Please enable JavaScript.
Coggle requires JavaScript to display documents.
Networking - Coggle Diagram
Networking
Network Architecture
- A network is simply two or more computers linked together to share data, information or resources
- Local area network (LAN)
- Wide area network (WAN)
Network Devices:
- Hubs
Hubs are used to connect multiple devices in a network.
- Firewall
- Switch
- Server
- Router
- Endpoint
Device Address
- Media Access Control (MAC) Address
Every network device is assigned a Media Access Control (MAC) address.
- Internet Protocol (IP) Address
While MAC addresses are generally
assigned in the irmware of the interace, IP
hosts associate that address with a unique
logical address
Wi-Fi
It has made networking more
versatile than ever before.
Workstations and portable
systems are no longer tied to a
cable but can roam freely within
the signal range of the deployed
wireless access points. However,
with this freedom comes
additional vulnerabilities.
Microsegmentation
- The toolsets of current adversaries are polymorphic in nature and allow threats to bypass static security controls.
Modern cyber attacks take advantage of traditional security models to move easily between systems within a data center. Microsegmentation aids in protecting against these threats.Microsegmentation Characteristics:
- Allows for granular restrictions within the IT environment,
- Uses logical rules, not physical rules, and does not require additional hardware or manual interaction with the device
- Is the ultimate end state of the defense-in-depth philosophy; no single point of access within the IT environment can lead to broader compromise.
- Is crucial in shared environments, such as the cloud, where more than one customer’s data and functionality might reside on the same device(s), and where third-party personnel.
- Allows the organization to limit which business functions, units, offices, or departments can communicate with others, to enforce the concept of least privilege.
- Is available because of virtualization and software-defined networking (SDN) technologies. In the cloud, the tools for applying this strategy are often called "virtual private networks (VPN)" or "security groups."
- Can be used to separate computers from smart TVs, air conditioning, and smart appliances, which can be connected and have vulnerabilities.
Network Segmentation
(Demilitarized Zone)
- Network segmentation is an effective way to achieve defense in depth for distributed or multitiered applications. The use of a demilitarized zone (DMZ), for example, is a common practice in security architecture.
- With a DMZ, host systems that are accessible through the firewall are physically separated from the internal network by means of secured switches or by using an additional irewall to control traffic between the web server and the internal network.
Virtual Private Network (VPN)
- A virtual private network (VPN) is not necessarily an encrypted tunnel. It is simply a point-to-point connection
between two hosts that allows them to communicate
- As an alternative to expensive dedicated point-to-point connections, organizations use gateway-to-gateway VPNs to securely transmit information over the internet between sites or even with business partners.
Virtual Local Area Network (VLAN)
- Allow network administrators to use switches to create software- based LAN segments, which can segregate or consolidate traffic across multiple switch ports
- Devices sharing a VLAN: Devices that share a VLAN communicate through switches as if they were on the same Layer 2 network (Data Link Layer).
- Software-based LAN segments: Imagine a large building with many rooms. Typically, all computers in that building might share one network. VLANs allow you to create "virtual rooms" within that network
- Benefits of VLANs:
- Broadcast traffic limitation: Since VLANs act as discrete networks, broadcast traffic (data sent to all devices in a network segment) is limited to the VLAN.
- Broadcast traffic limitation: Since VLANs act as discrete networks, broadcast traffic (data sent to all devices in a network segment) is limited to the VLAN.
- Simplified administration: Administration of the environment is simplified, as the VLANs can be reconfigured when individuals change their physical location or need access to different services.
-
Network Design
- The objective of network design
is to satisfy data communication
requirements and achieve the result
of efficient overall performance
- Network Segmentation
- Network segmentation involves controlling traffic among networked devices.
- Physical Segmentation: Complete or physical network segmentation occurs when a network is isolated from all outside communications, so transactions can only occur between devices within the segmented network.
- Demilitarized Zone (DMZ)
- A DMZ is a network area that is designed to be accessed by outside visitors but is still isolated from the organization's private network.
- Purpose: The DMZ is often the host of public servers like web, email, file, and other resource servers.
- Virtual Local Area Networks (VLANs)
-
Cloud Computing Infrastructure: Benefits of Cloud Computing
- Security and Flexibility:
- Cloud computing offers high flexibility (easily scaling resources up or down as needed) and also provides robust security
- High Availability through "Availability Zones":
- Cloud service providers have different availability zones. These are physically separate data centers located in different geographical areas.
- If one zone experiences a problem (e.g., power outage, natural disaster), activities can shift to another zone automatically. This ensures business continuity and minimizes downtime.
- You don't have to maintain a whole data center yourself with all the complex redundancy that entails
- Contract and Billing Models:
- You can set up the billing so that it depends on the data used, much like your mobile phone bill.
- Resource Pooling:
- Allows for resource pooling, meaning you can share resources (like computing power, storage capacity) with other colleagues or similar industries.
Service Models 
- Types of cloud computing service
models include Software as a Service
(SaaS), Platform as a Service (PaaS), and
Infrastructure as a Service (IaaS).
Managed Service Provider (MSP)
- A managed service provider (MSP) is
a company that manages information
technology assets for another company
- Small and medium-sized businesses (SMBs) often outsource some or all of their IT tasks to an MSP. This helps them:
- Manage day-to-day operations: MSPs take care of routine IT tasks like system monitoring, updates, and troubleshooting, allowing the client company to focus on its core business.
- Provide expertise: Companies might not have in-house experts for all IT areas (e.g., advanced cybersecurity). MSPs fill this gap by offering specialized knowledge and skills.
- Provide network and security monitoring and patching services
- Other Common MSP Implementations:
- Utilize expertise for implementation of a product or service
- Augment in-house staff for projects
- Managed Detection and Response (MDR) Service: This is a key example. In an MDR service, the MSP acts as a vendor who monitors firewalls and other security tools
- Provide payroll services
- Provide Help Desk service management:
- Manage all in-house IT infrastructure
Cloud Characteristics
- Allows an enterprise to scale up new software or data- based services/solutions through cloud systems quickly and without having to install massive hardware locally.
- Reduced cost of ownership.
There is no need to buy any
assets for everyday use, no loss
of asset value over time and a
reduction of other related costs
of maintenance and support.
- **Usage is metered and priced
according to units (or instances)
consumed**. This can also
be billed back to specific
deparments or functions.
- **Reduced energy and cooling
costs**, along with “green
IT” environment effect
with optimum use of IT
resources and systems.
Cloud Computing
- Cloud computing is usually associated
with an internet-based set of
computing resources, and typically
sold as a service provided by a cloud
service provider (CSP)
- There are various definitions of what
cloud computing means per leading
standards, including NISTs
- “A model for enabling ubiquitous,
convenient, on-demand network access to
a shared pool of configurable computing
resources (such as networks, servers,
storage, applications, and services) that
can be rapidly provisioned and released
with minimal management effort or
service provider interaction.”
NIST SP 800-145
Service-Level Agreement (SLA)
- Is an agreement between a cloud service provider and a cloud service customer based on a taxonomy of cloud computing–specific terms to set the quality of the cloud services delivered
- The purpose of an SLA is to document specific parameters, minimum service levels, and remedies for any failure to meet the specified requirements.It should also affirm data ownership and specify data return and destruction details.
- Some of SLA points to consider include the following:
- Customer right to audit legal and regulatory compliance by the CSP
- Cloud system infrastructure details and security standards
- Rights and costs associated with continuing and discontinuing service use
- Service availability: This is one of the most critical points, often expressed as a percentage of uptime (e.g., 99.9% uptime).
- Service performance: The SLA may define metrics for speed, response times, or other performance criteria.
- Data security and privacy: Specifies how your data is protected from unauthorized access, loss, or privacy breaches.
- Disaster recovery processes: Describes how the provider will recover your services and data in case of a major incident (e.g., natural disaster, severe cyberattack).
- Data location: Where your data is physically stored (e.g., in which country, which data center). This is important for data privacy regulations.
- Data access: Who can access your data and under what circumstances.
- Data portability: How easily customers can move their data out of the provider's cloud platform if they want to switch providers or move back to an on-premises data center.
- Problem identification and resolution expectations: The SLA will define how problems are reported, expected response times, and the resolution process.
- Change management processes: How the provider communicates and manages changes to their services.
- Dispute mediation processes: How any disagreements between the customer and provider will be resolved if issues arise.
- Exit strategy: Very crucial! This outlines how you can terminate the contract and retrieve your data safely and efficiently without business disruption.
-