Secure Infrastructure Design
Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Video Transcription
00:00
>> Secure infrastructure design.
00:00
The learning objectives for this lesson are to
00:00
configure networks to achieve resiliency,
00:00
to create networks for scalability,
00:00
and to discover how automation
00:00
>> can aid us in networking.
00:00
>> Let's get started. Scalability is
00:00
your ability to expand
00:00
your network with
00:00
the changing needs of your organization.
00:00
For example, if you have
00:00
a sudden burst in traffic onto one of
00:00
your web servers and you needed
00:00
additional processing power and
00:00
memory to be able to handle that burst of traffic,
00:00
that would be an example of vertical scalability
00:00
where you could add that on the fly.
00:00
You could add additional processing power or memory
00:00
or even storage to an individual system.
00:00
With horizontal scalability, we are
00:00
adding additional servers that
00:00
are processing the same workload.
00:00
This is an example of clustering.
00:00
If we have three servers and one of them were to fail,
00:00
the other two would continue processing the workload.
00:00
Some examples of scalability
00:00
would be a Content Delivery Network.
00:00
This is when you had additional servers that are
00:00
delivering the same data to end users.
00:00
This is an example of horizontal scaling.
00:00
We can also use caching,
00:00
which makes copies of data that either doesn't
00:00
change often or maybe it never changes.
00:00
By doing this, we are
00:00
improving the load times for that data.
00:00
Resiliency. This enables you to
00:00
recover if a part or even your whole system were to fail.
00:00
How quickly you're able to do that,
00:00
is measured by how resilient you are.
00:00
You can offer high availability of resources so
00:00
that in the event
00:00
you have an increased demand or failure,
00:00
you're able to recover from it.
00:00
But by adding in these types of things,
00:00
we're increasing the complexity and the cost
00:00
and the overall management of our network.
00:00
If we add an additional servers
00:00
or a second wired connection,
00:00
that increases our costs,
00:00
but it also makes it harder for us to do our jobs.
00:00
We have to factor that in more building our plans.
00:00
We can use course of action orchestration.
00:00
These are automated responses to specific events.
00:00
When we need additional memory on the fly,
00:00
that memory can be added to
00:00
a specific system so that we can scale vertically.
00:00
We can also use distributed allocations,
00:00
which is where we spread workloads across
00:00
multiple units that are all working together.
00:00
Replication allows us to copy the data
00:00
to another location where it
00:00
can be used most effectively.
00:00
Lastly, we have clustering,
00:00
which is when we group servers
00:00
together to distribute the workload.
00:00
This allows us for failover.
00:00
When one of the servers dies,
00:00
the other servers in the cluster will continue working.
00:00
Virtualization. This is sometimes
00:00
something that can be complicated for some people,
00:00
so we're going to spend a little bit of time on it.
00:00
But virtualization at its core,
00:00
is simply running
00:00
multiple operating systems on the same computer.
00:00
Virtualization requires three main parts.
00:00
The first is the host hardware.
00:00
This is the actual computer that will be used for this.
00:00
The second is the hypervisor.
00:00
The hypervisor is the virtualization software that
00:00
manages how the virtual machines
00:00
interact with the hardware.
00:00
Lastly, we have our guest operating system,
00:00
our virtual machines, or instances.
00:00
If you're using a type 2 hypervisor,
00:00
which we'll get into in a moment,
00:00
you still have to have a base operating system on
00:00
the hardware to be able to serve up the virtual machines.
00:00
But if you're using a type 1, then you don't need that.
00:00
That brings us to the types of virtualization.
00:00
Type 1 is also known as bare metal.
00:00
It doesn't need an operating system installed on
00:00
the hardware so that you can install virtual machines.
00:00
It's often easier to understand
00:00
this by starting with type 2,
00:00
because that's what most people are
00:00
familiar with by maybe
00:00
using something like VMware Workstation or VirtualBox.
00:00
But with a type 2,
00:00
you have to install an operating system
00:00
first on the hardware,
00:00
say for example, Windows 10,
00:00
and then you install VirtualBox on top of that,
00:00
and then you create a virtual machine with
00:00
VirtualBox that allows you to run Linux, for example.
00:00
However, with type 1 hypervisors,
00:00
we eliminate the Windows 10 layer
00:00
and the hypervisor takes over for all that for us.
00:00
This is more efficient because
00:00
now we don't have to have resources
00:00
dedicated for the operating system.
00:00
The hypervisor can take that and give
00:00
it all back to the virtual machines.
00:00
Some examples of a type
00:00
1 hypervisor are: Microsoft Hyper-V,
00:00
XEN, Proxmox, and VMware ESXI.
00:00
Examples of type 2 would be VirtualBox,
00:00
VMware Workstation, and Parallels Workstation.
00:00
We can also use application virtualization.
00:00
This is when a client or user,
00:00
accesses an app that's hosted on a server.
00:00
This almost always takes
00:00
place through the user's browser.
00:00
This allows us to virtualize
00:00
specific applications that are served from
00:00
a single server and it's
00:00
served through the user's browser.
00:00
Some examples of this are Microsoft App-V,
00:00
XenApp, and ThinApp.
00:00
Containerization.
00:00
This is also known
00:00
as operating system-level virtualization.
00:00
But instead of a hypervisor,
00:00
it uses the system's kernel.
00:00
It creates a virtual environment
00:00
with the bare minimum needed parts for an app to run.
00:00
This allows us to have a performance
00:00
benefits because it doesn't need a hypervisor.
00:00
An example of containerization would be Docker.
00:00
Virtual desktop infrastructure.
00:00
Desktops are completely virtualized and ran from servers.
00:00
This separates the user from
00:00
a physical machine completely.
00:00
We have three deployment models.
00:00
The first is hosted.
00:00
It's provided by a third party.
00:00
Centralized is hosted within the enterprise itself.
00:00
Lastly, we have synchronized,
00:00
which allows for work to
00:00
continue even if you're disconnected.
00:00
This requires more local resources.
00:00
I remember back in the very old days,
00:00
we used to have terminals
00:00
that you might have seen some of
00:00
these with the green screens,
00:00
or even sometimes there were amber and all the work was
00:00
done on a server in the back,
00:00
and each person only got an actual terminal.
00:00
Then we shifted everything towards PCs,
00:00
and the work shifted towards being done on the local PC.
00:00
Now, we're shifting back to again,
00:00
because of the Cloud and
00:00
also this virtual desktop infrastructure,
00:00
shifting everything back to everything can be done on
00:00
another server or in the Cloud
00:00
instead of being done on the local computer.
00:00
It's a cyclical way of doing things.
00:00
We've been here before and
00:00
it doesn't necessarily mean that this way is
00:00
better or that having
00:00
everything on a local workstation is better.
00:00
It's just the nature of how
00:00
things change with the technology.
00:00
Here are some virtual desktop vulnerabilities.
00:00
We can have VM escape.
00:00
This is when you jump from
00:00
one virtual machine to another.
00:00
We can also have privilege escalation.
00:00
Once you're in one VM as
00:00
a regular user, by using exploits,
00:00
you can escalate your way up to become a privileged user.
00:00
We have live VM migration,
00:00
which is a feature that's built into
00:00
some hypervisors that allows for
00:00
that VM to be copied to
00:00
another server while it's still in use.
00:00
However, if it is not configured correctly,
00:00
an attacker could do the same thing
00:00
and copy it to another machine
00:00
so that they could get into it and use it for an attack.
00:00
We also have data remnants,
00:00
which are pieces of data that were left
00:00
behind from previous virtual machines.
00:00
Methods of automation.
00:00
This is automation in our Cloud deployments.
00:00
The first is bootstrapping.
00:00
This is an automated way to deploy an instance.
00:00
We may have scripts set up and that would
00:00
contain settings, and apps,
00:00
and things that we want to install
00:00
in that particular instance,
00:00
and with using bootstrapping,
00:00
we can have all that done automatically.
00:00
We also have auto-scaling,
00:00
which dynamically adjusts the resources
00:00
that we have based on the current need.
00:00
Going back to my example of we have a spike in
00:00
traffic and we maybe need to
00:00
add additional processing power and memory,
00:00
this can be done automatically.
00:00
Security orchestration, automation, and response.
00:00
This is an automated response to a security incident.
00:00
Incident response is usually
00:00
a long list of items that have to be
00:00
performed when a given threat is spotted.
00:00
But because these types of
00:00
situation cause a lot of stress,
00:00
it often makes things easy to skip.
00:00
We can create these into playbooks,
00:00
which are simply scripts that
00:00
are performed when an incident is observed.
00:00
SOAR can scan the threat data collected from
00:00
various sources and then run
00:00
the responses in these playbooks automatically for us.
00:00
Let's summarize what we went over in this video.
00:00
We discussed scalability,
00:00
both horizontally and vertically.
00:00
We discussed methods to achieve resiliency.
00:00
We also discussed automation and Cloud deployments.
00:00
Finally, we went over virtualization
00:00
and containerization.
00:00
Let's do some questions.
00:00
Example 1, what technology allows for
00:00
multiple redundant processing nodes they
00:00
share data with each other to accept connection?
00:00
Clustering. Example 2,
00:00
VMware, Proxmox, Xen,
00:00
and Hyper-V are all examples of
00:00
which type of virtualization.
00:00
Type 1 hypervisors. Question 3,
00:00
what is operating system virtualization also known as?
00:00
Containerization. Question 4,
00:00
adding additional resources to
00:00
a system such as processors,
00:00
memory, and storage is which type of scalability?
00:00
That is vertically or vertical scale.
00:00
I hope this lesson was helpful to you,
00:00
and I'll see you on the next one.
Up Next
Instructed By
