48 HOURS ONLY: Get 2 free months of Insider Pro!

Access Controls and Network Segmentation

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
or

Already have an account? Sign In »

Time
8 hours 19 minutes
Difficulty
Beginner
CEU/CPE
8
Video Transcription
00:00
Now, the final section of this chapter is going to be discussing the topic of access controls.
00:05
The job of access controls is to mitigate some of the risks of the attacks that we talked about in the last section.
00:11
This is not a comprehensive list
00:13
all the way throughout this course. We've talked about risks and ways to mitigate them.
00:17
You haven't necessarily called at risk management, but that's what we're doing.
00:21
We talk about choosing the right type of cable or understanding the vulnerabilities of a protocol that's risk management.
00:27
The controls we implement are often access controls.
00:32
Let's take a look at some of the ways to mitigate some of our issues.
00:35
The first into me. The most important is network segmentation.
00:39
The premise of network segmentation is to keep untrusted entities away from your trusted assets.
00:45
Trusted assets are the things you want to protect. This is your network authentication server, mail server, Web server, internal client systems, your data, all your trusted resources
00:57
when I say that your trusted resources that are in your environment under your production under your care so we have a trust.
01:03
Now the outside world is untrusted. The Internet is a bad neighborhood. You want to stay away from that.
01:10
We don't want to allow access from untrusted, and he trusted. However, sometimes you have to, and that's why we segment our network.
01:17
One of the ways we might segment our network is to allow a DMZ a demilitarized zone. We talked about this in the earlier chapters. The whole purpose of a demilitarized zone is to have a network that's off my internalised network and separate from my trusted resources.
01:32
But it still is under my ownership and management.
01:36
It contains those resources that I want the public to have access to.
01:38
We consider that to be semi trusted. I manage it. But because I'm allowing the general public to access the network, it's not fully trusted
01:47
in that Dems. I have resources like a Web server.
01:51
This is also where I'm going to put my Web proxy or my Web application firewall, because I always want to keep the protection as close to the resources possible.
01:59
Might have honey pots in the DMZ intrusion detection systems, but at any rate, I create that network segmentation either through a router or, more likely, a firewall
02:08
to access that domain you go through a firewall to move the Dems into my internal network, you go through a firewall.
02:15
That's what network segmentation is all about. Separating systems usually based on layers of trust or controllable band with a broadcast
02:23
separating my network into many network subnets can be done with a router. Or as we've talked about in the network infrastructure section, it can be done with a virtual Eliana switch.
02:34
The real important element and the principle of security is to keep entrusted entities away from your trusted resources.
Up Next