1
00:00:02,860 --> 00:00:09,580
Submitting an IP version 6 is much simpler than in the case of IP version 4 where sometimes it is necessary

2
00:00:09,580 --> 00:00:14,490
to convert the numbers from decimal to by unary.

3
00:00:14,570 --> 00:00:17,690
In this case there are 64 bits on the left side.

4
00:00:17,720 --> 00:00:24,670
These are the network address 48 bits can be omitted because they represent the main network address

5
00:00:26,330 --> 00:00:34,070
the other 16 bits can be divided into subnets so divide a network in a sudden it's you only need to

6
00:00:34,070 --> 00:00:40,950
adjust these bits typing for example 0 0 0 0 0 then 0 0 0 1 and so on.

7
00:00:43,100 --> 00:00:46,710
Submitting an IP version 6 is much simpler than it was before

8
00:00:54,040 --> 00:00:55,730
dividing the network into sermonettes.

9
00:00:55,750 --> 00:01:01,750
You might want to highlight one special session that called the demilitarized zone.

10
00:01:01,850 --> 00:01:07,450
You can see the demilitarized zone in the upper right corner of the picture and below it.

11
00:01:07,510 --> 00:01:09,480
This depends on the implementation.

12
00:01:10,650 --> 00:01:15,360
There's a principle that states that a firewall cannot be configured in such a way that it protects

13
00:01:15,360 --> 00:01:18,020
both local users and external servers.

14
00:01:20,900 --> 00:01:26,980
Rules established to ensure the security of workstations will block servers rules that allow servers

15
00:01:26,980 --> 00:01:31,340
to work will not protect workstations effectively.

16
00:01:31,360 --> 00:01:34,000
It appears that more than one set of rules is needed.

17
00:01:34,640 --> 00:01:40,620
And thus more than one firewall the firewall should protect the high risk.

18
00:01:40,640 --> 00:01:41,870
Dedicated computers

19
00:01:45,050 --> 00:01:51,380
to achieve that you need a firewall with three interfaces for each of the internal interfaces.

20
00:01:51,390 --> 00:01:57,650
There is a separate set of rules that protect the network connected to this interface Another way is

21
00:01:57,650 --> 00:02:01,460
to have two adjacent firewalls with the demilitarized zone between them.

22
00:02:04,010 --> 00:02:08,750
The rules that separate the DMZ from the internet are less restrictive than the rules set on the firewall

23
00:02:08,750 --> 00:02:11,170
between the DMZ and the local network.

24
00:02:19,340 --> 00:02:24,710
In addition to the sudden netting that takes place in the network layer of the OSA model you can also

25
00:02:24,710 --> 00:02:31,500
come across data link where routing and switches that perform functions of routers when you use two

26
00:02:31,500 --> 00:02:36,760
switches and they are not connected to each other as in the picture on the top of the slide above.

27
00:02:36,930 --> 00:02:43,980
Each of them creates a sudden computers connected to the same switch can exchange data with one another.

28
00:02:49,570 --> 00:02:57,310
Instead of using switches you can also divide a network into sudden that's using specific ports for

29
00:02:57,310 --> 00:03:00,390
example ports 5:59 what constitutes sudden that a.

30
00:03:00,400 --> 00:03:02,500
And the rest will constitute something that be

31
00:03:07,000 --> 00:03:13,320
the final effect will be the same direct communication between individual sections of the network is

32
00:03:13,320 --> 00:03:14,400
now possible.

33
00:03:15,770 --> 00:03:19,880
In this way the network topology can be adapted to the company's needs.

34
00:03:21,570 --> 00:03:29,850
Such a division is commonly applied for security reasons.

35
00:03:29,860 --> 00:03:34,530
However this technology was not designed as a technology for security.

36
00:03:34,680 --> 00:03:38,550
Rather it's a solution for a more effective inefficient local network.

37
00:03:41,340 --> 00:03:44,070
The solution has been implemented in two ways.

38
00:03:51,400 --> 00:03:58,330
The simplest kind of network partitioning the virtual local area network or vlan is a static partitioning

39
00:03:59,600 --> 00:04:01,710
VLAN numbers are assigned to the switch ports

40
00:04:07,680 --> 00:04:14,380
or dynamic partitioning consists of assigning the MAC addresses of hosts of V'Landys in the case of

41
00:04:14,380 --> 00:04:15,070
the latter.

42
00:04:15,100 --> 00:04:20,730
It is no longer important which switch port an individual connects to.

43
00:04:20,780 --> 00:04:27,970
It's important how the individual identifies themselves in the second layer the switches to control

44
00:04:27,970 --> 00:04:30,040
the frameset and one ethernet packet.

45
00:04:30,040 --> 00:04:36,640
In such a way that they're delivered only to other hosts within the same VLAN to make this possible.

46
00:04:36,650 --> 00:04:43,080
Some additional information must be attached to the frame.

47
00:04:43,320 --> 00:04:48,090
Thus a tag is added which represents the VLAN membership of a given host.

48
00:04:50,470 --> 00:04:56,200
To ensure correct communication between the switches it is necessary to make at least one port of each

49
00:04:56,200 --> 00:04:59,480
switch a trunk port.

50
00:04:59,520 --> 00:05:06,860
This is the transport port through which all frames pass regardless of the Tag value.

51
00:05:06,940 --> 00:05:11,470
In this way the computers connected to one switch are able to communicate with the computers connected

52
00:05:11,470 --> 00:05:19,680
to another switch provided that the tag values are the same.

53
00:05:19,700 --> 00:05:25,340
This is a standardized solution but it's implemented under different names by different manufacturers.

54
00:05:26,900 --> 00:05:32,000
However it does not influence security directly because the tags are not protected in any way.

55
00:05:33,480 --> 00:05:40,000
Data carried by the tag can be freely modified during this part of our seminar.

56
00:05:40,010 --> 00:05:46,640
We touched upon the issues associated with the administration of computer networks.

57
00:05:46,660 --> 00:05:53,740
We said that thanks to some netting you can limit the area affected by potential attack.

58
00:05:53,760 --> 00:05:58,410
In addition subediting makes it easier to manage and network and improves its performance.

59
00:05:59,980 --> 00:06:03,610
It allows you to control data traffic easily.

60
00:06:03,660 --> 00:06:08,810
We discuss sudden getting an IP version 4 and IP version 6.

61
00:06:08,910 --> 00:06:16,360
We examine the issues related to network partitioning in the second layer of us-I model V'Landys we

62
00:06:16,360 --> 00:06:23,960
mentioned several services that allow to further improve the performance and security of the network.

63
00:06:23,970 --> 00:06:24,450
Thank you.