[MUSIC] In today's lesson, we're going to talk about why do we need to learn or even understand networking. That may not be your job but let's discuss what we're going to talk about today. We're going to understand the reasons why we need to know networking. We're going to understand why there are standards also for networking and why we use networks in general. First of all, everything is connected, personal devices. So our TVs, our watches, our tablets, all are connected. Enterprise devices like H-Vac systems and lighting systems and security systems are all using some kind of connection to something else. Everything is connected. These could also include refrigerators or Chromecasts or Xboxes. There's a lot of things that use the Internet these days. I hear this quite a bit, why don't we just put wireless in everywhere? Well, let's discuss why we would put in wireless first and then why we wouldn't put wireless. First of all, wireless typically connects to all of our smaller devices, so our tablets, our phones, things that generally don't have wires. We can't plug an Ethernet cable into our phone or our watch, for example. Systems that need to be connected 100% of the time and cannot fail, should not be using wireless. Wireless can be interfered with. I can send a shutdown signal, disconnect signal, to a client to ineffectively kick them off the network. If I actually know what I'm doing. So things that need to be connected and always monitored are not candidates for wireless connectivity. What about labs for example, in a university? Do we want, let's say that we have a lab of 30, 40, 50, or 100 computers. Do we want all those computers accessing the wireless network? Generally not, because it's a lot of sessions. We have more bandwidth in larger devices like switches for the switching capacity for all those devices. Let's talk about open wireless networks for a second. Open wireless networks can pose risk. This could be in a coffee shop, or a hotel, or any retailer. Like your barber shop for example. They might have a wireless network. The problem with open wireless networks is that while they are convenient for the user they are inherently insecure. The reason is that we can't separate users on a wireless network that's open. We have to have a user name and a password provided to us to make sure that the wireless clients don't talk to each other. In that way, they act more like a switch and physically connected to each other. We don't want to run everything off of an open wireless connection. So financial systems, or personal data, HR systems, for example, what about a bank. Maybe your bank has an open wireless network for guests. I don't think they would run financial data over that network. Let's talk about the considerations for how we design a network? There's three things I always considered when designing a network. Keeping outsiders out, keeping insiders in and keeping insiders out. What do I mean by all this? So keeping outsiders out. This is pretty obvious. Those people who don't belong somewhere should be kept out. So for example, going back to the bank scenario. If I'm not an employee of that bank, would I want to get or would I want the bank to allow me to get onto their financial network that's secure. Probably not. So I'm going to utilize something like a firewall or an access control list. Or a VLAN, that's short for a virtual LAN or a virtual local area network, to separate out my clients. This type of segmentation could be based on industry or it could be based on regulation and compliance. For example, again the bank scenario, PCIDSS, which stands for the Payment Card Industry Data Security Standards stipulate that we need to protect the Card Data Environment or the CDE. That CDE is what's carrying credit card transactions back and forth. So we obviously need to connect or keep all those outsiders that don't need to know about credit card transactions out. Keeping insiders out. So at the university, do you think we allow students access to our secure grading system? No. Even though they are a part of the university and they are insiders to us, they're a part of the organization, We still have the system segmented all from each other. So we can still utilize the same technology, firewalls, switches that have access control list on them, or VLANs to protect that information. It's also, again, driven by industry, as well. So for example, if we don't want, for HIPAA, which is the Healthcare Insurance Portability Act, it basically states that you need to secure your patient systems. And we simply able to look at other peak. Even though you're part of the organization you need ways to make sure that nurses and doctors, for example, they don't need to look at certain records. Don't look at certain records or have a need to know. So we segment those systems off from each other. And finally keeping insiders in. This is another area where we're trying to protect users in general. Protecting users from viruses. Like in our financial network, do we want the bank tellers to be able to go out to Google, or entertainment websites and accidentally get a virus? That would devastate the organization. What about a SCIF, for example? Which is a Sensitive Compartmented Information Facility in use by governments generally. We keep inside information in so it doesn't leak out. Technology such as firewalls, switches, VLANs. Again, they play an important role on this but, through all the three considerations, what we need to make sure is that any off stream device cannot affect the security of any downstream device. So meaning that if we have a secure firewall, however upstream device is a router it's not secured. Technically that end to end stream is not secure. So in conclusion, we've talked about the three areas. Keeping outsiders out, keeping insiders out, and keeping insiders in. Think about how you do this for your systems, for your networks.
