3.3 Network Functionality

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with

Already have an account? Sign In »

9 hours 48 minutes
Video Transcription
now the next element Network functionality. So this was the ping element we talked about in the last little section. Talk about pipe power and pain. Will ping networking activity So a lot of moving pieces to make a network work.
So not even specifically looking at the security element, just making sure that access is available.
So one of those things we've gotta have i p addresses. We want to make sure that there's cloud based resource is have accessible I p addresses. And again, this is more from us being at a cloud service providers perspective. But
this information could come up to you on the exam from either a c S P s perspective or a customer's perspective.
From a C S P s perspective, we need to make sure that there are publicly reachable servers that they have i p addresses
that are reachable from, of course, the public, Internet or otherwise. That doesn't do us much, much good, and we have the choice of having theirs. I p addresses assigned statically or dynamically, just like in a traditional network, right?
Benefits of both static I p addressing gives me the greatest control when we do dynamic addressing. We allow a D h, c P server, some device acting a such to assign i p addresses to those hosts.
You know, any time I allow something to happen automatically, then there's a risk. You know their room D HCP servers. There is corruption of DEA HCP files. So we weigh the pros and the cons. The benefit, though, is
the i p addresses. We don't make mistakes. You know, if I'm gonna go around and configure 1500 I p addresses, I'm probably gonna make some mistakes. Right?
So we weigh the pros and cons. D h CP is another one of their service is that is inherently insecure. So we need to make sure that d h cp if we're gonna use it for dynamic address assignment is locked down as much as possible and that we have
detective mechanisms on the network like D H cp snooping where we have our switches
looking for road D h E P servers. We scan the network looking for road devices of any kind, so
every service used for good can be maliciously modified. So we're very diligent with our scans of the network and with our detective controls. All right, so address functionality. We're gonna figure out how that's gonna happen, for our resource is second piece access control.
Now, you know, in the other chapters we talk about access control and ultimately, what we're trying to do is determine what a subject can do with an object. And we want to regulate regulate that.
So it's not just keeping the bad guys out of stuff. It's also making sure the good guys have access to what they need at the appropriate time. And we think about administrative, technical and physical controls to limit access. So physical controls to the physical building, important
administrative controls like separation of beauties, principle of Lise privilege need to know,
and then technical controls, like strong authentication and so on.
Bandwidth. You gotta have the bandwidth, right? A lot of resource is, and what's desirable is to be able to seamlessly as possible control the band with two areas that have a greater need, right? Like if you look at a something like void, Of course, that's very bandwith intensive.
So being able to numbers, we talk about traffic shaping, being able to shape traffic
so that we're able to allocate it to those areas that need it the most need the most bandwidth. That's very helpful. That's one of the things that software defined networking. She'll talk about in a minute it's gonna help with.
And then, of course, routing directing traffic from one network to another or one subject to another. That's an important element of network functionality as well. In just a moment, we're gonna talk about software to find network.
Up Next
Certified Cloud Security Professional (CCSP)

This Certified Cloud Security Professional (CCSP) certification course covers topics across six domains, to ensure the candidate has a wide range of competencies and is capable in the assessment and implementation of cloud service solutions.

Instructed By