1 00:00:00,130 --> 00:00:01,520 Subnetting. 2 00:00:01,520 --> 00:00:04,850 Subnetting is the act of creating subnetworks logically 3 00:00:04,850 --> 00:00:07,390 through the manipulation of IP addresses. 4 00:00:07,390 --> 00:00:09,390 So, if I take a large chunk of IPs, 5 00:00:09,390 --> 00:00:12,250 like a 256 block, I can break it down 6 00:00:12,250 --> 00:00:14,940 into four blocks of 64 IPs, 7 00:00:14,940 --> 00:00:17,200 or eight blocks of 32 IPs, 8 00:00:17,200 --> 00:00:19,060 however you want to break it down in your subnetting, 9 00:00:19,060 --> 00:00:20,920 which you learned back in Network+. 10 00:00:20,920 --> 00:00:23,270 Now, subnetting has some benefits to our network. 11 00:00:23,270 --> 00:00:24,180 First, it allows us 12 00:00:24,180 --> 00:00:26,210 to more efficiently use the IP address space 13 00:00:26,210 --> 00:00:27,220 that we've been given, 14 00:00:27,220 --> 00:00:29,320 and it's going to reduce the broadcast traffic 15 00:00:29,320 --> 00:00:30,420 and the number of collisions, 16 00:00:30,420 --> 00:00:33,040 because there's less hosts on any given network. 17 00:00:33,040 --> 00:00:35,260 But, it also can increase our security 18 00:00:35,260 --> 00:00:37,690 by making our networks more compartmentalized 19 00:00:37,690 --> 00:00:39,920 and allows them to be in smaller sections. 20 00:00:39,920 --> 00:00:42,930 Any time information wants to go from one subnet to another, 21 00:00:42,930 --> 00:00:44,550 it has to be routed through. 22 00:00:44,550 --> 00:00:46,200 And that gives us an additional place 23 00:00:46,200 --> 00:00:47,700 to place access control lists 24 00:00:47,700 --> 00:00:49,170 and other things to our router 25 00:00:49,170 --> 00:00:51,170 to give us additional security. 26 00:00:51,170 --> 00:00:53,750 Now, you can use subnets to help secure your network 27 00:00:53,750 --> 00:00:55,760 by doing a couple of different things. 28 00:00:55,760 --> 00:00:57,760 First, you want to assign different policies 29 00:00:57,760 --> 00:00:58,920 to each subnet. 30 00:00:58,920 --> 00:01:01,180 For example, I might have a subnet that's associated 31 00:01:01,180 --> 00:01:02,150 with my printers, 32 00:01:02,150 --> 00:01:03,640 and those have different policies 33 00:01:03,640 --> 00:01:05,490 than the ones associated with my servers, 34 00:01:05,490 --> 00:01:07,040 and those have different policies 35 00:01:07,040 --> 00:01:08,000 than the ones associated 36 00:01:08,000 --> 00:01:10,330 with my office workers' desktop computers. 37 00:01:10,330 --> 00:01:11,860 Each of those can have different policies 38 00:01:11,860 --> 00:01:13,270 for each subnet. 39 00:01:13,270 --> 00:01:15,660 Also, you want to be able to monitor all of your subnets 40 00:01:15,660 --> 00:01:18,620 and check the traffic that's going into and out of them. 41 00:01:18,620 --> 00:01:21,820 By using subnets, we can help isolate an attack, as well, 42 00:01:21,820 --> 00:01:23,550 because all traffic has to be routed 43 00:01:23,550 --> 00:01:25,550 before it can enter or exit a subnet. 44 00:01:25,550 --> 00:01:28,040 And therefore, if somebody breaks into, say, 45 00:01:28,040 --> 00:01:30,400 the secretary's computer, they're going to be trapped 46 00:01:30,400 --> 00:01:32,520 in that subnet, unless they have permission 47 00:01:32,520 --> 00:01:35,160 to go into some of the other more secured subnets 48 00:01:35,160 --> 00:01:36,380 that we have out there. 49 00:01:36,380 --> 00:01:37,980 Each time it goes through a router again, 50 00:01:37,980 --> 00:01:40,110 it's going to be checked by the access control list, 51 00:01:40,110 --> 00:01:43,170 and that secretary's laptop may not have access 52 00:01:43,170 --> 00:01:45,290 to the database server, for example, 53 00:01:45,290 --> 00:01:47,910 which has more confidential and secured information. 54 00:01:47,910 --> 00:01:49,940 So, they're going to be limited in what they can do 55 00:01:49,940 --> 00:01:51,857 once they've broken in.