DOMAIN 7 - CHALLENGES OF VIRTUAL APPLIANCES, SDN SECURITY BENEFITS Flashcards
Virtual appliances thus become ______, since they cannot fail open, and must intercept all traffic.
bottlenecks
________may take significant resources and increase costs to meet network performance requirements.
Virtual appliances
When used, virtual appliances should support _______ to match the elasticity of the resources they protect.
auto-scaling
Virtual appliances should also be aware of operating in the cloud, as well as the ability of instances to move between different geographic and availability zones. The ______ of change in cloud networks is higher than that of physical networks and tools need to be designed to handle this important difference.
velocity
______ will change far more quickly than on a traditional network, which security tools must account for.
IP addresses
_______ are less likely to exist at static IP addresses
Assets
It becomes possible to build out as many ______ networks as you need without constraints of physical hardware.
isolated
________ (e.g., security groups) can apply to assets based on more flexible criteria than hardware-based firewalls, since they aren’t limited based on physical topology.
SDN firewalls
SDN firewalls are typically______ sets that define ingress and egress rules that can apply to single
assets or groups of assets, regardless of network location (within a given virtual network).
policy
________is often the starting point, and you are required to open connections from there, which is the opposite of most physical networks
Default deny
Many network attacks are eliminated by default (depending on your platforms), such as _______ and other lower level exploits, beyond merely eliminating sniffing. This is due to the inherent nature of the SDN and application of more software based
rules and analysis in moving packets.
ARP spoofing
As with security groups, other routing and network design can be dynamic and tied to the cloud’s ________ layer, such as bridging virtual networks or connecting to internal PaaS services.
orchestration