Mitigating External Risks

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Course
Time
8 hours 25 minutes
Difficulty
Advanced
CEU/CPE
9
Video Transcription
00:00
>> Now we've talked about protecting the data itself,
00:00
let's talk about protecting the network a little bit.
00:00
When we're talking about
00:00
protecting the network, of course,
00:00
we have to think about internal and external threats.
00:00
Let's focus on external threats
00:00
and external risks for just a moment.
00:00
When we think about protecting
00:00
the network from external threats,
00:00
external attacks, one of
00:00
the first things that we should
00:00
think about is a firewall.
00:00
Now, a firewall can be hardware or software,
00:00
and what I mean by that is it can be
00:00
a standalone hardware device that is just a firewall.
00:00
Like you might go out and buy
00:00
a specific device sometimes called
00:00
the black box or a hardware appliance,
00:00
that's job is just to be a firewall,
00:00
or an alternative is you can have
00:00
a computer system that you install firewalls software on,
00:00
install two network cards
00:00
connected to two different networks,
00:00
and the software turns that computer into a firewall.
00:00
Now, generally,
00:00
we prefer our hardware firewalls
00:00
because they're much more secure.
00:00
If you install firewall software in the system,
00:00
that system is already running an operating system,
00:00
that operating system has it's own vulnerabilities,
00:00
there's the middleman between
00:00
the firewall services and the hardware.
00:00
A software firewall has it's
00:00
benefits in that it's cheap,
00:00
it's usually pretty easy to implement,
00:00
but it's not good for real production environment.
00:00
Now a hardware firewall though,
00:00
is specifically a dedicated firewall.
00:00
There is no other very scaled down
00:00
operating system that wouldn't allow
00:00
an administrator to configure it,
00:00
but other than that,
00:00
no other bells and whistles.
00:00
Now, the job of a firewall
00:00
primarily is to isolate the network into
00:00
zones of trust and inspect
00:00
traffic as it moves from one zone of trust to another.
00:00
We have very trusted areas on our network,
00:00
we have untrusted areas on our network, and of course,
00:00
the ultimate bad neighborhood is the Internet,
00:00
so we absolutely want to isolate from there.
00:00
We talk about these ideas of trust,
00:00
and as traffic moves from
00:00
a layer of higher trust to a layer of lower trust,
00:00
the firewall inspects that
00:00
traffic and uses rules that have been created.
00:00
Generally speaking, there some artificial
00:00
intelligence firewalls now that are
00:00
developing and are really
00:00
revolutionizing the speed and
00:00
the capabilities of firewalls.
00:00
But for the most part,
00:00
they're built with access control lists that contain
00:00
rules about what type of traffic to allow,
00:00
what type of traffic to block.
00:00
Then we use these firewalls to
00:00
create the segmentation on our network.
00:00
For instance, as I mentioned before,
00:00
the worst neighborhood in town is the Internet.
00:00
In the little illustration at the bottom
00:00
over on the left, the Cloud,
00:00
which is always what we use to indicate the Internet,
00:00
you can see that's untrusted.
00:00
Now, in the middle,
00:00
I have a network that we call our DMC,
00:00
and a DMC stands for demilitarized zone.
00:00
The idea is that we've got an area of space where I as
00:00
an organization can put
00:00
my servers that are to be publicly available.
00:00
Now, let me just stress, the vast majority of
00:00
my systems I do not want to make available to the public,
00:00
but my web server,
00:00
for instance, I want
00:00
external users to go to my website,
00:00
I want them to buy my product,
00:00
find out more about my company,
00:00
so it has to be somewhere that's publicly available.
00:00
I would never let
00:00
external users into my trusted network, my LAN,
00:00
so I need to put that web server
00:00
somewhere that's off my LAN,
00:00
but somewhere that they can
00:00
access but somewhere I can still protect,
00:00
and that's exactly what the DMZ is for,
00:00
and this is testable.
00:00
Some devices you might find in your DMZ
00:00
would be your web server,
00:00
your mail server,
00:00
you would probably have a honeypot
00:00
here and we talked about honeypots earlier,
00:00
but honeypots are those devices that
00:00
look like vulnerable servers and
00:00
their job is to get
00:00
an attacker's attention to
00:00
distract them away from the rest of the network.
00:00
You would have intrusion detection system
00:00
in your DMZ because that's where
00:00
attackers are most likely to be.
00:00
In that semi-trusted area,
00:00
we still have protection over
00:00
it but we also allow the general public in.
00:00
What we have, we have the Internet,
00:00
then those folks coming to
00:00
our DMZ would go through a firewall.
00:00
Now this firewall doesn't
00:00
lock everything down 100 percent.
00:00
Remember our job is to let the
00:00
vast majority of the general public in,
00:00
but we do want to filter for things
00:00
that are obviously malicious in nature.
00:00
As a matter of fact, we might have a web proxy,
00:00
and a proxy is a specific type
00:00
of firewall that's geared
00:00
towards a specific type of traffic.
00:00
You would have a web proxy,
00:00
you would have a mail proxy,
00:00
it's unique to a specific protocol.
00:00
Some inspection before traffic is allowed into the DMZ.
00:00
Now, from there, if someone was
00:00
looking to go from the DMZ into the land,
00:00
well, that firewall, there's another firewall,
00:00
the internal firewall,
00:00
is going to be very, very restrictive.
00:00
We as a very strong statement don't want
00:00
external users coming into
00:00
our LAN unless they're thoroughly verified,
00:00
unless they go through several access mechanisms
00:00
so that we can ensure
00:00
that only those users
00:00
that should have access are able to have access.
00:00
What we've done in this diagram is we've used
00:00
our firewalls to create different security zones,
00:00
untrusted Internet through a firewall to get to the DMZ,
00:00
which is semi-trusted,
00:00
then go through a firewall to access the LAN,
00:00
and that's what firewalls bring to the table,
00:00
is they bring that ability to
00:00
segment out the network and require
00:00
that any traffic moving from a different layer of
00:00
trust goes through an inspection process.
00:00
Now there are a couple of other network devices
00:00
that you'll hear, and again,
00:00
you don't need to go too deep into this,
00:00
but you're probably familiar with switches and routers.
00:00
Switches main job is to make traffic more efficient.
00:00
A switch is good way to connect
00:00
multiple computers together and it
00:00
brings down the amount
00:00
of traffic collisions that we have.
00:00
When you have lots of systems
00:00
competing for time on the network,
00:00
you tend to have collisions.
00:00
Bringing switches in has
00:00
all but eliminated collisions on the network,
00:00
and it also expedite the movement of traffic
00:00
by addressing traffic to
00:00
each system based on their MAC address.
00:00
Over time, a switch learns about the network and it says,
00:00
oh, Computer 1, 2, 3,
00:00
4 goes out Port 5 or whatever,
00:00
but it maps the MAC address to a specific port.
00:00
It's very efficient at directing traffic.
00:00
Now routers isolate traffic based on broadcasts.
00:00
Well, protocols in certain applications
00:00
can be broadcast intensive.
00:00
A broadcast is a message that's
00:00
sent to all hosts on the network.
00:00
If you have an application
00:00
or system that's broadcasting a lot,
00:00
that causes a lot of clutter on
00:00
the network that most hosts don't need.
00:00
Broadcasts can be blocked by routers.
00:00
Well, broadcasts are blocked by routers.
00:00
Then the other thing that routers do
00:00
is they create separate subnets,
00:00
and each subnet is a network unto itself,
00:00
can have its own security requirements,
00:00
its own filtering of traffic to and from.
00:00
Each subnet is a separate mini network,
00:00
and we create those of one for broadcast domain,
00:00
but also maybe to control bandwidth to
00:00
a specific area definitely for security purposes,
00:00
like I said, to create
00:00
stricter rules on who comes and goes from that network.
00:00
Lots of reasons to break your large network
00:00
up into smaller pieces and that's what a router does.
00:00
Now, a VLAN which is a virtual LAN,
00:00
does almost the same thing as a router,
00:00
but it does it on a switch.
00:00
Switches are cheaper so that's a big benefit.
00:00
VLANs will isolate broadcast traffic and keep
00:00
traffic and make sure
00:00
that broadcasts don't flow across the whole organization,
00:00
but just to the subnet
00:00
on which the broadcast originating.
00:00
That's a VLAN.
00:00
The problem is though,
00:00
that VLANs don't allow
00:00
communication from one VLAN to the other.
00:00
If you create subnets on a router,
00:00
all those subnets can communicate,
00:00
but when you create these segments on a VLAN,
00:00
you can isolate the traffic
00:00
but the VLANs can't communicate.
00:00
What we actually need if we
00:00
really want efficient traffic flow,
00:00
a Layer 3 switch.
00:00
We can create a VLAN on a Layer 3 switch and
00:00
we get just about the exact
00:00
same functionality as a router,
00:00
but we get the cost savings of a switch,
00:00
and a switch is also
00:00
easier to logically configure as well.
00:00
These are just a handful of
00:00
devices just to be familiar with.
00:00
Doubt, you'd see anything
00:00
technical but something just as
00:00
basic as how do the VLANs help secure network?
00:00
Well, they allow the isolation of traffic,
00:00
the creation of separate segments
00:00
just as a router would do but cheaper.
00:00
Just something along those lines,
00:00
just having an upper-level,
00:00
high level understanding of
00:00
what the basic network devices are.
Up Next