CySA+
  • CySA+ CS0-002 Exam Objectives
  • Threat Intelligence Cycle
  • Intelligence Sources
  • Security Intelligence Sharing
  • Threat Classification and Threat Actors
  • Threat Research and Indicators of Compromise
  • Attack Frameworks and The Cyber Kill Chain
  • Defining Threat Modeling and Threat Hunting
  • Vulnerability Identification and Validation
  • Vulnerability Scan Results and CVSS Scores
  • Nmap and Enumeration
  • Security Controls
  • Defense in Depth Security Baselines
  • Security Trend Analysis
  • Remediation Issues
  • Asset, Change, and Configuration Management
  • Software Development Lifecycle & Development Models
  • Software Assessment and Code Review
  • Mitigating Attack Types Part 1
  • Mitigating Attack Types Part 2
  • Mitigating Attack Types Part 3
  • Password Cracking and Hashing
  • Privilege Escalation & Man-in-the-Middle
  • Network Based IoCs
  • Host Based IoCs
  • Network Architecture and Segmentation
  • Network Traffic, Packet, and Protocol Analysis
  • Pentesting and Active Defense
  • Firewalls
  • URL Analysis & DNS in Malware
  • Network Access Control and Port Security
  • Identity and Access Management (IAM)
  • Web Application Scanners
  • SSL/TLS Digital Certificate Management
  • Mobile Threats
  • Email Threats and Mitigation
  • Data Loss Prevention (DLP)
  • Endpoint Security and Behavior Analysis
  • Hardware Assurance
  • Blackholes and Sinkholes
  • IoT, Embedded Systems & ICS/SCADA Threats
  • Log Analysis & Continuous Security Monitoring
  • SIEM and Event Correlation
  • Malware Analysis
  • Cloud Models and Service Threats
  • Cloud Automation and Other Cloud Threats
  • VDI, Containers, and Microservices
  • CI/CD, IaC, DevOps
  • AI and Machine Learning
  • Digital Forensics
  • Technical Controls for Securing Data
  • Non-Technical Controls for Securing Data
  • Security Policies and Procedures
  • Continuity Planning and Risk Assessment
  • Incident Response Phases and Communication
Powered by GitBook
On this page

Network Architecture and Segmentation

  • We have

    • Switches

    • Routers

    • Access Points

    • Cabling

  • We protect them with:

    • Physical security controls

      • Doors, locks, fences, guards

    • Hosts become virtual machines

    • Not so different from physical networks

      • Same networking protocols

      • Same operating systems

      • Same networking devices (but virtual)

      • Same security devices (but virtual)

    • VMescape attacks: targeting the hypervisor

    • VM to VM traffic (East-West) might cross the physical network.

  • Software Defined Networking (SDN)

    • Traditional networking puts everything in one device:

      • Management

      • Routing decision

      • Traffic forwarding

    • SDN

      • Control plane – routing decisions, algorithms, tables

      • Data plane – forwarding, dumb fast switches

      • Management plane – config, monitoring, CLI, REST, APIs, orchestration

      • Management Application <-> SDN Controller <-> Physical devices

      • Management App <-> SDN controller is Northbound API

      • SDN Controller <-> Physical devices is Southbound API

  • VPC (Virtual Private Cloud)

    • Microsoft Azure – virtual network

    • AWS – VPC

    • Oracle – VCN (virtual cloud network)

    • Google Cloud – VPC

  • VPN (Virtaul Private Network)

    • Data tunnel through a public infrastructure

    • Provides remote connectivity

    • VPN is not necessarily secure. Data tunnel only unless it’s an encrypted tunnel.

  • Serverless function (Function as a Service)

    • AWS Lambda

    • Azure functions

    • Google – Cloud functions

  • Network Segmentation

    • Good for management and performance

    • Air gapping. Completely disconnecting a network segment physically.

      • Tough to manage.

      • Military, power systems, systems that can’t have any outside interference

      • Protecting CA private keys in PKI

        • CA generates and signs certs using it’s private key

        • Trusting a CA implies trusting certs signed by it.

    • Layer 2 segmentation, VLANs, private VLANs, port security

    • Layer 3+ segmentation: subnetworks, traffic policies, ACLs

    • DMZ – Network segment for publicly facing servers

    • Jumpbox / Bastion Host – A machine used to access another network

PreviousHost Based IoCsNextNetwork Traffic, Packet, and Protocol Analysis

Last updated 2 years ago