1 00:00:06,776 --> 00:00:09,610 - [Instructor] Network segmentation is the process 2 00:00:09,610 --> 00:00:11,656 of logically grouping 3 00:00:11,656 --> 00:00:14,530 network assets, resources, and applications. 4 00:00:14,530 --> 00:00:17,750 Segmentation provides the flexibility to implement 5 00:00:17,750 --> 00:00:21,090 a variety of services, authentication requirements, 6 00:00:21,090 --> 00:00:22,910 and security controls. 7 00:00:22,910 --> 00:00:24,296 Working from the inside out, 8 00:00:24,296 --> 00:00:27,970 network segments include the following types. 9 00:00:27,970 --> 00:00:29,540 An enclave network, 10 00:00:29,540 --> 00:00:32,010 which is a segment of the internal network 11 00:00:32,010 --> 00:00:35,410 that requires a higher degree of protection. 12 00:00:35,410 --> 00:00:37,630 Internal accessibility is further restricted 13 00:00:37,630 --> 00:00:40,670 through the use of firewalls, VPNs, VLANs, 14 00:00:40,670 --> 00:00:43,910 and network access control devices. 15 00:00:43,910 --> 00:00:48,910 Trusted network, wired or wireless, is the internal network 16 00:00:49,470 --> 00:00:53,000 that is accessible to authorized users. 17 00:00:53,000 --> 00:00:54,940 External accessibility is restricted 18 00:00:54,940 --> 00:00:59,940 through the use of firewalls, VPNs, and IDS/IPS devices. 19 00:01:00,120 --> 00:01:02,700 Internal accessibility may be restricted 20 00:01:02,700 --> 00:01:06,060 through the use of VLANs and NAC devices. 21 00:01:06,060 --> 00:01:09,059 A semi-trusted network or perimeter network, 22 00:01:09,059 --> 00:01:13,660 also considered a DMZ or demilitarized zone, 23 00:01:13,660 --> 00:01:17,997 is a network that is designed to be internet accessible. 24 00:01:17,997 --> 00:01:20,950 Posts such as web servers and email gateways 25 00:01:20,950 --> 00:01:23,710 are generally located in the DMZ. 26 00:01:23,710 --> 00:01:26,760 Internal and external accessibility is restricted 27 00:01:26,760 --> 00:01:31,760 through the use of firewalls, VPNs, and IDS/IPS devices. 28 00:01:31,970 --> 00:01:36,210 Guest networks, either wired or wireless, 29 00:01:36,210 --> 00:01:39,000 are networks that are specifically designed 30 00:01:39,000 --> 00:01:43,010 for use by visitors to connect to the internet. 31 00:01:43,010 --> 00:01:45,300 There's no access from the guest network 32 00:01:45,300 --> 00:01:47,580 to the internal trusted network. 33 00:01:47,580 --> 00:01:50,680 And untrusted network is a network 34 00:01:50,680 --> 00:01:53,460 outside your security controls. 35 00:01:53,460 --> 00:01:56,453 The internet is considered an untrusted network.