9 hours 48 minutes
after looking at physical security, let's take a look at logical security. So we're talking physical security. We're talking about those physical elements, those things you can touch now when we look a logical security, we're more concerned about organization
based on needs for security makes based on needs for performance.
So in the logical security, you know, our big focus when we talk about logical security, isolation, isolation, isolation. I may have said this to you guys already, but if somebody said we're gonna pay you a bunch of money, come out and talk to our people for five minutes on security,
I would walk out on stage and say,
And then I walk offstage and collect my paycheck because that's the foundational principle in security. Separate out trusted entities from untrusted entities. Don't let untrusted entities
access trusted or protected resource is right, so isolating those networks would talk about virtual switches and mentioned villains just a few minutes ago,
making sure that we have isolation and determined. Do we want intervene? Lynn Communication. You know, if we really have a secure V Lynn, we don't want other villains accessing that one, Most likely
so ultimately What we're doing is reason that virtualized environment to create virtual sub nets, if you will,
um, the virtual switch and we're basing the type of isolation segmentation that we use based on security zones will have other devices to protect the traffic, like firewalls, intrusion detection to inspect traffic, moving from villain to villain.
We also want to make sure that we're using secure protocols.
Remember, I pee in and of itself is unsecure. So when we're accessing through web traffic, we have to look a t. L s transport layer security because http is again unsecure.
So T l s adds an additional layer of security. We think about D. N s, which we've used traditionally, but D N s
is too trusting,
Um de ns and itself learns what it learns from whoever it learns it from, so to speak. So D. N s sec is a set of security extensions that can be added on that provide authentication for dina servers when they communicate with each other,
so that as a d n a server, I'm not just taking the word of any D. N s server that says, Oh, here's the I P address.
So that does brought provide some security through the use of keys. So that's certainly a benefit.
Now, as we talk about these security zones, Um, and actually I'd rather cut there. Let's go back and let's end this slide by itself. And then let's start this new slide on network isolation and security zones.
Certified Cloud Security Professional (CCSP)
This Certified Cloud Security Professional (CCSP) certification course covers topics across six domains, to ensure the candidate has a wide range of competencies and is capable in the assessment and implementation of cloud service solutions.