Virtualized Networking
Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Time
9 hours 59 minutes
Difficulty
Intermediate
CEU/CPE
10
Video Transcription
00:01
>> Why not talk a little more about virtualized networking?
00:01
Hey, it's a big deal.
00:01
It breaks through a lot of the constraints
00:01
with traditional networking and it
00:01
allows you to implement
00:01
some highly secure and locked down networks in the Cloud.
00:01
Specifically, we'll go over network monitoring and
00:01
filtering as well as network management infrastructure.
00:01
In the prior module, we took a deep dive into
00:01
the particulars of network virtualization.
00:01
VLAN is one approach,
00:01
but SDNs is the preferred approach.
00:01
The SDNs operate much differently than
00:01
traditional network approaches used by VLANs.
00:01
The software based controls can programmatically mold and
00:01
alter the flow of network traffic
00:01
between hardware devices.
00:01
This can be achieved with a
00:01
fraction of the effort it would
00:01
take to do the needful with traditional networks.
00:01
The before diagram depicts how
00:01
network traffic between two servers,
00:01
whether physical or virtual,
00:01
will always pass out to the physical network.
00:01
Network monitoring capabilities both
00:01
those for good and for evil,
00:01
are built around the assumption
00:01
that this network traffic can
00:01
either be observed or routed
00:01
through monitoring choke points.
00:01
By default, SDN controllers want to
00:01
optimize all traffic routing between two resources.
00:01
If two virtual compute resources
00:01
are on the same physical host,
00:01
the SDN will take the optimal path
00:01
by keeping traffic within the host,
00:01
this traffic does not flow out onto the physical network.
00:01
Even when the SDN traffic
00:01
makes its way to the physical network,
00:01
the communication packets intended to be
00:01
delivered between the virtual resources,
00:01
they are encapsulated with the routing instructions
00:01
specific to the Cloud provider's network,
00:01
not the logical network you
00:01
establish between the virtual resources.
00:01
This is all to say
00:01
traditional network monitoring approaches
00:01
do not work.
00:01
It's possible to construct the virtual network in
00:01
a manner comparable to historical practices.
00:01
Rules can be defined to have
00:01
all traffic routed to a virtual appliance,
00:01
but this can have consequences in terms of performance,
00:01
cost, scalability, and reliability.
00:01
Remember that any appliance,
00:01
virtual or physical can be
00:01
a bottleneck and or a single point of failure.
00:01
Since we've spent so much time talking about this,
00:01
I won't reiterate the many other points here,
00:01
but please re-watch the prior module if anything I've
00:01
spoken about or alluded
00:01
to leaves you scratching your head.
00:01
When it comes to the management
00:01
infrastructure of a network,
00:01
the Cloud provider is very important on
00:01
tenant segregation and isolation.
00:01
In fact, it's their top priority.
00:01
Another important security precaution for
00:01
Cloud providers is to disable the packet sniffing,
00:01
since doing so will make
00:01
many traditional network attacks irrelevant.
00:01
But just as important,
00:01
Cloud providers need to equip
00:01
Cloud users with built-in firewall capabilities,
00:01
so Cloud users can design secure networks.
00:01
From that point, it's
00:01
the user's responsibility to configure
00:01
Cloud deployments and leverage
00:01
those virtual firewall rules.
00:01
They can apply various strategies to isolate,
00:01
segment, and compartmentalize networks.
00:01
To that end, Cloud users should enforce
00:01
using tested configurations and templates.
00:01
We talked about using infrastructure as a code
00:01
for a disaster recovery scenario.
00:01
It's also a great technology for establishing templates
00:01
and managing change to
00:01
the way your virtual networks are configured.
00:01
As a last option, virtual appliances
00:01
can be used to implement
00:01
controls to mitigate any gaps in Cloud provider security.
00:01
This is in a knowledge recap video,
00:01
but it is pop quiz time.
00:01
Which of the following are accurate statements
00:01
comparing virtual and physical networks?
00:01
Applications can be hyper segregated and put in
00:01
isolated networks to reduce blast radius of any breach.
00:01
Virtual networks can be
00:01
programmatically defined and redefined.
00:01
It is easier to filter traffic in a physical network.
00:01
More than one answer is correct,
00:01
give you a second.
00:01
A, applications can be hyper
00:01
segregated and put into isolated networks.
00:01
This is micro-segmentation we talked about,
00:01
creating overlapping IP ranges between
00:01
two separate networks to ensure
00:01
the two networks cannot be connected.
00:01
B is also a correct answer.
00:01
Virtual networks can be
00:01
programmatically defined and redefined.
00:01
Earlier in this video itself,
00:01
we were talking about infrastructures code
00:01
and the many different ways to create,
00:01
mold and modify your virtual networks.
00:01
This is a very powerful capability.
00:01
C is not correct.
00:01
It is easier to filter traffic in a physical network.
00:01
It's a tricky one, but the concept
00:01
of ease is quite subjective.
00:01
Filtering in a virtual network is different,
00:01
but it may or may not be more difficult.
00:01
To summarize this video,
00:01
we covered network monitoring and
00:01
filtering, network management infrastructure.
Up Next
Similar Content
