3 hours 20 minutes
Hey, everybody. My name is Peter Sip alone. And this is the network Security course. This is Module six. Lesson one.
Prerequisites for this course are modules one through five module, one being the introduction module to being the core foundational cybersecurity principles
Module three. We looked at select applications, including data loss prevention, incident response and risk management.
Module four. We took a look at network structures and apologies along with some important designs and protocols
and module five, we took a look at some security products. We learned what malware was and things like that. Now, finally, in this module, we're going to take a look at protection components for computers and networks.
So in this lesson, specifically, we're gonna look at computer protection components only.
And how, since everything is connected on the network, a critical part of network security is the systems and computers that sit on the network.
Let's start off talking about his and hips. So, first off, what is an ideas and I ds is an intrusion detection system.
This tells people if there's attack taking place on the computer itself.
Now the H in heads stands for host based intrusion detection system and this is a passive device. So what it does is it tells people if there is an attack taking place on the network. But that's all it does. Since it's a passive device, it has to work well with
other devices, including
firewalls and anti malware agents.
So the, uh, the I. D. S is a critical part of defense in depth because it can pick up the slack from a firewall or an anti malware agent. Sometimes things get through the firewall, or if something gets inserted into a USB port
or something like that,
then the firewall might not always pick it up. And this is where an intrusion detection system takes place. Ah, good example of this is if there are too many log on attempts that have been failing, the firewall probably won't pick up on that, but the intrusion detection system will.
So what is what does this do? Well, the intrusion detection system monitors different things like file objects, programs, running services, running and data in the U. S. Looking around for anything malicious. If it spots a malicious file, it basically sounds an alarm.
So how does this work? Well, the intrusion detection system works by sitting next to the flow of traffic across the computer system, and it examines a copy of every single packet it sees.
It examines the copy, but it does not interfere with the original packet itself.
Because of this, there are three effects which one should be aware of. There is a slight delay between malware hitting the computer and the detection being noticed. Because you're looking at a copy or not actually looking at the real thing,
there is no impact on traffic flow
because it does not sit in the flow of traffic. And finally, if it goes down or becomes inoperable, for whatever reason, then there is no harm done. There's there's no problem simply because it won't be holding up anything.
Now. An intrusion prevention system and I PS is a little bit different. This tells people if there's an attack,
but also it tries to actively stop the attack.
So in the little diagram on the right said, Hey, there's an attack happening. I am going to stop it.
So this is where the hips comes in. This is a host based intrusion prevention system.
Now, the intrusion prevention system, obviously looks at the file objects, applications and data looking for things, but also it sits on the flow of traffic so it looks at the packets and the packets go through it when they go from one spot to another on the network. Now, if you see something,
then it trash at actively tries to stop it
so it would maybe block access to a program or restrict access rights to a specific file or an object or something along those lines. Now intrusion prevention systems. While they are technically better than untrue shin detection system,
the false positives could be very dangerous.
So if intrusion detection system detects a false positive, where thinks it's an attack? But it's not an attack. That's okay, because all it does is make. All it does is given alert, whereas with an intrusion prevention system, if it senses an attack, it's going to try to stop the attack.
So this, in turn, if there's a false positive than the intrusion prevention system, might stop an actual legitimate riel. You know, good program or object from being accessed or run.
So if there since and also since the I PS sits in the flow of traffic. If it goes down, then there's an actual problem in traffic. Can't go from one spot to the other on the computer system.
Some more computer protection components. The first is an anti Mauer agent. This kind of is like your anti virus, in a sense, where it's an agent that works in seeking destroy mood by scanning files or objects. So usually an I. D. S or an anti Mauer agent. Usually they come and kind of like an all in one software bundle.
But the anti Mauer agent
works by scanning different files, or it responds to an I. D. S. And then from there, it can quarantine files or prevent certain programs running.
There's firewall, which comes with every pretty much every single computer, especially windows. And I believe Mac OS has the fire. Wallace. Well, these are far to the actual computer itself, and it filters traffic coming to and from a computer.
Now, remember, we said the far wall is kind of like a really big warehouse where information comes in, and then it gets looked at by the access control list,
and then if everything is OK, then the information can leave out the other side. If it's not okay, then it gets blocked. Now, one of the shortcomings with Ah host Far Wall is the fact that
it can only look at information coming to and from the computer system. So if there's an attack going on in other parts, the network, there is nothing that the host firewall can dio.
There are also a couple of built in computer protection components, especially with Windows computers. 1st 1 is the lock screen. This is simple way to avoid problems with malicious insiders and maybe some type of other physical threat.
This is simple control, all delete on the keyboard, and then you can click the option that says, Lock this computer,
and then that will put up a lock screen so one nobody will be able to access your computer unless they have your password. And to this also prevents anyone from seeing your desktop or what you might have going on or running on your computer.
You can also require a password told Lock on. This is incredibly important in terms off physical threats and just maintaining good integrity and health of your computer.
And there's also file systems, permissions This is what people have access to in your document file system. So usually with any type of file or folder and the Windows computer, you can right click and you can go to properties,
and it pulls up a very window that looks very similar to this.
This right here determines who has access to this document or folder. You can share this with other people, and you can apply security restrictions
so you can add your group or user name up at the top there, and then you can give them permission. They can year have full control to do anything they want, or you might give them permissions to read only. Or maybe they can see what the contents of the folder are, but can't do anything else, or they might be able to just execute it.
It really depends on what you are trying to do
with that particular file or folder. Usually it is best to keep things locked down so no one can see anything else that's going on with your files and folders. But if they actually do need to see it, make sure you leave them on read only you never want to give anyone right
bright permissions to your file
or folders unless it's absolutely necessary.
In this video,
we discussed host based protection components. We took a look at an I. D s and I ps and how they are different from each other. We took a look at anti malware agents and the host firewalls which come with most computers
What does a heads agent do?
Notify someone of an attack,
Tries to stop an attack,
notifies oven attack and tries to stop an attack. Filters traffic to and from a computer.
If you said
a notify someone of an attack, then you would be correct. Ah, heads, Agent intrusion detection system does not stop an attack. It is a passive device. So all it does is notifies another agent either like the Mauer agent or maybe an I. P. S. Or
some type of maybe notifies the firewall
that an attack is happening so one of them can actually try to stop the attack. I hope you guys learned a lot in this lesson and I'll see you next time