Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:01,020 --> 00:00:01,270 All right. 2 00:00:01,290 --> 00:00:02,850 Hi, guys, hey, thanks for coming back. 3 00:00:04,260 --> 00:00:05,580 I promise you that. 4 00:00:06,690 --> 00:00:12,270 Yes, I'll be as excited as I was before, because in this lesson, we're going to learn a few security 5 00:00:12,270 --> 00:00:12,900 features. 6 00:00:13,350 --> 00:00:15,720 So I want to get started right away now. 7 00:00:17,050 --> 00:00:24,190 You probably know it as a number of technological products and endpoints used increases day by day as 8 00:00:24,190 --> 00:00:31,690 platforms integrate and well, integrate with each other and is threat surfaces change, the security 9 00:00:31,690 --> 00:00:33,520 landscape gets a little blurry. 10 00:00:34,390 --> 00:00:36,370 So when the news, somebody else is getting hacked. 11 00:00:37,180 --> 00:00:43,150 So in this section, I want to give you a little bit of information about firewalls, intrusion detection 12 00:00:43,150 --> 00:00:48,850 systems or IDs and intrusion prevention systems or IPS. 13 00:00:49,690 --> 00:00:54,220 So first off, let's examine just what these three different systems actually are. 14 00:00:55,480 --> 00:01:03,100 So a firewall, a traditional firewall, is a rule based decision making system, and it analyzes the 15 00:01:03,100 --> 00:01:11,530 packet cipher protocol type, source address, destination address, source and destination ports. 16 00:01:12,730 --> 00:01:15,460 So the packets don't match the firewall rules. 17 00:01:15,910 --> 00:01:18,850 These packets are discarded and not taken in. 18 00:01:19,510 --> 00:01:26,680 So basically, the firewall decides whether the packets coming into it from the network can go to the 19 00:01:26,680 --> 00:01:29,530 places that they need to reach on the network. 20 00:01:30,540 --> 00:01:37,140 Protection is provided by blocking traffic that does not comply with a rule specified in the fire. 21 00:01:39,760 --> 00:01:43,870 Now there's also something called unified threat management. 22 00:01:43,990 --> 00:01:47,320 You might have heard somebody refer to UTMB. 23 00:01:48,010 --> 00:01:56,050 So the concept of UTMB firewalls, it's emerged naturally over time, according to the needs and development 24 00:01:56,050 --> 00:01:57,460 of the security market. 25 00:01:58,150 --> 00:02:04,900 So as new attacks and vulnerabilities are discovered, the firewall has been enhanced with new features 26 00:02:04,900 --> 00:02:05,740 and functionality. 27 00:02:06,550 --> 00:02:14,350 So therefore, we can now define it as a network device that is used as a software and hardware asset 28 00:02:14,770 --> 00:02:18,010 or a combination thereof of both. 29 00:02:18,580 --> 00:02:33,430 And that gathers some features of UTMB stateful filtering VPN, web proxy antivirus IDs, IPS, deep 30 00:02:33,430 --> 00:02:38,440 packet analysis, and all of this goes on in a single center. 31 00:02:41,190 --> 00:02:46,950 Now there is also something called the next generation firewall or Energy F.W.. 32 00:02:48,950 --> 00:02:52,790 So there's this concept called the next generation firewall. 33 00:02:52,820 --> 00:02:53,090 Right? 34 00:02:53,270 --> 00:02:53,990 And you have to be. 35 00:02:55,510 --> 00:03:01,990 According to this kind of setup, it'll allow a single device to function as both a traditional firewall 36 00:03:02,290 --> 00:03:05,860 and an intrusion prevention system or IPS. 37 00:03:07,210 --> 00:03:14,290 So this next generation firewall and DFW, it's been developed with the motivation to address the lack 38 00:03:14,290 --> 00:03:16,250 of performance seen in UTMB. 39 00:03:16,930 --> 00:03:23,080 It will offer application control features and deep packet inspection features in a high performing 40 00:03:23,080 --> 00:03:25,600 and compatible architecture. 41 00:03:26,460 --> 00:03:32,700 In fact, there are other complementary features included in a UTMB firewall, such as web proxy and 42 00:03:32,970 --> 00:03:35,010 virus and malware protection. 43 00:03:35,400 --> 00:03:42,060 And they're not necessarily part of the NGF W architecture because these features have been removed 44 00:03:42,390 --> 00:03:44,520 and typically outsourced. 45 00:03:45,440 --> 00:03:53,240 But what that does is provides high scalability rates for like really large environments and DFW, whose 46 00:03:53,240 --> 00:03:59,750 main contribution, though, lies in the technological advances and the visibility of applications resulting 47 00:03:59,750 --> 00:04:03,890 from deep packet inspection, regardless of protocols and ports. 48 00:04:04,940 --> 00:04:10,880 So together, these features not only allow attacks to be prevented, but also create a more dynamic 49 00:04:10,880 --> 00:04:16,100 and efficient form of access control policies for today's security challenges. 50 00:04:18,570 --> 00:04:23,970 So that UTM and the nji OFW differences we can talk about now. 51 00:04:25,050 --> 00:04:32,340 And DFW is seen as a more suitable solution for high density traffic environments, especially for complex 52 00:04:32,340 --> 00:04:38,700 businesses, telecommunications and companies centralizing large amounts of data traffic. 53 00:04:39,450 --> 00:04:45,750 Also separating security assets in these situations is critical to the scalability and the resilience 54 00:04:45,750 --> 00:04:46,410 of the network. 55 00:04:48,020 --> 00:04:55,250 So therefore, these days, typically it's recommended that these smaller and medium sized businesses 56 00:04:55,520 --> 00:04:56,990 where data flow is lower. 57 00:04:57,140 --> 00:04:59,930 Well, they can go ahead and use that UTMB firewall. 58 00:05:00,870 --> 00:05:07,710 But it's the NGF of our next generation firewall that can control packet content, source target and 59 00:05:07,710 --> 00:05:10,830 user behavior without sacrificing performance. 60 00:05:11,610 --> 00:05:18,810 So the most obvious and most important difference then between next generation firewalls and traditional 61 00:05:18,810 --> 00:05:27,240 architecture is that this NGF F.W. has an architecture that can recognize the applications that generate 62 00:05:27,240 --> 00:05:27,930 the traffic. 63 00:05:28,470 --> 00:05:30,420 Now that's a really big deal. 64 00:05:31,230 --> 00:05:39,090 So this situation enables the separation of applications and the creation of corporate policies, determining, 65 00:05:39,090 --> 00:05:44,370 according to business rules, whatever the business wants to have as far as security goes. 66 00:05:44,790 --> 00:05:48,000 That's what can now be programmed into these NGF DFW. 67 00:05:48,860 --> 00:05:54,320 So it's thanks to the detailed analysis of data packets in these next generation firewalls. 68 00:05:54,680 --> 00:05:59,840 There is no need to control the data packets in a second product. 69 00:06:00,470 --> 00:06:00,770 Right. 70 00:06:01,040 --> 00:06:04,190 Because this situation is recovered in terms of performance and cost. 71 00:06:06,260 --> 00:06:09,590 Now, intrusion detection systems, IEDs. 72 00:06:10,810 --> 00:06:16,630 Well, an idea is designed to analyze all packets looking for known events. 73 00:06:17,350 --> 00:06:22,180 So when a known event is detected, a log message is generated detailing the event. 74 00:06:23,020 --> 00:06:30,130 Ideas contains a database of known attack signatures and compares the incoming traffic with his signatures 75 00:06:30,130 --> 00:06:30,880 in the database. 76 00:06:31,540 --> 00:06:35,950 So if an attack is detected, the Ides reports the attack. 77 00:06:36,910 --> 00:06:43,360 The primary function of an AIDS product is to alert you that suspicious activity is occurring, but 78 00:06:43,720 --> 00:06:45,100 it's not going to prevent it. 79 00:06:46,490 --> 00:06:52,250 The biggest challenges are they well, they generate a lot of false positives, right? 80 00:06:52,250 --> 00:06:54,620 So take that with a grain of salt, maybe. 81 00:06:55,850 --> 00:07:04,430 Now, eyepiece or intrusion prevention systems, so eyepiece is a device between the firewall and the 82 00:07:04,430 --> 00:07:11,510 network device because it can stop suspicious traffic from going to the rest of the network, eyepiece 83 00:07:11,540 --> 00:07:18,320 monitors, incoming packets and what they're actually using before deciding which packets enter the 84 00:07:18,320 --> 00:07:18,770 network. 85 00:07:19,700 --> 00:07:26,540 And IPS examines the content of the request, and depending on that, content can intercept, warn or 86 00:07:26,540 --> 00:07:29,330 potentially clean up a malicious network request. 87 00:07:30,510 --> 00:07:38,310 So identifying malicious package relies either on behavioral analysis or the use of signatures. 88 00:07:39,410 --> 00:07:47,810 So the firewall, like I said before, is a rule based engine, but I.P.S also uses its own large database 89 00:07:47,810 --> 00:07:49,250 for intrusion detection. 90 00:07:49,820 --> 00:07:55,760 So an IPS evaluates a suspected attack and alerts the administrator when it occurs. 91 00:07:56,810 --> 00:08:02,030 But EIPs also monitors for attacks originating from inside of his system. 92 00:08:03,300 --> 00:08:11,160 Now, EIPs is not a replacement for a firewall or a good antivirus program, and IP should be considered 93 00:08:11,160 --> 00:08:16,260 a tool to be used with your standard security products, such as antivirus and firewalls. 94 00:08:17,010 --> 00:08:22,530 But you'll see how it increases your system specific or network wide security. 95 00:08:24,030 --> 00:08:28,830 All right, my friend, so let's do a little bit of a recap because we've learned about firewalls, 96 00:08:29,280 --> 00:08:37,480 unified threat management or UTMB next generation firewalls, NGF intrusion detection systems, idea 97 00:08:37,740 --> 00:08:41,190 intrusion prevention systems, or IPS. 98 00:08:41,940 --> 00:08:42,840 That's a lot. 99 00:08:43,110 --> 00:08:44,670 And now, you know so much more. 100 00:08:45,000 --> 00:08:46,260 So thanks for hanging in there. 101 00:08:46,830 --> 00:08:47,460 Guess what? 102 00:08:48,030 --> 00:08:50,910 We've got somewhere else to go in the next lesson. 103 00:08:51,760 --> 00:08:52,510 So I'll see you then. 10716