3.3 Load Balancing
Load Balancing
manage the disruption of incoming requests across servers based on various factor such as server capacity, current load, and health status.
prevents any single server from becoming overloaded and ensures even distribution of traffic
TCP Offload
backend servers are relieved from handling these tasks, which can be resource-intensive. TCP is the protocol used for establishing and maintaining connections between devices over the internet
SSL Offload
can handle SSL (Secure Sockets Layer) encryption and decryption, relieving backend servers from the resource-intensive task and improving overall efficiency
Caching
can cache frequently accessed content or data, such as static web pages or images, to deliver faster responses to clients and reduce the load
Can prioritize certain types of traffic or requests based on predefined rules or policies, ensuring that critical applications or services receive sufficient resources and bandwidth
Active Load Balancing
servers actively process incoming requests and handle the workload
Passive Load Balancing
servers are kept in a standby state and do not actively process requests.
ready to take over the workload if any of the active servers fail or become unavailable
Active/Active Load Balancing
all servers are actively handling requests simultaneously
Scheduling Load Balancing
involves determining how incoming reqests are distributed amongst servers
Scheduling Round-robin balancing
requests are distributed to servers in a circular order
each server is selected in turn
Weighted Round-robin
servers are assigned different weights based on their capacity or capability
Dynamic Round-robin
Server load is continuosly monitored
Requests are routed to the server with the lowest current load, ensuring resource utilization
Virtual IP load balancer
involves using a single IP address to represent multiple servers behind a load balancing
Persistence load balancer
ensures that clients maintain a consistent connection with a specific server instance throughout their session
3.3 Network Segmentation
Virtual Local Area Networks (VLANs)
allows you to logically segment a network like dividing an office building into separate departments, providing isolation and security benefits while enabling efficient communication between different groups of devices
Screened subnet
acts as a buffer zone between the public internet and your private network , allowing public access to specific resources while protect your sensitive information from unauthorized access
East-west traffic
communication happening inside the same building or location.
Quicker communication
Extranet
a special area within your company’s network where trusted partner, vendors, or supplies are invited to collaborate.
access is restricted to authorized users, who need to pass through additional authentication measures to ensure security and privacy
Intranet
private area for employees of a company.
employees access company-related information and resources, collaborate with colleagues, and stay informed about internal matters
access is limited to employees only
NO EXTERNAL ACCESS
Zero Trust
no one is trusted.
everyone identity and intentions are continuously monitored and implement multiple layers of security measures to ensure the security measures to ensure the safety of site
3.3 Virtual private network (VPN)
Virtual Private Network (VPN)
allow for secure communication over public networks by encrypting data
data is encrypted before it travels over the internet.
VPN Concentrator
a security checkpoint for data traveling in and out of a private network.
managing the flow of data in and out of a VPN Network
authenticates users, encrypts their data, and ensures that only authorized users gain access to the internal network resource
provides secure remote access to a network using the SSL/TLS protocol.
Remote access VPN
enables user to connect to a private network securely from a remote location
on demand access to private network from their remote devices, such as laptops or smartphones, whenever they need access to network resources
Personal Device ————> VPN (Encrypts Traffic+ Connects to Internal Network) ———→ Internet
What is VPN used for?
Used to securely access a private network from remote locations, such as home or while traveling.
See AlsoError CS0433 | BytesWhat can we learn from wearable tech marketing strategies? - News & insight - Cambridge Judge Business SchoolAI adds to, but doesn't replace intranet findabilityEnables remote employees to connect to their company’s network and access resources as if they were physically present in the office
Full Tunnel VPN
directs all your internet traffic through a VPN tunnel
internet traffic, data is encrypted before it leaves the device
Split Tunnel VPN
splits the traffic flow
allows you to designate which apps or websites will use the encrypted VPN tunnel
Remote Access VPN
allows user to connect to a private network from a remote location , such as their home or a public WI-FI hotspot, securely over the internet.
VPN client software. Remote access VPN • On-demand access from a remote device – Software connects to a VPN concentrator • Some software can be configured as always-on
Site to Site VPN
allows multiple offices of a company to connect securely over the internet.
instead of individual devices connecting to a VPN server, entire networks (sites) are connected to each other , creating a secure and private network over the internet
lets employees in different locations share resources and communicate as if they were in the same office
IPsec (Internet Protocol Security)
provides security for OSI Layer 3 with the following features
Authentication and Encryption
Confidentiality and Integrity : Ensures data privacy and prevents alteration during transmission through encryption and packet signing
Includes two Protocols
Authentication Header (AH) and Encapsulation Security Payload (ESP)
Layer 2 Tunneling Protocol (L2TP)
used for connecting sites over a layer 3 network as if they were connected at layer 2.
commonly implemented with IPSec for added security
creates a tunnel for data transmission
HTML5
standard language used for creating and structuring content on the web.
has the ability to create a VPN tunnel without the need for a separate VPN application.
Network Access Control (NAC)
solutions help manage who and what can connect to a network.
designed to enhance network security by enforcing policies for endpoint devices seeking to connect to a network
Enforce rules that devices must follow, like having antivirus software.
Out-of-band response
a method used by an Intrusion Prevention System (IPS) to deal with malicious network traffic
Occurs after the IPS has identified the malicious traffic
IPS sends TCP RST (reset) frames to the source of the packets to terminate the connection
Port Security
measures taken to secure physical switch interfaces
limits overall traffic
limiting the number of MAC addresses allowed on a port
Broadcast storm prevention
is like a traffic cop for network messages
Limits the number of broadcast messages that can flood a network, preventing them from causing congestions of disruptions
Limit the number of broadcasts per second
Bridge Protocol Data Unit (BDPU) guard
protects against STP attacks
detects BDPUs that could disrupt the network
Spanning Tree Protocol
prevents bridge loops in Ethernet networks
acts a traffic cop to prevent endless loops
used to reduce layer 2 loops
What is a loop? something that goes around and around and it never stops
Only uses one link for a switch
Loop Prevention
Connect two switches to each other
They will send traffic back and forth forever
IEEE standard 802.1D prevents loops in bridged (switched) networks
Dynamic Host Configuration Protocol (DHCP) snooping
a security feature on a switch that can be used to prevent unauthorized DHCP servers from operating on the network
switches have interfaces on the network that it can mark as untrusted if it has not be trusted
switch can filter out the untrusted DHCP conversation and not allow it to be sent to any of the devices on the network
Media access control (MAC) filtering
a network security technique used on switches to control device access based on their unique Media Access Control (MAC) address
not always useful due to the fact MAC address can be spoofed
creates a list of authorized MAC addresses.
only allows devices with matching MAC address to connect to specific ports
3.3 Network Appliances
Jump Servers
acts a security checkpoint in the lobby
acts as an middle man for connecting you to a server in a more secure zone of the network.
creates a separation between the less secure zone and the highly secure zone where the important servers are located
Proxy Servers (Forward Proxy)
acts an middle man between a client requesting a resource (like a webpage) and the server that provides that resource
when accessing a website, your request goes to the proxy server first, instead of directly to the website.
_______ receive your request and forwards it to the actual website server
can filter content before the server receives it
improves browsing speed
Reverse Proxy
request goes to the reverse proxy first, instead of directly to the web server
the reverse proxy directs the users to the appropriate web server
the web server processes the request and sends it to the reverse proxy and the reverse proxy sends it to the client
Network-based intrusion detection system (NIDS)
acts like a security guard who monitors the flow of people
keeps an eye on network traffic, analyzing packets to identify suspicious activity.
Compares network traffic patterns to known attack signatures
if it detects something suspicious , it generates alerts for further investigation
Network-based intrusion prevention system (NIPS)
acts a security guard who can actively prevent unauthorized access
monitors network traffic, but it can take action to block suspicious activity in real-time
can block malicious traffic or take steps to isolate the compromised device
Signature Based
a specific method used by intrusion detection systems (IDS) to identify malicious activity on a network.
patterns or characteristics of malicious activity identifies by security researches.
Heuristic/behavior
a specific method used by intrusion detection systems (IDS) to identify detection focuses on observing activities.
notices someone acting suspiciously.
Anomaly based
a specific method used by intrusion detection systems (IDS) to identify un-normal behavior from a user and alerts the user for potential security concerns
Inline IDS
Inspects all network traffic passing through in real-time.
analyze the packet to identify malicious activity and take immediate action to block it
Passive IDS
monitors network traffic flowing by but doesn’t directly interfere with it.
analyzes the traffic and sends alerts for suspicious activity
reports any suspicious activity they see
Hardware Security Module
a tamper-resistant device that safeguards sensitive data, particularly cryptographic keys and digital signatures
store and manage cryptographic keys.
perform cryptographic operations like encryption and decryption within their secure environment
Sensors
monitor the flow of data across your network for unusual patterns or potential threats
Intrusion prevention systems, firewall logs, authentication logs, database transaction logs, email logs
Aggregate
to combine multiple network connections into one logical connection.
Collectors
refers to systems that gather log and event data from various security devices and applications. These devices can include
Firewalls
SIEM consoles
Syslog servers
Web Application Firewall (WAF)
acts as a security shield that protects web application from malicious attacks
is like a security guard who stands between your store (web application) and the street (internet)
filters incoming traffic based on a set of security rules. It can block requests that appear suspicious or malicious
Protects against SQL Injection
Applies rules to HTTP/HTTPS conversations
Network Based Firewall (NGFWs)
acts a security barrier that safeguards your entire network from unauthorized access and malicious traffic.
controls who are what comes in to your network
examines all incoming and outgoing traffic on your network connection
implements
Can incorporate content filtering features such as URL filtering, to control website traffic by category
Integrate IPS capabilities to identify and block malicious traffic based on known attack signatures and vulnerabilities specific to applications
Can incorporate content filtering features such as URL filtering, to control website traffic by category
Stateful Firewall
keep track of active connections
allows or blocks traffic dynamically. It remembers authorized connections and allows data flowing within those connections
knows the reason on why there are there and as long as the connection is valid the connection is free-less
Stateless Firewall
is a network security tool that filters traffic based on pre-defined rules without keeping track of ongoing connections
does not keep track of traffic flows
each packet is individually examined , regardless of past history
traffic sent outside of an active session will traverse a stateless firewall
Unified Threat Management (UTM)
integrates multiple security functionalities into a single platform
acts like a well-coordinated security team with all the guards together from a central command center
Functions include
Firewall , IDS/IPS, and Antivirus/Anti-malware, Content filtering, and Web Filtering, VPN Endpoint, Spam Filter
Network Address Translation (NAT) Gateway
acts as a translator between your internal network and the internet
turns your private ip address to a public ip address that can be recognized by the internet.
Content/URL Filtering
a security practice that controls the type of content or websites users on your network can access
Firewall characteristics
Open-source vs. Proprietary
Open Source Firewalls
free to use and modify, large community for support , may lack advanced features like application control
Proprietary Firewalls
often include advanced features, easier to manage with user-friendly interfaces and vendor support
Hardware vs. Software
Hardware Firewalls
offers efficient performance and dedicated processing power for firewall functions. They may also provide more flexible connectivity options with specialized ports
Software Firewalls
More affordable, can be easily installed on existing hardware and readily upgraded. Offer greater flexibility for deployment on various platforms
Appliance vs. host-based vs. virtual
Appliances Firewalls
dedicated hardware appliances often provide the fastest throughput
Host Based Firewalls
firewalls installed directly on individual devices (hosts) can be application-aware and monitor both incoming an outgoing traffic and view non-encrypted data
Virtual Firewalls
virtual firewalls provide valuable east/west network security
Access Control List (ACL)
is a set of rules that defines how network traffic is allowed or blocked on a network device like a router, firewall, or switch
The rules can be based on these factors
IP Address, Allowed Protocols, Source and Destination Ports
Route Security
ensures accurate and secure routing information to avoid
QoS (Quality of Service)
refers to a set of technologies that prioritizes network traffic to ensure smooth operation for critical operations
VoIP , bandwidth, traffic rate
Implications of IPv6
More IP address space
No need for NAT
Built in support for IPSec , a suite of protocols for secure communication. It provides encryption and authentication for data packets
Port spanning/port mirroring
Port spanning/port mirroring - is a network monitoring technique that copies traffic from one or more network ports to another designated port for monitoring purposes.
Port Taps
physical hardware devices that insert themselves in-line between two network devices
creating an exact copy of all traffic flowing through the connected cable
Monitoring services
Constant cybersecurity monitoring
Ongoing security checks
A staff of cybersecurity experts at a Security Operations Center (SOC)
Respond to events
Faster response time
Maintains compliance
File Integrity Monitoring (FIM)
Some files change all the time
Some files should NEVER change
Monitor important operating system and application files
Identify when changes occur
Windows - SFC (System File Checker)