Module 6 Conclusion

00:03

Hey, everyone. My name is Peter Sip alone. And this is the network Security course.

00:09

This is the conclusion Video for module six.

00:15

So the Perec visits for this video,

00:18

everything we've learned and everything we've seen up until this point.

00:24

Let's recap what we learned in module six. Well, the model six we took a look at computer protection components. Specifically, host based intrusion detection systems and intrusion prevention systems. Remember? And I d s on Lee alerts someone that there is a problem.

00:44

It does not prevent it. While the intrusion prevention system

00:48

you hurt someone there is a problem, but then actively tries to prevent it as well. Remember, with the I. D s, it sits off to the side of the trap. Now the computer traffic going back and forth

01:02

and takes it, looks at a copy of every single packet, sees the i PS, sits in the line of network traffic and actively tried to prevent any problems.

01:11

We've taken a look at firewalls and anti malware, and how every computer pretty much comes with a host based firewall. This is a software firewall and how every computer or most computers really need some type of anti malware, which is an agent that scans files registry keys

01:32

stated in the operating system, looking for

01:34

suspicious activity. It's on a seek and destroy mission to your rid of any viruses or malware that it might come across.

01:42

We also looked at integrated Windows computer protections. So these are things like the lock screen where you just hit control, delete and click. Lock this computer, and that brings a block screen where you can't get back into access to the computer until you type in a password.

01:57

This prevents people from seeing your screen when you're not there, but it also prevents malicious insiders people who work in your organization that might want to cause you harm.

02:09

We also looked at the file system properties that you can restrict access rights to on your files and folders so you can just right click any file and folder go to properties. And then, from there, you can simply give people whatever rights you want them to have, whether it be read, reading, right,

02:29

execute whatever.

02:32

We also opened up the protection components a little bit larger to the network. So with network protection opponents, thes protection components are cover everything. That's all the network, all of the devices. That's all the servers, databases, computers. And they focus on the movement between

02:51

computers, whereas the host based stuff

02:53

focuses directly on the hosts of the systems themselves. So similarly, we have needs and nips the intrusion, protection and the intrusion prevention.

03:06

We saw the Network firewall, which are hardware firewalls and network access controls, which determine what gets access the network through accounts and group accounts so you can use group accounts to give people access permissions to the network. And then there's also depositor assessment,

03:24

which is a security inquiry to all the voices that are trying to connect to the network.

03:30

You can ask for any type of operating system information versions, a kind of anti malware they might have and a couple other things to determine whether or not they should be allowed to the network. So with the result of that, if they're not allowed to network, they could need to be blocked completely,

03:49

or they could be transferred to like a guest networks that they have limited access to things. We also took a look at device hardening techniques. These are things like disabling unneeded services services running or great. Most were unneeded

04:04

and honestly is very difficult to determine what services are normally running, since there are so many things running on the computer at the time.

04:12

So the more you can limit them, the better off you will be.

04:15

Definitely want Change all default credentials for network devices. This includes firewalls, routers and switches. You definitely don't want to leave. It is admin admin, because thes default now or credentials can be found online and definitely want to eliminate any unnecessary ports.

04:31

There's no need to have all 65,535 ports open

04:36

when really you only need to use a couple of them, depending on whatever the device may be.

04:44

Also, if there's updates necessary, please update but there for a reason.

04:50

We also took a walk at a Windows firewall. Dem A. This was a two part lesson where we went into a Windows Software Dem A firewall and we don't it out. We took a look around. We saw how with lead out, we saw where to fund rules in the properties and how to check the logs

05:09

to see what have was happening with the far wall wall came in and what was coming out.

05:13

We also took a look of how to add and create policies that could be applied to the firewall as well.

05:21

Lessons from the field. The whole point of this, with network protection components and the host protection components, is to show like defense in depth. Obviously, we want to protect our data as much as possible. We want to keep that data secure, which is confidentiality.

05:40

We want to make sure the data stays the same and doesn't get modified in any way. That's integrity,

05:44

and we want to be able to access the data whenever we need it. That's availability, and those are the three common core cybersecurity principles.

05:55

So that's why we want defense death. We have the host comprehension components. These focus on host based stuff or threats originating from inside the network. And, you know, this is things like putting a USB stick into a computer that might have some malware on it, or something like that.

06:14

And then, obviously there's network

06:15

computer security components as well for anything that's trying to come into the network now, defense in depth is important, and the network components, security components and the host security components really do complement each other. And the reason why they're both that necessary

06:34

is because off

06:38

a term known as a lateral move, just about every single data breach starts out by one device on the network getting infected now.

06:47

Usually, if the Attackers can get the one device, there is not a guarantee that they can get admin access and do whatever they want in the network. Usually devices air lock down to a certain extent, and so if there get on device, there's a good chance they might not really be able to get view to do whatever they want.

07:08

So they have to move laterally

07:11

to another device,

07:14

um, to basically try to find admin access or to stumble across the data. So it's this lateral move, which protects the network components which the network, the which the network components can pick up one and then from there, detect that a problem has happened.