CCSK

Course
New
Time
9 hours 29 minutes
Difficulty
Intermediate
CEU/CPE
10

Video Transcription

00:02
why not talk a little more about virtualized networking? Hey, it's a big deal. It breaks through a lot of the constraints with traditional networking, and it allows you to implement some highly secure and locked down networks in the clout specifically will go over network monitoring and filtering, as well as network management infrastructure
00:21
and the prior module we took a deep dive into the particulars of network virtualization V lands is one approach, but SC ends is the preferred approach. The SD ends operate much differently than traditional network approaches used by V lands. Software based controls come programmatically mold and alter the flow of network traffic between hardware devices.
00:41
This could be achieved with a fraction of the effort it would take to do the needful with traditional networks.
00:46
The before diagram depicts how network traffic between two servers, whether physical or virtual, will always pass out to the physical network.
00:56
Network monitoring capabilities, both those for good and for evil are built around the assumption that this network traffic can either be observed, are routed through monitoring chokepoints
01:06
by default, as in, controllers want optimize all traffic. Routing between two resource is if to virtual compute resource is air on the same physical host. ESPN will take the optimal path by keeping traffic within the host. This traffic does not flow out onto the physical network,
01:23
even when the STN traffic makes its way to the physical network.
01:26
The communication packets intended to be delivered between the virtual resource is they are encapsulated with routing instructions specific to the cloud provider's network, not the logical network you established between the virtual resource is
01:41
this is all to say. Traditional network monitoring approaches do not work.
01:45
It's possible to construct the virtual network in a manner comparable to historical practices. Rules could be defined have all traffic routed to a virtual appliance. But this can have consequences in terms of performance, cost, scalability and reliability. Remember that any appliance, virtual or physical, can be a bottleneck and or a single
02:04
point of failure.
02:06
Because we've spent so much time talking about this, I won't reiterate the many other points here, but please re watch the prior module of anything I've spoken about. Our looted two leaves you scratching your head.
02:17
When it comes to the management infrastructure of a network. The cloud provider is very important on tenants segregation and isolation. In fact, it's their top priority.
02:27
Another important security precaution for cloud providers is to disabled packet sniffing, since doing so will make many traditional network attacks irrelevant.
02:35
But just as important, cloud providers need to equip cloud users with built in firewall capabilities. So Cloud users condemns eine secure networks.
02:44
From that point, it's the user's responsibility to configure cloud deployments and leverage those virtual firewall rules.
02:51
They can apply various strategies to isolate segment and compartmentalized networks. To that end, Cloud users should enforce using tested configurations and templates we talked about Using infrastructure is code for a disaster recovery scenario.
03:07
It's also a great technology for establishing templates and managing change to the way your virtual networks are configured
03:15
and, as the last option virtual plants is can be used to implement controls to mitigate any gaps in cloud provider security.
03:23
Okay, this is in a knowledge recap video, but it is pop quiz time.
03:27
Which of the following are accurate statements comparing virtual and physical networks?
03:32
Applications can be hyper segregated and put in isolated networks to reduced blast radius of any breach.
03:38
Virtual networks could be programmatically defined and redefined
03:43
it is easier to filter traffic in a physical network.
03:46
More than one answer is correct. Give you a second. Okay, A applications could be hyper segregated and put into isolated networks. This is micro segmentation. We talked about creating overlapping I P ranges between two separate network to ensure that two networks cannot be connected.
04:04
B is also a correct answer. Virtual networks could be programmatically defined and redefined. Earlier in this video itself, we were talking about infrastructures code and the many different ways to create mold and modify your virtual networks. This is a very powerful capability. See is not correct.
04:21
It is easier to filter traffic any physical network.
04:26
It's a tricky one, but the concept of ease is quite subjective. Filtering in a virtual network is different, but it may or may not be more difficult
04:34
to summarize this video. We covered network monitoring and filtering network management infrastructure

Up Next

CCSK

This course prepares you to take the CCSK exam certification by covering material included in the exam. It explains how the exam can be taken and how the certification process works.

Instructed By

Instructor Profile Image
James Leone
Cloud, IoT & DevSecOps at Abbott
Instructor