1 00:00:00,180 --> 00:00:02,080 What devices do we have here? 2 00:00:03,000 --> 00:00:04,660 This is a router. 3 00:00:06,120 --> 00:00:08,280 This is a Cisco 43 21 router. 4 00:00:08,460 --> 00:00:13,920 I've chosen this router specifically where I purchased this rather specifically because it's available 5 00:00:13,920 --> 00:00:14,520 in packets. 6 00:00:14,630 --> 00:00:20,010 So this is a Cisco 35 66 switch. 7 00:00:20,280 --> 00:00:23,550 Again, 35, 60 switches are available in packets. 8 00:00:23,680 --> 00:00:27,060 So you don't need to spend money buying all these devices. 9 00:00:27,690 --> 00:00:28,690 I've done that for you. 10 00:00:28,980 --> 00:00:31,810 Now, obviously, if you want to, you could buy physical equipment. 11 00:00:32,070 --> 00:00:34,950 It's nice in some ways to work with physical equipment. 12 00:00:35,160 --> 00:00:38,370 But for the Kenay, you don't have to use physical equipment. 13 00:00:38,370 --> 00:00:43,470 If you can't afford it, just use a tracer and I'll show you in a moment when I boot up this router 14 00:00:43,680 --> 00:00:47,730 and a switch and compare it to a tracer, you'll see it's very, very similar. 15 00:00:48,450 --> 00:00:51,960 This is an example of a twenty nine 60 switch. 16 00:00:52,260 --> 00:00:54,720 What I like about these switches is they found less. 17 00:00:54,990 --> 00:01:00,390 So I have them on my desk here and it doesn't make a lot of noise and mess up the recordings. 18 00:01:01,110 --> 00:01:03,080 But here we've got two interesting devices. 19 00:01:03,120 --> 00:01:05,880 They look very similar, very similar to each other. 20 00:01:07,610 --> 00:01:15,460 But what you'll notice, and these are older devices, is this is a Cisco A.S.A. 55 of five. 21 00:01:15,830 --> 00:01:17,450 This is called a firewall. 22 00:01:17,720 --> 00:01:24,800 Firewalls allow us to stop bad people getting into our network so we can restrict who can access our 23 00:01:24,800 --> 00:01:25,400 network. 24 00:01:25,910 --> 00:01:30,300 They use what are called firewall rules to permit or deny traffic. 25 00:01:30,920 --> 00:01:35,360 This is a small little firewall typically used again in a small business. 26 00:01:35,900 --> 00:01:40,070 The idea here is we can connect a bunch of devices directly to the firewall. 27 00:01:40,220 --> 00:01:42,500 So it's acting like a switch in some ways. 28 00:01:43,190 --> 00:01:47,630 But I could specify what's called the outside interface and the inside interface. 29 00:01:47,810 --> 00:01:52,580 And I do not allow all this firewall does not allow traffic from the outside interface to the inside 30 00:01:52,580 --> 00:01:55,190 interface unless you explicitly allow it. 31 00:01:55,610 --> 00:01:57,980 Your home router probably does something similar. 32 00:01:58,250 --> 00:01:59,810 It has a built in firewall. 33 00:01:59,990 --> 00:02:04,340 Your PC may be also running a firewall, a software firewall directly on the PC. 34 00:02:04,640 --> 00:02:07,340 This is an example of a hardware dedicated firewall. 35 00:02:07,660 --> 00:02:12,410 Now, rodders, as mentioned, often have firewall functionality, but this is a dedicated firewall. 36 00:02:12,920 --> 00:02:17,870 Now, you could connect your Internet directly to the firewall if you have an Internet connection and 37 00:02:17,870 --> 00:02:24,740 then to the router and then to the switch where your inside devices are or your lan is all you could 38 00:02:24,740 --> 00:02:27,740 connect to the router and then have the firewall behind the rudder. 39 00:02:28,280 --> 00:02:32,210 So you either have the firewall in front of the router or behind the router. 40 00:02:33,420 --> 00:02:39,330 In many cases, you're going to have this behind the router because your ISP may manage the router or 41 00:02:39,330 --> 00:02:42,300 you need a physical connection, that's not Ethernet. 42 00:02:42,810 --> 00:02:45,060 These devices typically only support Ethernet. 43 00:02:45,060 --> 00:02:50,160 Rawda will support other types of technologies, such as Edsel or cable as an example. 44 00:02:50,430 --> 00:02:55,230 So the Internet connects to the router, connects to the firewall, which then connects to your switch 45 00:02:55,230 --> 00:02:56,670 in your internal network. 46 00:02:57,810 --> 00:02:58,890 Now, here's another device. 47 00:02:58,890 --> 00:03:04,780 Looks very much the same, but this is a wireless LAN controller and another small wireless LAN controller. 48 00:03:05,160 --> 00:03:08,830 You'll notice the form factor looks exactly the same, but it has different functionality. 49 00:03:09,210 --> 00:03:14,430 This is used to manage access points if you've only got one access point. 50 00:03:15,270 --> 00:03:21,210 It makes sense to manage the access point directly using what's called an autonomous access point autonomous, 51 00:03:21,210 --> 00:03:24,920 meaning that you don't need a wireless LAN controller to manage it. 52 00:03:25,380 --> 00:03:31,650 But if you've got 100 of these or 500 of these, it's going to be a lot of work to manually configure 53 00:03:31,650 --> 00:03:33,230 every one of those access points. 54 00:03:33,630 --> 00:03:37,670 So rather than doing that, you use what's called lightweight to access points. 55 00:03:37,950 --> 00:03:42,540 Some of these access points support both so they can either be lightweight or they can be autonomous. 56 00:03:43,050 --> 00:03:44,700 Some of them have to be lightweight. 57 00:03:44,700 --> 00:03:47,530 Access points varies depending on which one you buy. 58 00:03:47,910 --> 00:03:54,300 But the idea is, is if I had 100 of these or 500 of these, they would register with the wireless LAN 59 00:03:54,300 --> 00:03:54,780 controller. 60 00:03:54,990 --> 00:03:58,800 Now, obviously, this is a small wireless LAN controller, so it's not going to support as many access 61 00:03:58,800 --> 00:03:59,160 points. 62 00:03:59,670 --> 00:04:06,630 But the idea is, if I have 100 access points, they would connect to the wireless LAN controller and 63 00:04:06,630 --> 00:04:09,830 notice this doesn't have as many ports as as would be required. 64 00:04:10,230 --> 00:04:14,880 The wireless LAN controller and the bigger ones, even more so, don't have so many interfaces. 65 00:04:15,120 --> 00:04:16,530 They simply connect to switches. 66 00:04:16,530 --> 00:04:18,690 So the access points connect to switches. 67 00:04:18,690 --> 00:04:20,640 The wireless LAN controller connects to switches. 68 00:04:20,640 --> 00:04:24,740 Switches are there to provide lots of ports to connect to in the network. 69 00:04:25,200 --> 00:04:31,530 So the whole idea here is the wireless LAN controller will manage the access points rather than manually 70 00:04:31,530 --> 00:04:35,530 managing every one of the access points to manage them through the wireless LAN controller. 71 00:04:35,910 --> 00:04:39,180 So the wireless LAN controller will manage, let's say one hundred five hundred access points. 72 00:04:39,180 --> 00:04:40,240 Depends on the controller. 73 00:04:40,620 --> 00:04:41,710 Depends what it can support. 74 00:04:42,360 --> 00:04:44,150 So once again, here we've got a firewall. 75 00:04:44,970 --> 00:04:46,230 This is an older firewall. 76 00:04:46,660 --> 00:04:47,880 USA Today. 77 00:04:47,880 --> 00:04:50,250 We have what are called next generation firewalls. 78 00:04:50,430 --> 00:04:55,320 They support features such as IPS or IDs now intrusion detection. 79 00:04:55,380 --> 00:04:58,650 Let me give you an analogy so that you won't forget what intrusion detection is. 80 00:04:59,190 --> 00:05:01,530 And it is like a dog. 81 00:05:02,400 --> 00:05:07,830 What a dog can do is help protect you by warning you when there's an attack taking place. 82 00:05:08,850 --> 00:05:11,610 Let's say you sleeping at night, sleeping comfortably in bed. 83 00:05:12,540 --> 00:05:19,710 The dog, however, sniffs that there's an attacker, so an intruder, it sniffs that there's an intruder 84 00:05:19,740 --> 00:05:21,360 trying to break into your house. 85 00:05:21,960 --> 00:05:22,730 What does it do? 86 00:05:23,070 --> 00:05:24,000 It barks. 87 00:05:24,270 --> 00:05:26,740 It warns you that there's an intruder. 88 00:05:27,270 --> 00:05:29,800 It doesn't stop the attacker. 89 00:05:30,000 --> 00:05:31,920 It warns you that there's an attacker. 90 00:05:32,100 --> 00:05:38,100 And then you can do something to stop the attacker trying to break into your house and intrusion detection 91 00:05:38,100 --> 00:05:44,070 system simply detects that there's a problem and then alerts you that there's a problem and then you 92 00:05:44,070 --> 00:05:45,210 have to do something about it. 93 00:05:45,630 --> 00:05:52,140 An intrusion prevention system can alert you that there's a problem, but also block the attack so it 94 00:05:52,140 --> 00:05:53,510 can prevent the attack. 95 00:05:53,820 --> 00:05:59,730 So if someone breaks into your network remotely, let's say a hacker, it can see that there's malicious 96 00:05:59,730 --> 00:06:02,300 activity on the network and then it can block that attacker. 97 00:06:02,310 --> 00:06:05,880 So prevent that attacker from gaining access to your network. 98 00:06:06,240 --> 00:06:11,070 Intrusion detection systems typically sit out of band of network traffic. 99 00:06:11,070 --> 00:06:14,760 So the traffic is going past them, but they're not in the flow of traffic. 100 00:06:15,000 --> 00:06:17,970 They just getting copies of the traffic to see if there's a problem. 101 00:06:18,240 --> 00:06:22,420 And intrusion prevention system sits in line with the traffic. 102 00:06:22,420 --> 00:06:26,640 So the traffic is going through the eyepiece or intrusion prevention system. 103 00:06:26,880 --> 00:06:31,430 When there's an attack, it blocks it so the attacker can't get into your network. 104 00:06:31,740 --> 00:06:35,430 So think of an I.D. or an IPS as a dog. 105 00:06:35,980 --> 00:06:39,600 Is it a small dog ideas or is it a very large dog? 106 00:06:39,880 --> 00:06:42,040 It can go in, attack the attacker. 107 00:06:42,870 --> 00:06:44,700 Hopefully that analogy will help you never forget. 108 00:06:44,700 --> 00:06:46,200 What an idea, solipsist.