Security Architecture: Secure Communication and Access Flashcards
Whare the 5 key elements of Secure Access?
Remote access in modern enterprise networks refers to the capability of authorized users to securely connect to the organization’s internal resources and services from outside locations, often using the internet as the conduit. This functionality has become increasingly crucial as businesses adopt flexible work arrangements and decentralized operations. Remote-access methods and protocols include:
VPNs
TLS
IPSec
SD-WAN
SASE
What’s VPN?
A VPN establishes a secure and encrypted connection over a public or untrusted network, such as the internet, thereby allowing users to access and transmit data as if they were directly connected to a private network. By creating a virtual tunnel between the user’s device and a VPN server, VPNs ensure privacy, anonymity, and data integrity, and they effectively shield online activities from potential eavesdropping, censorship, or cyber attacks.
- Site to Site
- Or remote access
What’s TLS?
Transport Layer Security (TLS) is a cryptographic protocol that ensures secure communication over computer networks, most commonly the internet. It functions by establishing an encrypted and authenticated connection between two parties, typically a client (such as a web browser) and a server (such as a website), thereby safeguarding the confidentiality and integrity of data exchanged during online interactions.
TLS employs a combination of asymmetric and symmetric encryption techniques to secure the data transmission, preventing unauthorized access, data tampering, and eavesdropping.
Built on top of SSL
This gives the function of HTTPS
Clientless VPN:
Clientless SSL VPN creates a secure, remote-access VPN tunnel to an ASA using a web browser without requiring a software or hardware client. It provides secure and easy access to a broad range of web resources and both web-enabled and legacy applications from almost any device that can connect to the Internet via HTTP.
What’s IPsec?
Internet Protocol Security (IPSec) is a comprehensive suite of protocols and algorithms used to secure and authenticate IP communication at the network layer. It offers a framework for creating encrypted and authenticated connections between devices, such as routers or VPN gateways, to ensure the confidentiality, integrity, and authenticity of data transmitted over potentially untrusted networks such as the internet.
Anything running on IPSec needs to support IPv6
What’s SD-WAN?
SD-WAN, short for software-defined wide area network, is a technology that enhances and simplifies the management of wide area networks (WANs) by leveraging software-defined principles to optimize the routing and distribution of network traffic. It allows organizations to efficiently connect and manage geographically dispersed locations, such as branch offices or data centers, by dynamically choosing the most appropriate and efficient pathways for data transmission.
SD-WAN solutions often utilize a combination of public internet, private connections, and cellular networks, prioritizing critical applications and ensuring optimal performance through features like Quality of service (QoS) and traffic shaping.
https://www.youtube.com/watch?v=R5TV6lO3-1M
What’s SASE?
Secure Access Service Edge (SASE) is a modern network architecture that integrates network security and WAN capabilities into a unified cloud-based platform. By converging traditionally disparate functions such as firewalling, secure web gateways, VPNs, and more, SASE offers a holistic approach to network security and connectivity.
SASE emphasizes delivering security and networking services as a service from the cloud, allowing organizations to provide secure access to applications and data for both on-premises and remote users, regardless of their location. SASE adapts security policies based on user context and application requirements, ensuring a dynamic and scalable security posture.
https://www.youtube.com/watch?v=Y8DBQ2dSZag
https://www.youtube.com/watch?v=Opy9D-8eyVg
