From the course: CompTIA Advanced Security Practitioner (CASP+) (CAS-004) Cert Prep
Securing architectures
From the course: CompTIA Advanced Security Practitioner (CASP+) (CAS-004) Cert Prep
Securing architectures
- In this section of the course, we're going to continue discussing ways to secure our network architectures, but this time, we're going to be focused on different services, segmentation, zero trust, in conjunction with deperimeterization, and software-defined networking. In this section, we're again going to be discussing Domain 1, security architecture, and specifically Objective 1.1. Given a scenario, analyze the security requirements and objectives to ensure appropriate, secure network architecture for a new or existing network. So as we move through this section, we're going to start out by discussing how to conduct traffic mirroring, so that we can add sensors to our networks. Then, we're going to discuss the different types of sensors that we're going to use in conjunction with that traffic mirroring. Then, we're going to move into segmentation of our networks, covering microsegmentation, screen subnets, security zones, and much more. After that, we're going to discuss the concepts of deperimeterization and zero trust before we move into the concepts surrounding the merging of networks from various organizations that we may be conducting business with. Finally, we're going to talk about software-defined networking, or SDN. This includes open SDN, hybrid SDN, and SDN overlays. So, let's get started in this section on securing architectures. (suspenseful music)
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
Securing networks6m 48s
-
Switches7m 27s
-
(Locked)
Routers8m 27s
-
(Locked)
Wireless and mesh3m 23s
-
(Locked)
Firewalls11m 30s
-
(Locked)
Proxies6m 59s
-
(Locked)
Gateways4m 39s
-
(Locked)
IDS and IPS6m 29s
-
(Locked)
Network access control2m 56s
-
(Locked)
Remote access8m 59s
-
(Locked)
Unified communication19m 8s
-
(Locked)
Cloud vs. on-premises4m 49s
-
(Locked)
DNSSEC4m 16s
-
(Locked)
Load balancer6m 48s
-
-
-
Securing architectures1m 16s
-
Traffic mirroring4m 23s
-
(Locked)
Network sensors11m 46s
-
(Locked)
Host sensors6m 15s
-
(Locked)
Layer 2 segmentation5m 14s
-
(Locked)
Network segmentation13m 14s
-
(Locked)
Server segmentation10m 51s
-
(Locked)
Zero trust6m 37s
-
(Locked)
Merging networks5m 32s
-
(Locked)
Software-defined networking5m 27s
-
-
-
Cloud and virtualization1m 6s
-
Cloud deployment models4m 34s
-
(Locked)
Cloud service models5m 7s
-
(Locked)
Deployment considerations4m 57s
-
(Locked)
Provider limitations2m 59s
-
(Locked)
Extending controls5m 6s
-
(Locked)
Provisioning and deprovision2m 59s
-
(Locked)
Storage models5m 22s
-
(Locked)
Virtualization7m 56s
-
-
-
Authentication and authorization1m 44s
-
Access control4m 47s
-
(Locked)
Credential management4m 27s
-
(Locked)
Password policies8m 2s
-
(Locked)
Multifactor authentication8m 25s
-
(Locked)
Authentication protocols10m
-
(Locked)
Federation7m 2s
-
(Locked)
Root of trust4m 24s
-
(Locked)
Attestation2m 14s
-
(Locked)
Identity proofing3m 33s
-
-
-
Emerging technology4m 18s
-
Artificial intelligence and machine learning8m 55s
-
(Locked)
Deep learning8m 58s
-
(Locked)
Big data4m 40s
-
(Locked)
Blockchain distributed consensus5m 36s
-
(Locked)
Passwordless authentication5m 17s
-
(Locked)
Homomorphic encryption3m 37s
-
(Locked)
Virtual and augmented reality4m 32s
-
(Locked)
3D printing3m 3s
-
(Locked)
Quantum computing5m 34s
-
-
-
(Locked)
Threat and vulnerability management1m 56s
-
(Locked)
Threat intelligence6m 19s
-
(Locked)
Threat hunting6m 43s
-
(Locked)
Intelligence collection11m 9s
-
(Locked)
Threat actors9m 21s
-
(Locked)
Threat management frameworks12m 45s
-
(Locked)
Vulnerability management activities11m 44s
-
(Locked)
Security Content Automation Protocol7m 21s
-
(Locked)
-
-
(Locked)
Analyzing vulnerabilities1m 22s
-
(Locked)
Race conditions4m 58s
-
(Locked)
Buffer overflows12m 27s
-
(Locked)
Authentication and references5m 56s
-
(Locked)
Ciphers and certificates10m 46s
-
(Locked)
Improper headers6m 9s
-
(Locked)
Software composition9m 49s
-
(Locked)
Vulnerable web applications11m 45s
-
(Locked)
-
-
(Locked)
Attacking vulnerabilities1m 15s
-
(Locked)
Directory traversals9m 48s
-
(Locked)
Cross-Site Scripting (XSS)8m 59s
-
(Locked)
Cross-site request forgery (CSRF)7m 15s
-
(Locked)
SQL injections7m 5s
-
(Locked)
XML injections6m 29s
-
(Locked)
Other injection attacks4m 21s
-
(Locked)
Authentication bypass6m 45s
-
(Locked)
VM attacks4m 52s
-
(Locked)
Network Attacks11m 3s
-
(Locked)
Social engineering7m 15s
-
(Locked)
-
-
(Locked)
Enterprise mobility2m 36s
-
(Locked)
Enterprise mobility management9m 36s
-
(Locked)
WPA37m 20s
-
(Locked)
Connectivity options8m 48s
-
(Locked)
Security configurations8m 8s
-
(Locked)
DNS protection3m 15s
-
(Locked)
Deployment options4m 38s
-
(Locked)
Reconnaissance concerns8m
-
(Locked)
Mobile security7m 50s
-
(Locked)
-
-
(Locked)
Endpoint security controls2m 24s
-
(Locked)
Device hardening8m 30s
-
(Locked)
Patching4m 41s
-
(Locked)
Security settings5m 41s
-
(Locked)
Mandatory access controls (MAC)6m 44s
-
(Locked)
Secure boot5m 49s
-
(Locked)
Hardware encryption4m 48s
-
(Locked)
Endpoint protections9m 54s
-
(Locked)
Logging and monitoring6m 14s
-
(Locked)
Resiliency6m 4s
-
(Locked)
-
-
(Locked)
Cloud technologies2m 37s
-
(Locked)
Business continuity and disaster recovery7m 51s
-
(Locked)
Cloud encryption5m 23s
-
(Locked)
Serverless computing8m 54s
-
(Locked)
Software-defined networking (SDN)6m 52s
-
(Locked)
Log collection and analysis4m 22s
-
(Locked)
Cloud application security broker6m 16s
-
(Locked)
Cloud misconfigurations10m 57s
-
(Locked)
-
-
(Locked)
Asymmetric algorithms2m 11s
-
(Locked)
Using asymmetric algorithms9m 28s
-
(Locked)
SSL, TLS, and cipher suites8m 21s
-
(Locked)
S/MIME and SSH7m 27s
-
(Locked)
EAP5m 39s
-
(Locked)
IPSec14m 34s
-
(Locked)
Elliptic curve cryptography (ECC)3m 33s
-
(Locked)
Forward secrecy3m 35s
-
(Locked)
Authenticated encryption with associated data (AEAD)1m 53s
-
(Locked)
Key stretching4m 30s
-
(Locked)
-
-
(Locked)
Public key infrastructure4m 30s
-
(Locked)
PKI components10m 18s
-
(Locked)
Digital certificates7m 44s
-
(Locked)
Using digital certificates5m 40s
-
(Locked)
Trust models4m 28s
-
(Locked)
Certificate management2m 44s
-
(Locked)
Certificate validity: CRL and OCSP3m 48s
-
(Locked)
Protecting web traffic3m 30s
-
(Locked)
Troubleshooting certificates5m 22s
-
(Locked)
Troubleshooting keys3m 35s
-
(Locked)