Network Segmentation 3.2 Flashcards
Segmenting a Network
Physical, logical, or virtual segmentation via devices, VLAN’s and virtual networks. We commonly do this for things like high-bandwidth applications, security, or compliance reasons.
Security: Users should only talk to applications such as SQL and SSH, not the actual database server.
Compliance: PCI compliance requires segmentation.
Physical Segmentation
Devices that are physically separate. Sometimes intentional to separate servers or connection routes, and if you need to connect them, they will need an additional connection between them.
Logical Segmentations with VLAN’s
Virtual Local Area Network used instead of physical segmentation. You can only connect these networks together with a router. They are on the same switch but they cant talk to each other otherwise.
Virtualization
You could virtualize everything if you needed to, literally every device. Servers, switches, routers, firewalls, load balancers. This gives you complete control. You could build a network with literally pushing buttons in a virtual environment.
Air Gaps
The ultimate in physical segmentation. The devices are literally physically separated from each other. There is literally no way for one device to connect to the other. This is used on highly secured networks or very important applications such as SCADA or manufacturing networks. Vulnerable to USB drives!