3 hours 20 minutes
everyone. My name is Peter Simplon and this is the network security course. This is going to be module for less and one part one and where we talk about networked apologies and network segmentation and isolation.
The prerequisites for this course are modules 12 and three
module, one being the introduction module to being the core cybersecurity, foundational principles and model of three select security applications such as data loss prevention, risk management and incident response.
In this lesson, today we are going to take a look at network structure and apologies and network segmentation and isolation.
So this is the basic structure off most networks now. This is merely an example. This will not apply to every single network everywhere. But generally speaking, this is what a network structure looks like. So e sick. Normal structures
off the network have four major major components.
There is the Internet,
the extra net and the D M Z.
So we'll start off with the Internet. The Internet is the wild, Wild West. This is this is the web. This is where you go to access all of like the websites, any type of thing you want anything you could possibly imagine that you want to find on the Internet
is in the Internet section, right? This is the untrusted public area where everyone is allowed.
The intranet is the private area of your network and organization. This is where all your data is kept. This is where all your important resource is our, and this is where users log on to operate and get access to those data. And resource is
there is the extra net, which is not look not pictured here, but it's like a subset of the Internet. The extra net is kind of like a middle ground, essentially for people who will need access to some resource is, but I don't want to give them access to
all. The resource is that are in your intranet.
So what? The extra net. It's really for like third parties in vendors, so they can be on your network and in your network, but they don't have access to all the private things inside your network.
Then, finally, the last section is the D M Z Zone. DMZ Zone is known as the DeMillo Demilitarized zone, and a kind of sits between two far walls
in this example here, there's only one firewall where information comes into the firewall and then goes into the D M. C D M Z
can kind of begins. It's similar. It's similar to an extra net where there are certain resource is out there
that people might need access to so it re sources in this area usually include Web servers or certain application servers.
Network segmentation is very good as a very good idea and a very good practice to segment your network whenever possible. Besides, performance issues load balancing redundancy issues, there are also many security issues which benefit from a segmented network.
Ah, couple examples of network segmentation. Our virtual lands, Virtual lands are similar to raise your lands, except that they technically don't exist. They are virtual virtual lands, lets you create, essentially lands on on top of land so you can use
so you have your existing land
and you have the routers, switches and everything. But inside those routers and switches, you can create another land, also known as virtual land, that which is separate from the other land. So it's essentially splitting a land into two and making one virtualized. In this example here. This picture shows
how a virtual land looks,
so we see virtual land. One is the yellow and virtual land to is the green. As you can see, they do use the same switch, even though it's two separate lands.
The second type of network segmentation for security purposes is air gapped networks. Air gapped networks are networks that have no connection to each other at all. They are completely separated from each other. And the only way to transform to transfer information from,
two networks that are air gapped is through the sneaker net. And this is where you take a flash drive or some type of removable media load data onto it and then physically walk it over to the other network. And then, from there you can transfer the data.
The third type of network segmentation is important is really guest networks. This applies to WiFi, so if you have vendors or if you have guests in the building and you want them to have Internet access for their phones, maybe their laptops, but you don't want them to have access to your private resource is, then you would put them on the guest network
and this is really just another segmentation way
for them to have access to the Internet without getting access to your private stuff. That we're segmentation is important for obviously security practices, but obviously also congestion troubleshooting. This is why networks are submitted,
and it's really helps for a load balancing as well.
Some networked apologies. Apologies are in place just for the convenience of networks there used to help troubleshoot to help keep information segmented. And there's a bunch of different ones that we can take. A quick look at top one here at the 12 oclock position
is known as the bus topology.
This is where computers connect to a wire and the wire transfer for transfers. Information back and forth across the wire to all the other computers that are also on the wire.
There is the ring topology, where information is transferred in a circle to all the computers that are a part of the ring.
There is the star topology, where there is a really big switch in the center and the computers and servers and everything. They all connect to that switch, and that's how they get access to each other. There is the mesh topology, where every single computer or server on the apology
and on the network is connected to
every other single computer or server. On the network,
there is the tree topology, which is also considered hybrid topology. It is a combination off the bus and star apologies, and there's also the also hybrid topology, which is known as also known as the Ring Star topology.
So the treats apology in the harbor topology. They're technically both apologies,
although the bus and star topology is known as the tree, and a hybrid is mostly known as the ring and Star.
With all of these apologies, most of them aren't very used very often the bus topology and ring topology or order topology so you don't see them much very often. The stark apology is commonly used today. The mesh topology is not very used, it all simply because it is too much work to lay cables
from every single computer on the network to every other single computer on the network.
And obviously, hybrid apologies are used as well. Harvard apologies kind of came about as a result off the bus and ranked apologies being popular back in the early days of computer networking. But then the starts apology came out,
and people like the efficiency of the star topology, even though they were currently using the bus rink apologies.
And so they kind of just created the hybrid. They. Either they took the star topology and either added it to the bus or added it to the rink. Apologies. The one that's most commonly used in existence today is the star bus topology.
In this part of the video, we discussed network structure and segmentation and network apologies.
Which of these is considered to be a hybrid topology? Is it a bus topology,
B star topology? See tree topology or D ring topology?
If you said see tree topology, then you are correct. Remember, a tree. Topology is a mix between the bus and start. Apologies. Hope you guys learned a lot in this part of the lesson, and I'll see you next time for Part two