Network Architecture and Segmentation Flashcards
The practice of assigning an ID to assets to associate them with entries in an
inventory database
Asset Tag
The process through which changes to the configuration of information systems
are monitored and controlled, as part of the organization’s overall configuration
management efforts
Change Management
Document that lists the reason for a change and the procedures to implement
that change
Request for Change (RFC)
Refers to the cabling, switch ports, router ports, and wireless access points that
supply cabled and wireless network access and connectivity
Physical Network
A secure tunnel created between two endpoints connected via an unsecure
network, usually over the Internet
▪ IPSec
▪ Secure Shell (SSH)
▪ Transport Layer Security (TLS)
Virtual Private Network (VPN)
APIs and compatible hardware allowing for programmable network appliances
and systems
SDN creates more complex networks due to their size, scope, and ability to
rapidly change
▪ Control plane
▪ Data plane
▪ Management plane
Software-Defined Networking (SDN)
Makes decisions about how traffic should be prioritized and secured, and where it
should be switched
Control Plane
Handles the actual switching and routing of traffic and imposition of access
control lists (ACLs) for security
Data Plane
Monitors traffic conditions and network status
SDN applications are used to define policy decisions on the control plane
Management Plane
A type of network isolation that physically separates a network from all other
networks
System Isolation (Air Gap)
Each network segment has its own switch, and only devices connected to that
switch can communicate with each other
Physical Segmentation
Network segmentation that relies on VLANs to create equivalent segmentation
that would occur if you used physical switches
Virtual Segmentation
The main unit of a logically segmented network where the security configuration
is the same for all hosts within it
Zones
A list of IP address and ports that are allowed or denied access to the network
segment or zone
Access Control Lists (ACL)
Any host that accepts inbound connections from the internet
internet-facing Host
A segment isolated from the rest of a private network by one or more firewalls
that accepts connections from the Internet over designated ports
Demilitarized Zone (DMZ)
Hosts or servers in the DMZ which are not configured with any services that run
on the local network
Bastion Hosts
A hardened server that provides access to other hosts within the DMZ
Jumpbox
A host computer is installed with a hypervisor that can be used to install and
manage multiple guest operating systems or virtual machines (VMs)
Virtualization
A virtualization implementation that separates the personal computing
environment from a user’s physical computer
Virtual Desktop Infrastructure (VDI)
A type of virtualization applied by a host operating system to provision an isolated
execution environment for an application
Containerization
A virtualized computer that allows for the installation and configuration of its own
operating system
Virtual Hosts
An expansion of VMs being provisioned without proper change control
procedures
VM Sprawl
Virtual hosts are interconnected using virtual switches, virtual routers, and other
virtualized networking equipment as part of the hypervisor
Virtual Networks
