1 00:00:00,000 --> 00:00:03,066 Routers. Now, while switches operate 2 00:00:03,066 --> 00:00:05,018 at layer two of the OSI model 3 00:00:05,018 --> 00:00:07,778 by making their decisions based on MAC addresses, 4 00:00:07,778 --> 00:00:10,349 routers operate at layer three, making their 5 00:00:10,349 --> 00:00:12,380 decisions based on IP addresses. 6 00:00:12,380 --> 00:00:14,796 Routers are used to connect two or more networks 7 00:00:14,796 --> 00:00:16,237 to form an internetwork. 8 00:00:16,237 --> 00:00:18,132 Such as when you connect your small office 9 00:00:18,132 --> 00:00:20,054 home office router, your internal network, 10 00:00:20,054 --> 00:00:21,692 out to the Internet. 11 00:00:21,692 --> 00:00:23,589 It connects your office's network out 12 00:00:23,589 --> 00:00:26,404 to other office's network over the Internet. 13 00:00:26,404 --> 00:00:27,940 Now, routers are devices that make 14 00:00:27,940 --> 00:00:29,494 routing decisions and they do this 15 00:00:29,494 --> 00:00:31,023 by using IP addresses. 16 00:00:31,023 --> 00:00:33,732 These layer three IP addresses are used 17 00:00:33,732 --> 00:00:36,214 to determine what network a particular host is on 18 00:00:36,214 --> 00:00:38,204 and what path the traffic should take 19 00:00:38,204 --> 00:00:40,140 to go across the wide area network 20 00:00:40,140 --> 00:00:42,692 until it reaches its destination network. 21 00:00:42,692 --> 00:00:44,873 Once the traffic reaches the destination network 22 00:00:44,873 --> 00:00:47,029 or the final router that's involved, 23 00:00:47,029 --> 00:00:48,564 that particular router will conduct 24 00:00:48,564 --> 00:00:50,957 ARP broadcast to locate the correct 25 00:00:50,957 --> 00:00:53,425 host on its local network and pass the traffic 26 00:00:53,425 --> 00:00:55,870 to it using its MAC address at the layer two 27 00:00:55,870 --> 00:00:58,884 which is known as that physical address. 28 00:00:58,884 --> 00:01:01,597 In addition to this important routing function, 29 00:01:01,597 --> 00:01:03,948 routers also provide us with some security 30 00:01:03,948 --> 00:01:06,438 functions too. Access control lists or ACLs 31 00:01:06,438 --> 00:01:09,163 can be configured on the router's interface 32 00:01:09,163 --> 00:01:10,827 to control the flow of traffic into 33 00:01:10,827 --> 00:01:13,021 or out of a certain part of the network. 34 00:01:13,021 --> 00:01:15,523 ACLs are an ordered set of rules 35 00:01:15,523 --> 00:01:17,307 that will either permit or deny traffic 36 00:01:17,307 --> 00:01:19,188 based upon certain characteristics, 37 00:01:19,188 --> 00:01:21,395 like its source or destination IP address, 38 00:01:21,395 --> 00:01:23,467 the source or destination port number 39 00:01:23,467 --> 00:01:25,523 associated with it, and the application 40 00:01:25,523 --> 00:01:27,339 or service being run. 41 00:01:27,339 --> 00:01:29,891 Now, in an effort to get past these access control lists, 42 00:01:29,891 --> 00:01:32,140 attackers will often conduct IP spoofing. 43 00:01:32,140 --> 00:01:34,373 If they can spoof the IP, they can trick 44 00:01:34,373 --> 00:01:35,881 the access control list to think 45 00:01:35,881 --> 00:01:37,710 they're on the approved list and let them in 46 00:01:37,710 --> 00:01:39,028 or let them out. 47 00:01:39,028 --> 00:01:40,932 Since routers are on the external interface 48 00:01:40,932 --> 00:01:44,364 for a network, they're commonly a target for attack as well. 49 00:01:44,364 --> 00:01:47,717 And so out of the box, routers tend to be very insecure 50 00:01:47,717 --> 00:01:50,296 and you need to configure them properly for security. 51 00:01:50,296 --> 00:01:52,757 This includes changing things like your default username 52 00:01:52,757 --> 00:01:55,084 and password, changing the default routing tables, 53 00:01:55,084 --> 00:01:58,077 and changing those default IP internal addresses. 54 00:01:58,077 --> 00:02:00,534 To help protect our routers and our internal networks, 55 00:02:00,534 --> 00:02:03,710 we use a lot of other network devices and technologies, 56 00:02:03,710 --> 00:02:06,220 such as firewalls, intrusion prevention systems, 57 00:02:06,220 --> 00:02:09,300 virtual private network connections, content filters, 58 00:02:09,300 --> 00:02:10,804 and access control lists. 59 00:02:10,804 --> 00:02:12,630 By layering all these defenses, we create 60 00:02:12,630 --> 00:02:14,917 a better defense in depth posture. 61 00:02:14,917 --> 00:02:16,924 Now, we're going to cover all of these protective 62 00:02:16,924 --> 00:02:19,381 devices and technologies throughout this course 63 00:02:19,381 --> 00:02:21,336 but for now, it's sufficient to realize 64 00:02:21,336 --> 00:02:24,500 that using these things helps add up our security. 65 00:02:24,500 --> 00:02:26,236 And that helps us to secure our routers 66 00:02:26,236 --> 00:02:28,569 from various attack methods.