Risk (part 4.3) De-Perimeterization

Video Activity

This lesson focuses on de-perimeterization. De-perimeterization is the concept of having to work about attackers across the Internet or people connecting to a company server from home. Companies are no longer just one office that needs to be secure; it's now a very far reaching device. Today, companies need to deal with the following issues and how...

Join over 3 million cybersecurity professionals advancing their career
Sign up with

Already have an account? Sign In »

10 hours 28 minutes
Video Description

This lesson focuses on de-perimeterization. De-perimeterization is the concept of having to work about attackers across the Internet or people connecting to a company server from home. Companies are no longer just one office that needs to be secure; it's now a very far reaching device. Today, companies need to deal with the following issues and how they relate to security:

  • Corporate IT versus BYOT (bring your own technology, i.e. using your own personal iPad as a work device)
  • Android and iOs
  • Laptop and traditional OSes
  • Securing enterprise

Devices need to be secure via network access control (NAC), companies can check to make sure a device is safe by making sure it has up to date virus protection and a secure firework before they can connect to a corporate network.

Video Transcription
one of the greatest things that has made our workplace environment more efficient
is called D perimeter ization,
and that's certainly a mouthful. But the idea is, if you go back. 25 years ago, most organizations had a mainframe server that was well protected, physically protected in a room, maybe Central Room. You call that kind of the glass house.
And on the desk cops people had dumb terminals. Those terminals were disc lous, so there was no potential for our users to bring in malicious code. There was no potential for them to export sensitive information. They had dumb terminals, which were nothing more really than a TV screen showing
what was actually being done on the mainframe.
We didn't have people connecting in from home. For the most part, we didn't have wireless access like it is today. We didn't have the Internet like it is today. So when we go back to that old, very centralized environment, we an environment that was much, much easier to secure them. What we have today
when we talk about D perimeter ization,
it's enough for all the disparate systems in our work environment to have to think about protecting them think about all the different operating systems, all the different types of devices. But not only that, but we don't have to just worry about our perimeter. What's within our perimeter? We have Attackers across the Internet, and most companies have Internet access today.
Course they did.
We've got to think about wireless. We gotta think about people connecting in from home, whether it's a VPN or still instances where people dial up and connect into remote access servers, and I know that stated. But it's still around in certain industries. So where is no longer do we have this nice, tight little environment we have to secure? You know, the walls are down now.
We are in an information sharing age. You know, if you're connected to the Internet,
you're just one of many networks that are part of the Internet that are accessible from the Internet. So this I give D perimeter ization. You know, we're not in Kansas anymore, so to speak. We have a very fluid, very far reaching environment.
This idea of B y o t bring your own technology. Sometimes it's called B Y o d. Bring your own device. Umm this is becoming popular and can be an absolute nightmare from a security perspective.
This is okay. You've got your iPad. Bring it in. That'll be your device at work. You know, take your device, whatever you prefer, and bring it in and connect it to our company network. Um, you can see the appeal from users. You have people that are diehard Mac users. You have ipad users. You have android. You have mobile devices of
from all flavors. And all vendors,
um, and people want to be able to bring their environment that they're used to in. They've chosen that divide in that environment. They want to use it in the workplace
and as beneficial as that may seem again, ease of use and getting urine users on board with an environment that they're comfortable in. Of course, the downside is having to secure all these devices and a device that a user uses at home and then pulls into the office.
You know what users do at home
really needs to be very, very separate
from devices that participate on my network. So you, of course, can see the potential for harm. If we're gonna allow this, bring your own technology environment, which senior management Many organizations are very, very un bored with. Senior management doesn't like to be told no, and they certainly don't like to be told no from people that work for him,
right? But their their focus may not always be on
understanding the threats and vulnerabilities that exist in a corporate network.
So any time I take a device home, do whatever I do at home and then bring it on, connect it into the office. There's always the potential for threat. So things that we would think about with securing these devices,
first of all,
something called network access control. Ah, lot of times it's appreciated as not
so. It's network access
That's all about.
Before you can connect my network,
I'm gonna run a health check a health check.
Now, if you think about things that would make me consider a system to be healthy,
I want if you're gonna connect to my network, you need to have an active up to date any virus program
and not just any anti virus program, but one that's acceptable to me as an organization.
I want you to have any spyware
software installed I want your system to be up to date through automatic updates or something along those lines. I want you to have a firewall. So when we talk about bring your own technology, one of the things we want to make sure is before system hooks into our corporate network. That's a healthy system, and we have to be able
to depend upon those clients
being able to qualify as healthy before being on the network.
Um, you know, there will certainly be lists of what's acceptable and what's not acceptable. We have thio make sure that we have policies that lock thes systems down when they're on the network. You know, this presents a huge potential for ease of use and for efficiency,
but it also presents a very large threat in the world of security.
If I had my way, every single system in my network would be exactly the same hardware and exactly the same software right up to the latest Patch bios revision number, everything Now obviously that's not practical. That's not the world we live in.
But when I'm securing a like environment, it's much easier for me to stay up and stay aware on those threats
when we take every individual, haven't bring in whatever they want from home, all these different systems with all these different vulnerabilities. Now we're asking our security team to be an expert across many different vendors in many different platforms because they've got to be aware of all the risks that can be coming. So
this could be a very beneficial environment. This bring your own device or your own technology.
It can present a whole lot of security risks as well.
Um, now the Android systems, the lion systems and all the apple components,
the various operating systems of the handheld devices, the tablet devices, you know they all have potential for exploits.
You know, there's such a misconception about their no real threats for the iPad or for the android or whatever. And, you know, I think we're just really starting to see some of those threats materializing. And as they become proliferated, you know, as more and more people are using, these devices were just going to see those. Those threats
increase, and we're gonna see greater compromise and compromise.
It doesn't matter who produces your operating system. Doesn't matter if it's desktop flapper operating system, laptop tablet, smartphone. All of these devices have vulnerabilities. We have to be aware of them with Cuban patched and updated.
And we have that. We have to just constantly be in that learning mode,
securing the enterprise. What makes it so simple? I'm sorry. So complicated is this D perimeter ization. An enterprise environment today.
Can conduct consist of a multinational corporation? We've got offices across the globe. We have different technologies toe link these offices. We've got to think about virtual ization because virtual ization is very popular. And we'll talk about that in just a little while. You know, all these different devices
very much.
Ah, hetero genius system. Meaning different differences all across the board. So it certainly becomes a challenge to secure the enterprise.
Up Next

In our online CompTIA CASP training, you will learn how to integrate advanced authentication, how to manage risk in the enterprise, how to conduct vulnerability assessments and how to analyze network security concepts and components.

Instructed By