Secure Network Topologies 3.2

Question 1

Demilitarized Zone (DMZ)

Answer 1

An additional layer of security between the internet and you. Public access is granted to public resources and private access is denied.

Question 2

Extranet

Answer 2

A private network for third parties that we trust. Access granted to people who need resources we have. Vendors, suppliers, etc. Usually requires authentication.

Question 3

Intranet

Answer 3

Only available internally. Company only announcements, documents, files, etc. No external access unless for employees via a VPN.

Question 4

Wireless Network at Work

Answer 4

Convenient but obvious security concerns. You build a separate wireless infrastructure for guests. Always use authentication via the 802.1x standard. Integrate into the existing name services.

Question 5

Guest Network

Answer 5

People need to connect and have access to the internet. Meetings, conferences, demos, etc. No access to network, but internet access. You could create a captive portal for guest users so they get a user name and password.

Question 6

Ad Hoc Wireless Networkin

Answer 6

Point to point communication. Common on mobile devices. Think of Bluetooth contact sharing apps. It’s hard to control unmanaged devices. You can configure the mobile device manager to disallow this functionality or allow it situationally.

Question 7

Honeypots and Honeynets

Answer 7

Honeypot is small, honeynet is a larger infrastructure.
Attract the bad guys and trap them. The bad guys are usually an automated scripts and processes. Honeypots/nets are designed to track and tell you what the bad guys are looking for.

Question 8

Network Address Translation (NAT)

Answer 8

It’s estimated there are over 20 billion devices connected. IPv4 only supports 4.29 billion. NAT handles how to manage this. NAT is paired with firewalls.