Secure Network Topologies 3.2 Flashcards
Demilitarized Zone (DMZ)
An additional layer of security between the internet and you. Public access is granted to public resources and private access is denied.
Extranet
A private network for third parties that we trust. Access granted to people who need resources we have. Vendors, suppliers, etc. Usually requires authentication.
Intranet
Only available internally. Company only announcements, documents, files, etc. No external access unless for employees via a VPN.
Wireless Network at Work
Convenient but obvious security concerns. You build a separate wireless infrastructure for guests. Always use authentication via the 802.1x standard. Integrate into the existing name services.
Guest Network
People need to connect and have access to the internet. Meetings, conferences, demos, etc. No access to network, but internet access. You could create a captive portal for guest users so they get a user name and password.
Ad Hoc Wireless Networkin
Point to point communication. Common on mobile devices. Think of Bluetooth contact sharing apps. It’s hard to control unmanaged devices. You can configure the mobile device manager to disallow this functionality or allow it situationally.
Honeypots and Honeynets
Honeypot is small, honeynet is a larger infrastructure.
Attract the bad guys and trap them. The bad guys are usually an automated scripts and processes. Honeypots/nets are designed to track and tell you what the bad guys are looking for.
Network Address Translation (NAT)
It’s estimated there are over 20 billion devices connected. IPv4 only supports 4.29 billion. NAT handles how to manage this. NAT is paired with firewalls.