Using Network Protection Components Part 1

00:01

Hey, everybody. My name is Peter Simple, Um, and this is the network security course.

00:07

This is going to be module six lesson to

00:11

prerequisites for this course. How are modules? One through five module One was a quick introduction of the layout of the course module to was the core cybersecurity principles. Module three was selected applications for network security, such as data loss prevention, incident response and risk management.

00:31

Module four who looked at

00:33

the structure and apologies of networks including network designs, controls and principles and network five. We looked at different types off, basically malware and how network security practices can stop it and Mile Module six and less than one, where we took a look

00:53

at basic computer protection components.

00:56

Finally, in this lesson, we are going to take a look at network protection components. Computer protection components apply to computers and devices on the network, whereas network protection components apply to the entire network as a whole.

01:15

So remember, in the computer protection program components, we saw Hindes and hips, while there is in another form of heads and hips, known as mids and nips. These are intrusion detection systems and intrusion prevention systems but they apply to networks

01:34

and not just individual devices.

01:38

These apply to the entire network of all the devices.

01:42

This is another layer off the defense in depth. So nips and needs. They kind of worked the same way with needs. You have the intrusion detection system. This tells people if there is an attack taking place in a network detection systems again, they are passive devices.

02:01

And so they really at that point half to tell either and i, PS

02:06

or the firewall or informed someone else that there is a problem on the network. They could even send email, maybe to the system administrator or the network admin.

02:17

These look for signature based viruses and things that can slip past the firewall. So if some malicious code somehow gets past the firewall and then starts performing something than the network in intrusion detection system can pick that up and then let someone know

02:38

Nips kind of works the same way as hips. This is the prevention system that lets people know there's an attack and actively tries to stop the attack. So with the hips, if it sees something going on, so say if there is some sort of malicious code on the network that is

02:57

trying to turn off the anti virus or turn off the

03:00

intrusion, prevention or detection systems, or tries to open up some ports on the firewall. The I PS can see that and be like, Hey, I'm going to stop this. Either stop the code running or they block access to it or something along those lines.

03:16

Same rules apply here with the nips. It sits on the flow of traffic off packets that go back and forth, and they kind of, you know, try to prevent anything that it doesn't like or that it sees now with mids and nips.

03:32

They apply to the entire network and not just computers and devices that are on the network.

03:39

So if they don't really focus on what's going on inside a computer or device itself, they focus on an computer, makes a request to another computer or a computer makes request to AH server or a database or something like that. They monitor that traffic. They monitored the traffic between devices on the network

04:02

ah couple of network protection components, which are very important. The first ours network access controls, otherwise known as knack, and this is a standard approach to verify that a certain device meets the proper criteria for connecting to a network.

04:20

Knack really comes in two ways.

04:24

The first way and knack looks at the user accounts and determines what are not. Accounts are even allowed to access the system.

04:33

So if an account has been disabled, or if account has been banned or doesn't have the right permissions on the network in the network access control list, then it does not get in. So when it comes to accounts, it's very important. Keep these accounts on your network

04:54

updated as much as possible.

04:56

Now, if there's a lot of accounts on the network, it could be, Ah, very difficult job to may ensure everyone has the proper permissions to access what they are supposed to be accessing. So it's a good idea to put accounts in groups. So if you have multiple people who are doing the same job, you can create a group for them. For example,

05:15

everyone in the payroll department

05:17

should have access to payroll resource is and said they could be put in a payroll group.

05:23

That way, you don't have to monitor the accounts for each individual person. You can put them in the group and then define the permissions for the group, and then you can basically apply it that way. Another type of the network access controls is known as a posture assessment, so posture assessment

05:43

is when a device tries to connect to the network.

05:46

The network sends out a security request to that device, saying, Hey, give me your security information. Give me the version and type of your operating system. You know, let me see what you have going on. What kind of malware do you have on your device

06:03

and things like that? And then it's up to the computers job

06:08

to respond with all of that information. So then the computer.

06:12

Usually there's an agent on the computer itself who will scan the computer, looking for all the required configuration information version, type off its anti malware operating system, etcetera, and then send that back to the network. Now, once the

06:31

A network receives that information,

06:33

they can determine whether or not that device is allowed to connect to the network. Or maybe they might say No. We're going to deny you access to the network, or we are going to redirect you to, like a guest network or a WiFi

06:50

posture. Assessments do a really good job off filtering out which devices should be longing to a network, because the whole point of maintaining and network security is have good network integrity. And you can't have good network integrity if you know there are bad malicious devices that are trying to connect to it.

07:09

Another type of network protection component

07:11

is the network firewall. This is similar to the computer far wall, although this firewall usually network firewalls, are hardware based, while computer firewalls are software based, so works the same way. Though you know, network firewalls, they filter the traffic coming

07:30

to and from the network.

07:31

They let all of the information come into them. They check it out. They check out with the network protection, the access control of some sort of accounts.