1
00:00:00,840 --> 00:00:06,990
Now work security systems like the one shown here you play a specific role to try and prevent networks

2
00:00:07,050 --> 00:00:09,390
from being compromised.

3
00:00:09,450 --> 00:00:15,780
The main focus of these devices is to stop malicious traffic before it has a chance to reach an endpoint

4
00:00:15,870 --> 00:00:18,900
on the network in the section.

5
00:00:18,960 --> 00:00:27,600
We're going to take a brief look at each of these security systems firewalls are the core of our security.

6
00:00:27,700 --> 00:00:35,000
They are placed on the network to create borders between trusted and untrusted networks called zones.

7
00:00:35,710 --> 00:00:41,760
Firewalls are responsible for blocking most of the unwanted Melissas traffic trying to enter the network.

8
00:00:44,270 --> 00:00:50,120
Stateful firewall inspection keeps track of the state of connections and helps firewalls keep a close

9
00:00:50,120 --> 00:00:58,090
eye on what is traversing its zones state tables are used to track the current state of each connection.

10
00:00:58,090 --> 00:01:04,030
This allows the firewall to permit or deny traffic based on if a connection is established and from

11
00:01:04,030 --> 00:01:10,410
where traffic originates from a connection is considered to be established after the scene sent ack

12
00:01:10,590 --> 00:01:17,460
and ack exchange is completed during a APCP three way handshake.

13
00:01:17,770 --> 00:01:23,130
If a connection is sourced from a trusted zone to an untrusted zone the return traffic is permitted.

14
00:01:23,290 --> 00:01:28,420
Since the connection is in the state table and it was initiated from a trusted zone.

15
00:01:29,140 --> 00:01:34,960
However if traffic is sourced from an untrusted zone like the outside and there is not an access list

16
00:01:34,960 --> 00:01:39,980
rule to permit the traffic inbound then the traffic will be denied.

17
00:01:40,080 --> 00:01:47,850
One of the most basic yet powerful network security features is access lists access lists can be applied

18
00:01:47,850 --> 00:01:54,610
on network devices to filter IP traffic based on source and destination IPs or Layer 4 port numbers

19
00:01:57,190 --> 00:01:59,100
a good use case for access lists.

20
00:01:59,130 --> 00:02:02,340
As for public facing devices that are behind firewalls.

21
00:02:02,590 --> 00:02:07,510
If you have a web server that is accessible via the internet then you probably only want internet users

22
00:02:07,510 --> 00:02:13,790
to be able to communicate with the server on TCAP port 443 for age.

23
00:02:14,080 --> 00:02:24,010
Access And you would not want them to be able to communicate with other protocols like Remote Desktop.

24
00:02:24,110 --> 00:02:32,360
The biggest security knownow for firewalls is to allow any any IP access to public facing devices.

25
00:02:32,510 --> 00:02:38,090
If an attacker can access all the open ports on the host then it makes it a lot easier to find vulnerabilities

26
00:02:38,090 --> 00:02:39,040
to exploit.

27
00:02:40,560 --> 00:02:47,080
And that's why access lists are critical to block access before traffic can be processed at the application

28
00:02:47,080 --> 00:02:47,500
layer.