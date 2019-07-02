In this video you will learn to discuss various common physical access control methods, discuss various common logical access control methods, and discuss monitoring and access controls processes such as IDS, IPS, Host IDS and IPS, HoneyPots, and Sniffers. >> We're going to go to access control methods, this time we're going to focus on physicals. Physical access control methods go to perimetral, which could be a fence, to buildings, to work areas, and servers and networks. Usually on the enterprise type of scenario for servers and networks, we have a guest network, we have a enterprise network for work areas are the work areas that only authorized personnel can access to it. For buildings, also it's a kind of a physical access control, which should be having the separation of the people can access that building. And then perimetral things, I've spent is a great example for this is to give our embassies in different countries. They usually keep out really well, or they'd actually do this really, really, really well. As for technical control or technical uses of the physical controls, what do we use? How do we accomplish it? We can use cameras in order to monitor who is going in and out from an area, we can use traps or mind traps. These are the doors that you actually need to pass a batch and it will actually just let one person go through. We can use tokens. We can use lists and logs in order to keep track who are the persons are going in and out of that room specifically. Logic access control methods, we spoke a little bit of the physical, now let's speak of the logic access controls. On here it talks a little bit of the topic of ACL or routers. We can have a rule in order to keep each one of our resources that we want to use. If we want to limit to the access on here, we can do that by an ACL rule. We have our GPOs, policies or compliance solutions. We can enforcing their password policies, device policies, day and time restrictions. For example if you shouldn't be seeing a resource connecting to a VPN network to access our enterprise server at 2:00 AM Eastern Time. It's not our usual business, so that is something that we can actually limit. Also something that we can have that access control, it's for the counts. We can have a centralized, decentralized, and actually enforce the expiration of those accounts. This all goes or circles back to the best practices that we got earlier on the course. So BYOD, BYOC, BYOEverything, it's a popular concept being thrown out there. In order to enforce it with access control, it takes a lot of effort. We need to have a strict policy and understanding of the things that we're going to do. We need technical controls for MDM, we need training in order to have our resources properly trained to use those bring your own device, bring your own computer, bring your own cell phones. So this also requires strong perimetral controls for us because it adds a lot of effort. Here's a little bit of a chart I will share with us. You can see that a 40% of our data breaches are associated with by BYOD. This point we are called the enterprises are pushing a little bit or pushing more into BYOD, bring your devices, but they are not doing the same thing with their security policies. So on here we can see a little bit of the the charts that are commonly shared. So monitoring the access control process, now that we have reviewed threads I'm going to review the technical damage to the organization. Let's look at other devices and techniques that can secure our hosts. The first thing that we're going to mention here is IDF, or intrusion detection systems. And IDS is a system that can scan, evaluate, and monitor the computer infrastructure for signs of an attack in progress. It requires hardware sensors and software in order to have the proper deployment on the environment. It's important to keep in mind that each implementation is unique and it depends on your organization's accute needs. Also [INAUDIBLE] only notifies the [INAUDIBLE]. Then we have our IPS, or intrusion prevention systems. And IPS has the monitoring capabilities of the IDS that we just mentioned. But it can actually block detected threats and still continue to use a passive response for other incidents. Then we have our host IDS and IPS. These are host-based systems that can monitor the host for unexpected behavior or drastic changes from their baseline. For example, it might include file integrity checks or to look for any outbound request that could be a little bit suspicious. For example, using the trading prevents IPs, looking for those outbound connections, see if they're on IPS or IDS. If we wanted to kill that connection we would use the IPS that mattered. Then we're going to mention the HoneyPot. HoneyPot, it's a security tool to lure attackers away from the action network where they can be monitored safely. While the attacker is on the HoneyPot, all other traffic and techniques are being logged to be reviewed. Honeypots can be software or malicious programs, they can be hardware decoys, or entire domain works which are also known as HoneyNets. Then the lastly we have our sniffers. The sniffers are also known as packet analyzers. It's a device or program that can monitor the network communications either on the wire or on the wireless network, they carry that data. Those are commonly used with troubleshooting networks. Something before we finish on this slide that I want to get really clear, it's the difference between an IPS and IDS. Please keep always keeping mind that an IPS it's something that we can kill the connection or take action upon. As we can see on the image presented to the right, see item number two, the one below, we see the attacker attempting to go the target but when the IPS detects that connection it actually kills that connection. Instead of on the IDS will it only let you know that the attacker is actually trying to go to that target. So that will be everything for the monitoring access control process.