45 hours 38 minutes
this video is part three of section 2.1
installing configured network component To support organisational security,
please see part one toe learn about network devices and part two to learn about network security devices. I will continue that conversation with Part three talking about network access control, Security incident invent management systems,
data leakage prevention,
S S L T L s accelerators,
male immediate gateways and hardware security modules.
That premise behind Network Access Control, or NAK, is to secure the environment by examining the user's machine and then grant or not grant access based on the results. Nak is based on assessment and enforcement.
For example, if the user's computer is not up to date and no desktop firewall software is installed, you can decide automatically using NAK whether to limit access to network resource is any host machine that does not comply with your defined policy could be relegated
or to a remediation server
or quarantine an area or put on a guest villain.
The basic components of Nak products include Access requester, a R, which is the device that requests access assessment of the device, can be self performed or delegated to another system.
Second component is the policy decision point, or PDP.
It's the system that assigns a policy based on the assessment
the PDP determines access.
Last component of ANAK is Policy Enforcement Point, or P E P. It's the device that enforces the policy. This device could be a switch, firewall or router.
The device trying to connect to a network may have something on it called an agent to verify the device. Whether it's running up to date, virus software and agent will also perform other host checks that the administrator wants to have run.
If that agent is always on that device, it is said to be permanent, and this is usually the case when connecting with most company issued devices.
If the agent is installed on Lee for that session, it is said to be dis solvable. This is often the case with browser bay sessions and users connecting from guest machines, such as when traveling.
These are all terms you need to be familiar with when learning about nak,
a common device, were finding on corporate networks. It's a security information and event management, or SIM system.
A SIM collects, correlates and displays data feeds that support response activities. Basically, it funnels all of the logs from multiple systems in tow. One point.
It's used to centrally manage security events. A SIM can also correlate events coming from multiple systems. For example, an event on one device might not be recognized, but when seen on multiple devices at one time through a centralized log system like a sim can create an alert.
It can also be used to normalize events across a network. So what's normal network traffic, with normal activity on your systems and servers,
that could be a function of a SIM and used for context and alerting. Lastly, a SIM provides reporting and report generation on the data gathered.
So could be a centralized console for your security activities.
SIM products provide real time analysis of security alerts that air flagged by network appliances, software applications and system does this through aggregation and a centralized point for all. Logging takes logging off of local systems and puts it into a centralized management system that could be better protected.
Not only do some solutions aggregate and correlate the events that come in, but they can also perform time synchronization as well, an event D duplication
similar events happening on multiple systems rather than recording them individually. Event D Duplication sees that as one event rather than multiple events.
Right one's read many protection is a feature where it will write the information from the logs into media that cannot be tampered with.
Be familiar with how SIM works not only for Security plus but also because it's a common security and networking device.
Data loss prevention is another security feature we are seeing common within networks.
Deal P is a way of detecting and preventing confidential data
from being removed, physically or logically from an organization, either by accident or on purpose.
Deal. P Systems Air basically designed to detect and prevent unauthorized use in transmission of any confidential information
based on one of three states. The data data that's in use in motion or at rest
at the network layer deal. Peace could be content filtering, such as a proxy
on systems it can provide application white listing
also on individual systems that could prevent sensitive data from leaving. Based on the application or use. It can filter on specific types of data such as credit card numbers, social Security numbers and other sensitive data. types. It also can provide hardware security,
for example, blocking USB drives
so someone can't plug in a USB drive to be used to expel trait company data, whether on accident or on purpose.
Additionally, DLP does provide cloud level protection, preventing people from storing sensitive company information on unauthorized cloud service or storage networks.
S S L T L s convey a burden on some networks and cause Leighton see,
a device that is used to reduce that late and see is the SSL or T l s accelerator
it off boards that SSL encryption and decryption. It accepts T. L s SSL connections from the end point and sends the connection to the server unencrypted. This is often associate it with load balancers.
Gateways perform any functions. At its simplest definition, a router is a gateway because it connects two different networks.
Other types of gateways include mail media and a P I gateways.
Gateways provide centralization and common ized routing. It could include encrypting automatically encrypting media or mail.
A spam filter is another type of common gateway.
Incoming email is filtered for potential. Spam can also check for outbound email to make sure someone from within your organization isn't inadvertently trying to spam other people or organizations.
A proxy server can also act as a media gateway.
All of these reduced network load and provide a centralized enforcement point for security.
The last network security component for this section is the hardware security module, or HSM.
It's hardware based encryption that manages digital keys,
accelerates cryptographic processes and provide strong access authentication.
It includes encryption within the base hardware for the operating system.
TPM, or Trusted Platform module, is used to assist with cryptographic key generation
Sea domain six on cryptography toe. Learn more about encryption and the use of certificates and keys.
In Part three of section 2.1. I talked about multiple other types of network security components.
Let's practice on a few simple questions.
Which international standard is used for network access control?
Nak is associated with
IEEE 802.1 x.
The answer is a
refer to your study notes. For more information on this topic,
this concludes Part three of section 2.1 talking about the installation and configuration of network components, both hardware and software based to support organisational security.
Watch the other part to get a full picture of all that's included for this domain within security plus
CompTIA Security+ SY0-501
The Practice Labs practice exam CompTIA Security+ SYO-501 practice test challenges the student to demonstrate ...
CompTIA Security+ 501
Empower yourself as a security professional by gaining the fundamental knowledge for securing a network ...