3.3 Flashcards
Given a scenario, implement secure network designs.
Refers to the distribution of incoming network traffic across multiple servers or resources to ensure optimal utilization, reliability, and performance.
Load balancing
Is a type of load balancing configuration where all servers in the pool actively handle incoming requests simultaneously. This setup distributes the workload evenly across all available servers, maximizing resource utilization and scalability.
Active/active
Is a type of load balancing configuration where one server (the active server) handles incoming requests while the other server (the passive server) remains idle, serving as a backup.
Active/passive
Refers to the algorithm or method used to determine how incoming requests are distributed among available servers.
Scheduling
An IP address that is not associated with a specific physical server but instead is assigned to a virtual server or load balancer.
Virtual IP
Refers to the ability of a load balancer to consistently route requests from the same client to the same backend server for the duration of a session. This is important for maintaining session state or user-specific data, such as shopping carts or logged-in sessions, across multiple requests.
Persistence
Involves dividing a network into smaller, isolated segments or subnetworks to enhance security and control access to sensitive resources.
Network segmentation
Is a logical segmentation of a physical network into multiple isolated broadcast domains. Allow network administrators to group devices together based on criteria such as function, department, or security requirements, regardless of their physical location.
Virtual local area network (VLAN)
Is a network segment that sits between an organization’s internal network (intranet) and an external network, typically the internet. Is designed to host services that need to be accessible from both the internal network and the internet.
Screened subnet (previously
known as demilitarized zone)
The flow of network traffic between servers or devices within the same network segment.
East-west traffic
Is a private network that extends beyond an organization’s internal network to include external parties, such as customers, partners, suppliers, or vendors.
Extranet
Is a private network that is restricted to an organization’s internal users and resources.
Intranet
Is a cybersecurity approach based on the principle of “never trust, always verify.” In this model, access to resources and services is not automatically granted based on a user’s location or network position but is continuously verified based on identity, device security posture, and contextual factors such as time, location, and behavior.
Zero Trust
Technology that establishes a secure and encrypted connection over a public network to enable users to access private network resources from remote locations as if they were directly connected to the private network.
Virtual private network (VPN)
A configuration where the VPN client software on a user’s device automatically establishes and maintains a VPN connection whenever the device is connected to the internet, without requiring manual intervention from the user. This ensures that all data transmitted over the internet is encrypted and secure by default, providing continuous protection against potential security threats, even when the user is not actively using the VPN.
Always-on
A VPN configuration where only traffic destined for the private network is routed through the VPN tunnel, while all other internet-bound traffic is sent directly to the internet without passing through the VPN. This allows users to access both private network resources and public internet services simultaneously.
Split tunnel
A VPN configuration where all network traffic, both private and internet-bound, is routed through the VPN tunnel to the VPN server.
full tunnel
Allow individual users to securely connect to a private network from remote locations.
Remote access
Establish secure connections between two or more geographically dispersed networks. ______________ VPNs create a virtual network link between the different sites, enabling secure communication and data exchange.
site-to-site
Is a suite of protocols used to secure internet communications by encrypting and authenticating IP packets. Can be used to establish VPN connections to provide confidentiality, integrity, and authenticity for data transmitted over untrusted networks. It operates at the network layer (Layer 3) of the OSI model.
IPSec
Are cryptographic protocols used to secure internet communications between clients and servers. ____________ VPNs use these protocols to establish encrypted connections between VPN clients and servers, typically via a web browser. They are commonly used for remote access VPNs and are well-suited for providing secure access to web-based applications and services.
SSL/TLS
Is the latest version of the HTML standard used for creating and structuring web pages. In the context of VPNs, ______________ VPNs leverage modern web technologies to provide remote access to private network resources via a web browser interface.
HTML5
Is a tunneling protocol used to create VPN connections over the internet. Operates at the data link layer (Layer 2) of the OSI model and does not provide encryption or authentication on its own.
Layer 2 tunneling protocol (L2TP)
DNS
