00:00:02
if you've ever worked in a data center
00:00:03
or you have an organization that has a
00:00:05
data center then this picture probably
00:00:07
looks familiar it's row after row after
00:00:10
row of 19-inch racks and those racks
00:00:13
have inside of them many different types
00:00:15
of computing systems in this video we'll
00:00:18
look at many different kinds of network
00:00:20
services and see what types of things
00:00:22
might be running inside of this
00:00:23
company's data center
00:00:25
almost every organization and every data
00:00:28
center has inside of it a dns server dns
00:00:31
stands for domain name system and it's a
00:00:33
service that's primarily responsible for
00:00:35
converting between fully qualified
00:00:37
domain names and ip addresses so if you
00:00:40
go into a browser and type
00:00:41
www.professormesser.com
00:00:44
that browser will ask the dns server
00:00:46
what's the ip address of
00:00:49
www.professormesser.com that ip address
00:00:51
will be provided to the browser and from
00:00:53
that point forward the browser uses the
00:00:55
ip address of my web server to
00:00:57
communicate back and forth to your
00:00:59
browser dns is a distributed naming
00:01:02
system which means you might have many
00:01:04
different dns servers in your
00:01:05
environment and outside of your
00:01:07
organization you're probably
00:01:09
communicating with many other dns
00:01:11
servers as well as you can probably tell
00:01:13
this conversion process between a fully
00:01:15
qualified domain name and an ip address
00:01:18
is critical for the entire
00:01:19
communications process it's usually
00:01:21
managed by your local i.t department or
00:01:23
an internet service provider and they
00:01:26
usually have multiple dns servers to
00:01:28
ensure that this service is always
00:01:30
available to your users
00:01:32
another common service that you'll find
00:01:34
in a data center is a dhcp server this
00:01:36
stands for dynamic host configuration
00:01:39
protocol and this is the service that
00:01:41
automatically assigns and configures ip
00:01:43
address settings on your local device
00:01:45
this is a service that we've become very
00:01:47
accustomed to having we can plug in or
00:01:49
connect to anyone's network and we're
00:01:51
automatically provided ip addresses dns
00:01:54
settings and everything else we need to
00:01:56
be able to communicate on that network
00:01:58
if you have a wireless router or cable
00:02:01
modem that's used for internet
00:02:02
connectivity then that device probably
00:02:04
is also running a dhcp server inside of
00:02:08
it if you're in an enterprise i.t
00:02:09
department there will probably be
00:02:11
multiple dhcp servers to provide
00:02:13
redundancy should one dhcp server become
00:02:16
unavailable here's a very simple dhcp
00:02:19
configuration on a home router you can
00:02:22
see that the lease time is set to one
00:02:23
week that's how long someone can retain
00:02:25
a single ip address before they have to
00:02:28
check back in and renew that address and
00:02:30
there's a range of ip addresses that are
00:02:32
assigned by this dhcp server starting at
00:02:35
10.1.10.10 all the way through
00:02:37
10.1.10.199
00:02:40
now that you can connect to the network
00:02:42
you can also store files on the network
00:02:44
in a file server this is a centralized
00:02:46
storage device usually with a set of
00:02:49
folders that you can use to store all of
00:02:51
your information and because these are
00:02:53
stored on the network you can log in
00:02:55
from any device and have access to your
00:02:57
personal files
00:02:58
the operating system you're using has a
00:03:00
common way to communicate to this file
00:03:02
server if you're in windows you're
00:03:04
probably using smb or the server message
00:03:07
block if you're using mac os you're
00:03:10
probably using afp or the apple filing
00:03:12
protocol from a user's perspective they
00:03:15
have no idea what protocols are in use
00:03:17
on the network all they see is some type
00:03:19
of file management front end and then
00:03:21
they can copy files delete files rename
00:03:24
files or do anything else they would do
00:03:26
on this file system located on the
00:03:28
centralized file server
00:03:31
if you work in an enterprise environment
00:03:33
we usually connect printers to the
00:03:34
network and then we put those printers
00:03:36
in centralized areas that are close to
00:03:38
the users we're able to connect to the
00:03:40
network by using a print server this is
00:03:43
usually hardware or software that allows
00:03:45
us to connect this printer to the
00:03:47
network so that everyone can access that
00:03:49
centralized resource this print server
00:03:52
may be software that's running on a
00:03:53
computer that has a printer connected to
00:03:55
it and everyone on the network would
00:03:57
send their print jobs to this computer
00:03:59
so that the print server can then access
00:04:01
those jobs and print them on the printer
00:04:03
many printers might also have a hardware
00:04:06
card like the one you see here that
00:04:07
plugs into the back of the printer
00:04:09
allows the printer to connect directly
00:04:11
to an ethernet connection some printers
00:04:14
also have wireless print servers inside
00:04:16
so you can simply connect to the
00:04:17
wireless network to provide those print
00:04:19
services there are usually some
00:04:21
standardized protocols that allow you to
00:04:22
send these print jobs to a print server
00:04:25
and usually you'd be running smb or
00:04:27
server message block especially if
00:04:28
you're running windows but you can also
00:04:30
use ipp or the internet printing
00:04:32
protocol or lpd or the line printer
00:04:35
daemon
00:04:37
another important service that often
00:04:38
requires 100 uptime and availability is
00:04:41
a mail server this is the server
00:04:44
responsible for sending and receiving
00:04:46
mail for your organization because the
00:04:48
service is so critical it's often
00:04:50
managed by our local it team or we may
00:04:53
be using an isp or cloud-based service
00:04:55
to provide these mail services we often
00:04:58
know very quickly if there's a problem
00:04:59
with the mail services because
00:05:01
practically everyone in the organization
00:05:03
is using them that's why there's usually
00:05:05
a 24-hour a day seven day a week support
00:05:07
service and if the mail server has a
00:05:09
problem you instantly can have someone
00:05:11
connect to that service to see exactly
00:05:13
how to troubleshoot the problem
00:05:16
we've already mentioned a number of
00:05:18
services for example the dns server the
00:05:20
dhcp server the file server and others
00:05:24
with all of these systems there are logs
00:05:25
and messages that are important for
00:05:27
administrators to be able to have access
00:05:29
to
00:05:30
instead of having the administrator
00:05:32
manually access the individual logs that
00:05:34
are located on each individual service
00:05:37
we can consolidate all of those logs
00:05:39
back to a central database one of the
00:05:42
protocols that allows us to consolidate
00:05:44
these log files is called syslog this is
00:05:47
a very common standard if your system
00:05:49
collects logs then it probably has the
00:05:51
option to send those logs to a
00:05:53
centralized database using syslog
00:05:56
in many organizations we use a security
00:05:59
information and event manager to collect
00:06:02
all of these log files we usually refer
00:06:04
to this as a sim as you can imagine log
00:06:07
files take a lot of room so the sim
00:06:09
usually has a very large drive array and
00:06:12
we're able to store a large number of
00:06:14
files over a very extended period of
00:06:16
time
00:06:17
many organizations will have one or many
00:06:20
different web servers and those servers
00:06:22
are responsible for responding to
00:06:24
browser requests that you would make
00:06:25
from your computer these use standard
00:06:27
protocols such as http or https and they
00:06:31
build pages out using specialized
00:06:33
languages such as html or html5 these
00:06:37
pages could be static pages that are
00:06:39
simply transferred across the network or
00:06:41
the web server may be responsible for
00:06:43
dynamically creating the page and then
00:06:46
sending that page down to the browser
00:06:49
in an enterprise we might often start
00:06:51
our day by logging in to our local
00:06:53
computer or we may be connecting from a
00:06:55
vpn and we would use a username and
00:06:58
password to provide that authentication
00:07:00
and often the authentication that we
00:07:02
would use between all of these different
00:07:03
services is identical so how does the
00:07:06
enterprise use the same authentication
00:07:08
method across all of these different
00:07:10
servers in most cases the organization's
00:07:13
using an authentication server which
00:07:15
centralizes all of those usernames and
00:07:18
passwords to a single service this isn't
00:07:20
something we would commonly use on a
00:07:22
home network because we don't have a lot
00:07:24
of services that we're logging into on
00:07:26
our local network but on an enterprise
00:07:28
network there are many different
00:07:30
services that we would want to access
00:07:32
and this centralized authentication
00:07:33
server provides us with a way to not
00:07:36
only provide access to those services
00:07:38
but do it in a way that our usernames
00:07:40
and passwords are protected
00:07:42
as you can imagine if the authentication
00:07:44
server is not available then no one
00:07:46
would be able to log in and use any of
00:07:48
the resources on your network for that
00:07:51
reason this is considered to be a very
00:07:53
critical resource and it's very common
00:07:55
for organizations to have multiple
00:07:57
authentication servers on their network
00:07:59
for redundancy
00:08:01
your mail client probably has a separate
00:08:04
folder already configured inside of it
00:08:06
called spam that spam folder takes any
00:08:08
messages which may be unsolicited
00:08:11
attempts at getting your attention and
00:08:13
puts all of those messages into a spam
00:08:15
folder so that you don't have to read
00:08:18
them the content of these spam messages
00:08:20
can vary widely these could be
00:08:21
commercial attempts to get you to buy
00:08:23
something it might be someone trying to
00:08:25
get you to click on a link that sends
00:08:27
you to a malicious website or maybe a
00:08:30
phishing attempt which is trying to get
00:08:31
you to give away some of your personal
00:08:33
information
00:08:34
managing all of these spam messages can
00:08:36
be complex it's already difficult to
00:08:39
identify the spam message and then we
00:08:41
also have to manage what we do with
00:08:42
those messages once they're identified
00:08:45
there are obviously security concerns we
00:08:47
have to think about where we're going to
00:08:48
store this information and for how long
00:08:50
we're going to keep these spam messages
00:08:52
stored in our databases
00:08:54
some organizations will have a separate
00:08:56
mail gateway in their network in this
00:08:58
example that mail is being sent and
00:09:00
received from the internet through a
00:09:02
firewall that then sends it to the mail
00:09:04
gateway on a screen subnet these mail
00:09:07
gateways can also be stored in the cloud
00:09:09
and there may be a third party provider
00:09:11
that's being used to provide that
00:09:12
functionality once the mail is scanned
00:09:15
it can then be sent to the internal
00:09:17
network and stored on a local internal
00:09:19
mail server this gives us the
00:09:21
opportunity to categorize mail as spam
00:09:23
or to completely reject the mail and
00:09:25
prevent its access to the internal
00:09:27
server
00:09:29
many organizations have begun
00:09:31
consolidating many of their security
00:09:33
functions on the network to a single
00:09:35
device often this is a next generation
00:09:38
firewall but you may find older systems
00:09:40
that do this called a unified threat
00:09:42
management device or a utm some people
00:09:45
often refer to this as a web security
00:09:47
gateway these devices can perform many
00:09:49
different security functions for example
00:09:51
you may have url filtering or content
00:09:53
inspection built into the device these
00:09:55
may be able to identify malware or the
00:09:58
transfer of files that may contain
00:10:00
malware these could be a spam filter on
00:10:02
their own you might also have other
00:10:05
networking features such as csu dsu
00:10:07
capabilities which allow you to connect
00:10:09
to a wide area network these devices
00:10:12
often act as routers and they usually
00:10:14
might also have switch interfaces on the
00:10:16
back of these devices and of course they
00:10:18
act also as a firewall so you can allow
00:10:21
or disallow certain traffic flows
00:10:23
through your network these devices can
00:10:25
often act as intrusion detection systems
00:10:27
or intrusion prevention systems which
00:10:29
can block known attacks from traversing
00:10:32
the network these devices can also act
00:10:34
as bandwidth shapers or quality of
00:10:36
service devices so that different
00:10:38
applications can be prioritized in real
00:10:41
time and if you need people to connect
00:10:43
to the network that are outside of your
00:10:45
facility you might want to use an
00:10:47
encrypted tunnel through a virtual
00:10:49
private network
00:10:51
in an enterprise environment we're very
00:10:53
sensitive to downtime if a server
00:10:55
becomes unavailable the user may not be
00:10:57
able to complete certain tasks or they
00:10:59
may not be able to buy anything from us
00:11:01
because the server's not responding to
00:11:03
be able to provide continuous uptime and
00:11:06
availability we need multiple servers
00:11:08
and the way that you would distribute
00:11:10
the load across those servers is with a
00:11:12
load balancer the load balancer is
00:11:14
responsible for checking in with all of
00:11:16
the servers that are connected to it and
00:11:18
if one particular server becomes
00:11:20
unresponsive it simply removes that
00:11:23
server from the load and continues
00:11:25
operating with the remaining servers
00:11:27
this is usually the primary reason a
00:11:29
load balancer is installed is to have
00:11:31
multiple servers and be able to
00:11:33
distribute the load across all of those
00:11:35
devices since the load balancer is
00:11:37
sitting in the middle of these
00:11:39
conversations it can also make changes
00:11:42
to the way certain protocols might work
00:11:44
for example it's common for a load
00:11:45
balancer to offload tcp so that it has a
00:11:48
constant connection between all of the
00:11:50
servers connected to it this load
00:11:52
balancer might also be providing ssl
00:11:54
offloading so all of the encryption and
00:11:56
decryption from these servers is
00:11:58
happening on the load balancer instead
00:12:00
of having the servers manage that
00:12:02
process themselves
00:12:04
these load balancers can commonly cache
00:12:05
information so that requests from the
00:12:07
internet may not have to go down to a
00:12:09
server instead the load balancer may
00:12:11
already have that information in a cache
00:12:13
and can simply respond back to the
00:12:15
internet without involving any of the
00:12:17
connected servers we can also perform
00:12:20
some very advanced configurations of the
00:12:22
traffic going through this load balancer
00:12:24
so we might configure certain web pages
00:12:27
or certain applications to have priority
00:12:29
over others we might also tell the load
00:12:31
balancer that certain applications
00:12:33
should prioritize to certain servers and
00:12:36
other applications or web pages can be
00:12:38
moved to other servers this content
00:12:40
switching capability allows the load
00:12:42
balancer to optimize communication with
00:12:44
the servers that can respond the best
00:12:48
some organizations have installed proxy
00:12:50
servers to add additional security to
00:12:52
their internet communications as the
00:12:54
name implies a proxy sits in the middle
00:12:57
of a conversation users will make a
00:12:59
request to the proxy the proxy then
00:13:01
makes the request to the third party
00:13:03
service receives a response from that
00:13:06
service and then examines the response
00:13:08
to make sure nothing within that
00:13:09
response is malicious once everything is
00:13:12
checked and everything looks okay that
00:13:14
response is then sent to the end user
00:13:17
this means that we can put a lot of
00:13:19
security controls into the proxy the
00:13:21
proxy connect is access control so it
00:13:23
may require a username and password to
00:13:25
gain access to the internet it can
00:13:27
perform caching it can filter by url and
00:13:30
many other security capabilities as well
00:13:34
if you work in an industrial environment
00:13:36
then you're probably already familiar
00:13:38
with scada or ics this stands for the
00:13:40
supervisory control and data acquisition
00:13:43
system you might also hear this referred
00:13:45
to as an industrial control system or
00:13:48
ics
00:13:49
the scada systems are responsible for
00:13:52
control and management of these
00:13:54
industrial machines so if you are part
00:13:56
of a power company and you have power
00:13:58
generation equipment or your
00:13:59
manufacturing company with these large
00:14:01
manufacturing equipment you might use
00:14:04
scada to be able to manage those devices
00:14:06
scada allows us to see exactly what's
00:14:08
happening on these devices and to be
00:14:10
able to manage and control these devices
00:14:12
across the network as you can imagine
00:14:15
these power generation systems and
00:14:17
manufacturing equipment can be very
00:14:19
expensive systems and an outage of these
00:14:21
systems might have a dramatic impact for
00:14:24
those reasons scada systems are usually
00:14:26
segmented from the rest of the network
00:14:27
and you very often need additional
00:14:29
rights permissions and connections to
00:14:31
even gain access to these very important
00:14:34
systems
00:14:36
one common theme with data centers is
00:14:38
once a service is installed it's very
00:14:41
difficult to get that service removed
00:14:43
from the data center and often devices
00:14:46
and services may sit in the data center
00:14:48
for 10 years or even more we often refer
00:14:51
to these systems as legacy systems and
00:14:53
although they're very old they usually
00:14:55
have an extremely important service
00:14:57
that's running on them very often these
00:14:59
legacy systems are running on older
00:15:01
software or older hardware and it might
00:15:03
be very difficult to resolve a problem
00:15:05
with this device just because the
00:15:07
software and hardware are not well
00:15:09
supported or may be difficult to obtain
00:15:12
another type of service you might find
00:15:14
in your data center is an embedded
00:15:16
system these are systems where you
00:15:17
normally don't have access to the
00:15:19
operating system or any other aspect
00:15:21
inside of the device instead it is a
00:15:23
purpose-built device that's designed for
00:15:26
you to only have access to the service
00:15:28
or the application that that device
00:15:30
provides this might be something like an
00:15:32
alarm system or a door security system
00:15:35
or perhaps the time card system that you
00:15:37
use to keep track of when people come to
00:15:39
work and when they leave those devices
00:15:41
commonly don't have an operating system
00:15:43
that we can update or even view and
00:15:45
because of that we rely on the
00:15:46
manufacturer of these purpose-built
00:15:48
systems to be able to provide us with
00:15:50
support and ongoing maintenance
00:15:54
and one of the newest category of
00:15:56
systems that you now find in the
00:15:57
enterprise are internet of things
00:16:00
devices or iot we're starting to find an
00:16:03
increasing number of iot devices not
00:16:06
only on our enterprise networks but our
00:16:08
home networks it seems that everything
00:16:10
we're connecting to a power plug in our
00:16:12
home is also connecting to our network
00:16:14
for example we're starting to see
00:16:16
appliances such as refrigerators and
00:16:18
ovens connect to the wireless network we
00:16:21
have smart devices like speakers that
00:16:22
are responding to our voice commands or
00:16:25
we might have air control systems that
00:16:26
allow us to manage the temperature of a
00:16:28
room all from a centralized app on our
00:16:31
mobile device these iot devices may also
00:16:34
be responsible for access at our
00:16:35
facilities so they might be a smart
00:16:37
doorbell or they might be responsible
00:16:39
for unlocking a door or garage this is
00:16:42
another case where the security of these
00:16:44
devices is relatively important we
00:16:47
wouldn't want somebody gaining access to
00:16:48
our systems because they have access to
00:16:50
these iot devices so commonly we segment
00:16:53
iot devices onto their own network or we
00:16:56
can have additional security and limit
00:16:58
anyone else from accessing those systems
00:17:10
you
