whatever devices on to inspect traffic, their tech malicious activity and take steps to mitigate the malicious activity, is it eh?
Network intrusion detection system. Is it being naked and choosing prevention system is in that content filters or on that server.
If you select the V, you're absolutely correct. A network intrusion prevention system designed to inspect the traffic and based on the configuration security policy, it can remove, detained or redirect malicious traffic now doing. Of course, it's particular presentation.
We discuss point a point tolling protocol
and we also again discuss STP again. So we let these are there four types of VP and telling protocols which are available on Windows stand.
And they're listed here
obviously doing your when you could actually go into the process actually creating your BP and connection and used to be authenticated to prove who he is logging onto other words, we need to have that authentication mechanisms in place. You also need to choose the most secure form authentication. Remember, P P. T. P is not the most secure method in terms of VPN
ah force a crude devices. Such a firewalls on the main defenses for company network, whether they are lands wins Internet or extra nets.
We learned of the parameter security zone. Such a D M Z helps to what keep certain information open to specific users. Order the public while keeping arrested information secure.
We also learned to the pox ever accident intermediary between the land and the Internet.
Other words like a go between.
We also learned that a permanent Worker DMC is a small network that set up separate from the company's private network.
It's called a permanent that were because it's Julie on the edge of your local area network. Again, we reached pretty much the conclusion of this particular certification prep course I want thank you very much for your attention to detail. Doing, of course, is time presentation, and obviously I look forward to seeing your future training presentations.