in this module on infrastructure security, we covered a lot of ground. We talked about cloud network virtualization, mentioning V lands but putting a lot of focus on software defined networks, how they work and the security benefits of them but continued on cloud network security reviewing virtual appliances,
the technique of micro segmentation
in discussing the software to find perimeter pattern.
And we proceeded to examine cloud workloads. The four compute categories of virtual machine containers, serverless and platform based
immutable workloads. Concept of having ephemeral machines and fixed machine images. And we've finished off by examining the changes to traditional security approaches in evaluating cloud based workloads.
Time for some questions. Which of the following is are accurate statements about the differences between suffer to find networks and v Lance? There's more than one correct answer in this question. Keep that in mind as I read them off.
STN isolates traffic, which can help with micro segmentation.
V lands segment network nodes into broadcast domains. Feelings have rough Dele 65,000 I DS, while STN has more than 16 million
STN separates the control plane from the hardware device and allows for applications to communicate with the control plane
All of these are correct. The FDN does isolate traffic between its source and destination machines,
and we reviewed how packets get encapsulated villains break things down into segments so you don't have one flat network still, within those segments, the network nodes broadcast to each other, so tactics like packet sniffing and ARP spoofing are still applicable within certain segments.
Feelings have roughly 65,000 i ds
an SD ends have more than 16 million. I didn't talk specifically about the numbers, but we did say that the lands do have limitations with respect to the number of devices that they can host. The same time where software defined networks,
I don't have those limitations traditionally associated with I. P based networking. SGN separates the control plane from hardware devices and allows to the application to communicate with the control plane.
You may recall we had the three layers when we were looking at in STN and in the middle was the control plane, and that was talking to hardware devices below. We even discussed the open flow standard, which is the communication method quite commonly used when the control plane needs to send orders to devices on the infrastructure plane.
What characteristic of cloud impacts workload security the most? This is one of those judgment calls software defined networks, elastic nature, multi tenancy or share responsibility model. You could argue. Probably all of these are impacting cloud. But which one has the most?
And the answer is C multi tenancy
by far that has the biggest impact the cloud provider needs to make sure it isolates its tenants both a network traffic and compute and all the other facets that we've spoken about so far
and an extra question for such a big module before performing a vulnerability assessment on run of your running workloads. What should be done? First, select the V a product that works in a cloud environment. Determine whether provider allows customers to perform a via and if any prior notice is required,
Open all STN firewalls to allow a more thorough vulnerability assessment.
Establish a time and date that you will access the Providers Data center so you can run the VA on the physical server that is hosting your workload.
Okay, think about the best one.
Best probable answer is
be you want to make sure that the vulnerability assessments are going to be okay with your provider.
And that wraps it up for this module. I hope you learned a lot about cloud, especially in the technical aspects and securing your workloads in the cloud and the next domain. We will dive deeper into virtual ization and container workloads. I look forward to exploring that with you.