1
00:00:01,550 --> 00:00:05,900
Welcome to the course devoted to sudden netting and its bearing on the security of the whole computer

2
00:00:05,900 --> 00:00:06,770
infrastructure

3
00:00:09,590 --> 00:00:11,340
let's start from the very beginning.

4
00:00:13,060 --> 00:00:17,620
For to host to be able to communicate in computer networks IP networks.

5
00:00:17,620 --> 00:00:19,700
They must have unique IP addresses.

6
00:00:22,120 --> 00:00:28,300
If two hosts are in the same network that can communicate with each other directly if two hosts are

7
00:00:28,300 --> 00:00:34,570
located in remote networks all communication between them takes place through routers devices that are

8
00:00:34,570 --> 00:00:37,310
responsible for connecting individual networks.

9
00:00:38,650 --> 00:00:43,870
This means that by dividing the company into smaller subnets you gain the ability to control the packets

10
00:00:43,870 --> 00:00:46,700
transmitted between hosts.

11
00:00:46,710 --> 00:00:51,240
The first advantage of this solution is that the packets will always be sent by rodders that you manage

12
00:00:51,240 --> 00:00:56,170
yourself.

13
00:00:56,310 --> 00:01:00,300
You don't need to use routers when you divide the network into subnets.

14
00:01:00,330 --> 00:01:07,170
Instead you'll use a special kind of routers namely firewalls the router forward's packets.

15
00:01:07,300 --> 00:01:13,380
It must reject erroneous packets or those that exceeded their lifetime firewalls on the other hand are

16
00:01:13,380 --> 00:01:21,120
routers that filter forward data this enables you to improve not only the efficiency but also the security

17
00:01:21,120 --> 00:01:22,320
in a direct way.

18
00:01:24,840 --> 00:01:30,330
If you remember lecture's devoted to the consumerization of I.T. you will know that our corporate network

19
00:01:30,330 --> 00:01:33,570
encompasses more than just devices in the company's headquarters

20
00:01:36,470 --> 00:01:42,670
at present a corporate computer network can include users temporary whereabouts.

21
00:01:42,690 --> 00:01:48,240
These are very often users homes because they communicate with the network through mobile devices.

22
00:01:50,770 --> 00:01:53,600
Such a network can hardly be regarded as trusted.

23
00:01:55,190 --> 00:01:59,710
Not all administrators know what devices are connected to their networks.

24
00:01:59,810 --> 00:02:05,270
When a local corporate network included six hosts and two servers only the distinction between the secure

25
00:02:05,270 --> 00:02:10,540
corporate network and a dangerous Internet was reasonable.

26
00:02:10,550 --> 00:02:15,980
Right now our corporate network encompasses every single device that any given user connects to it.

27
00:02:19,520 --> 00:02:24,770
Therefore the security level of such a network is similar to the one of an external network it needs

28
00:02:24,770 --> 00:02:27,080
to be divided into smaller segments.

29
00:02:30,150 --> 00:02:35,640
It will allow us to monitor packets sent over a network and in particular to control the availability

30
00:02:35,640 --> 00:02:37,040
of selected hosts.

31
00:02:38,540 --> 00:02:44,910
If you use firewalls to create subnets and computers and subnet will be available only for trusted hosts

32
00:02:44,910 --> 00:02:46,680
located in subnets B and C

33
00:02:52,870 --> 00:02:58,150
using firewalls instead of routers you gain the ability to detect and prevent attacks such as those

34
00:02:58,150 --> 00:02:59,780
that you see in the picture below.

35
00:03:00,720 --> 00:03:08,290
What we see there is a network communication between two clients first intercepted and then reassembled.

36
00:03:08,520 --> 00:03:14,700
If we reassemble such communication that is what data was sent in the TCAP connection it will turn out

37
00:03:14,700 --> 00:03:22,050
that it was a computer trying to connect to a web server in order to download a file root see.

38
00:03:22,200 --> 00:03:28,370
You wouldn't like your computer to download and run such a file the application layer firewalls offer

39
00:03:28,390 --> 00:03:34,700
the ability to monitor the network these firewalls employ more than just simple rules.

40
00:03:35,850 --> 00:03:42,750
Such as a computer from network can communicate with the computer from Network B on port 80 there are

41
00:03:42,750 --> 00:03:48,840
firewalls that examined only protocol headers but also data transferred by these protocols.

42
00:03:48,880 --> 00:03:57,580
Let's focus again on the IP protocol on its fourth version.

43
00:03:57,610 --> 00:04:03,950
The simplest method of sudden netting is classful addressing as you can see in the picture above.

44
00:04:04,110 --> 00:04:12,870
Three classes are used a B and C Class D is used for multicasting addresses are reserved for future

45
00:04:12,870 --> 00:04:22,610
use classful addressing is very simple to distinguish a network address from a host address.

46
00:04:22,670 --> 00:04:32,030
You look at the first bits of the most significant byte This is the first part of the IP version 4 address.

47
00:04:32,150 --> 00:04:39,270
If the first bit of the octet is 0 then this is a Class A address in decimal notation.

48
00:04:39,280 --> 00:04:48,890
These would be values ranging from 0 to 126 the value 127 is the loopback and any address starting with

49
00:04:48,890 --> 00:04:56,730
one to 7 points out to your local computer the same method applies to higher classes.

50
00:04:57,010 --> 00:05:04,210
If the address belongs to class B the value of the oldest bit must be 1 and the next one minus zero.

51
00:05:04,220 --> 00:05:11,480
This means that the first two octets constitute the network address and the next to the host address.

52
00:05:11,600 --> 00:05:17,510
If the first two bits of the last octet are set to 1 and the third one is set to zero then the IP address

53
00:05:17,510 --> 00:05:25,450
belongs to class C in such a situation the first three octets constitute network address and the fourth

54
00:05:25,450 --> 00:05:27,020
one is the host address.

55
00:05:28,940 --> 00:05:31,060
It's a clear and simple principle.

56
00:05:31,070 --> 00:05:34,210
Unfortunately such address thing is very inefficient.

57
00:05:34,670 --> 00:05:40,710
Many addresses are wasted in the case of IP version 4 protocol.

58
00:05:40,710 --> 00:05:44,600
You cannot purchase just any address if you want to achieve proper routing.

59
00:05:45,770 --> 00:05:51,710
You always have to have a network address even if your network includes six computers.

60
00:05:51,710 --> 00:05:56,140
You still have to buy a whole class C network address.

61
00:05:56,320 --> 00:06:01,850
You have to pay for all of the 256 addresses even though you'll use only 8 of them.

62
00:06:05,230 --> 00:06:08,610
The solution to this problem is classless in her domain routing.

63
00:06:08,620 --> 00:06:16,350
See your utilizes the fact that the network address and the host address don't need to be divided into

64
00:06:16,350 --> 00:06:23,990
individual octets one part of an actor can define the network address and the other the host address.

65
00:06:26,030 --> 00:06:31,850
To allocate these bits a CD-R mask is needed.

66
00:06:31,890 --> 00:06:38,770
I'm sure you remember from the previous lectures to see IDR addressing scheme the complete network address

67
00:06:38,770 --> 00:06:40,860
must come before the host address.

68
00:06:42,550 --> 00:06:45,150
The only correct masks are shown in the table below.

69
00:06:46,810 --> 00:06:51,680
Zeros and ones cannot appear interchangeably in a mask.

70
00:06:51,680 --> 00:06:55,530
Ones indicate the network address and zeros indicate the host address.