1
00:00:05,380 --> 00:00:08,090
What devices do we have here.

2
00:00:08,109 --> 00:00:11,160
This is a router,

3
00:00:11,350 --> 00:00:13,660
This is a Cisco 43 21 router.

4
00:00:13,720 --> 00:00:19,570
I've chosen this router specifically, why purchase this router specifically because it's available in Packet

5
00:00:19,570 --> 00:00:20,800
Tracer.

6
00:00:20,800 --> 00:00:29,550
This is a Cisco 35 60 CX switch again 35 60 switches are available in Packet Tracer.

7
00:00:29,560 --> 00:00:32,950
You don't need to spend money buying all these devices.

8
00:00:32,950 --> 00:00:34,160
I've done that for you.

9
00:00:34,210 --> 00:00:37,270
Now obviously if you want to, you could buy physical equipment.

10
00:00:37,330 --> 00:00:43,150
It's nice in some ways to work with physical equipment but for the CCNA you don't have to use physical

11
00:00:43,150 --> 00:00:44,550
equipment if you can't afford it.

12
00:00:44,650 --> 00:00:50,650
Just use packet tracer and I'll show you in a moment when I boot up this rider and the switch and compare

13
00:00:50,650 --> 00:00:53,620
it to Packet Tracer you'll see it's very very similar.

14
00:00:53,650 --> 00:00:57,370
This is an example of a 29 60 switch.

15
00:00:57,490 --> 00:01:00,220
What I like about these switches is they fan less

16
00:01:00,220 --> 00:01:06,700
So I have them on my desk here and it doesn't make a lot of noise and mess up the recordings but here

17
00:01:06,700 --> 00:01:08,350
we've got two interesting devices.

18
00:01:08,350 --> 00:01:12,200
They look very similar, very similar to each other.

19
00:01:12,790 --> 00:01:22,600
But what you'll notice and these are older devices is this is a Cisco ASA 5505, This is called a firewall

20
00:01:22,900 --> 00:01:29,950
firewalls allow us to stop bad people getting into our network so we can restrict who can access our

21
00:01:29,950 --> 00:01:31,150
network.

22
00:01:31,150 --> 00:01:36,050
They use what are called firewall rules to permit or deny traffic.

23
00:01:36,130 --> 00:01:41,080
This is a small little firewall typically used again in a small business.

24
00:01:41,080 --> 00:01:46,890
The idea here is we can connect a bunch of devices directly to the firewall so it's acting like a switch.

25
00:01:46,900 --> 00:01:53,000
In some ways but I could specify what's called the outside interface and the inside interface.

26
00:01:53,050 --> 00:01:57,730
And I do not allow or this firewall does not allow traffic from the outside interface to the inside

27
00:01:57,730 --> 00:02:04,180
interface unless you explicitly allow, it your home rider probably does something similar has a built

28
00:02:04,210 --> 00:02:09,800
in Firewall your PC may be also running a firewall a software firewall directly on the PC.

29
00:02:09,850 --> 00:02:12,890
This is an example of a hardware dedicated firewall.

30
00:02:12,890 --> 00:02:18,110
Now routers as mentioned often have firewall functionality but this is a dedicated firewall.

31
00:02:18,130 --> 00:02:23,020
Now you could connect your internet directly to the firewall if you have an Ethernet connection and

32
00:02:23,020 --> 00:02:29,910
then to the router and then to the switch where you're inside devices or, or your LAN is all you could

33
00:02:29,910 --> 00:02:34,840
connect to the router and then have the firewall behind the router so you either have the firewall in

34
00:02:34,840 --> 00:02:41,830
front of the router or behind the router, in many cases you're going to have this behind the router because

35
00:02:41,830 --> 00:02:47,960
your ISP may manage the router, or you need a physical connection that's not Ethernet.

36
00:02:48,010 --> 00:02:53,200
These devices typically only support Ethernet, router will support other types of technologies such as

37
00:02:53,200 --> 00:02:55,610
ADSL or cable as an example.

38
00:02:55,630 --> 00:03:00,280
So the internet connects to the router it connects to the firewall which then connects to your switch

39
00:03:00,490 --> 00:03:03,040
in your internal network.

40
00:03:03,040 --> 00:03:07,910
Now here' s another device, looks very much the same but this is a wireless LAN controller.

41
00:03:07,920 --> 00:03:10,390
Another small wireless LAN controller.

42
00:03:10,390 --> 00:03:14,440
You'll notice the form factor looks exactly the same but it has different functionality.

43
00:03:14,440 --> 00:03:17,650
This is used to manage access points.

44
00:03:17,770 --> 00:03:23,860
If you've only got one access point it makes sense to manage the access point directly using what's

45
00:03:23,860 --> 00:03:29,560
called an autonomous access point economists meaning that you don't need a wireless LAN controller to

46
00:03:29,560 --> 00:03:30,400
manage it.

47
00:03:30,550 --> 00:03:36,790
But if you've got 100 of these or 500 of these it's going to be a lot of work to manually configure

48
00:03:36,880 --> 00:03:38,440
every one of those access points.

49
00:03:38,860 --> 00:03:43,180
So rather than doing that you use what's called lightweight access points.

50
00:03:43,180 --> 00:03:48,190
Some of these access points support both so they can either be lightweight or they can be autonomous.

51
00:03:48,280 --> 00:03:52,980
Some of them have to be lightweight access points varies depending on which one you buy.

52
00:03:53,080 --> 00:04:00,250
But the idea is is if I had 100 of these or 500 of these they would register with the wireless LAN controller.

53
00:04:00,250 --> 00:04:04,720
Now obviously this is a small wireless LAN controller so it's not going to support as many access points.

54
00:04:04,840 --> 00:04:11,710
But the idea is if I have 100 access points they would connect to the wireless LAN controller.

55
00:04:11,710 --> 00:04:15,460
And notice this doesn't have as many ports as as would be required.

56
00:04:15,460 --> 00:04:20,240
The wireless LAN controller and the bigger ones even more so don't have so many interfaces.

57
00:04:20,320 --> 00:04:24,970
They simply connect to switches so the access points connects to switches the wireless LAN controller

58
00:04:24,970 --> 00:04:29,920
connects to switches, switches are there to provide lots of ports to connect to in the network.

59
00:04:30,430 --> 00:04:36,640
So the whole idea here is the wireless LAN controller will manage the access points rather than manually

60
00:04:36,730 --> 00:04:41,010
managing every one of the access points you manage them through the wireless LAN controller.

61
00:04:41,140 --> 00:04:45,630
So the wireless LAN controller will manage let's say 100, 500 access points depends on the controller.

62
00:04:45,820 --> 00:04:47,590
Depends what it can support.

63
00:04:47,590 --> 00:04:50,110
So once again here we've got a firewall.

64
00:04:50,170 --> 00:04:51,790
This is an older firewall.

65
00:04:51,850 --> 00:04:55,590
ASA, Today we have what are called next generation firewalls.

66
00:04:55,630 --> 00:04:59,050
They support features such as IP s or IDS.

67
00:04:59,080 --> 00:05:00,550
Now intrusion detection.

68
00:05:00,580 --> 00:05:06,250
Let me give you an analogy so that you won't forget what intrusion detection is an IDS is like a

69
00:05:06,250 --> 00:05:13,810
dog what a dog can do is help protect you by warning you when there's an attack taking place.

70
00:05:14,080 --> 00:05:20,800
Let's say you sleeping at night sleeping comfortably in bed the dog, however, sniffs that there's an attacker

71
00:05:20,980 --> 00:05:27,180
so an intruder it sniffs that there's an intruder trying to break into your house.

72
00:05:27,190 --> 00:05:28,330
What does it do.

73
00:05:28,330 --> 00:05:32,530
It barks, it warns you that there's an intruder.

74
00:05:32,530 --> 00:05:35,230
It doesn't stop the attacker.

75
00:05:35,230 --> 00:05:40,900
It warns you that there's an attacker and then you can do something to stop the attacker trying to break

76
00:05:40,900 --> 00:05:41,920
into your house.

77
00:05:42,190 --> 00:05:48,310
An intrusion detection system simply detects that there's a problem and then alerts you that there's

78
00:05:48,310 --> 00:05:50,380
a problem and then you have to do something about it.

79
00:05:50,890 --> 00:05:57,280
An intrusion prevention system can alert you that there's a problem but also block the attack so it

80
00:05:57,280 --> 00:05:59,040
can prevent the attack.

81
00:05:59,050 --> 00:06:04,870
So if someone breaks into your network remotely let's say a hacker it can see that there's malicious

82
00:06:04,870 --> 00:06:07,510
activity on the network and then it can block that attacker.

83
00:06:07,540 --> 00:06:14,320
So prevent that attacker from gaining access to your network, intrusion detection systems typically set

84
00:06:14,410 --> 00:06:19,900
out of band of network traffic so the traffic is going past them but they're not in the flow of traffic

85
00:06:20,150 --> 00:06:25,150
they're just getting copies of the traffic to see if there's a problem and intrusion prevention system

86
00:06:25,360 --> 00:06:27,670
sits in line with the traffic.

87
00:06:27,670 --> 00:06:31,960
The traffic is going through the IPS or intrusion prevention system.

88
00:06:32,110 --> 00:06:36,970
When there's an attack it blocks it so the attacker can't get into your network.

89
00:06:36,970 --> 00:06:41,080
So think of an IDS or an IPS as a dog.

90
00:06:41,230 --> 00:06:43,070
Is it a small dog IDS,

91
00:06:43,150 --> 00:06:47,200
Is it a very large dog, IPS,  can go and attack the attacker.

92
00:06:48,070 --> 00:06:51,370
Hopefully, that analogy will help you never forget what an IDS or IPS.