greetings and welcome to saw Berries. Conti, A certified advance Security Practitioners Certification preparation course.
This is a continuation off Model seven, which is titled Network Security Architecture.
Here are the learning objective, which encompasses this particular module. In fact, we can continue our discussion off network security devices explain how they can be used.
This is actually Section two of this particular module
continue on a discussion of network security hardware. That's too that we needed highlight here with skull application aware firewalls. And then you have, well, application firewalls the application of where files or sometimes called the next generation firewall. They operated at a much higher level by identifying application that sent packages
dude a foul and make decision about actions to take
you wear application Foul is a special type of application. Ah, well, firewall that looks deeply into packages that carry http traffic
additionally can block specific sites or specific types off. Http Traffic.
The spam filter is considered an enterprise wide spam filter which blocks spam before it reaches the host.
You have to email within your email system that two protocols that operate you have S and T P and then you have the post office protocol oftentimes referred to as pop. Now the difference is is that with the SMTP, it handles outgoing mail
while your post office protocol handles all incoming mail.
The spam filters installed with the S and T B server or Simple Merit Transport Protocols Server it filters is filter, configure or lesson on port number 25 it past the non spam email to US Empty Server listing or another port.
This method is situated. Does it prevents esti serving from notifying the spammer off fail
This pamphlet will start on the pop server or Post office Protocol server, which you mentioned that protocol earlier. All spam was first passed through the S and P server and could be delivered to the user's mailbox.
It can result in increased costs. Storage transmission back up in the lesion.
Third party unity contract it to filter spam. All email is directed to the third parties. Remote email remote spam filter. The email is cleanse before being to redirect it to the organization.
We have our virtual private network, or BP ends what essentially VP and enables the authorized user use and on secure public, never as if it were a secure, private network. And literally, what it does is ah, VP increase in the end, what we call a encryption. Other words.
It creates a virtual tonal within the unsecured network infrastructure off
public network. And so you're a brick. What conduct secure communication? All the data trust between a remote device and is in fact is encrypted.
Force the types of VP and you have remote access BP in which is a user to use it to land type connection or local area network. You have a site. The site was you lies. Multiple sites can connect to other sites over the Internet.
The and points are the end of the tunnel between the VP and devices is used and communicate your BP and transmission. Maybe the software on the local computer, a VP and concentrate other words or hardware device or integrated into another networking device. Your VP and concentrator is in essence a dedicated hardware device
that aggregate hundreds or thousands of BP and connections.
As I mentioned before, the VPN is VP and Louise of BP and new Lives. A tunneling protocol where does in closer package within another package and they use for BP and Transmission.
I P SEC has to suck protocols that are used within your virtual private network, or VPN, and cat has what we call a cab sedated security payload or E S. P. And then you have your authentication hater or H
a remote access V P and General uses either I p SEC or use eyes a layer to Tallinn Protocol L to DP.
We have Internet content built us what they do. They monitor your Internet traffic. They can also block access to pre selected websites and fouls. Unimproved sites can be we rescript it based upon we call a your L A Universal Resource locator or matching a keyword or content inspection.
We have a Web server gateways. The Web server gate was it can block malicious content in real time and block content through application level. Filtering some examples of block Web traffic is at west by where cookies Instant Mrs Years,
Peter P. Or peer to peer script exploits or TCP happy, malicious cold attacks.
We have our intrusion that Texan systems
the truth in Texas is is they can detect attacks as it occur. Ideas system used different methodologies for monitoring four attacks, they can be installed on either your local hosts or never other words. You have a comment. You either have a network base or whole space. An extension of our Adi s is intrusion prevention systems.
Now, fourth Martin mythologies. We haven't They could be their basic form anomaly. Basic monitor what it does. It compares your current detective behavior with the baseline. We also have signature based Monty. It looks for the well known attack signature patterns. So these are the different types of mountain
mythologies. You have a behavior based monitoring
behavior based that text abnormal action by processes or programs. It alerts the user who decide whether to allow or block no activity. Then we have a heuristic monte, which uses experience based on techniques.
My fourth, the types of audiences, and choose a detection system. You have the whole space. It's a software based application that can attack, attack as occur, installed on each east system, needed protection. Now, what they gonna add about whole space intrusion detection system?
Now, a lot of time when you're going through the process of actually placing these advices, you have to adhere to what we call a strategic approach,
particularly if you're gonna pi Ah, host based on all the device with your internal network essential was going to do is end up slower now your network So you have to place it upon for strategic stand poured. Identify that item. What if it is determined? Like for example, I would definitely installed a whole space in choosing techniques system on perhaps on my database
Or maybe my email. But if you started stoner on everything else within your internal network because you said one is better than two and two is better than three
Then you're gonna run into a situation where you actually slow down the overall performance, your network. So you have to employ what we call a strategic approach, and we particularly we're gonna utilize these various devices. Now get getting back to the presentation there. You wanna start on east system needing protection
when it doesn't? Mom's a system called about system access. It can recognize unauthorized registry modification,
the host input, output communication and also, as I mentioned, working at the tech what we call anomaly type activity,
this brings us to disadvantage of your whole space and truth detection system.
in terms of disadvantages cannot monitor network traffic does not reach the local system. All log data is stored locally. It's also resource intensive and literally can slow down your overall performance of your system.
Next, Adam is that network intrusion Texan system. What it does. It watches for attacks on your network,
and that was intrusive. Texan system senses. They're installing your fouls and routers.
They gather information. Report back to the center device. You also have passive network intrusion system, which will sound a alarm in this situation when it it takes a potential attack or intrusion.
We also have application where I d s is, which again is a specialized intrusion detection system. They're capable using contextual knowledge and real time. It can also know the version operations or which application running. That's what it's what barbers are present in the system being protected
for the Intrusion prevention system Central What Edward A martyr Network traffic to Emilie Block a malicious attack, similar network intrusion, Texas system and that we're in choosing the prevention systems located in line or on the firewall.
It allows your network intrusion prevention to more quickly take action to block an attack you also application where Intrusion prevention system, which knows which advocates and running as well as the underlying operating system.
Another major advice that you can You lies in terms of overall security. We have a unified threat management security appliance, the network hardware that provides multiple security functions, such as anti spam, anti phishing antivirus antispyware. It also have banned with optimization content filtering,
encryption, firewall, instant messenger control where Fear turned and lastly, it also has intrusion prevention.
This brings us to a post assessment question for this particular section here. And of course it is. This follows which of these is not an advance off a load balancer, is it a. The risk of overload and desktop is reduce. Be network host can benefit for having optimized bandwidth.
C Network downtime can be reduced or D
dolls attack could be to take it and stop.
The correct response for this one is the risk of overload. The desktop is reduced, so this is not in a venture off a load balancer.
During this critical presentation, we took a look at the different types of network security devices and explained how they can be used, ranging from a firewall intrusion detection system intrusion, but Ventures system as well as their actual firewall and our upcoming presentation will be moving on in terms of progress of this this presentation.
By taking a look at such and three and spend how'd network technologies
essentially enhance your own security. I look forward to see your upcoming video.