Hello and welcome to the Sai Buri Comp Tia Security plus certification preparation course
we continue on and his brand new module, which is marginal. My three and the topic discussion would be architecture and design.
Here, again is the objective which encompasses domain three, which CEPA states given a scenario, implement secure network architecture concepts.
The first item on our agenda is a pre assessment quiz, and it reads as follows when setting the site to site B, P and
virtual Private network. In other words, it should be using always on mode as opposed to a dial on demand. Is this true or false?
In this case, if you select the true, you're absolutely correct,
as mentioned earlier here again, its objective, which encompasses Deuce Domain, which seven estates given a scenario, it meant secure network architectural concepts.
Here again are the objectives which encompasses this particular objective. First of all, we'll take a look at zones and apologies. We'll discuss what a D M Z is an extra net Internet,
So without further let's begin by first are taking a look at zones and apologies. Now When you think about topology refers to the physical on logical layout of a network. It defines the way it was different, knows a place and interconnected with each other.
network topology may describe how the data is transferred between these notes.
So let's first of all, take a look at exactly what is DMC.
Now Dems is an area in a network they allows limited in control access from the public Internet, also called the neutral zone, Also refer to as your parameter network.
Then we have the extra Net,
which is a special in a network architecture in which a Contini organization, external partners and customers are granted access to some parts of its Internet
and the services provided in a secure control manner.
Internet means simply within, and this is in fact, a portion of your information technology infrastructure that belongs to and it controlled by the company in question.
Wallace, it is a term used describe telecommunication in which electromagnetic waves, rather than some form of while carrying the signal or part off all the communication path. In fact, this example, what we call unguided media
got it mean you'll be put comprised up
cables or fiber optics and so forth.
Turnout. Tito What guess.
And we think about a guest. A guest network is a separate network used for visitors. Gets other people not directly associate with your organization.
And then we have a hunting it
basically ah 100 net is consist of data, for example, in a network site that appears to be legitimate part of the site, but it's actually isolated and monitor. Now, in this case, when you have a honeypot, we have a bunch of 100 pots connected together. They're considered a hunting net.
Then we have a net withstand for network address translation and simple what it does. It translates the I P address of the computers in a local network to a single I p address.
Then we have at home.
An ad hoc network is a temporary network using lose to temporarily connect computers together,
continuing with our objectives. Given a scenario, implement secure network architecture concepts
here again on objectives which encompasses this particular objective.
What we gonna do now discuss the terms segregation and segmentation or isolation,
physical as well as logical, or VPN virtual proud virtual land.
They will discuss virtualization, as was the term air gaps.
Let's not turn out to tour the discussion of segregation segmentation in isolation.
Simply put, it's the practice of splitting your computer network into sub networks or networks segments, also known as zoning
mess, continued discretion, UHF, segregation, segmentation and isolation.
Did you know that segmentation is the practice of splitting your computer network into sub networks or network segments known as zoning?
The number one reason is to protect the security your network resource is and information.
Let's not turn our attention towards some key concepts that fall within this particular parameter, such as physical.
Basically, think about physicals. It comprises a process by which you physically separate your network. You use independent network heart with such a short routers, switches and firewalls,
then we have, ah, logical, be land basic. This is the logical segmentation, usually by using be lands, which enables you to set men your network by using software logic. Surprising enough, the only device in which you actually can set up a villain or configure be land is with a switch.
Then we have a term call virtualization
simply put virtualization technology developed to allow a guest operating system to run along with the host operates system with one set of hardware,
then we have air. Gapped,
basically is a computer that is not connected to the Internet or connected to any other advice that are connected to the Internet.
Continue over the discussion of the objective. Given a scenario, Implement secure network architecture concepts here again on some additional concepts or objectives, which encompasses this particular objective. We would be turned out tension tour discussion, tunneling as well. It's VPN
site, the site and, lastly, remote access.
The first item margin is called talent, or BP in
VPN stands for virtual private network.
Simply put is a technology that enables the use of unsecure public network as if it were a secure private network.
Some additional terms that you need to be aware of.
We have site the site
site. The site VPN is one that's connect to sites together.
Then we have remote access. VPN is one that enables remote workers to connect to the organization's network from anywhere on the Internet.
Let's continue to highlight 3.2 given a scenario imprint secure network architecture concepts
within this particular object that we have a number of different sub topics we need to highlight. First of all, security and advice technology placement sensors, collectors, correlation engines, filters, proxies, firewalls, VP and concentrators
SSL accelerators, low balancers
aggregation switches, taps, import mirrors
and Leslie Software defined network.
Let's not turn teaches or the discussion of security device or technology placement.
Many network devices have multiple components, which communicate with devices to provide features and improve performance.
Let's take a look at some concept that you need to be. Well, call senses
now, since we're gonna be defined as a data gathering agent,
then we have our collectors. They are agent together data from census or other inputs
correlation engines. They aggregate and correlate content from different sources to uncover. An attack
filter is a mechanism that reduces the total amount of data you collect or view,
and lastly, we have proxies. These devices act as substitutes on behalf off the primary device.
They will have a firewalls. Now, Firewall is a software firmware that enforced a set of rules about what data packet will be allowed to enter a leave your network,
A V P and concentrator is a type of networking advice that provide secure creation of your VPN connections and deliver your messages between your BP and notes.
An SSL a cell aerator is like a load balancer and often the same device.
SSL celebrated A typically place
in your local area network for internal for your internal service or in your D M Z For public facing servers,
your loan balances Basin is a technology that helps to even describe it work across a network.
Then we have on adults migrate er's
basis, a set of techniques or tools for resistant on migrating. The impact of descriptive that now serves attack on your networks are attached to the inet by protected a target and your relay network
The address is twist. What it does. It connects multiple switches in a mo called a link aggregation.
Then we have our taps import mirrors,
basically that tap support mirrors you used to capture your network communication.
The last item Arjun is called a software defined networking, or STN.
It is a method by which organisations can manage your network services through a decouple underlying infrastructure, allowing quick adjustment to changing business requirements.
Perhaps another definition that that falls within the parameter is it's what basically the STN. It's where package or right up do a controlled control. In other words, whether that a traditional router which improves the overall performance
at this point time we have a post assessment quiz, in fact is a true a false statement.
And it reads as follows.
The purpose of a firewall is to prevent unauthorized access to the network and is also vital that no. One employee, it was a sponsor maintaining the rules.
Is this a true a false statement?
In this case, if you select the true, you're absolutely correct.
Let's not turn our teacher toward the key takeaways from this particular video presentation.
Doing this practical presentation we learned in the VPN technology and able to use a unsecure public networks as if they were a secure, private network.
We learned that a site to site VP and is one that connects to sites together
well under the revolt excess BP anyone that enables workers to connect to an organization network from anywhere on the Internet.
We learned that a honeypot consists of data, for example, in a network site that appears to be a legitimate part of sight, but it's actually isolated and monitored That's what a honey pot is.
Wallace is a term uses for our telecommunication,
in which electromagnetic weighs whether than some former why carries a signal over part of all of the communication pound.
A guest network is a separate network used for visitors. Guess other people not directly associated with your organization.
In our upcoming presentation, we'd be taking a look at a brand new objective, which is 3.3, given a scenario if met, secure system designed and again, I want to thank you very much for your attention to detail, and I look forward to see you in a very next