Security Architecture: Network Infrastructure concepts Flashcards
Why do we have to consider beign in ful control of network?
On-Prem: Being in full control. (Centralized)
Why do you want full control?
For less you can be put on your own device but don’t know serial numbers.
Do we go centralize or decentralize
In wireless environments: You can choose all the wireless LAN controllers and security appliances in a centralize data center. Or you can choose to disperse them and spread them out.
Need to consider optimization, ease of management
Most now move to cloud for decentralized
Isolation: physical Segmentation and Logical Segmentation
What is Air-Gapped?
Some networks carry such sensitive information that they’re air-gapped, which means they’re physically disconnected from public internet.
What is logical Segmentations?
Logical segmentation is a much more common approach and uses software constructs to create a virtual network inside a physical network. Technologies such as virtual local area networks (VLANS) and Virtual eXtensible LANs (VXLANs) are common methods of logical segmentation.
What is VXLANS?
In summary, VLANs are useful for segmenting smaller networks within a single location, while VXLANs provide a scalable solution for large, distributed, and multi-tenant environments by extending Layer 2 networks over a Layer 3 infrastructure.
What is SDN?
SDN software defined network is a revolutionary approach to network management and control that simplifies and centralizes management of network resources. It separates the control and data planes, enabling administrators to programmatically control network behavior through a centralized software controller.
What are the main keypoints about network infrastructure?
It’s important to note that network infrastructures aren’t always on premises. They can be virtual and exist in public or private clouds.
Additionally, network-infrastructure design can be centralized or decentralized. A centralized infrastructure features the required network elements located in a central location versus being dispersed throughout the geography of the IT department. It’s often easier to secure since resources are more concentrated in a single location and easier to protect with network appliances and technologies.