1
00:00:00,000 --> 00:00:01,290
In this section of the course,

2
00:00:01,290 --> 00:00:03,390
we're going to discuss network monitoring.

3
00:00:03,390 --> 00:00:05,250
Now, network monitoring involves various tools

4
00:00:05,250 --> 00:00:07,500
and technologies that are employed to continually observe

5
00:00:07,500 --> 00:00:09,720
and analyze the performance of a computer network

6
00:00:09,720 --> 00:00:11,040
in real-time.

7
00:00:11,040 --> 00:00:12,540
Network monitoring is used to ensure

8
00:00:12,540 --> 00:00:14,070
that the network's operational integrity

9
00:00:14,070 --> 00:00:15,960
and optimal performance can detect

10
00:00:15,960 --> 00:00:18,360
and report on issues such as traffic bottlenecks,

11
00:00:18,360 --> 00:00:20,790
network outages, unauthorized access attempts,

12
00:00:20,790 --> 00:00:23,550
and other inefficiencies or security breaches.

13
00:00:23,550 --> 00:00:25,080
By using a combination of software

14
00:00:25,080 --> 00:00:26,220
and hardware solutions,

15
00:00:26,220 --> 00:00:28,290
network administrators are able to track metrics

16
00:00:28,290 --> 00:00:30,390
like bandwidth utilization, uptime,

17
00:00:30,390 --> 00:00:33,330
availability of network devices, and network services.

18
00:00:33,330 --> 00:00:34,950
With effective network monitoring,

19
00:00:34,950 --> 00:00:37,620
we can also preemptively identify potential problems

20
00:00:37,620 --> 00:00:39,720
and help maintain the reliability, stability,

21
00:00:39,720 --> 00:00:41,760
and security of our network architecture

22
00:00:41,760 --> 00:00:43,680
so that we can minimize our network's downtime

23
00:00:43,680 --> 00:00:46,170
and improve our overall user experience.

24
00:00:46,170 --> 00:00:48,720
Now, in this section, we're going to be focused on Domain 1,

25
00:00:48,720 --> 00:00:52,200
Networking Concepts, and Domain 3, Network Operations.

26
00:00:52,200 --> 00:00:54,450
Objective 1.2 states that you must be able to compare

27
00:00:54,450 --> 00:00:55,950
and contrast networking, appliances,

28
00:00:55,950 --> 00:00:57,660
applications, and functions.

29
00:00:57,660 --> 00:01:00,180
Objective 3.2 states that given a scenario,

30
00:01:00,180 --> 00:01:02,940
you must be able to use network monitoring technologies.

31
00:01:02,940 --> 00:01:04,827
First, we're going to look at intrusion detection systems

32
00:01:04,827 --> 00:01:06,810
and intrusion prevention systems.

33
00:01:06,810 --> 00:01:09,240
Intrusion Detection Systems are security technologies

34
00:01:09,240 --> 00:01:11,880
that monitor network traffic for suspicious activities

35
00:01:11,880 --> 00:01:14,190
and potential threats that can then issue alerts

36
00:01:14,190 --> 00:01:16,170
when those activities are detected.

37
00:01:16,170 --> 00:01:18,210
Now, an Intrusion and Prevention System, on the other hand,

38
00:01:18,210 --> 00:01:19,320
is a security mechanism

39
00:01:19,320 --> 00:01:21,180
that not only detects the potential threats,

40
00:01:21,180 --> 00:01:22,920
but also can take automated actions

41
00:01:22,920 --> 00:01:25,650
to prevent or mitigate such threats from occurring.

42
00:01:25,650 --> 00:01:26,760
Then we're going to discuss

43
00:01:26,760 --> 00:01:28,680
the Simple Network Management Protocol.

44
00:01:28,680 --> 00:01:30,150
The Simple Network Management Protocol,

45
00:01:30,150 --> 00:01:33,780
or SNMP, is a set of protocols for managing complex networks

46
00:01:33,780 --> 00:01:35,250
by monitoring nodes for conditions

47
00:01:35,250 --> 00:01:37,170
that warrant administrative action.

48
00:01:37,170 --> 00:01:39,570
Next, you're going to learn about network sensors.

49
00:01:39,570 --> 00:01:41,580
Network sensors are devices or software

50
00:01:41,580 --> 00:01:43,710
that collect data about traffic on a network,

51
00:01:43,710 --> 00:01:46,260
and they're used for monitoring and analysis purposes.

52
00:01:46,260 --> 00:01:48,930
After that, we're going to explore packet captures.

53
00:01:48,930 --> 00:01:50,850
Now, packet captures are recordings of all

54
00:01:50,850 --> 00:01:53,040
or specific segments of your network traffic

55
00:01:53,040 --> 00:01:54,060
that you can then analyze

56
00:01:54,060 --> 00:01:57,270
and diagnose for security problems and other reasons.

57
00:01:57,270 --> 00:01:59,610
Then we'll be covering network flow data.

58
00:01:59,610 --> 00:02:01,020
Now, network flow data refers to

59
00:02:01,020 --> 00:02:03,120
the information collected about traffic flowing

60
00:02:03,120 --> 00:02:05,460
through a network device by capturing the source,

61
00:02:05,460 --> 00:02:08,669
the destination, the volume, and the path of that traffic.

62
00:02:08,669 --> 00:02:10,800
Next, we'll look at log aggregation.

63
00:02:10,800 --> 00:02:13,620
Log aggregation refers to the process of collecting,

64
00:02:13,620 --> 00:02:15,930
centralizing, and organizing your log data

65
00:02:15,930 --> 00:02:17,700
from various systems within a network

66
00:02:17,700 --> 00:02:20,130
so you can analyze and monitor that data.

67
00:02:20,130 --> 00:02:22,830
After that, we'll explore a technology known as a SIEM,

68
00:02:22,830 --> 00:02:25,650
or the Security Information and Event Management system.

69
00:02:25,650 --> 00:02:27,870
The Security Information and Event Management system

70
00:02:27,870 --> 00:02:29,910
is considered to be a comprehensive solution

71
00:02:29,910 --> 00:02:31,320
that aggregates, correlates,

72
00:02:31,320 --> 00:02:33,630
and analyzes your security-related data

73
00:02:33,630 --> 00:02:35,700
from across your network and its devices

74
00:02:35,700 --> 00:02:38,820
to identify and report on security incidents and threats.

75
00:02:38,820 --> 00:02:40,320
Then we'll discuss some different

76
00:02:40,320 --> 00:02:42,300
network performance metrics that we can use

77
00:02:42,300 --> 00:02:43,530
in our real world.

78
00:02:43,530 --> 00:02:46,230
Network performance metrics are these quantitative measures

79
00:02:46,230 --> 00:02:47,850
that are used to evaluate the level of service

80
00:02:47,850 --> 00:02:49,440
provided by the network.

81
00:02:49,440 --> 00:02:51,900
Next, we'll explore interface statistics.

82
00:02:51,900 --> 00:02:53,910
Interface statistics are the detailed metrics

83
00:02:53,910 --> 00:02:56,940
related to the performance and usage of network interfaces

84
00:02:56,940 --> 00:02:59,340
such as error rates, utilization percentages,

85
00:02:59,340 --> 00:03:00,870
and traffic volumes.

86
00:03:00,870 --> 00:03:02,550
Finally, we're going to take a short quiz

87
00:03:02,550 --> 00:03:04,680
to see what you learned during this section of the course,

88
00:03:04,680 --> 00:03:06,150
and review your answers to ensure you know

89
00:03:06,150 --> 00:03:07,440
why the right answers were right

90
00:03:07,440 --> 00:03:08,970
and the wrong answers were wrong.

91
00:03:08,970 --> 00:03:11,580
So if you're ready, let's get started with our coverage

92
00:03:11,580 --> 00:03:14,180
of network monitoring in this section of the course.