7 hours 35 minutes
Hey, guys, Welcome to another episode of the S S C P Exam Prep Siri's. I'm your host, Peter. Simple of this is going to be the seventh lesson off the six domain.
So far in the sixth domain, we've taken a look at the O. S. I and T C p i P models, which described networking. We've taken a look at I p networking, which is how information is actually sent over the network. We've taken a look at networked apologies, different off
layouts and forms that organizations can use to set up their network.
We've taken a look at D. N S and L DAP, which are both used to acquire information. We've taken a look at commonly used ports and protocols. We've taken a look at telecommunications technologies and how they interact with the network. We've seen how managing network access is very important.
in this lesson, we will look at multimedia service's and technology, really things like removed for things, things like remote meeting technology, instant messaging and how they are integrated with the network. Lets get started.
The use of multi media collaboration technologies really standard practice among different enterprises today and It's important for the SS IKI practitioner to be familiar with them and know how they work and what the responsibilities are when it comes to multimedia technologies.
Now there's many out there, but some of the most common ones are as follows. There are peer to peer applications,
which are designed to open an uncontrolled channel through network boundaries. Now this means that it's when two computers open on a tunnel on send information back and forth to each other through that tunnel directly. Instead of sending information through
the network. Er, you know, through any rally hers or anything like that, they simply
open up a tunnel and send information directly to each other. Now, this is usually used
for sharing resources or sharing files blood. Since an uncontrolled channel, people have a tendency to abuse this peer to peer application, and
he's usually send legal things back and forth between computer to computer, especially since it doesn't have to go through the network.
There is removed meeting, which I'm sure many of you have experienced or done at least once once in your place of this, things like Zoom Sky, team, viewer things where that allow individuals to come together in like a common area online
and you're talk back and forth, see each other and share files.
And there's also instant messaging. This is just chat service. I'm sure many of you have used this to that. Golfers really text, but even in more than just normal chatting and offers file, exchange, video, conversation and even screen sharing.
Now there's different ways of using remote access to get into your organization or from from home, or from where from where you are in a position. If you were not in your organization, people usually say I'm going to remote in as and they're going to
use their computer from outside organization and we moved into
And so there's a couple different ways you can do this. The moose, the boat, the most popular one is VPN, Virtual Private Network. This is really an encrypted tunnel between to host that allows them to communicate over an untrusted network. So the little diagram on the right shows you have VPN works,
you have the user's computer,
and you could literally create a connell that leads directly to air a server inside your network or inside your organization. And then you can send data through that tunnel and receive data through that tunnel. And it's six. You're No. One. No one else can see inside. No one can see that there is
in this tunnel. Known can see what the data is, and this is really good when you're trying to access Network resource is through the Internet.
You have tunneling, which is the more to the VPN George, the communication channel between two networks that is used to transport another network protocol. So do you have things like point a point, tunneling and layer to tunneling
and on you have radius. This is an authentication protocol you mostly mostly used in network environments for single sign all four network devices. So if you have to, you know, remote into the firewall of your network to make some adjustments, or you have to remove into
a rounder or something like that, you can use radius,
and when you use radius, it more or less remembers your authentication passwords. You can log in anytime whenever you need it.
It's more remote. Access technologies is the simple network management protocol. Now. This is mainly used for managing network hardware.
This is usually used for a thing such like Graeter's or switches, and the consists of a managing server and a client. Now the client is usually installed on usually around her or something like that, and from the server, you can retrieve and set values for
different pieces of hardware so you can kind of tweaked the configuration of certain hardware
pieces without if it without actually going to the hardware or getting into it. Now this uses ports
UH, 1 61 on 1 62 1st C, T, C, P and U T P.
He's also tell Net, which is a command wine protocol that gives access to another person's computer now tell that is widely used in small land environments. On it was originally developed by UNIX, even though Windows does use it as well. Problem with telling that is, it's
It's very risky.
It offers very little security. It poses serious risks, and it doesn't offer any encryption, and it's only limited to your neighbor password authentication. So you really wanna have telling that disabled on your computer unless you absolutely need it.
In order for a practitioner to effectively manage land based security. They have to understand the concept off the data plane and the control point of the network. Land based networks are divided up into two planes. The control plane and the data points of the control plane is the one on the top. This is where
awarding and rounding decisions are made.
This is where the network decides where they want to set packets from one spot to the other across the network based on the current flow of network traffic. They also exchange information with the neighbors as mostly it's like the management level where they kind of make the decisions.
And then the data plane is where the action
actually takes place. The data plane is known for carrying out the commands of the control point, such as four running and doing the writing tables. It's more of the action, whereas the control plane is more of the theoretical area.
Virtual Lands is a set of work stations within a land that communicate as if they were on a single went. So Ah, virtual land, also known as a villain, is really just a land that's sitting over top of ah physical land. But this land is just virtualized.
It doesn't actually have any hardware attached to it.
It has just logical boundaries. And it's it's good for splitting up a network or a actual local land.
The way it works, is it It acts like it's own separated land. So in the diagram here, as you can see, the villain is the yellow one. So all the computers that are attached to the yellow area or one network and feeling, too, is the green
networks. All the computers attached to the Green Network or a separate network of these air. Too
different networks combined over. Once it was more or less splitting one network into two without having to, physical networks said. And these networks are also isolated. So if you send a packet in villain, you can't access it or
that theoretically should be able to access it in
feeling, too. If you send a packet or a broadcast,
um, to you, other computers in your veal in it won't reach the other the land.
Now, why would you do this? While the most basic reason is for, uh, reducing network congestion on a large scale, uh, large scale lamb and there's plenty of other advantages, too. There is performance, so when you remove rather from an equation, this avoids bottle next.
It's very flexible, either. It's very easy to change locations and switch around computers in a villain
than it is in a regular land.
You can have virtual work groups, which you can kind of configure switches.
And you know, computers can be joined together without actually worrying about all of the network hardware being configured properly. And you can partition Resource is, ah, whole lot easier. Since everything is all virtual, it's not very difficult to shift resources from one computer to another and back and forth
now, just because villains are restricted to members voices, so other computers in the view and doesn't mean they are secure. There is a thing called the land hopping, which is the voices on virtual lands gaining access to traffic. That's on other feelings. So with everything in cyber security
these things are susceptible to attacks to now, just a quick overview of some attacks things like Mac flooding,
AARP attacks and brute force attacks.
It's important to always keep your device is secured no matter what you do or where you go And so one of the aspects off secure device management is me. Access control Security, also known as Mac Sick,
which provides point to point security on Internet links with connecting notes. So a cz, long as the nodes are next to each other, you can create a tunnel, if you will, from one note to the other.
Now, unlike some things with like such as he appeared, appear applications. Max. SEC supports encryption and integrity,
and you need security keys at the end of each wing, and it is in a very controlled environment.
Secure shell. I'm sure most of you have heard a secure shell or SS H. This is simply network protocol, which allows a person to operate devices over an unsecured network. Obviously, it provides, protects the integrity off communication and includes file transfer, committed, execution and removed Lock on.
It's also D N s Theoneste sec. It is a sequence of records that identify either a public key or signature scent of records. When you want to access a record a. D. N s record, it's hard to know if you're actually getting the correct D. N s record or not. So the D N s sack
really uses public key cryptography to ensure you that the record you are getting
is the actual correct record that you are looking for.
In today's lecture, we discussed removed access technologies, my insecurity and virtual lands
This is where forwarding slash rounding decisions are made. Switches and routers operate at this level. Is it a the data point?
Be the control plane.
See the segmentation plane
or D The view and level
If you said be the control plane than you are correct. Remember, the control plane is where all the management and technical theoretical decisions are made. And then it's the data plain where the action actually happens.
Thanks for watching guys. I hope you learned a lot in this lesson and I'll see you next time.
ISC2 Systems Security Certified Practitioner (SSCP) Practice Assessment
The SSCP exam preparation package helps students prepare for the ISC2 SSCP certification exam. ...
(ISC)2 Certified Information Systems Security Professional 2015
(ISC)2 Certified Information Systems Security Professional 2015 is a practice exam preparing for the CISSP ...