WEBVTT

00:01.480 --> 00:03.490
I've got a little network right here.

00:03.640 --> 00:08.950
So this yellow box is going to be my switch and these individual little cylinders are going to be my

00:08.950 --> 00:14.470
host and this guy right here is my connection to the Internet.

00:14.500 --> 00:16.230
So he's just going to be at this moment.

00:16.280 --> 00:17.670
Well just a router.

00:17.920 --> 00:24.130
Now when we look at this network it's really really important to us that well we don't let naughty things

00:24.370 --> 00:25.980
happen to our network.

00:26.020 --> 00:31.220
So within the Internet world the first line of defense is going to be a firewall.

00:31.360 --> 00:38.620
And now the firewalls main job is to prevent naughty things from the outside world coming into our network.

00:38.620 --> 00:41.860
So traditionally a firewall is going to be right here.

00:41.860 --> 00:45.760
So that's why so many routers also have built in firewall features.

00:45.760 --> 00:52.330
Now our router doesn't have to have that if we wanted to we can go out and buy a specialized firewall

00:52.330 --> 00:54.870
device.

00:55.110 --> 01:01.560
And now we can have our router and then our firewall as its own separate device Barracuda pedicle a

01:01.560 --> 01:08.010
lot of people will sell you a box like this and this thing's been updated so it's always aware of evil

01:08.010 --> 01:09.200
things that are out there.

01:09.360 --> 01:11.820
And so this is not an uncommon setup.

01:11.850 --> 01:15.130
So we've got some kind of router we've got some kind of firewall.

01:15.210 --> 01:17.670
And then we have our network itself now.

01:18.180 --> 01:24.480
Firewalls are great and we certainly discuss firewalls in other episodes but we have another problem

01:24.480 --> 01:26.700
here and that is that firewalls are imperfect.

01:26.700 --> 01:33.750
So if I have an imperfect firewall I need to have something inside the network that's watching for naughtiness

01:33.750 --> 01:34.800
to happen.

01:34.920 --> 01:40.890
And that's where intrusion detection systems come into play and intrusion detection system can just

01:40.890 --> 01:47.640
be a computer with specialized ideas software or it could be a specialized device but by nature intrusion

01:47.640 --> 01:50.240
detection tends to be on the inside of a network.

01:50.240 --> 01:56.430
So here I'll just plug them into my switch and his job is to watch for naughty things on the network

01:56.430 --> 01:57.380
itself.

01:57.570 --> 02:05.430
If he detects something on the network it's the idea his job to let somebody know in the early generations

02:05.430 --> 02:06.310
of ideas.

02:06.360 --> 02:11.640
This would be done with those they would send an e-mail to somebody or hit their page or yeah they are

02:11.640 --> 02:13.670
that old today.

02:13.800 --> 02:16.160
You'll get a text message or something like that.

02:16.260 --> 02:18.350
So again it doesn't matter to me.

02:18.350 --> 02:24.260
This can be a specialized device or it could be a Windows machine running specialized idea software.

02:24.270 --> 02:28.430
Now this is the first generation of intrusion detection.

02:28.500 --> 02:33.670
Now over time we began to get intrusion detection that became what we called active.

02:33.780 --> 02:38.690
So this box would say Oh I notice that there's a well-known attack coming in here.

02:38.820 --> 02:44.100
And what he could do would be to talk to the firewall itself and say hey firewall shut off a porter

02:44.280 --> 02:48.210
stop particular application or do something to stop this attack.

02:48.210 --> 02:56.790
And we called that and I am using the past tense active IDs active ideas is really what we call intrusion

02:56.790 --> 03:02.780
prevention now or IPX an IPA system does the same thing as an idea.

03:02.820 --> 03:05.810
It's looking on the inside of the network for naughtiness.

03:06.030 --> 03:08.390
But it does something to stop it.

03:08.400 --> 03:14.070
Now if I have a device way over here it has a hard time stopping things because it's not actually in

03:14.070 --> 03:14.420
line.

03:14.420 --> 03:17.460
So what we usually see with IPX

03:21.570 --> 03:23.490
is something like this.

03:23.760 --> 03:31.320
This is getting long now again we can have routers that have IPX built in them we can have firewalls

03:31.320 --> 03:39.380
with IPX built into them but you can actually still buy IPX boxes whose only job is to provide IPX features.

03:39.390 --> 03:46.830
Now assuming we have something like this this box right here is tends to be in line and it is certainly

03:46.830 --> 03:48.170
monitoring the internal network.

03:48.180 --> 03:53.180
But if it catches something in here it's going to do something here to stop it.

03:53.310 --> 04:00.420
And that's the big thing you need to be aware of when it comes to ideas versus IPs on the network plus.

04:00.480 --> 04:05.670
Oh and by the way make sure that you can handle any question that defines the difference between a firewall

04:05.730 --> 04:08.500
versus an ideas versus an IP as

04:09.840 --> 04:14.060
an

04:16.920 --> 04:20.640
on

04:23.790 --> 04:27.140
an.