Hello and welcome to the Saw Berries Empty A 98 3 67 security fundamentals certification prep course.
Now in this particular models again, it's marginal. Before we will be discussing understanding network security. So let's take a look and objectives for this particular course of instruction. Now, obviously gonna be too objective will be covered in this particular period of scratching. In fact, in this video, we're gonna discuss understanding dedicated firewalls
and understanding network isolation now, in terms of understanding protocols, security, understanding now of securities with understanding wallet security that will be covered in the next video.
So that brings us to a pre assessment question.
What type of device isolates a network by 15 The package that can enter it? Is it a Ah, firewall? Is it be a bridge in the sea, A gateway or D A switch?
It's just that your firewall you absolutely correct, because the fire was a system designed to protect a computer or a computer network from network based types attacks.
So when you think about a firewall, the typical Bruna firewall, it's implement with two arm or network connections, a connection to the network using again being protected and a connection to the external network
that force that always side, which stands for the open system Interconnection model, which is a great model for troubleshooting
on their seven layers, Often time refer to its seven stacks is a sexual model created back in 1978. Uh, obviously is not fully used model for protocol, but Orson motto, obviously the standard for discussing how your networks actually work.
And so one good, great way to know how to memorize these different layers because you may see this on exam. It started very first letter going our way down. All people should try new Domino's pizza. That's one Endy way of being able to remember. Memorize again the differently as a rest tomorrow.
The first lead we have is a physical layer. Again. Again, we talked about the cables and the media and so forth,
and the next layer we have what's called a data link layer again, based in this particular they're here, get handles, air control, the detections and corrections as well.
Eso again. It's broken down to sub layers. You have you called a media access layer as well of what we call the logical link control. And so that's broken down and to sub layers.
The next night, we won't talk about the network clearer now that this layer what we have various devices operate differently. It's now if you go back and look at the previous video, I mean previous slide here at the Data Letelier. This is what a switch operates that unless a layer to type device we get to the layer network layer number three again. This is where your router operates honest and
is responsible routing and then mix in. There we have again. It's called a transport layer, and this office is a layer that provides the mechanism for carrying data again, moving your dad across the network
and obviously, a three specific mechanism that's involved. We have the segmentation service address and also error checking.
That brings us to a session layer. Now this. There's response for establishing, maintaining and breaking section between the action two devices.
Then we have the presentation layer, which is again, obviously a layer six, and what that does force it actually takes an actually converts the application layer into a format that permits it out to be transferred across your network.
When you look at the application that that's actually layered the interface between the user and the actual application and what it does, it takes that data from the user. It past the data to allure live layer of a gun of our side model, and it passed up two layers and displays it back to us, obviously, one that we're thinking about it like a displays information on our monitor.
So again, that's for example, we look at operating system with me when you get a look at the monitor that's actually show you. The actual application left example, we talk about
your email and so forth.
Now we have a term called Pakis Filtered Again,
Again office. He's one of the first generation type firewalls. Obviously, when you look at the Rogers, they have to build it to do some again packet filtering.
But again, for the most part. Like I said, the packet was really one of your first generation type firewall. It's been a long time they could be baseball rules have been defined on the firewall and again that he could access said. That way they can allow order now at various packages.
Now, when you again This is actually look at where you're going to actually configuring your actual firewall again. Or some some actual *** to think about. What? What's gonna be the source? I p address was the destination address again. The What's the destination? TCP get member TCP is a connection or your protocol.
UDP is not a connection on tight protocol,
and we also have my inbound firewall network interfaces as well.
Here again, we take a look not as circuit level gateway, which is a type of firewall. It works at the session lay of the Western model or as a stay a what we call its name earlier between the Gandhi application layer and the transport layer of the G C p R Stack,
happy stacking on the words and they Monta TCP handshaking between the packages
again determine whether request this session is obviously in legitimate.
This brings us to application Lyra type again. What we call firewall This is hyper five well, that scans monitor and told your network, Internet and local systems access an operation to and from an application service.
And lastly, this type of follow makes it possible to control the manage the operations of the application service is that external to your arty type environment. So again, it's primarily used as an enhancement to the standard firewall program about a firewall service up to the application layer.
We are the term called State for Inspection or State Full Again Firewall again. Also known as a dynamic package filter is a fire world technology that monster the state of active connections and uses this information. Determine which network package to allow through the firewall.
So basically, a state for firewall spends most of its cycle examining package information
and therefore other words that transport layer and lore. Harvard also always more advanced inspector capable by targeting vital package for Layer seven.
Then we have a host versus network foul again. What we call firewalls when you think my host is actually again. It could be a software based one installed on your, for example, your computer. And then you could have actually have what we call a network based type file Orleans the term network and again, eso getting these are there different,
and it's getting baseball was actually located. So again, just one under the important
again. I convince before do you have to? The host, also known as a personal file. I actually started your personal PC, and you may also have again what we call a network tight firewall.
We also have VP and a virtual lands, and the only device that allows you said, be lettuce not around. It's a switch. And so network vices and switches hug bridges, Workstation server connect each other in the same network at a specific location on Consider, known as Land
a land It also considered a broadcast, I mean, but Avi Land allows several networks to work virtually as one landowner where she acted, said at one switch. And it also provides security enhancements and whereby, actually setting up what we call off the land
obviously again, this actually list some of the benefits again of Avi Land again High performance. You even organize the device of the network for Easier Manage. Also provide a gets a mention for additional security.
Now we think about writing a member before Roger operates in a layer of four device, and it refers to establishing arrives. That data package takes on their way to a particular destination, and the writer does that for you. And so this term can be applied to data traveling on Internet over three G or a four g network. Just remember that the layer three device
we think about ah later three vice of the land operates is a layer three device.
Your aura is a layer four type device
now writing protocol. Specify hot rodders, communicate each other descriptive information that enabled them to insulate routes between any two notes. Other words. We're talking about computers.
Rotting algorithms again determine the specific choice of route. And again,
peach water has a prior knowledge of only the network attached to it directly. We can also set up I p s I. D s or R P s intrudes into Texas system and basic what these advices do the only detect and they notify you intrusion prevention system was set up
away in what happens is when that it takes a potential DOS attack and then it provide has to keep ability. Actually, *** that poured down. And as it was a lot of *** that poured down the actual taxis to happen another way, we can again protect that networks to honey pots. And basically it's a Deco or computer system for trapping hackers or trade are the words trace and
new Heck and methods. Honey pots are designed to purposely engage and deceive the hacker and identify malicious activities performed over the Internet.
Multiple hunting there, honey, possibly set on the network to form what we call a honey net.
Another way we considered by protecting always do use of what we call D M Z
again, which is called a perimeter zone. It's configure it used to secure holes on your network segment, obviously and most deems is the host on the D m Z or connected between the firewall, also taking it public network like type Internet. His example again of a ah ah sandwich DMC segment here
what we have again, what we have to fire walls,
this example of a single file or D m Z type set up as well.
We can also set up met and that were address translation. Again, basically, is a router right in front of that enable public and private network connection allows single happy address. So basically the hackers unable to know what's the internal African figures because you only see one,
he can't see what's behind that.
And again we got yourself aesthetic met as what is dynamic static maps to unrest i p addresses dynamic maps to unrest. I put on a prominent too rich to copy addresses and against our dynamic against a technique in which multiple Internet protocol addresses are mapped and use.
We can also set up a VP and stands for Brooke for private network and basic uses. Secure access to your network from different because again, you use that over. Remember the Internet? It's an unsecure infrastructure. So when way is by creating a virtual tunnel utilizing a VPN,
we re support we have an assessment course in what type of firewall filter again. Filter pack is based on the I P address as well. Support is a package filtering. Is it be circuit filtering? Is it see application level or D
if you select again, eh? You absolutely correct. When you configure package filter rule your journaling, use one arm or the following t speed. Actually source. I p address, Destiny, Sharpie dress and so forth
again. This is what we discussed this for this present, able to discuss again understanding a dedicated firewall
and also understanding network isolation