Network Architecture and Segmentation Flashcards
The practice of assigning an ID to assets to associate them with entries in an
inventory database
Asset Tag
The process through which changes to the configuration of information systems
are monitored and controlled, as part of the organization’s overall configuration
management efforts
Change Management
Document that lists the reason for a change and the procedures to implement
that change
Request for Change (RFC)
Refers to the cabling, switch ports, router ports, and wireless access points that
supply cabled and wireless network access and connectivity
Physical Network
A secure tunnel created between two endpoints connected via an unsecure
network, usually over the Internet
▪ IPSec
▪ Secure Shell (SSH)
▪ Transport Layer Security (TLS)
Virtual Private Network (VPN)
APIs and compatible hardware allowing for programmable network appliances
and systems
SDN creates more complex networks due to their size, scope, and ability to
rapidly change
▪ Control plane
▪ Data plane
▪ Management plane
Software-Defined Networking (SDN)
Makes decisions about how traffic should be prioritized and secured, and where it
should be switched
Control Plane
Handles the actual switching and routing of traffic and imposition of access
control lists (ACLs) for security
Data Plane
Monitors traffic conditions and network status
SDN applications are used to define policy decisions on the control plane
Management Plane
A type of network isolation that physically separates a network from all other
networks
System Isolation (Air Gap)
Each network segment has its own switch, and only devices connected to that
switch can communicate with each other
Physical Segmentation
Network segmentation that relies on VLANs to create equivalent segmentation
that would occur if you used physical switches
Virtual Segmentation
The main unit of a logically segmented network where the security configuration
is the same for all hosts within it
Zones
A list of IP address and ports that are allowed or denied access to the network
segment or zone
Access Control Lists (ACL)
Any host that accepts inbound connections from the internet
internet-facing Host