Using Network Protection Components Part 1
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
Already have an account? Sign In »
3 hours 20 minutes
Hey, everybody. My name is Peter Simple, Um, and this is the network security course.
This is going to be module six lesson to
prerequisites for this course. How are modules? One through five module One was a quick introduction of the layout of the course module to was the core cybersecurity principles. Module three was selected applications for network security, such as data loss prevention, incident response and risk management.
Module four who looked at
the structure and apologies of networks including network designs, controls and principles and network five. We looked at different types off, basically malware and how network security practices can stop it and Mile Module six and less than one, where we took a look
at basic computer protection components.
Finally, in this lesson, we are going to take a look at network protection components. Computer protection components apply to computers and devices on the network, whereas network protection components apply to the entire network as a whole.
So remember, in the computer protection program components, we saw Hindes and hips, while there is in another form of heads and hips, known as mids and nips. These are intrusion detection systems and intrusion prevention systems but they apply to networks
and not just individual devices.
These apply to the entire network of all the devices.
This is another layer off the defense in depth. So nips and needs. They kind of worked the same way with needs. You have the intrusion detection system. This tells people if there is an attack taking place in a network detection systems again, they are passive devices.
And so they really at that point half to tell either and i, PS
or the firewall or informed someone else that there is a problem on the network. They could even send email, maybe to the system administrator or the network admin.
These look for signature based viruses and things that can slip past the firewall. So if some malicious code somehow gets past the firewall and then starts performing something than the network in intrusion detection system can pick that up and then let someone know
Nips kind of works the same way as hips. This is the prevention system that lets people know there's an attack and actively tries to stop the attack. So with the hips, if it sees something going on, so say if there is some sort of malicious code on the network that is
trying to turn off the anti virus or turn off the
intrusion, prevention or detection systems, or tries to open up some ports on the firewall. The I PS can see that and be like, Hey, I'm going to stop this. Either stop the code running or they block access to it or something along those lines.
Same rules apply here with the nips. It sits on the flow of traffic off packets that go back and forth, and they kind of, you know, try to prevent anything that it doesn't like or that it sees now with mids and nips.
They apply to the entire network and not just computers and devices that are on the network.
So if they don't really focus on what's going on inside a computer or device itself, they focus on an computer, makes a request to another computer or a computer makes request to AH server or a database or something like that. They monitor that traffic. They monitored the traffic between devices on the network
ah couple of network protection components, which are very important. The first ours network access controls, otherwise known as knack, and this is a standard approach to verify that a certain device meets the proper criteria for connecting to a network.
Knack really comes in two ways.
The first way and knack looks at the user accounts and determines what are not. Accounts are even allowed to access the system.
So if an account has been disabled, or if account has been banned or doesn't have the right permissions on the network in the network access control list, then it does not get in. So when it comes to accounts, it's very important. Keep these accounts on your network
updated as much as possible.
Now, if there's a lot of accounts on the network, it could be, Ah, very difficult job to may ensure everyone has the proper permissions to access what they are supposed to be accessing. So it's a good idea to put accounts in groups. So if you have multiple people who are doing the same job, you can create a group for them. For example,
everyone in the payroll department
should have access to payroll resource is and said they could be put in a payroll group.
That way, you don't have to monitor the accounts for each individual person. You can put them in the group and then define the permissions for the group, and then you can basically apply it that way. Another type of the network access controls is known as a posture assessment, so posture assessment
is when a device tries to connect to the network.
The network sends out a security request to that device, saying, Hey, give me your security information. Give me the version and type of your operating system. You know, let me see what you have going on. What kind of malware do you have on your device
and things like that? And then it's up to the computers job
to respond with all of that information. So then the computer.
Usually there's an agent on the computer itself who will scan the computer, looking for all the required configuration information version, type off its anti malware operating system, etcetera, and then send that back to the network. Now, once the
A network receives that information,
they can determine whether or not that device is allowed to connect to the network. Or maybe they might say No. We're going to deny you access to the network, or we are going to redirect you to, like a guest network or a WiFi
posture. Assessments do a really good job off filtering out which devices should be longing to a network, because the whole point of maintaining and network security is have good network integrity. And you can't have good network integrity if you know there are bad malicious devices that are trying to connect to it.
Another type of network protection component
is the network firewall. This is similar to the computer far wall, although this firewall usually network firewalls, are hardware based, while computer firewalls are software based, so works the same way. Though you know, network firewalls, they filter the traffic coming
to and from the network.
They let all of the information come into them. They check it out. They check out with the network protection, the access control of some sort of accounts.
And if everything looks good, if all the green lights are passed, then the information can enter into the network