1
00:00:00,090 --> 00:00:00,990
In this lesson,

2
00:00:00,990 --> 00:00:04,260
we're going to talk about automating network inventories.

3
00:00:04,260 --> 00:00:06,180
Now, these days in our modern networks,

4
00:00:06,180 --> 00:00:08,340
it is crucial that you have an automated way

5
00:00:08,340 --> 00:00:10,230
of conducting network inventories

6
00:00:10,230 --> 00:00:12,090
because we're using things like virtual machines

7
00:00:12,090 --> 00:00:14,940
and virtual environments all the time.

8
00:00:14,940 --> 00:00:16,620
These virtual machines aren't things

9
00:00:16,620 --> 00:00:19,380
you can walk around the office and count by touching them

10
00:00:19,380 --> 00:00:21,240
as you're walking desk to desk.

11
00:00:21,240 --> 00:00:23,790
Instead, they're just a series of ones and zeros.

12
00:00:23,790 --> 00:00:25,770
So you have to be able to have a way to track

13
00:00:25,770 --> 00:00:28,470
and maintain an inventory of all these different things,

14
00:00:28,470 --> 00:00:31,470
especially as your systems are constantly scaling up

15
00:00:31,470 --> 00:00:33,660
or scaling out in the case of vertical

16
00:00:33,660 --> 00:00:35,400
or horizontal scaling.

17
00:00:35,400 --> 00:00:36,870
So let's talk a little bit

18
00:00:36,870 --> 00:00:39,240
about automating network inventory,

19
00:00:39,240 --> 00:00:41,280
because maintaining this up-to-date inventory

20
00:00:41,280 --> 00:00:43,620
is not just needed for logistical necessity,

21
00:00:43,620 --> 00:00:46,860
but it's also a strategic imperative inside of your business

22
00:00:46,860 --> 00:00:48,720
because you have to keep track of everything,

23
00:00:48,720 --> 00:00:51,390
from the computers you're using to the virtual machines

24
00:00:51,390 --> 00:00:53,070
and the cloud services you're using,

25
00:00:53,070 --> 00:00:54,990
all the way out to the licenses you're using

26
00:00:54,990 --> 00:00:56,730
for the pieces of software.

27
00:00:56,730 --> 00:01:00,330
Now to do this, we're going to use automatic network inventory

28
00:01:00,330 --> 00:01:03,150
by creating a dynamic, efficient, and reliable approach

29
00:01:03,150 --> 00:01:06,000
to keeping track of every device, user, and software

30
00:01:06,000 --> 00:01:08,160
within our enterprise network.

31
00:01:08,160 --> 00:01:11,130
Now, the heart of this is these dynamic inventories,

32
00:01:11,130 --> 00:01:12,510
and this is a transformative leap

33
00:01:12,510 --> 00:01:14,520
going from our static manually managed list

34
00:01:14,520 --> 00:01:15,540
that we used to have

35
00:01:15,540 --> 00:01:18,570
into a real-time automatically updating repository

36
00:01:18,570 --> 00:01:20,610
of all of our network assets.

37
00:01:20,610 --> 00:01:21,870
Now, some of the benefits of this

38
00:01:21,870 --> 00:01:24,120
is that you can have a real-time update,

39
00:01:24,120 --> 00:01:25,980
unlike having a static list where you went around

40
00:01:25,980 --> 00:01:27,930
and did a quarterly count of all the computers

41
00:01:27,930 --> 00:01:29,340
that were issued to employees.

42
00:01:29,340 --> 00:01:31,200
When you're using this type of automation

43
00:01:31,200 --> 00:01:32,580
of a dynamic inventory,

44
00:01:32,580 --> 00:01:34,170
you're going to have an automatic update

45
00:01:34,170 --> 00:01:36,720
as soon as the device joins or leaves the network,

46
00:01:36,720 --> 00:01:38,550
so you'll know exactly what is connected

47
00:01:38,550 --> 00:01:41,340
and what risk your network has at that time.

48
00:01:41,340 --> 00:01:43,290
This means that you as a network administrator

49
00:01:43,290 --> 00:01:45,210
or network engineer will always know

50
00:01:45,210 --> 00:01:47,910
who is connected to your network and how many users you have

51
00:01:47,910 --> 00:01:50,760
because of this real-time updating capability.

52
00:01:50,760 --> 00:01:52,080
Another great use of automation

53
00:01:52,080 --> 00:01:53,520
with your dynamic inventories

54
00:01:53,520 --> 00:01:56,250
is to have an integration with other management tools.

55
00:01:56,250 --> 00:01:59,070
For example, your dynamic inventories can be integrated

56
00:01:59,070 --> 00:02:00,690
with other network management tools

57
00:02:00,690 --> 00:02:03,120
like Ansible, Chef, and Puppet.

58
00:02:03,120 --> 00:02:04,200
This type of integration

59
00:02:04,200 --> 00:02:05,790
allows for the automated configuration

60
00:02:05,790 --> 00:02:08,759
and management of those devices based on the real-time data

61
00:02:08,759 --> 00:02:11,220
collected from the real-time updates and inventory.

62
00:02:11,220 --> 00:02:14,130
And this, again, streamlines your network operations.

63
00:02:14,130 --> 00:02:15,510
The third big benefit here

64
00:02:15,510 --> 00:02:16,830
when you're dealing with automation

65
00:02:16,830 --> 00:02:18,510
is that it reduces human error.

66
00:02:18,510 --> 00:02:21,180
Because we're automating the inventory management process,

67
00:02:21,180 --> 00:02:23,670
we're not having to spend people's time and energy

68
00:02:23,670 --> 00:02:25,830
walking around and counting computers,

69
00:02:25,830 --> 00:02:27,630
and we're going to reduce human error

70
00:02:27,630 --> 00:02:28,590
because I can tell you

71
00:02:28,590 --> 00:02:31,500
having done lots of manual inventories in my career,

72
00:02:31,500 --> 00:02:33,000
people always miss something

73
00:02:33,000 --> 00:02:34,830
and we spend weeks trying to figure out

74
00:02:34,830 --> 00:02:36,150
where is that one laptop

75
00:02:36,150 --> 00:02:37,920
that nobody knows where it is anymore

76
00:02:37,920 --> 00:02:39,840
because somebody forgot to unlock an office

77
00:02:39,840 --> 00:02:41,670
and we didn't think to check it.

78
00:02:41,670 --> 00:02:44,130
These are all the things that get reduced or eliminated

79
00:02:44,130 --> 00:02:47,400
when you move to real-time updates using automation.

80
00:02:47,400 --> 00:02:49,140
Now, another way you can do this

81
00:02:49,140 --> 00:02:53,010
is you can use a one-time scan that is done either on demand

82
00:02:53,010 --> 00:02:55,230
or you can schedule to do it once a week

83
00:02:55,230 --> 00:02:58,110
or once a month using a tool like Nmap.

84
00:02:58,110 --> 00:03:00,330
Now, Nmap stands for Network Mapping

85
00:03:00,330 --> 00:03:02,910
and its job is to go out and conduct IP scans

86
00:03:02,910 --> 00:03:04,890
and port scans across your network

87
00:03:04,890 --> 00:03:06,870
to figure out what devices are on the network.

88
00:03:06,870 --> 00:03:08,970
For example, is there a laptop or desktop

89
00:03:08,970 --> 00:03:10,710
on that particular switch port

90
00:03:10,710 --> 00:03:14,100
and what services are being run on each of those machines?

91
00:03:14,100 --> 00:03:16,770
For example, if you have a computer on your desk at work

92
00:03:16,770 --> 00:03:18,360
and you're running a web server on it,

93
00:03:18,360 --> 00:03:21,930
that means Port 80 and Port 443 are likely going to be open,

94
00:03:21,930 --> 00:03:24,780
but that also represents a vulnerability on that network,

95
00:03:24,780 --> 00:03:27,090
and so your network administrators need to know that.

96
00:03:27,090 --> 00:03:28,770
And by doing these type of port scans,

97
00:03:28,770 --> 00:03:30,000
they can figure that out

98
00:03:30,000 --> 00:03:32,490
and then they can visualize that information as well

99
00:03:32,490 --> 00:03:34,890
inside of a tool like Zenmap

100
00:03:34,890 --> 00:03:38,160
or other tools like SolarWinds' Network Topology Mapper

101
00:03:38,160 --> 00:03:39,630
or the Intermapper.

102
00:03:39,630 --> 00:03:40,590
All of these have things

103
00:03:40,590 --> 00:03:42,360
where you can do the layout of your network

104
00:03:42,360 --> 00:03:43,770
and understand what ports are open,

105
00:03:43,770 --> 00:03:45,720
and then conduct an impact analysis

106
00:03:45,720 --> 00:03:47,160
so you can better protect your network

107
00:03:47,160 --> 00:03:48,480
and prevent it from going down

108
00:03:48,480 --> 00:03:50,880
from any kind of single points of failure because again,

109
00:03:50,880 --> 00:03:54,360
you can identify those things by having this network map.

110
00:03:54,360 --> 00:03:55,830
The final area I want to talk about

111
00:03:55,830 --> 00:03:57,990
is security and compliance.

112
00:03:57,990 --> 00:04:00,960
Now, when it comes to dealing with automated inventories,

113
00:04:00,960 --> 00:04:02,850
this also helps feed into our security

114
00:04:02,850 --> 00:04:04,410
and compliance programs

115
00:04:04,410 --> 00:04:07,230
because if we're going to be subject to the rules of PCI DSS

116
00:04:07,230 --> 00:04:08,880
because we accept credit cards,

117
00:04:08,880 --> 00:04:11,040
there are certain requirements of what things can

118
00:04:11,040 --> 00:04:12,720
and cannot be in your inventory

119
00:04:12,720 --> 00:04:14,220
in the particular screen subnet

120
00:04:14,220 --> 00:04:16,110
that the payment card systems live

121
00:04:16,110 --> 00:04:18,480
because that would either increase or decrease

122
00:04:18,480 --> 00:04:20,940
the security of that particular screen subnet.

123
00:04:20,940 --> 00:04:22,800
So all these are things that go into it,

124
00:04:22,800 --> 00:04:25,080
and when you're doing this dynamic real-time updating,

125
00:04:25,080 --> 00:04:26,460
you can configure things to say,

126
00:04:26,460 --> 00:04:30,810
hey, if somebody connects a laptop into our PCI DSS subnet,

127
00:04:30,810 --> 00:04:32,910
we want to immediately notify the administrators

128
00:04:32,910 --> 00:04:34,560
and block that and quarantine it.

129
00:04:34,560 --> 00:04:37,800
That way, data can't be exfiltrated from the database server

130
00:04:37,800 --> 00:04:39,510
that holds everybody's credit card numbers

131
00:04:39,510 --> 00:04:40,680
onto somebody's laptop

132
00:04:40,680 --> 00:04:42,480
that they happen to plug into a network switch

133
00:04:42,480 --> 00:04:44,670
that was tied to that particular subnet.

134
00:04:44,670 --> 00:04:46,260
These are the kind of things we're thinking about

135
00:04:46,260 --> 00:04:48,120
when we're dealing with automated inventory.

136
00:04:48,120 --> 00:04:49,650
It allows us to go out and figure out

137
00:04:49,650 --> 00:04:51,810
what's on the network in terms of hardware,

138
00:04:51,810 --> 00:04:56,340
software, versioning, ports, protocols, and anything else,

139
00:04:56,340 --> 00:04:59,010
and get a real-time picture of what our network looks like

140
00:04:59,010 --> 00:05:01,410
so we can better defend it and better secure it.