Oh hello everybody welcome I hope that you have a very good weekend in there you are

ready to continue reviewing our network security chapter so this week we are going to
conclude the first part of artist Nestor talking about network security right that would be
the end are chapters before me turn so but before before we start we continue reviewing
network security concepts there are a couple of announcement couple things that I
actually want to address with my with my class I did the same this morning I will do it I will
do this now we you guys so during the weekend you saw we were we were grading your
assignments you will start getting all your grades an this generated some doubts and
questions and some of you or many of you actually contact me right from both of my
groups my morning group and and you my afternoon group every guarding your grades
and in all of that right so I want to take this opportunity an address some of these
questions or this concerns in in public too the entire class so everybody would benefit
from this Ann and I asked you to please keep in mind that the reason why I'm doing this is
not I want you to understand that it's not my goal to make your life miserable quite the
opposite I always said I want you to enjoy class right but there are certain things that we
expect from you I mean any teacher any professor in the world if they ask you to do
something if if there are some requirements if there are some some guidelines that you
need to follow every single teacher in the world will expect you to follow them right not
because we are bad teachers or anything that's just how it is it's just how it works right so
if we leave some guidelines and I done that couple of times in my class right I explained
this bold in Spanish both in in English I'll even show you examples of what is expected
from you for this assignment right so if I give you some guidelines again if I give you some
some instructions of course I will expect you to follow them and I think clear about this
since since the day one I clearly stated what is expected for you so I don't know if maybe
they're not paying attention in class I don't know if maybe you're just here you just sign
into the class but you're not listening to me or I don't know what's what the problem is
but what I do want it for you to not lose any more points as I said before I'm not here to
cause you trouble I want you to enjoy the class and I want you to get the points that you
deserve but in order to do that you need to follow the instructions you need to do what is
expected from you by so please please pay attention to the instructions that I give you in
class all the time follow this recommendation follow these instructions because guess
what they are going to be considered the moment that we create your assignments so I
explain in class multiple times that you need to include proof of identity for every single
every single screenshot that you get right I show you ways to do that and I even said that
the safest way that you can do this is using the echo command of course that's not the
only one any I mean there are some other ways that you can prove your identity right but
that's it's the easiest save as way to do it but there there are going to be moments where
for example in our last lab task number three and four you are not required to use a
command line so the echo command was out of the picture right so you need to that
doesn't mean that you're not you are not supposed to show your identity no no quite the
opposite you need to find a different way to do it right maybe show a profile picture
maybe show another window with your name right but remember your every single
screenshot that you get that you add to your report needs to show your proof of identity
sometimes it could be just the your username in your in your prompt in your command
line prompt right of course we can make mistakes in if we do please please by all means
contact us and we will rectify within doing that since the very first assignment of the
semester right there's no please don't don't don't hesitate to contact us if you think that
we made a mistake but do not respect us do not expect us to rectify your grades if you are
not following instructions because we need you to follow those instructions being clear
about this point several times right so again I don't know maybe you are not really present
during during the class which is going to be bad for you right if you are here if you are
paying attention if you're listening to me you are going to have a good time you're going
to learn tons but if you're not then you're going to have issues during the semester and
that's why I want to stop I want you to keep losing points this way because that's not me I
don't want you to struggle during the class right that's why I've been trying to be very
clear about about all the instructions and what is expected from you for all your
assignments right so try to follow every single instructions right there giving you there in
the semester another thing that I mentioned couple of times before when whenever you
have a question regarding your grades your first point of contact should always be Kevin
Syracuse right so if you if you have a command if you have a doubt or concern regarding
your grades first thing to do ask Kevin Kevin's values your TA ask him what happened here
what what's the reason that I got it's this score if after talking with Kevin you still have
concerns you still have objections or commands or something like that yes of course you
can always contact me as well but please first do first stop should always be kept right in
an another thing that I've also mentioned plenty of time every time that you are going to
address or you're going to write me or contact me with anything regarding the class you
have to try to do it in English this is a this is a policy of our class is something that we are
trying to prove our skill communications in English and that means writing messages to
your teachers right so whenever you need to contact me for anything regarding the class
try to do it in English if after a couple of message exchange I see that you're struggling
maybe the points not being communicated correctly or efficiently yes we will switch to
Spanish but I need you to see try I need you to see making an effort to communicate in in
English that's the deal right that's that's how we are that's the policy of our class basically
right I need you to try and be saying this since the beginning of the semester in I still see
some of you missing this point and then in and actually that's what scares me because
well maybe you're not paying attention to me maybe because we are in a virtual
environment or something that's quite easy not to pay attention to the other side of the
the the the conference in this case right or or me in this case but please please try to
follow those instructions and I'm pretty sure that if you do you will have no issues during
the semester right this this half of the semester is pretty much over the only other task
that it's that we still have to complete its the exam 1.2 after that everything is going to be
part of the second half of the semester right so I don't want you to keep losing points as
we move forward during the semester so please please please hey attention to this
recommendations one more time and I'm pretty sure that that we're going to have the
good second half of the semester so I'm sorry I had to start with such a sad by Fitz not
how I usually like to start my class but these things needed to be addressed because as I
said before I don't want you to keep losing points for not following instructions but
instructions are are there and they are going to be part of what we use to create your
your efforts your assignments OK so please follow this instructions and when in doubt ask
if you are going to miss deadlines and all of that you know what the deal is going to be I
cannot help you if you if you're not following the the given instructions right so that
announcement number one and I will try to turn the page here an it started picking up the
the device in in the class now the second the second thing that I want to to talk it's our
exam 1.2 right so in the next 4024 to 48 hours I will publish exam 1.2 it's going to be a take
home exam meaning that you will have to do this or you could do this at your own time at
your house and then you can take your time and finish that you will have about a week to
work on this in our our next week on Tuesday I think that's the 23rd yes so Tuesday
November 2020 third or 23rd of November from 8:00 AM until 10:00 AM we are going to
have for me turn session assistant or attendance history attendance 2 dot session it's
mandatory so plan to attend plan to join the session next Tuesday from 8:00 AM till 10:00
AM right so if you're asking why our time is going to be a take home exam and none of
that remember our exams has always been not our times in my class are exams in spot as
always being mandatory of attendance you will always need to be there think about this
for them for a moment what will happen or what or sorry what happened before the
pandemic when we were still on campus what happened if you didn't I attended an exam
if you didn't if you weren't present for an exam what score you get you gotta see row right
why because you were not there just because of that this is not a reflection of your
knowledge or your capabilities in the in the subject it's just a fact that if you are not
present during the exam you will get an automatic 0 so Please remember attempts to only
enter exams are have always been mandatory right so I will connect I will be there I will
connect Tuesday from AM till until 10:00 AM and I expect all of you to do that OK so how
is this going to work what's the what's the dynamic going to be so as I said in the next 24
two 48 hours yes 24 to 48 hours I'm going to publish the example you will have about a
week to work on that now next Tuesday you will all have to connect to the session
example in towards the end of that session right around 10:00 AM towards the end of
that session I will enable for brief moment the assignment on teams so you can submit
your report thank like if we weren't having a real exam during during R OR our session
right towards the end of that session you are able to submit your it's the same thing right
right remember exams are not a group activity so you will have to work individually no
group activity no working in groups you will all have to work by yourself in to solve the
challenge and writing the report and all of that and please make sure follow instructions
that I said before OK so Wharton that work on your exam and be ready to connect next
Tuesday from 8:00 AM till 10:00 AM toward the end of the session you will be able to
submit your report normally I have a Q&A session on Wednesday before the exam but this
semester because with miss so many classes due to holidays and all of that we don't have
that luxury we are going to have a regular session on Wednesday we're going to have our
third class regarding network security so no Q&A now you can ask me all the questions
that you want on there you need during the week and I will try to answer them as well
right but please this is another thing that said a couple of times during the semester try to
ask your questions during working hours don't expect to ask me something during the
weekend and expect me to answer right away most likely not on my computer I'm not
checking my messages I'm doing something else right if you're planning to work on undo
the weekend well that's completely up to up to you if you want you OK but just keep in
mind that most likely I won't be able to help you during the weekend right but you have
Tuesday Wednesday Thursday Friday and the next Monday to ask me all the questions
that you need again if you write me something if you ask me something at 3:00 AM in the
morning I'm not going to reply I'm probably sleeping at that time right so please keep that
in mind OK and that's it so because we want to have a Q&A session like we had for
example 1.1 I think it's even more important for you to carefully plan your schedule so you
will you will have plenty of time to work on the exam and ask all the questions that you
need also next Tuesday during our exam session all you can also ask me questions there
and I will try to help you but if you're going to do that maybe there should be something
about the format of the report I don't know something that that you can easily fix or
working if you need to because well you don't have you won't have plenty of time to work
if you leave everything for for Tuesday at that time you won't have time to finish your
exam right is it it is still respected from you to work on your exam during the week right
and on next Tuesday you just cancelled me your report OK so please keep all these things
in mind and we forward make all the notes that you need plan accordingly so you can
work on your exam and you have plenty of time to finish it don't leave it until the very last
moment because then you will have trouble finishing it on time right because this is an
exam there is no automatic extension so do not count on those on those 12 hours of
automatic extension those are not this is not an option for an exam right because again
we're trying to simulate how a real exam will work you go to a certain time you work for a
number of hours and then you submit you your work and I take right so it's the same here
the the deadline is going to be Tuesday 10:00 AM and there is no exception for that so
plan to submit your work before or by next Tuesday 10:00 AM right OK so that's pretty
much it in terms of announcements now if you have questions this is the time and I will be
more than happy to help you in to answer those questions if not we can jump to our
network security topic of the day is there some I don't know somebody is driving me let's
see Francisco I see that you are writing me something about your score on exam 1.1
Francisco BSS what is a like Kevin hey no and you say what I mean did I just got I ask you
to the first person that you need to contact regarding these things should be caving
survives this is the kind of thing that I'm doing that really concerns me in my tone it's not
angry it's concern because if if as a class as a group and even individually if you're not
going to follow the instructions that I'm giving you time and time again you are going to
start to keep missing points in and at the end of the semester it's going to be a problem
for that and I don't want that so please please pay attention to all the things that I'm that
I'm explaining every single class don't just log into the session and forget about listening
you need to pay attention to the things that I explained in so go ahead Francisco go talk to
Kevin after the class explain your situation to to him if you think that we made a mistake
that's fine we will we will correct that right but first point of contact should always be
giving regarding grades right so go ahead an and do that OK an I haven't I mean I just saw
here I I miss I haven't even read about it but talk don't worry I could contact him OK OK so
network security so let me share my screen so this is where we stopped last week if you
remember we we had our first session blast Monday yes last Monday then Wednesday we
had a laugh we didn't we didn't keep working on our diagram so this is our stopping point
this is where we stopped sorry last class on last Monday right but we did kind of like a
recap it's that we stab lish this three main zones in our network right we stablish the
external son with plain what is expected from here how this work will also stab lish the
internal part of our network most important part of the part that we do want to protect to
keep always under under under our control and then we also stab lish the militarise sound
demco you remember the DNC is where we put all our services God will requires turn off
access and the reason why we did that is that actual boy having this services on our
internal network just that will open the door for external users directly into our internal
networks is something that we want to avoid will be your internal network in the other
branch will be your MC so this is what we explain this is this is where we stop and here we
are going to kick splaining or keep adding things CR local network one thing that we
explain or talk on Monday was the benefits of working with switches today and I'm
planning to elaborate a little bit more about that and then we will also depending on the
time we will see how far we can reach on planning to also talk about remote users
connected through VPN services what is how we can add VPN capability to this network
and hopefully we'll have time to work or to explain about wireless users if not this one
stop things most likely wireless users will cover turns being on Wednesday right
depending on the time we already spend half an hour addressing these issues that I just
did so we'll see how far we can we can go this session OK so if you remember one of the
things I mentioned last week was the benefits of working with switches and one of the
things that they said about switching it's the a switch allows us to define villains right in
why are being align so important or at least why we love them we ask the security
engineering security guys why we love the left so much right one of the reasons why we
love the and it's because it offers us a natural way to group users sample typical
konfiguration then we can maybe even mention this to have agreement here will be voted
to developers so let's say let's next assume that we have in-house development in our in
our organization price so we have a group of developers working on our internal
applications or or even maybe the applications that our customers use Bradley maybe our
website or something like that they might work on that like for example this one here
might be developed invented by our the right so this is something that we think it's quite
common for us to find the network right so delete in this case will help us too this way you
can find other ways are the reasons for grouping members for example another another
common group users it's what we go that's a human resources right pretty much every
single organization is going to have a human resource department right and human
resource department it's one of those groups that also have very specific needs in the
Internet because that's the key for making these groups or this is the reason why we make
this this group these groups of people they will have specific needs and and they will use
the network in a very specific we will see an example with our our developers in right here
we can have some human resource users this is another group we can have any number
of groups that that we need right now one common thing if we have developers it's that
they work in our in our applications right so they work to make our applications better or
prefontaine or something like that right so band aid become an recommendation that we
find time and time again it start developers should never have direct access two
production systems right that way they will not modify production systems by mistake so
it is pretty common to actually find it or have it when we have in-house developers to
have a testing area right so this is going to be our case in area here we're going to have
everything that is needed for the to test the things that they're working right so Hi baby
baby the little birds are working on so some sort of web application transactional web
application or something like that and they do need access to a database right so they're
working on Sundays but we also forced we have these products are a real production
environment right so this is our reality of this is the production right so they develop
something they make some changes they try this changes here first and when all the
problems are the viron out bases are optimally diploid on the real production systems
right so that's why we have these days very common recommendation right developers
should never have direct access to production so we avoid Caroline price damaging our
production systems by mistake right and this is something that we can easily control use
heavy last switches because now we will stablish a rule in our situation that will block
traffic from developers to be land to their production area here so the other person will
not have access to production if they are acting as developers if they are logging in with
their develop developer account they will have no access to production right now they
won't have access to the testing area and actually nobody else in the network should have
access do you need to have seen area over here and that's another thing that we can
control with our switch in our balance right so for example they can restrict access from
human resources to the testing Mary right Ann if we have like a regular staff or something
like that another building then Kelly let's call this cancel if we have stop again that's
connected to our bar two hour yes to our switch I can also restrict access from a regular
stuff to the Destin delete just by having a switch over here this which will take care of all
of that that's it back it doesn't beauty defining be lanzan Bing grouping all these users like
this that's what I said right one of the key ways or the reasons why we do this is because
these particular rules they would have specific needs and they will use the network in a
very particular way right so this makes my life easier to manage to force rules to pretty
much maintain the security of mine of my network right now another beauty or another
benefit of working with switches and define and be less it's that we are not longer
constrained to geographical locations right in the early early days of networking we
needed our users to be pretty in close proximity right that they needed to be neighbors
they need to be pretty much on the same physical location right that's that's no longer the
case by the magic in the beauty of networking modern networking we can have a network
that will stand buildings double spans series even if we want to write so geographical
location it's not longer a limitation for defining our network we can have or headquarters
steering via key and maybe we can have a satellite office in month 9 and maybe we have
one developer in nanton 5 developers here in headquarters by four hour network we
don't care this could be the developer in knockdown in these order five or developers
orders here in terms of networking is Ontario in terms of meal and we don't care I don't
care where you are the only thing that matters is that if you can reach the switch and yes
you can well that connection needs import on the back of the switch and with that deal
and nothing else but clear allies together if we can think of this switch as I don't know
maybe 48 port switch we could say that this meal and over here 1321 five games 14 and
37 and that's the real whoever is connected to that one expert of this paper we want to
add bring somebody else we just are move elements at least right in our switch
configuration we just said I work for people do you know then again it doesn't matter of
his participating industry matter worse the end of the cable at work back this week this
week the only thing that the switchcare is OK I'm seen traffic on 4/3 and I have a rule
saying here that four three loss to the human resource been so that's it restart speaker
benefits of using switches and now you see why we like this security engineers because
we can create girls weekend strikethrough policies it's easier for us to boards arm security
policies easier for us also history graphic or enable traffic is also easier for us to monitor
when it's happening king or right not saying that this is a magic bullet fixes everything not
but for sure it makes our guide way working so that that's the the wanted to share
regarding working with switches in terms of Just trying to die then to create anything
cured then I apply were there tons of other theory that delete that we might need to
remember or spending you're ready know to fully understand the lesson switchers and all
of that works in reality OK now there is more do you want to mention or are you want to
address here right so let's find mean and say that our businesses to sell some products
that we manufacture right so we are numbers these beautiful consumption website where
we can sell our product right most likely that application requires some sort of database
server stored information using the entrance action right so now we have here another
web server there another basic so we have three sets of those once the deal what's
happening with why we have so many of these resources they might not die like
reputation of the memory may look like they are the same thing they're actually right so I
guess testing in production this is this is obviously you wine right yes they are pretty much
the same environment but testing for testing purposes in production are the real deal
these are the things that we actually need so let me explain why we have production
numbers here and why we have for when we have these servers here on the production
deal and why we have what they want looks like the same thing here under the sea right
this is not the strict requirement in intense continent on today but the main idea here is
that these things here are for internal consumer so this might be an application that is
only that it's only going to be used by our network usage right let me give you example
about it so in any single reason why I also had a chart right one any company you are
going to happen HR the market OK everything related to the company's employees all
only information records payment everything it's been maintained clear right even ask
teachers had spoiled right we are their applications so of course there is a human resource
department that bold that does older information drive we use the system OK we ask
application spoke with we use the human resource system to put example As for more
vacation days or two our information up today let's say that I get a new certificate and say
that I needed it raining or something that I'm not required to update this information and
human resource website web application required to do that so all we always are not
information after they did say that I changed numbers let's say that I changed my contract
all of that information should be immediately updated on the human resource system OK
but again that's a system that should only be accessible to internal users are clients which
we don't care about our clients and our site right we care that our clients have access to
urban social science related by our product but not to our human resource so you see the
difference there these are important for internal consume only right is artwork internal
network users tickets or any particular reason sometimes report to these as our intranet
right internal OK now the system board here it's quite the opposite it's the system that
external users should have access to the most likely this disk I'm this systems are public
currently accessing the other words access to this systems right or clients in external
network on the Internet should have access to it right that's why they are so they can they
can check maybe our catalog articles are by someone running from this application show
the product cell they need to check that information from some sort of database then so
that's why we have now remember this information over here it's well pretty much optic
is right in somehow open to turn public general public might include a hunger he saw this
last time so they had actually three or game dances so our Hawker actually go through all
these stages in get over here may be compromised system in from here people jump from
observer into the database server OK what information the information store here on
these particular database on the DNC should be information that is pretty much public
information everything that is considered sensitive information should be primarily stored
here games some sort of distributed database configuration I have sent the information
we should not put here sentence in very big everything that is sensible nature should be
encrypted in our database where they are stored on the devices they need to be
encrypted specially equipment store down here on the DNC OK so about this this is
something that we don't see quite often when the opposite asked the time we see we find
on this public databases tons of sensitive information in that information insert encrypted
prime why I don't know maybe because member development consider all these things
maybe they didn't know about this place I don't know right but this this this is general
knowledge graph right and that's why we're trying to run trying to pass that that
knowledge you great so there are ways to do this the right way this could be stab lish as
some sort of distributed database system this could be is concerned replica Burton
columns that aren't needed for this application to use and only done right no storing
everything that's not required this is actually what happened about two years ago when
inferring information from pretty much all of us here very sensitive information was
published on a public database Ingram post in Miami right in somebody found that jackpot
in hand sensitive information phone numbers are being given some credit cards in some
financial information about pretty much all experiences on a publicly available database
they didn't follow this thing for God that database there is no reason why that their base
was drinking that database never been unemployment bandwidth or even at VMC that
information over here right in from here and here we pass whatever is needed for this
application can play games operation and if that information is considered sensible for
sensitive information it should be encrypted with the highest available standard right so
that insert mayor de never guess sometimes I love him we should not be like that should
be smarter than that that's why we're learning all this right so please keep an eye on that
whenever you're going to use the database or *********** web application make sure
that information that needs store here it's non sensitive information in Indian easy game
sensitive information in ancient Britain now incription doesn't replace the sign after
database what do I mean by this sometimes we see encryption as a handicap some sort of
shirt and that everything is fine because I printed now right you need to do a very good
design the database design so here you give the minimum required information kind of
privilege principle that we study at the semester same idea but for information this
application should have least privilege right list access to information only that
information that is required for this application to finish its job any song that information
is sensitive data encrypted everything else should be stored here on our internal database
right so don't use encryption as a handicap or as a shortcut for poor design do I go to sign
spread you want your information or split your information correctly OK give it to the
minimum here and here store everything in both sides need to encrypt sensitive
information here as well you need to encrypt sensitive information clear as well right job
keep that in mind so let's see questions on my chat now the next stop is that I want to
address our how these can go wrong here so if we have something like this directly
copperheart grow here wants to steal information in waiting came that that private
information or content information about this database the only thing that the hacker
needs to do is to go into RDMC and final notice from here to jump in here and start
reading everything right but if we don't use that you see the other the only other way
from harder to steal sensitive information instructionally get into our network trying to
compromise the fire training pacifier maybe do something with our switch and go over
here right so this database with database server in ceiling you can see or that's a lot of
work right and why because we are beginning to be hard are are the synora network sites
actually being in the life of a Hawker laser and harder right but that's our goal as we that's
what we want to achieve so what's going to happen well there is an axiom there is a
saying in his security information security that the chain will always reign at the weakest
link right so now our technological means are somehow good they are pretty much full
with standards right So what an attacker will actually do it strike to maybe compromise
with trying to find the weakest link in most most of the cases the weakest link is going to
be the user we humans are most time the weakest link so because these are the first day
they need to have access to production to update things from time to time that that align
thing that I forgot to mention right we are looking regular access from the developers
belong to the production VM but at some point we need to update things here so we can
talk with the network manager to temporarily give let's say these are other access to the
production site here to update things after that the permissions are we and our revolt and
everything goes back to the way where right so the hacker can anticipate that I can see
that this is this is going to happen so the hacker could profile all of these members to find
out that this guy here is the one doing the updates so the hacker will try to compromise
this machine over here why because now he can get maybe the users credentials in use
those credentials to later have access to the database so you see now our our weakest link
it's not the network now it's the user in this case OK so that's why I'm trying to address
now that's what that's what I will try to explain how we can protect this things from
happening common theme that then happened is that a hacker will inject the virus oops
today's computer over here it will infect the computer with a virus a virus that will give the
hacker control over the computer maybe key log everything in that way still credentials or
maybe the hacker will conduct a different type of attack maybe the hacker will try to
conduct some sort of phishing attack or do using some social engineering steal the
credentials from this user that's not that that's what most likely happened on attacks a
hacker will try to find ways to steal credentials from users using phishing or other social
engineering attacks or maybe injecting malware will give the hacker control over that
computer so everything I explain it's it's very possible nothing about that is it's actually far
fetched it's all of these are possible and actual real scenarios that we've seen in previous
attacks we know we have idea how attackers work in general right now the specifics of the
attack may very wanna talk to the next one long compromise the next ones but in general
these are the things that attackers will do now how would this be possible because for
example here we can have very strong antivirus solutions that are scanning our entire
network and keeping everything clean and we we could have all their monitoring solutions
some of them we are actually going to study on Wednesday we're going to review some of
them on Wednesday right so here it it might not be such a such an easy job to infect a
computer but these are developers right they are powerful users or power users rather
they are not regular users and well maybe most likely this developers they will take their
equipment out of the end of the day out of the office office and bring it back home so they
can if they need to check things at night or work on some idea that in that's where the
hackers can take advantage and they will use those opportunities to actually attack
developers right because yes we have all sorts of protections here but we have not control
over what's happening here right so maybe this developer it's kind of a reckless in start
going to size the she was in supposed to maybe this elebert started downloading piracy
software maybe he went to watch a soccer game online on one of these sites that are not
no legal maybe she tried to I don't know downloading movies to watch at 9 something like
that those are the moments those are the opportunities that attackers use to compromise
this devices OK download more ram That's a good one OK so you see that's that's where
the the device will be infected OK so next morning when the developer brings the device
back back to the network over here the device is going to be infected in from here the
attacker will have access to these machines still credentials and do all the things that I just
explained So what can we do to fight against this there are set up different ideas of what
to do for this this type scenarios these are actually pretty common ideas when we have a
bring your own device type of policy so bring your own device I don't know if you seen this
mention before the VYOD to bring your own device it that's when you have a network that
allows users to well as the work at the phrase says bring their own devices their own cell
phones and tablets in other laptops and use them here on the network right so since we
don't have control on those devices we need to do something to protect our network in a
common thing dad we do is to stab lish what it's called a quarantine zone I to we have 19
a quarantine song so what's going to happen and this is going to be a evil and right like
any other regular billing what's going to happen is that when we have a returning user
instead of joining its regular order regular Bob Dylan they're going to be move over the
quarantine zone in on here the network is going to run a bunch of tests to try to assess if
the machine is clean or not if it's clean it will be allowed to rejoin it it's regularly and an it's
not then some alarms some alerts will be flagged in we can trigger an incident response so
it's pretty common for organizations to have a monitoring station right maybe we can use
this one here so we have some sort of monitoring capabilities on our network no it's just
for now called the monitoring station N as the name implies what it's going to happen is
that this station will be constantly monitoring what's happening on the network including
what's happening here on our quarantine zone maybe when we are preparing all these
devices to distribute it to our employees who install some particular type of software so
when we need we will use that software monitoring station can remotely trigger that
software into running some tests may be scanning the hard drive or the storage device for
viruses may be checking memory see if there are some suspicious processes running on
this computer right we can also through the monitoring station inspect traffic to see if the
machine strange contacts to phone back suspicious IP addresses for command and control
centers things like that so we can keep an I on this device for awhile right if after a couple
of minutes we decided that or if the computer passes all the required tests then we will
move the the machine back to the developers villa as if not nothing had happened right
and of course that's because well the machine was clean is this a perfect solution of
course not like the same way an anti virus is not a perfect solution right but the
monitoring station is as hopefully will see on Wednesday its more advance the Justin is
antera software well it will use artificial intelligence technology it will use some more
tricks to actually do a better job assessing if this returning devices are clean or not if they
are well they will re join our network if not they are not allowed to join the network OK
but seeing this idea of quarantine before we're actually leaving acquainting phase right
now because of COVID-19 disease right so having according zone it's not it's not new to us
right and it's not something that we we invented here on network security quarantine
zone have been used since forever by humankind OK I'm just explaining how we can
incorporate that also here on our network so we can support this prior own device policy
right so the next topic that I want you to talk it's about DNS so I'm pretty sure that you will
know what a DNS is right so we use our communication based on domain names based on
words but our actual networks they use numbers they don't use words so a network a
network doesn't know a router for example doesn't know where or what innovation.com
is a router will know where the IP address 200.21 dot 22.104 is and they can deal with that
that sort of information but domain names now that for us that for humans so we need
that middleware we need that that intermediate service that will convert that will
transform domain names into spaces sorry not spaces right right it will transform domain
names into others in this case IP addresses OK so that's DNS again a brief explanation of
what a DNS is this is a way oversimplification of this but another thing that you need to
remember about DNS it's that it's not just one server it's not just one thing that you
contact and that's it no DNS on its own it's actually in network or a hereke of these devices
you can see them as maybe some sort of tree like structure right maybe like a binary tree
or something like that you can see it more like like that like a tree type of organization
right so let's say that you want this user here wants to visit universal.com so what's going
to happen it's going to ask it's configured DNS server about the IP address associated with
that domain name if this DNS server notes the answer it will immediately reply back to
this computer if not this DNS server will ask that question to its higher level maybe this
one here to inspire DNS server if the parent knows the answer it will reply to the child if
not the parent will also ask in turn to its parent right until somebody and it will reach a
higher high enough point where the the they have the answer to that question in from the
front there we will get the answer back to this sleep here and from there to this computer
over here so DNS is some sort of hierarchical organization right it's easier for you if you
see them as a tree then it's close to be a tree but it's not like a perfect tree OK so as you
can see a DNS is not something that you will only use locally on your network there are
going to be moments or a DNS will be contacted by other external DNS servers in the
hierarchy right so if you decide to host your own DNS server the best place for that it's
going to be the DNC because as we saw right this ever here is going to have sternal
requests can you have a DNS server on the internal network yes yes as long as you
configure these these DNS to only surf internal users so notes turn off access to the this
DNS right this DNS should only reply for things that are internal to the network if there is
something that this DNS doesn't know how to answer right that's the job of the DNS that
you put here under the emcee right it's not the job of this one here this DNS server will
only help your network to speed up the location by domain names of things services that
are internal to your network so yes you can have a DNS internal to your network but it will
only serve internal users that's the main difference between having a DNS server here and
having a DNS server over here this one here it will function it will work as any other
regular DNS even accepting external requests OK so that's the main extinction or naturally
I mean the majority of our computers they will have its own kind of personal DNS server
we call this the local hosts file there are certain each operating system will have its own
implementation of this idea OK so it's 5:15 and I just got the notification that your pop
quiz it's now published so go ahead finish the pop the pop quiz and then come back and
we are going to quickly wrap the class explaining VPN users OK good luck with the
progress