WEBVTT 1 00:00:00.050 --> 00:00:01.690 In this section of the course, 2 00:00:01.690 --> 00:00:03.330 we are going to discuss 3 00:00:03.330 --> 00:00:05.610 troubleshooting network infrastructure. 4 00:00:05.610 --> 00:00:08.190 The troubleshooting network infrastructure section 5 00:00:08.190 --> 00:00:12.510 of the course focuses on Domain Three, security engineering, 6 00:00:12.510 --> 00:00:15.360 specifically Objective 3.3, 7 00:00:15.360 --> 00:00:17.910 which states that given a scenario, 8 00:00:17.910 --> 00:00:19.710 you must be able to troubleshoot 9 00:00:19.710 --> 00:00:23.340 complex network infrastructure security issues. 10 00:00:23.340 --> 00:00:25.710 Effective troubleshooting of network infrastructure 11 00:00:25.710 --> 00:00:28.170 is vital for maintaining a secure 12 00:00:28.170 --> 00:00:30.330 and efficient digital environment, 13 00:00:30.330 --> 00:00:34.020 quickly identifying and resolving issues is essential 14 00:00:34.020 --> 00:00:38.280 to ensure system availability and protect data integrity. 15 00:00:38.280 --> 00:00:41.370 Misconfigurations and security vulnerabilities 16 00:00:41.370 --> 00:00:43.290 can pose significant threats 17 00:00:43.290 --> 00:00:46.380 to both availability and data protection. 18 00:00:46.380 --> 00:00:49.815 Therefore, comprehensive monitoring through analysis 19 00:00:49.815 --> 00:00:53.245 and a deep understanding of potential vulnerabilities 20 00:00:53.245 --> 00:00:55.650 are critical to safeguarding network 21 00:00:55.650 --> 00:00:57.540 and operational security. 22 00:00:57.540 --> 00:00:59.130 As we go through this section, 23 00:00:59.130 --> 00:01:01.260 we will cover many topics related 24 00:01:01.260 --> 00:01:03.450 to troubleshooting network infrastructure, 25 00:01:03.450 --> 00:01:07.020 including observability, network errors, 26 00:01:07.020 --> 00:01:10.770 network misconfiguration, intrusion prevention system, 27 00:01:10.770 --> 00:01:14.760 and intrusion detection system issues, alert analysis, 28 00:01:14.760 --> 00:01:19.760 Domain Name System security, email security, network issues, 29 00:01:19.770 --> 00:01:24.120 cryptographic issues, and public key infrastructure issues. 30 00:01:24.120 --> 00:01:26.880 First, we will look at observability. 31 00:01:26.880 --> 00:01:30.720 Observability is the ability to monitor, understand, 32 00:01:30.720 --> 00:01:33.360 and diagnose the internal states 33 00:01:33.360 --> 00:01:37.980 and performance of a system based on the data it produces. 34 00:01:37.980 --> 00:01:41.070 Observability concepts include monitoring, 35 00:01:41.070 --> 00:01:43.740 understanding, and diagnosing. 36 00:01:43.740 --> 00:01:47.130 Monitoring involves continuously collecting data 37 00:01:47.130 --> 00:01:49.350 from various network components. 38 00:01:49.350 --> 00:01:52.251 These components may include traffic patterns, 39 00:01:52.251 --> 00:01:55.320 error rates, and system logs. 40 00:01:55.320 --> 00:01:57.810 Analysis is then used to track 41 00:01:57.810 --> 00:01:59.850 the network's normal behaviors, 42 00:01:59.850 --> 00:02:02.490 potential issues, and anomalies. 43 00:02:02.490 --> 00:02:06.120 This analysis can provide an understanding and insights 44 00:02:06.120 --> 00:02:09.060 into the underlying causes of problems. 45 00:02:09.060 --> 00:02:13.320 Next, diagnosis is used to locate the exact source 46 00:02:13.320 --> 00:02:16.440 of a problem, enabling targeted troubleshooting 47 00:02:16.440 --> 00:02:17.970 and resolution. 48 00:02:17.970 --> 00:02:21.090 For example, by monitoring network traffic 49 00:02:21.090 --> 00:02:23.160 and understanding the patterns, 50 00:02:23.160 --> 00:02:27.300 an IT team may diagnose a specific misconfiguration 51 00:02:27.300 --> 00:02:29.040 causing latency issues. 52 00:02:29.040 --> 00:02:32.225 This recognition and diagnosis can enable the team 53 00:02:32.225 --> 00:02:34.380 to quickly resolve the problem 54 00:02:34.380 --> 00:02:37.230 and restore optimal network performance. 55 00:02:37.230 --> 00:02:40.410 Next, we will explore network errors. 56 00:02:40.410 --> 00:02:43.470 Network errors are issues that disrupt the normal flow 57 00:02:43.470 --> 00:02:45.600 of data across a network. 58 00:02:45.600 --> 00:02:49.410 Network errors often occur due to faults in configuration, 59 00:02:49.410 --> 00:02:51.390 hardware or software. 60 00:02:51.390 --> 00:02:54.161 Network error source types include switching errors, 61 00:02:54.161 --> 00:02:57.960 routing errors, as well as a virtual private network 62 00:02:57.960 --> 00:02:59.610 and tunnel errors. 63 00:02:59.610 --> 00:03:01.980 Switching errors occur when data packets 64 00:03:01.980 --> 00:03:03.900 are misdirected or dropped. 65 00:03:03.900 --> 00:03:06.270 Switching errors may be due to the result 66 00:03:06.270 --> 00:03:08.970 of incorrect virtual local area network, 67 00:03:08.970 --> 00:03:13.020 or VLAN configurations, or switch port failures. 68 00:03:13.020 --> 00:03:16.830 Routing errors are when incorrect or inefficient paths 69 00:03:16.830 --> 00:03:20.130 are chosen for data transmission across networks. 70 00:03:20.130 --> 00:03:23.364 Routing errors can be caused by misconfigured routing tables 71 00:03:23.364 --> 00:03:25.710 or protocol failures. 72 00:03:25.710 --> 00:03:29.100 Finally, virtual private network and tunnel errors 73 00:03:29.100 --> 00:03:30.750 are failures in establishing 74 00:03:30.750 --> 00:03:34.230 or maintaining secure connections between networks. 75 00:03:34.230 --> 00:03:36.450 Virtual private network and tunnel errors 76 00:03:36.450 --> 00:03:39.600 are often due to incorrect settings, 77 00:03:39.600 --> 00:03:43.860 expired certifications, or issues with encryption protocols. 78 00:03:43.860 --> 00:03:47.490 For example, if users experience connectivity issues 79 00:03:47.490 --> 00:03:50.787 when accessing resources through a virtual private network, 80 00:03:50.787 --> 00:03:53.910 troubleshooting might reveal a routing error combined 81 00:03:53.910 --> 00:03:57.120 with a virtual private network configuration issue, 82 00:03:57.120 --> 00:03:58.830 both of which need to be resolved 83 00:03:58.830 --> 00:04:02.119 to restore seamless and secure network access. 84 00:04:02.119 --> 00:04:06.145 After that, we will look at network misconfigurations. 85 00:04:06.145 --> 00:04:09.390 Network misconfigurations include errors 86 00:04:09.390 --> 00:04:12.180 or incorrect settings within network devices 87 00:04:12.180 --> 00:04:14.100 that can lead to performance issues, 88 00:04:14.100 --> 00:04:17.730 security vulnerabilities, or connectivity failures. 89 00:04:17.730 --> 00:04:19.920 Network misconfiguration concepts 90 00:04:19.920 --> 00:04:24.090 include unsecured routing and configuration drift. 91 00:04:24.090 --> 00:04:26.940 Unsecured routing occurs when routing protocols 92 00:04:26.940 --> 00:04:30.300 or configurations lack proper security measures 93 00:04:30.300 --> 00:04:33.060 such as authentication or encryption. 94 00:04:33.060 --> 00:04:36.030 In this way, unsecured routing makes the network 95 00:04:36.030 --> 00:04:40.680 vulnerable to attacks, like route hijacking or spoofing. 96 00:04:40.680 --> 00:04:43.170 Configuration drift is the gradual 97 00:04:43.170 --> 00:04:46.740 and often unnoticed changes in network configuration 98 00:04:46.740 --> 00:04:48.000 over time. 99 00:04:48.000 --> 00:04:51.900 These changes can lead to inconsistencies, reduced security, 100 00:04:51.900 --> 00:04:54.300 and unexpected network behavior. 101 00:04:54.300 --> 00:04:57.240 For example, an organization might identify 102 00:04:57.240 --> 00:05:00.210 that an outdated and insecure routing protocol, 103 00:05:00.210 --> 00:05:03.690 such as the Routing Information Protocol, or RIP, 104 00:05:03.690 --> 00:05:05.850 has been inadvertently left active 105 00:05:05.850 --> 00:05:08.010 due to configuration drift. 106 00:05:08.010 --> 00:05:11.520 This oversight could expose the network to vulnerabilities 107 00:05:11.520 --> 00:05:14.250 like route injection attacks or spoofing, 108 00:05:14.250 --> 00:05:16.770 where an attacker could manipulate the routing tables 109 00:05:16.770 --> 00:05:18.420 to redirect traffic. 110 00:05:18.420 --> 00:05:21.270 Immediate remediation would involve deactivating 111 00:05:21.270 --> 00:05:23.040 the insecure protocol, 112 00:05:23.040 --> 00:05:27.420 replacing it with a more secure alternative like OSPF, 113 00:05:27.420 --> 00:05:30.120 or the Open Shortest Path First protocol, 114 00:05:30.120 --> 00:05:32.160 with authentication enabled, 115 00:05:32.160 --> 00:05:35.640 and implementing automated configuration management tools 116 00:05:35.640 --> 00:05:38.250 to prevent such drift in the future. 117 00:05:38.250 --> 00:05:41.784 Next, we will explore intrusion prevention system 118 00:05:41.784 --> 00:05:44.457 and intrusion detection system issues. 119 00:05:44.457 --> 00:05:46.290 Intrusion prevention system 120 00:05:46.290 --> 00:05:48.660 and intrusion detection system issues 121 00:05:48.660 --> 00:05:51.990 involve challenges related to the correct deployment, 122 00:05:51.990 --> 00:05:56.250 configuration, and effectiveness of these security system. 123 00:05:56.250 --> 00:05:57.750 Intrusion prevention system 124 00:05:57.750 --> 00:05:59.733 and intrusion detection system issues 125 00:05:59.733 --> 00:06:03.150 include poor placement, lack of rules, 126 00:06:03.150 --> 00:06:05.700 and rule misconfiguration. 127 00:06:05.700 --> 00:06:08.823 Placement refers to where the intrusion prevention system 128 00:06:08.823 --> 00:06:13.020 or intrusion detection system is located within the network. 129 00:06:13.020 --> 00:06:16.740 An incorrect placement can lead to either missed threats 130 00:06:16.740 --> 00:06:18.960 or unnecessary alerts. 131 00:06:18.960 --> 00:06:20.641 Next, a lack of rules 132 00:06:20.641 --> 00:06:23.160 means that the intrusion prevention system 133 00:06:23.160 --> 00:06:25.200 or intrusion detection system 134 00:06:25.200 --> 00:06:28.830 is not equipped with the necessary policies or signatures 135 00:06:28.830 --> 00:06:31.230 to identify potential threats. 136 00:06:31.230 --> 00:06:34.920 Finally, rule misconfigurations occur when the rules 137 00:06:34.920 --> 00:06:37.140 that define the intrusion prevention system 138 00:06:37.140 --> 00:06:41.100 or intrusion detection system should flag as suspicious 139 00:06:41.100 --> 00:06:42.635 are set incorrectly. 140 00:06:42.635 --> 00:06:46.020 Rule misconfigurations can lead to either too many, 141 00:06:46.020 --> 00:06:47.730 or too few alerts. 142 00:06:47.730 --> 00:06:50.487 For example, if an intrusion prevention system 143 00:06:50.487 --> 00:06:53.850 is deployed without a proper rule set 144 00:06:53.850 --> 00:06:56.670 for the specific traffic patterns of the network, 145 00:06:56.670 --> 00:07:00.030 it might fail to detect data exfiltration attempts 146 00:07:00.030 --> 00:07:01.770 using encrypted traffic. 147 00:07:01.770 --> 00:07:04.590 Alternatively, if the intrusion prevention system 148 00:07:04.590 --> 00:07:08.280 is configured to overly aggressive rules, 149 00:07:08.280 --> 00:07:10.410 it could mistakenly block legitimate 150 00:07:10.410 --> 00:07:12.420 business critical applications, 151 00:07:12.420 --> 00:07:15.060 leading to unnecessary network disruption 152 00:07:15.060 --> 00:07:17.130 and operational delays. 153 00:07:17.130 --> 00:07:20.670 Following that, we will look at alert analysis. 154 00:07:20.670 --> 00:07:24.390 Alert analysis is reviewing and interpreting security alerts 155 00:07:24.390 --> 00:07:27.990 to distinguish between genuine threats and benign activity. 156 00:07:27.990 --> 00:07:31.440 Alert analysis concepts include false positives 157 00:07:31.440 --> 00:07:33.000 and false negatives. 158 00:07:33.000 --> 00:07:36.540 False positives occur when a system incorrectly flags 159 00:07:36.540 --> 00:07:39.270 harmless activity as a security threat. 160 00:07:39.270 --> 00:07:42.030 False positives lead to unnecessary alarms 161 00:07:42.030 --> 00:07:45.750 and wasted resources investigating non-issues. 162 00:07:45.750 --> 00:07:47.610 False negatives on the other hand, 163 00:07:47.610 --> 00:07:51.750 happen when a system fails to detect real security threats. 164 00:07:51.750 --> 00:07:53.970 False negatives allow malicious activities 165 00:07:53.970 --> 00:07:56.730 to go unnoticed and unmitigated. 166 00:07:56.730 --> 00:08:00.420 So, effective alert analysis is crucial 167 00:08:00.420 --> 00:08:04.050 for accurately identifying genuine security threats, 168 00:08:04.050 --> 00:08:06.930 while minimizing the impact of false positives 169 00:08:06.930 --> 00:08:09.780 and false negatives on resource allocation 170 00:08:09.780 --> 00:08:11.490 and threat detection. 171 00:08:11.490 --> 00:08:16.290 Then we will explore Domain Name System, or DNS security. 172 00:08:16.290 --> 00:08:18.030 Domain Name System security 173 00:08:18.030 --> 00:08:20.580 is used to protect the system from attacks 174 00:08:20.580 --> 00:08:22.980 and misconfigurations that could disrupt 175 00:08:22.980 --> 00:08:25.500 or manipulate network traffic. 176 00:08:25.500 --> 00:08:27.810 Domain Name System security concepts 177 00:08:27.810 --> 00:08:32.810 include Domain Name System Security Extensions, or DNSSEC, 178 00:08:32.880 --> 00:08:36.360 zone transfers, Domain Name System poisoning, 179 00:08:36.360 --> 00:08:37.680 and sinkholing. 180 00:08:37.680 --> 00:08:40.110 Domain Name System Security Extensions 181 00:08:40.110 --> 00:08:44.130 add a layer of security to the name resolution process 182 00:08:44.130 --> 00:08:47.580 by digitally signing Domain Name System data 183 00:08:47.580 --> 00:08:50.400 to ensure its integrity and authenticity. 184 00:08:50.400 --> 00:08:53.435 In this way, Domain Name System Security Extensions 185 00:08:53.435 --> 00:08:55.800 prevent attackers from tampering 186 00:08:55.800 --> 00:08:58.980 with Domain Name System responses. 187 00:08:58.980 --> 00:09:03.390 Next, zone transfers are a normal and expected mechanism 188 00:09:03.390 --> 00:09:06.810 used to replicate Domain Name System databases 189 00:09:06.810 --> 00:09:08.190 across servers. 190 00:09:08.190 --> 00:09:12.000 However, if zone transfers are not properly secured, 191 00:09:12.000 --> 00:09:15.480 they can be exploited to gain unauthorized access 192 00:09:15.480 --> 00:09:17.820 to Domain Name System data. 193 00:09:17.820 --> 00:09:22.050 Next, Domain Name System poisoning, or cache poisoning, 194 00:09:22.050 --> 00:09:25.140 is an attack where false Domain Name System data 195 00:09:25.140 --> 00:09:29.550 is injected into a Domain Name System resolver's cache. 196 00:09:29.550 --> 00:09:33.780 This false Domain Name System data may redirect users 197 00:09:33.780 --> 00:09:37.170 who conduct valid queries to malicious sites. 198 00:09:37.170 --> 00:09:40.410 Finally, sinkholing is a defense technique 199 00:09:40.410 --> 00:09:42.600 that redirects malicious traffic, 200 00:09:42.600 --> 00:09:46.200 such as that resulting from Domain Name System poisoning, 201 00:09:46.200 --> 00:09:49.860 to a safe destination for analysis or mitigation. 202 00:09:49.860 --> 00:09:50.880 In practice, 203 00:09:50.880 --> 00:09:53.872 implementing Domain Name System Security Extensions 204 00:09:53.872 --> 00:09:57.360 can prevent Domain Name System poisoning 205 00:09:57.360 --> 00:10:00.090 by ensuring that Domain Name System responses 206 00:10:00.090 --> 00:10:01.500 are authenticated. 207 00:10:01.500 --> 00:10:04.110 While sinkholing can mitigate the impact 208 00:10:04.110 --> 00:10:05.850 of any successful attack 209 00:10:05.850 --> 00:10:07.585 by diverting malicious traffic 210 00:10:07.585 --> 00:10:09.870 away from its intended target. 211 00:10:09.870 --> 00:10:13.110 Next, we will explore email security. 212 00:10:13.110 --> 00:10:16.470 Email security protects email communications from threats 213 00:10:16.470 --> 00:10:21.060 like phishing, spoofing, and unauthorized access. 214 00:10:21.060 --> 00:10:25.080 Email security is implemented by ensuring the authenticity, 215 00:10:25.080 --> 00:10:28.500 integrity and confidentiality of messages. 216 00:10:28.500 --> 00:10:33.000 Email security concepts include Sender policy Framework, 217 00:10:33.000 --> 00:10:37.770 or SPF, Domain Keys Identified Mail, or DKIM, 218 00:10:37.770 --> 00:10:40.680 Domain-based Message Authentication Reporting 219 00:10:40.680 --> 00:10:42.930 and Conformance, or DMARC, 220 00:10:42.930 --> 00:10:47.930 and Secure/Multipurpose Internet Mail Extensions, or S/MIME. 221 00:10:48.270 --> 00:10:52.230 Sender Policy Framework is an email validation protocol 222 00:10:52.230 --> 00:10:56.130 that allows domain owners to specify which mail servers 223 00:10:56.130 --> 00:10:59.070 are permitted to send emails on their behalf, 224 00:10:59.070 --> 00:11:01.140 preventing email spoofing. 225 00:11:01.140 --> 00:11:04.650 Domain Keys Identified Mail adds a digital signature 226 00:11:04.650 --> 00:11:07.590 to emails, allowing recipients to verify 227 00:11:07.590 --> 00:11:09.750 that the message has not been altered, 228 00:11:09.750 --> 00:11:12.900 and that it truly comes from the legitimate sender. 229 00:11:12.900 --> 00:11:15.510 Domain-based Message Authentication Reporting 230 00:11:15.510 --> 00:11:17.820 and Conformance, or DMARC, 231 00:11:17.820 --> 00:11:20.580 provides a framework for email authentication 232 00:11:20.580 --> 00:11:22.260 and policy enforcement 233 00:11:22.260 --> 00:11:25.230 to protect against email-based attacks 234 00:11:25.230 --> 00:11:28.920 based on the results of Sender Policy Framework 235 00:11:28.920 --> 00:11:31.860 and Domain Keys Identified Mail checks. 236 00:11:31.860 --> 00:11:36.420 Secure/Multipurpose Internet Mail Extensions, or S/MIME, 237 00:11:36.420 --> 00:11:39.840 enhances email security by enabling encryption 238 00:11:39.840 --> 00:11:43.050 and digital signatures in email messages. 239 00:11:43.050 --> 00:11:46.020 Secure/Multipurpose Internet Mail Extensions 240 00:11:46.020 --> 00:11:48.750 ensure that only the intended recipient 241 00:11:48.750 --> 00:11:51.060 can read the content of a message, 242 00:11:51.060 --> 00:11:54.330 and that the message itself has not been tampered with. 243 00:11:54.330 --> 00:11:57.870 For example, by implementing Sender Policy Framework 244 00:11:57.870 --> 00:12:00.240 to verify sending mail servers, 245 00:12:00.240 --> 00:12:03.750 Domain Keys Identified Mail to ensure email integrity, 246 00:12:03.750 --> 00:12:06.540 and Domain-based Message Authentication Reporting 247 00:12:06.540 --> 00:12:08.760 and Conformance to enforce policies 248 00:12:08.760 --> 00:12:10.680 and report fraudulent activity, 249 00:12:10.680 --> 00:12:13.950 an organization can significantly reduce the risk 250 00:12:13.950 --> 00:12:15.630 of email spoofing. 251 00:12:15.630 --> 00:12:18.870 Additionally, using Secure/Multipurpose Internet 252 00:12:18.870 --> 00:12:21.870 Mail Extensions to encrypt sensitive emails 253 00:12:21.870 --> 00:12:24.840 ensures that even if a message is intercepted, 254 00:12:24.840 --> 00:12:27.780 the contents remain secure and accessible 255 00:12:27.780 --> 00:12:30.150 only to the intended recipient, 256 00:12:30.150 --> 00:12:33.270 providing a comprehensive end-to-end protection 257 00:12:33.270 --> 00:12:35.340 for email communications. 258 00:12:35.340 --> 00:12:38.490 Then we will explore network issues. 259 00:12:38.490 --> 00:12:42.150 Network issues include problems that disrupt the normal flow 260 00:12:42.150 --> 00:12:45.210 of network data and affect connectivity, 261 00:12:45.210 --> 00:12:47.550 performance, or security. 262 00:12:47.550 --> 00:12:51.570 Network issues include Network Access Control List issues, 263 00:12:51.570 --> 00:12:53.040 resource exhaustion, 264 00:12:53.040 --> 00:12:55.890 and Distributed Denial of Service attacks. 265 00:12:55.890 --> 00:12:58.350 Network Access Control List issues arise 266 00:12:58.350 --> 00:13:00.570 when incorrectly configured rules 267 00:13:00.570 --> 00:13:03.000 allow inappropriate network traffic, 268 00:13:03.000 --> 00:13:05.319 or block legitimate network traffic. 269 00:13:05.319 --> 00:13:09.240 Resource exhaustion is the depletion of critical resources 270 00:13:09.240 --> 00:13:12.720 like bandwidth, memory, or processing power. 271 00:13:12.720 --> 00:13:16.680 Resource exhaustion is often caused by excessive demand 272 00:13:16.680 --> 00:13:18.600 or poor resource management, 273 00:13:18.600 --> 00:13:22.470 and leads to degraded network performance or even outages. 274 00:13:22.470 --> 00:13:24.870 Distributed Denial of Service attacks 275 00:13:24.870 --> 00:13:27.690 involve overwhelming a network or service 276 00:13:27.690 --> 00:13:30.600 with a flood of traffic from multiple sources 277 00:13:30.600 --> 00:13:33.150 with the goal of resource exhaustion, 278 00:13:33.150 --> 00:13:35.850 and making the targeted services unavailable 279 00:13:35.850 --> 00:13:37.650 to legitimate users. 280 00:13:37.650 --> 00:13:41.100 For example, if a Distributed Denial of Service attack 281 00:13:41.100 --> 00:13:43.710 targets a network improperly configured, 282 00:13:43.710 --> 00:13:46.110 Network Access Control List might fail 283 00:13:46.110 --> 00:13:48.030 to block the malicious traffic, 284 00:13:48.030 --> 00:13:49.920 resulting in resource exhaustion 285 00:13:49.920 --> 00:13:52.440 and significant network downtime. 286 00:13:52.440 --> 00:13:55.830 Following that, we will look at cryptographic issues. 287 00:13:55.830 --> 00:13:58.410 Cryptographic issues are problems related 288 00:13:58.410 --> 00:14:02.130 to the implementation and functioning of encrypted protocols 289 00:14:02.130 --> 00:14:03.690 that secure data. 290 00:14:03.690 --> 00:14:05.257 Cryptographic issues include 291 00:14:05.257 --> 00:14:09.300 Transport Layer Security errors, cipher mismatches, 292 00:14:09.300 --> 00:14:12.450 and issues with cryptographic implementation. 293 00:14:12.450 --> 00:14:15.600 Transport Layer Security or TLS errors, 294 00:14:15.600 --> 00:14:18.420 occur when there are problems with the negotiation 295 00:14:18.420 --> 00:14:21.540 or establishment of a secure connection. 296 00:14:21.540 --> 00:14:23.250 Transport Layer Security errors 297 00:14:23.250 --> 00:14:26.310 are often due to expired certificates, 298 00:14:26.310 --> 00:14:30.690 incorrect configurations, or unsupported protocol version. 299 00:14:30.690 --> 00:14:33.510 Cipher mismatch occurs when the client and server 300 00:14:33.510 --> 00:14:36.060 cannot agree on a cipher suite 301 00:14:36.060 --> 00:14:38.850 during the Transport Layer Security handshake, 302 00:14:38.850 --> 00:14:42.210 leading to a failed or insecure connection. 303 00:14:42.210 --> 00:14:45.420 A cipher suite is a set of algorithms that define 304 00:14:45.420 --> 00:14:48.870 how encryption, authentication, and key exchange 305 00:14:48.870 --> 00:14:52.350 are implemented in a secure communication session. 306 00:14:52.350 --> 00:14:56.490 Next, issues with cryptographic implementation are flaws 307 00:14:56.490 --> 00:14:58.440 or vulnerabilities in the way 308 00:14:58.440 --> 00:15:01.200 that cryptographic algorithms are applied 309 00:15:01.200 --> 00:15:03.540 and include weak encryption methods 310 00:15:03.540 --> 00:15:05.430 or improper key management. 311 00:15:05.430 --> 00:15:07.770 Issues with cryptographic implementation 312 00:15:07.770 --> 00:15:11.190 can result in data being inadequately protected. 313 00:15:11.190 --> 00:15:15.510 Finally, we will look at Public Key Infrastructure issues. 314 00:15:15.510 --> 00:15:18.510 Public Key Infrastructure, or PKI issues, 315 00:15:18.510 --> 00:15:20.790 are problems related to the management, 316 00:15:20.790 --> 00:15:24.720 deployment and functioning of the Public Key Infrastructure. 317 00:15:24.720 --> 00:15:27.960 Public Key Infrastructure issues undermine the security 318 00:15:27.960 --> 00:15:31.350 of encrypted communications and digital certificates, 319 00:15:31.350 --> 00:15:35.160 and can include misconfigured Certificate Authorities, 320 00:15:35.160 --> 00:15:38.100 expired or improperly issued certificates, 321 00:15:38.100 --> 00:15:42.000 and challenges in the certification revocation process. 322 00:15:42.000 --> 00:15:44.344 Each of these Public Key Infrastructure issues 323 00:15:44.344 --> 00:15:47.280 can lead to failures in establishing trust 324 00:15:47.280 --> 00:15:49.380 between communicating parties. 325 00:15:49.380 --> 00:15:53.100 Additionally, improper key management or distribution 326 00:15:53.100 --> 00:15:56.850 can result in unauthorized access or data breaches 327 00:15:56.850 --> 00:16:00.150 as keys may be compromised or used incorrectly. 328 00:16:00.150 --> 00:16:02.940 For example, if a certificate expires 329 00:16:02.940 --> 00:16:04.890 and is not renewed in time, 330 00:16:04.890 --> 00:16:08.310 clients may be unable to establish secure connections, 331 00:16:08.310 --> 00:16:09.230 highlighting the need 332 00:16:09.230 --> 00:16:12.360 for effective Public Key Infrastructure management 333 00:16:12.360 --> 00:16:14.170 to ensure continuous trust 334 00:16:14.170 --> 00:16:17.430 and secure communication within the network. 335 00:16:17.430 --> 00:16:20.250 To finish things off, we'll take a short quiz 336 00:16:20.250 --> 00:16:23.370 to see what you learned during this section of the course. 337 00:16:23.370 --> 00:16:26.970 And we will review each of those quiz questions fully 338 00:16:26.970 --> 00:16:30.120 to ensure you can explain why the right answers were right, 339 00:16:30.120 --> 00:16:31.920 and the wrong answers were wrong. 340 00:16:31.920 --> 00:16:33.600 So let's get ready 341 00:16:33.600 --> 00:16:36.270 to dive into troubleshooting network infrastructure 342 00:16:36.270 --> 00:16:38.373 in this section of the course.