0:00
Alright, johnny e.
00:01
Assume the standard network e -commerce network configuration for all applications including web servers residing in the dmz.
00:09
Application and database servers both segregated on the internal network on the specific subnets firewalled off from the remainder of the network.
00:17
Additionally, all internal web servers reside on a single subnet separated from the remainder of the network by a firewall.
00:24
The network doors to the internet and the intranet are separated by firewalls.
00:29
What are the control procedures, control gaps, solutions to mitigate the control gap? so for this situation, our control procedures, the firewall configuration, config, firewall configuration, firewall should be configured to allow only necessary traffic to and from the internet and the intranet.
00:58
This includes setting up rules to block all unnecessary ports and services.
01:02
The network segmentation, network segmentation, the network should be segmented into different zones based on sensitivity and function of the systems.
01:18
This can help to limit the spread of an attack if one system is compromised.
01:23
So by separating the systems and sorting them out based on their necessity and data sensitivity, if one does get compromised, well the other ones are segmented anyway so you don't have to worry about the breach spreading.
01:39
Intrusion detection and prevention systems, or ids, ids slash ips.
01:48
These systems can help to detect and prevent malicious activity on the network.
01:52
You should also do regular patching.
01:57
I'll erase that.
01:59
I'm going to say patching.
02:07
All systems should be regularly patched and updated to fix any known vulnerabilities.
02:13
Access control, only authorized users should have access to the systems.
02:25
This includes implementing strong authentication methods and regularly reviewing access rights.
02:31
Regular audits, you need to regularly audit stuff that way we can be sure that everything is up to par.
02:39
Audits...