(2) Network Architecture Flashcards
What is included in the term On-Premises network architecture?
On-Premises network architecture includes routers, switches, security devices, cabling, and other network components that comprise a regular network.
Since Cloud services don’t normally allow network admins to directly access the physical devices that provide the service, what do network admins have to do instead to secure these systems?
With Cloud systems, contractual obligations are important, especially when it comes to Software as a Service (SaaS) and Platform as a Service (PaaS) vendors.
Identity and Access Management is also super important.
Type of security controls do Infrastructure as a Service (IaaS) vendors provide?
IaaS vendors like AWS and Azure provide more security controls because there is more access to Infrastructure.
In that way, the same type of security controls that one would implement with on premises systems would apply.
Cloud providers also often provide their own additional security controls too.
What is a Virtual Private Cloud (VPC)?
VPC is delivered by cloud service providers that builds an on demand environment that is semi isolated.
Normally it is placed on a private subnet and has extra security to make sure that activities stay private
What does it mean when you “air gap” a system?
“air gap” when it comes to a system means that there isn’t a direct connection between one network and another
How does network segmentation help network exposure?
Network segmentation limits network exposure by reducing the attack surface of the network.
How does segmentation help compliance efforts?
Segmentation helps compliance efforts because one can place compliant systems on a more easily maintained environment separate from the rest of the org.
How does segmentation help availability?
Segmentation helps availability by reducing the impact of an attack.
How is network segmentation normally maintained?
Normally network segmentation happens by using a firewall with a meticulously configured ruleset normally used between network segments.
Different levels of trust are configured too.
When it comes to network segmentation, what specific feature should routers and switches support?
Routers and switches should support VLAN (virtual local area network) tagging for more sophistication.
When it comes to network segmentation, what is a jump box?
When it comes to network segmentation, a jump box (also called a jump server) is a system that resides in a segmented environment and is used to access and manage devices in a segment where the jump box is located.
How many security zones do jump boxes cover?
Jump boxes cover two different security zones and should also be secured, managed, and monitored.
What is Software Defined Networking (SDN)?
SDN lets you program networks. Central control of networks is possible and you can manage the network resources with more intelligence than a regular physical network.
APIs are used to provide these services.
What is important to include in Software Defined Networking (SDN) setups?
API security and secure code development practices are very important to include in SDN setups.
What are Software Defined Network Wide Area Networks (SDN-WANs)?
SDN-WANs are a service model where provides use SDN technology to build networks.
This setup allows orgs to have a variety of technologies integrated in one solution. It does offer encryption too.
