Hello and welcome. My name is Tyler McMinn with Aruba, a Hewlett Packard Enterprise Company. This is the network security basics course, where we are going to be jumping into part 1, video number 7, covering Aruba security strategies or security technologies and getting into how Aruba implements those technologies to adhere to proper security standards as we work our way through. Without further ado, let's jump on in. Starting with Aruba security strategies. A broad view of what Aruba is seeking to accomplish with security is to make sure that, what we call enforcing micro-segmentation. But what it's doing is it's building on this foundation of the trusted network infrastructure with the capability to enforce micro-segmentation and access control. Now, what that means in English is that we will implement on all of our Aruba devices, from our edge gateways and switches, our core switches, edge switches, our controllers that manage our wireless radios, all of our ports, everything, end-to-end to do good security throughout. Rather than just having a strong single firewall that protects you from the Internet and leaving the internal part of your network completely open, we would enforce security all the way to the edge. Aruba does that, not only on the wireless side where you can authenticate using very strong cryptographic standards like 802.1x, but you can enforce that on the wired side as well. Not only can you tunnel your wireless traffic to a deep packet inspection, top tier application-based firewall service, but you can also tunnel your traffic from the wired side to that same firewall service through an Aruba feature called dynamic segmentation. Now, we're not going to get that deep into it for this class. Just take a breath, we're going to be okay. But we are going to adhere to a lot of these standards. One of the best standards that you can really have in security is not to have any holes in your security, and that's what Aruba really strives to do, have the same level of security that we can get on the wireless side to include that on the wired side. All of this policy, all of this control, all of this ability to track what's going on in your network, can be centralized through what we call a AAA server. AAA stands for authentication, authorization, and accounting. A AAA service can run on a server called, surprise, surprise, a AAA server. Aruba has what we call ClearPass. In the lab, we will show a couple of examples where I'll log in to a ClearPass server in our lab environment and show you what the results are, how you can see authentication as is taking place and be able to quickly troubleshoot, was it a bad password? Was it a bad certificate? Was there a problem with the switch they're login into or the access points/controller they're login into? Or was it an issue on the client side? ClearPass can tell you all of that. A ClearPass can be deployed in a very small environment where you want to centralize everything, or you could tie it in and get those same features through a Cloud-based service like Aruba Central. Ultimately, what it really means is you have the same security everywhere. By enforcing a policy with something like a ClearPass Policy Manager, central to your campus and available across the branch, you can authenticate users no matter where they are, even your own employees may figure out pretty quickly that while they're wireless, they have all this firewalling, but when they dock on a docking station and they plug in, you may not have consistency with other vendors. With Aruba, we would make sure that the user has the same experience, the same restrictions, and the same privileges, whether they're wired, whether they're wireless, whether they're at the campus, or whether they're at the branch, makes no difference. A properly set-up Aruba network is taken advantage of these features. You don't want people figuring out that when they dock, they can suddenly go to Facebook when they were blocked before. Your own employees will start to get around your own security pretty quickly. Let's take a look at some security technologies in order to do this. The first thing we're going to talk about is regulatory compliance. I know you guys were waiting for it, here it is. This is important to bring up because we need to know what our policies should be and what's appropriate. In any company or even at your house or whatever, you might think, well, when is enough enough? Am I doing the right thing or not? I just finished saying there's no black and white, it's really up to the organization. But to some extent, there is some objective rules that you can follow, otherwise your company could suffer legal fines. If they're hacked, there might just simply be lost to reputation. This could mean simple loss of revenue and downtime. There are different regional data protection regulations that are out there. Some are very specialized. Most focus on individual rights. But like the HIPAA regulation act, it has to do with protecting confidentiality when it comes to hospitals and medical information. FIPS is probably one of the better standards when it comes to what best practices are for just security in general and defending your hardware or protecting your hardware. Other regionless or multi-region standards like PCI standards have to deal with how you're handling credit card information, how you're handling financial information, and not following these regulations could definitely result in legal fines, if not, lost a reputation when people realize their credit cards are being stolen, like the Target example from a few years ago. So understanding your own company's policy is important as well. Not only should you be following the law in whatever region you're in, of course, but you may also have additional company policies that need to be checked and followed as well. Best practice is, work with legal and your security teams, know what your responsibilities are, and then of course, prove use of best practices, documentation trails for audits, keeping track of logs, and things like that. In the four-day class, we get much more into this. So for this class, we'll just leave it as saying, yeah, this information should be stored not only for security reasons, but it may be financial as well. Like Sarbanes-Oxley here in the United States, requires that you have a certain amount of your email stored for a certain number of years depending on your industry, or you can suffer fines. I think that's probably a good place to pause there because the next section we're going to get into is more technical, hands-on, and much more practical. Up to this point, we've talked a lot about threats, and attacks, and hackers, and what could happen, and what are the standards, and all of that. But now we're going to bring it down to the nuts and bolts and actually get some hands-on with some Aruba switches. I'll do some live demonstrations for you, and we'll look at locking those switches down. You might be surprised at how easy it is to just follow some best practices. I want to thank you guys for your time. I'll see you in the next video.
