Time
11 hours
Difficulty
Intermediate
CEU/CPE
15

Video Transcription

00:00
Hello. Welcome back Since the certified Design Associate Module 13 license 13.2. I'm your instructor wing.
00:09
In the previous video, we talked about a sensible, safe architecture. From this video, we will begin to introduce trust and identity technologies.
00:19
Here's the pre assessment question Which media level access control standard developing about tipo e permits on the denies access to the network and applies traffic policy based on identity A a S B a zero to the one acts. See Siskel ice
00:38
the S A S M.
00:39
We go with B.
00:41
You don't want acts as we know Easier Didn't want access that I triple e media level access control standard that permits and denies automation to the network that applies traffic policy based on identity.
00:56
Here's the topic of will discuss
00:59
trust an identity technologies are security controls that enable never traffic of security. The following are examples of the technologies used to support trust on the identity management Access to control list. A. C. L. A. C. L's are useful routers, switches and firewalls to control access.
01:19
For example,
01:19
a C L's are commonly used to restrict the traffic on the ingress, Onda or egress, often interface by a white variety of the methods, such as using I P addresses and A T c p R you. DP Ports Firewall A security device designed to premiere or deny never traffic
01:38
based on source address destination address. Prodigal out. Of course.
01:44
The firewall in Forces Security By using the address on authorization policy to determine what is a trusted and untrusted the fire will also performs. Stay full packet Inspection S P I,
01:57
which keeps the track off the state of each TCP UDP connection. Ice P I permits ingress traffic over the traffic. All originated from, ah, hire security in her face,
02:07
such as the inside poor security. Poor security is a security technique used on switch ports to limit the Mac. Address is permitted on Assuage Port. They can be used to defy a specific of Mac addresses or limited. The number of the Mac address is allowed on the switch Port, a John Doe one X
02:27
I triple E media level access control standard
02:30
that permeates the denies admission to the network on applies traffic. A policy based on user on machine identity is if you don't want access that used to control accidents toe word and the wireless networks by allowing only authorized the user's on devices on the network.
02:47
Siskel Identity service is the engine, as Cisco Eyes is a security policy management of platform that automates access control by enforcing compliance. Increasing that were security on the improving operations disguise. It provides accurate identification of users and the devices on Leah, Never
03:07
including easy provisioning off all devices, ICE collects a reach, contact or data about connected. The users and devices
03:16
on can provide a policy enforcement security compliance before the devices even authorized that the access the network
03:25
Today, there are many options when it comes to firewalls, each with its own capabilities and methods of implementing Security Service's traditional firewall tax included. The following
03:38
packet of filtering firewalls Use access control list to Permian or deny traffic on are sometimes referred. Did you as a stateless firewalls.
03:46
The access control is the future. Based on source of that destination, Archy addresses TCP UTV poor numbers. PC people, actors and ICMP taps
03:57
as a traveler flows through the air on the network. If traffic is imagined by my a c. L, then the action is taken without regard to any kind of a state over the traffic flow That packet of few gering is actually offering, based on the information funding in each packet that flows through the A. C L
04:16
packet of filtering is typically used on Rogers and a layer three switches to restrict the track of flows on the reduces the amount of traffic that needs to be further inspected.
04:27
Staple firewalls
04:29
the state Full packet inspection as P I. When evaluating traffic data passes through the firewall using a state table, all the existing traffic flows as traffic interest the firewall. That traffic flow information is put into a state table to record the traffic flow. Then, as the return traffic comes back
04:48
through the firewall,
04:49
if a firewall record exists the state table, the traffic is permeated back through. If the travel flow does not exist in a state table, the traffic must be explicitly permitted by the A. C. L to be allowed through the firewall. A stable fire one monitors the traffic, a prominent initiating state transferring state.
05:10
We're terminating state
05:11
most of firewalls. Today, our SP I firewalls, the two main advantages of the SP I firewalls have over traditional packet a few during firewalls included the following the use of the state table, where all of the firewall connections air track ID as they flow through the firewall
05:29
capability to recognize the applications
05:31
that uses dynamic reports for additional connections during the communication between hosts, application level gateways work up to layer seven of the O. S I model and are sometimes referred to as proxy firewalls.
05:46
These proxy firewalls write software that acts as a proxy between a source clients and the destination servers. As traffic flows through the proxy firewall source, client connection are terminated. New connections are originated on to the destination servers.
06:04
The application level getaway sits in the middle and controls the connections between the client and a server along very granular policy to be a private. The traffic close hosted based of firewalls cause it's of a final software running on clients and our servers
06:23
protecting traffic on the ingress or egress network painted faces
06:27
Transparent motive. I ALS can be the same as P I firewalls, as mentioned previously, but our implement as a bump in aware Adlai or too transparent load firewall used our to Brady interfaces on the enforce policy using a see owls consisting of I, P and A T C P. U T Be part information
06:46
Highbury firewalls as fire was that include the functions to Alfa Marco Far Wall types of such as a staple firewall
06:55
with application a level gateway capabilities.
06:59
Next generation file.
07:00
Next generation firewalls are the most the recent a generation of a firewalls. They combine in traditional firewall functionality with additional security technologies, including my following application filtering with the deep packet inspection using application signatures Intrusion Prevention System i ke AES
07:19
inspects the content of passing through a firewall on the compares aid against the new one,
07:26
Malaysia's of Signatures match. The signatures can drop the affected the packets or the entire session zero day attacks. It can also be detected by executive ings, but suspicious code using call serves is on a mitigator using new I. P s. The signatures based down the suspicious code.
07:45
User identification allows the integration without depth for Microsoft Active Directory, and it can be used to apply security policy based on users are groups. Description of the encrypted traffic provides visibility into SSL, protected a traffic when decryption is enabled.
08:03
The n G F W acts as a proxy by terminating a client SSL session on the firewall,
08:09
and they create its own SSL session with the server. This loss for SSL trafficker to be inspected and tippers and anti malware inspection provides protection against viruses on Amara, where you're all future ring
08:24
provides a comprehensive out alerting on control over suspicious Web traffic
08:31
learning Check question number one What Magnus Ums protects in Everett's from the rights by enforcing security compliance. All devices attempting to access the network. Asystole eyes be as an M p c a S t m the trip. Oh, desk we go with. This is wise
08:48
as we know Cisco eyes protected The never heard from security right
08:52
by enforcing security compliance. All devices attempting to access the never
09:00
question Number two. A customer requests a future ring design based on the need to scan all Internet traffic, including remote workers. Was solution meets days of requirements.
09:11
A Siskel called Wives Security be Siskel. Never get emission control. See Cisco and in the service of engine thesis got Aptiva security appliance. We go with aces. Full cloud. Why have a security
09:24
in today's brief lecture with disgust, trust and identity technologies?
09:30
Any questions? Feel free to contact me Otherwise I'll see you in an MX a video Bye for now

Up Next

CCDA (Cisco Certified Design Associate)

In this CCDA training you will learn the knowledge and skills involved in attaining your Cisco Certified Design Associate (CCDA) certification.

Instructed By

Instructor Profile Image
Wayne Xing
Network Solutions Architect
Instructor