Description
Course info
Rating
(11)
Level
Intermediate
Updated
Feb 8, 2018
Duration
1h 42m
Description

Malicious users and software continuously scan networks looking for vulnerable devices and hosts. In this course, Firewalls and Intrusion Detection, you'll acquire the ability to determine how various types of firewalls should be deployed in your specific environment. First, you'll discover how to implement an intrusion detection system to detect suspicious activity. Next, you'll learn how to determine between honeypots and honeynets. Finally, you'll explore how honeynets and honeypots can be used as IT system decoys to track intruder actions in order to learn how production systems should be hardened. When you have completed this course, you will have the skills to implement various types of firewalls for specific environments.

About the author
About the author

Daniel Lachance, CompTIA Security+™, CompTIA A+®, CompTIA Network+®, CompTIA Server+, CompTIA Cloud Essentials, MCITP, MCTS, MCSA, is the owner of Lachance IT Consulting Inc. He is the author of the CompTIA Server+ Certification All-in-One Exam Guide, CompTIA Cloud Essentials Certification Study Guide, and co-author of CompTIA Security+ Certification Practice Exams.

More from the author
Recovering from Trouble
Intermediate
1h 30m
3 Oct 2018
Managing Microsoft Azure Subscriptions
Beginner
1h 58m
10 Aug 2018
Network Monitoring and Analysis
Intermediate
1h 27m
28 Mar 2018
More courses by Daniel Lachance
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Hi everyone. I'm Dan Lachance, and welcome to my course, Firewalls and Intrusion Prevention. Firewalls control traffic into and out of not only networks, but also individual hosts; so therefore, proper firewall placement and configuration is essential for proper protection at these levels. Intrusion detection and prevention systems take security a step further by monitoring networks and hosts for suspicious activity and either sending some kind of an alert or taking steps to stop the malicious actions from continuing. To track intrusions on fake decoy systems, we can deploy honeypots or collections of honeypots, which are called honeynets, and this can be deployed on an isolated network for security reasons. This way we have a way of tracking malicious user attack methods, as well as their IP addresses. Some of the major topics that we're going to cover include defining firewall best practices, including rules and placement, intrusion detection and prevention system deployment and configuration, and we'll also talk about the benefits of deploying honeypots. By the end of this course, you'll understand how to secure hosts and networks in alignment with corporate security policies using tools like firewalls, intrusion detection and prevention systems, and honeypots. I hope you'll join me to learn about firewalls and intrusion prevention, here at Pluralsight.

Firewall Concepts
Firewalls and intrusion detection are important technical controls that are a part of every organization's security strategy. I'm Dan Lachance. Welcome to Firewalls and Intrusion Detection where our first focal point will be firewall concepts. There are many different types of firewalls, and we want to add some clarity as to when a specific firewall type should be used, so we'll start by talking about the need for firewalls. What purpose do they serve? Then we'll start getting into packet filtering firewalls. We'll talk about host-based firewalls that control traffic into and out of a particular computing device, as well as focusing on network perimeter-based firewalls that control traffic into and out of a network. Then we'll talk about firewall rulesets. Rulesets are the configurations that actually determine what traffic is allowed or not. And then finally, we'll end by talking about different types of firewalls including things like Network Address Translation firewalls, proxy servers, VPNs, screened subnets, and bastion hosts.

IDS and IPS
Hi. I'm Dan Lachance. Welcome to our module on IDS and IPS, which respectively stand for intrusion detection systems and intrusion prevention systems, where the overall idea is to have some way of detecting abnormal activity and taking some kind of action, whether it's logging, notification, or even blocking attacks. We're going to start by talking about IDS and IPS in general, their general capabilities, and how they are the same, yet how they are different. Then we're going to talk about IDS and IPS deployment and configuration options. We'll talk about IDS and IPS components and where they should be placed, because we'll be talking about host-based versus network-based intrusion detection and prevention systems. Then we'll talk about the various implementation settings that are available for IDSs and IPSs. Essentially, we're talking about an approach to determining that there is suspicious activity occurring on a host or on a network. And then finally, we'll wrap it up by talking about a few common IDS and IPS tools.

Honeypots
In order to truly understand the steps and techniques used by attackers to compromise systems and networks, we need to be able to know exactly what they're doing. We need to think the way that they think. In this module, we're going to focus on honeypots where we can have decoy systems that attract or lure attackers into thinking they're compromising something in production, when really it's just there so that we can track their movements. So we'll start off by doing an overview of what honeypots exactly are and the various ways that they can manifest themselves. Then we'll talk about honeypot collections on a network, which are referred to as honeynets, which really exist for the same purpose, to serve as a decoy of two or more systems on a network that lure attackers into compromising them so that we can track their efforts.