Domain 7 Knowledge Recap
Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Time
9 hours 59 minutes
Difficulty
Intermediate
CEU/CPE
10
Video Transcription
00:00
>> In this module on infrastructure security,
00:00
we covered a lot of ground.
00:00
We talked about cloud network virtualization,
00:00
mentioning VLANs, we putting a lot of
00:00
focus on software-defined networks.
00:00
How they work, and the security benefits of them.
00:00
But continued on cloud network security,
00:00
reviewing virtual appliances,
00:00
the technique of micro-segmentation,
00:00
and discussing the software-defined perimeter pattern.
00:00
We proceeded to examine cloud workloads,
00:00
the four compute categories of virtual machines,
00:00
containers, serverless and platform-based.
00:00
Immutable workloads, the concept of
00:00
having a femoral machines,
00:00
and fixed machine images.
00:00
We finished off by examining the changes to
00:00
traditional security approaches
00:00
in evaluating cloud-based workloads.
00:00
Time for some questions.
00:00
Which of the following is/are accurate statements about
00:00
the differences between
00:00
software-defined networks and VLANs?
00:00
There's more than one correct answer in this question.
00:00
Keep that in mind as I read them off.
00:00
SDN isolates traffic which
00:00
can help with micro-segmentation.
00:00
VLANs segment network nodes into broadcast domains.
00:00
VLANs have rough daily 65,000 IDs,
00:00
while SDN has more than 16 million.
00:00
SDN separates the control plane from
00:00
the hardware device and allows for
00:00
applications to communicate with the control plane.
00:00
Give you a second.
00:00
We'll all of these are correct.
00:00
The SDN does isolate traffic between its source and
00:00
destination machines and we
00:00
reviewed how packets get encapsulated.
00:00
VLANs break things down into segments so you
00:00
don't have one flattened network
00:00
still within those segments,
00:00
the network nodes broadcast to each other.
00:00
Tactics like packet sniffing and ARP
00:00
spoofing are still applicable within certain segments.
00:00
VLANs have roughly 65,000
00:00
IDs and SDNs have more than 16 million.
00:00
I didn't talk specifically about the numbers,
00:00
but we did say that VLANs do have limitations with
00:00
respect to the number of devices
00:00
that they can host at the same time.
00:00
Where software-defined networks don't have
00:00
those limitations traditionally
00:00
associated with IP-based networking.
00:00
SDN separates the control plane from hardware devices
00:00
and allows the application to
00:00
communicate with the control plane.
00:00
You may recall we had the three layers when we were
00:00
looking at an SDN and in
00:00
the middle was the control plane.
00:00
That was talking to hardware devices below.
00:00
We even discussed the OpenFlow standard,
00:00
which is the communication method
00:00
quite commonly used when
00:00
the control plane needs to send
00:00
orders to devices on the infrastructure plane.
00:00
[NOISE] What characteristic of
00:00
cloud impacts workload security the most?
00:00
This is one of those judgment calls,
00:00
software-defined networks, elastic nature,
00:00
multi-tenancy, or shared responsibility model.
00:00
You could argue probably
00:00
all of these are impacting cloud,
00:00
but which one has the most?
00:00
The answer is C, multi-tenancy.
00:00
By far that has the biggest impact
00:00
the cloud provider needs to make
00:00
sure it isolates its tenants
00:00
both in network traffic and compute and
00:00
all the other facets that we've spoken about so far.
00:00
An extra question for such a big module before performing
00:00
a vulnerability assessment on
00:00
your running workloads what should be done first,
00:00
select a VA product that works in a cloud environment.
00:00
Determine whether a provider allows customers to
00:00
perform a VA and if any prior notice is required.
00:00
Open all SDN firewalls to allow
00:00
a more thorough vulnerability assessment.
00:00
Establish a time and date that you will
00:00
access the provider's datacenter,
00:00
so you can run the VA on
00:00
the physical server that is hosting your workload.
00:00
Think about the best one.
00:00
Best probable answer is B.
00:00
You want to make sure that
00:00
the vulnerability assessments are going to be
00:00
okay with your provider
00:00
and that wraps it up for this module.
00:00
I hope you learned a lot about cloud,
00:00
especially in the technical aspects and
00:00
securing your workloads in the cloud.
00:00
In the next domain we will dive deeper into
00:00
virtualization and container workloads.
00:00
I look forward to exploring that with you.
Up Next
Similar Content
