3 hours 20 minutes
everyone. My name is Peter Sip alone. And this is the network Security course. This is going to be module for lesson one, Part two
Prerequisites for this lesson. Our modules. 1234 And the lesson one part one of module for so module one. We took a look at the introduction of how this course is laid out model to we covered the cyber security
basic foundational principles. Module three. We took a look at select applications such as data loss prevention, incident response and risk management. And in the first part of this lesson one here we took a look at networked apologies
and network segmentation and isolation.
In this lesson, we will look at network designed protocols, principles and controls.
Ah, couple of really important network design principles. These principles are very important to network security because they prevent prevent data from leaving the network. They prevent data from falling into the wrong hands, and they really protect people and things on the network. So the 1st 1 is known as least privilege,
and this is giving people the least amount of network access to do their jobs.
This means they can a person can only access things on the network that they absolutely need to get done. Their work, I'm doing kind of think of it as like horse blinders on a horse on a horse race, where they can only see what's in front of them. They can't see around to any of this other sides
now, if an example of this. So let's say someone works in the payroll department. They have access to all the PAVE role resource is and that's it.
They don't have access to HR stuff. They don't have access to either accounts payable or accounts receivable or any of the I T information. All they have access to
are is the pay viral information. If they switched, departments say, apart, the person from payroll gets moved to D marketing department. They have access to the marketing department stuff. They gain access to that and they lose the access to the payroll. Information. Police privilege
gives people the least amount of work
and network access to do their job
separation of duties, having more than one person required to complete a task. This make sure that one person does not handle everything and thus creating a single point of failure. You want to spread out tasks,
our steps of task between different people. And this also helps people be honest because you know someone else is checking their work.
An example of this would be like a student and teacher. So if a student takes a test, they shouldn't be the one to also grade the test cause then obviously everyone would get 100. This is why you have a separation of do you or someone takes the test and someone else grades the test
dual control two people required to complete inaction at the same time. An example of this would be turning the New York ease the watch, a nuclear missile, something like you see in the movies. Or they have to turn the key at the same time.
Defense in depth, overlapping defensive mechanisms to address different attacks. It's there's so many attack factors which will get into later. There's so many parts of a network, it's it's not feasible to think that one defensive mechanism
can simply cover everything on a network there too many areas that a network can be compromised, and that's why there is defense and death. That's why there are email filters and scanners. That's why there's anti virus on the computer. That's why there are fire walls. All of these things overlap each other, too.
a complete defensive mechanism for your network. So if one goes down, one is inoperable, or if one simply doesn't detect ah, problem on the network, you have the other ones there to back it up.
A couple of really important network security protocols. The first and foremost one is known as I P. SEC. This is an authentication and encryption protocol, which works at the network. Liar. This protocol is kind of the de facto protocol standard at this point.
Four authentication encryption
on the network. Now it comes in two different forms the transport layer and the tunnel lyre, and each mode or motor form depends on the application, so certain applications want to use one. Certain applications use the other one. So in the Transport Liar, which is the
picture on the left,
the data is encrypted. Bought the header Info is readable,
so when you see a packet coming across the network, you can see where it's coming from and where it's going. But you can't see what's inside
in the tunnel. Liar! You see nothing. The data and the header info is encrypted, so if you see a packet across the network, you don't know where it came from. You don't know where it's going and you can't see what's inside.
A couple of other important per network protocols and programs, it's SSL and TLS. SSL stands for secure socket layer and TLS stands for transport layer security. So SSL is a protocol which checks a certificate to ensure server validity.
So with the small diagram at the top on the right,
you see a client a server on a certificate when a client
request access to an SSL protected server the server response with its server certificate, the client can then check out the certificate, make sure the certificate is valid. That is correct. And then from there it can connect to the SSL server. TLS
is SSL, but it's the more robust
SSL. TLS simply replaces SSL and to make it even war secure.
Https is an Internet protocol which uses SSL and TLS. You see this one locking on to pretty much every single website nowadays, all the main ones for sure, and you see that in the beginning because you see the https
and finally ssh, which is known as the secure Shell. This is a program to access remote computers. So before one of the more popular ones was telling that
which most people who have networking experience are very familiar with and telling that able do to access a computer that was not near you. So if you couldn't get to enact ah computer physically, you could get to it through telling that the problem with telling that was that it wasn't secure when you logged on to the remote computer.
You had to enter in
your credentials, but they were all clear text.
You could see them. They were encrypted or anything. So it's very easy for hackers to steal those credentials
and get into the remote computer as Shh! Takes care of that excess ssh creates ah tunnel when connecting to remote computers. So when you send commands
through ssh, you get the commands you send them. They become encrypted. They go through the tunnel and then they become decrypted, and then they can be used in the remote computer
network controls. Now we're controls. Help determine the flow of information to your network and keeping your network safe. Overall, there are three main control categories with different controls in each category,
so the three categories are management. Technical and operational management controls are usually things like policies and procedures.
Technical controls are controls that are executed by hardware and software systems, and operational and operational controls are controls that are executed by people.
Now eats inside in each category are really seven main controls. There are directive, deterrent, preventative, detective, corrective recovery and compensating.
So directive controls are things like configuration standards and policies. Deterrent controls prevent you or deter you from may be taking a specific action. So this would be something like a warning banner or a beware of dog sign or something like that.
You have preventative controls which prevent you from doing certain things.
This is things like user registration, maybe offense or some type of password log, and they prevent you from performing an action. You have detective controls. These controls help you determine when something goes wrong. Detective controls are used. Ah, lot in incident response, which we looked at
in the last module,
and detective controls are things like CCTV and security logs.
You have corrective controls, which are used to mitigate damage, fix problems and remedy certain situations
you have recovered controls these air controls that are used to help get your network back up and running after a security incident. Data breach. These types of controls are backups and disaster recovery plans. And finally, you have compensating controls
when the controls that you currently have are not enough. So you have to compensate for those controls by adding a few more. This is things like
job rotation and logging and layered defense.
In today's video, we discussed architecture, principles, security protocols and programs and controls
Stacey's, the work and accounts payable but then transferred to the payroll department after getting into an argument with her coworkers. Even after she switched roles, she still had access to the accounts payable. Resource is,
this is a violation of what principle?
A separation of duties
be least privilege.
See dual control or D the privileged access principle.
If you said, be at least privileged, then you are correct. Remember, Lease Pro Average is giving someone just enough access to do their job. So if lease privilege was being applied here she would lose access to the accounts payable Resource is
after being switched to the payroll department.
I hope you guys learned a lot in this lesson, and I'll see you next time.