Home > Technology > Segmentation and Security – in Cloud and Software Defined Network (SDN)

Segmentation and Security – in Cloud and Software Defined Network (SDN)

Spread the love

The cloud is here to stay. The benefits in terms of cost and flexibility are evident and allow organizations of all sizes to be faster, more flexible, and reach their customers more optimally.

However, this does not mean that all current infrastructure is going to be thrown away and replaced by cloud environments. An extended period of coexistence awaits us, at different levels of the weight of one option over the other, which will force us to manage and administer hybrid networks.

One of the main obstacles when adopting “the cloud” is security. We have become accustomed to the necessary security levels in our current infrastructure (call them Datacenter), and we need to transfer these security levels to the new cloud infrastructure. Also, as we are going to live with both realities, we need to safely interconnect both worlds to be able to use current resources quickly and effectively with the new possibilities offered by the cloud. As if this is not enough, we also find projects to improve our existing infrastructure and networks, to make them more flexible and provide them with the capabilities of the cloud, but on-premise. They are environments called SDN (Software Defined Network),

In both cases, we find a paradigm shift about what security professionals used to work. We no longer talk about subnets and zones, but about security and micro segmentation groups, all revolving around applications and services.

The agility provided by the new networks can constrain by the time needed to analyze and implement the latest security policies, which makes automation key.

But how do we implement necessary security measures in new environments? Let’s go by parts.

Public Cloud Environments

If we refer to the primary public cloud environments, let’s talk about Amazon Web Services, Microsoft Azure, Google Cloud, etc., we find that they all have basic security features. Call Security Groups, Network Security Groups, or similar, allow you to group “networks” of machines by applying common access management policies.

It applies to specific elements that we can distribute in our “clouds” and that work in a similar way to what a router with access control lists (ACLs) would be. They are called perimeter gateways and allow us to separate networks and manage inbound/outbound flows (in some cases, only incoming) based on tags assigned to Security Groups. This provides us with underlying security, which can be complemented by distributing the specific virtual equipment that the leading Firewall manufacturers have available for the main public clouds (we can find specific virtualized versions, for example in the Amazon Web Services Marketplace, Palo Alto, Check Point, Fortinet, Cisco, Sophos, etc.).

It will allow us to complement the security of the devices we were commenting on until we get to match the one we can implement in our Datacenter and fact, interconnect them with VPN or similar systems as if a part of our infrastructure were.

Private Cloud Environments

When we talk about private cloud environments or SDN, we find a new and exciting term, Microsegmentation.

It constitutes a complete paradigm shift. Remember, segmentation is an essential safety technique that allows me to:

· Include control points within the perimeter

· Hinder the spread of malicious code over the network

· Hinder the lateral movement and elevation of privileges of an attacker

· Isolate critical segments of the system

· Reduce service exposure

· Facilitate compliance with some regulations (PCI-DSS)

We must take into account the flexibility and adaptation to the needs of the different business areas when segmenting the network.

We can find two main types of traffic segmentation within a network:

• North-South: It is the most traditional form of segmentation. It contains a control point (typically a Firewall) for traffic entering or leaving from a segment of the internal network or the Datacenter engineer to/from the perimeter.

• East-West: It consists of filtering traffic between different elements of the same network segment that has already isolated from North-South traffic.

East-West traffic segmentation – is introduced by this new paradigm, Micro-segmentation.

Although the principle existed through VLAN technology and has also used by Network Access Control systems, Microsegmentation has included in the heart of new generation networks using SDN technologies.

With Microsegmentation, we can apply East-West filtering policies at the virtual switch/router level, segmenting traffic at the application and protocol flow level while simplifying and reducing traffic.

As in the case of the Public Cloud, the natural filtering systems of the different SDN technologies give us the necessary capabilities up to Level 3, which we can complement with the corresponding virtualized technologies of the leading manufacturers of Firewalls that integrated into these environments. In some cases, they are even able to integrate with the provisioning consoles of the SDN solutions to automate the deployment of Fortinet Firewalls with the new networks generated and with predefined filtering policies that increase Micro-segmentation capabilities by taking them to the next level.

As we can see, we can reach a level of security similar to that of our Data-center infrastructures in new environments, and even higher, in the case of Microsegmentation, which opens up new possibilities for filtering and applying security and isolation policies, as well as interconnection between the different “flavors” of clouds that we will find along the way.

Leave a Reply


Check Also

PinPoint Store Locator Features

Spread the love Pin Point Store Locator application provide 20 days free trial upto 100 locations. Click here for registration.Pin Point Store Locator application works with locations in USK, UK, Australia and Canada.Pin Point Store Locator application code easily copy and paste in any of that Website platform.Pin Point Store Locator application support 7 different layouts. eg. Grid Layout, List Layout, Grid under Google Map, List under Google Map, Left side Lists with Right side Google Map, Right side List with Left side List.Easily Manage locationsEasily Manage Custom Fields and Category supportEasily Manage Look and Feel of your Store locator to match with your website. Like: Locator ...

PHP Installation

Spread the love What Do I Need? To start using PHP, you can: Find a web host with PHP and MySQL supportInstall a web server on your own PC, and then install PHP and MySQL Use a Web Host With PHP Support If your server has activated support for PHP you do not need to do anything. Just create some .php files, place them in your web directory, and the server will automatically parse them for you. You do not need to compile anything or install any extra tools. Because PHP is free, most web hosts offer PHP support.

PHP Introduction

Spread the love What You Should Already Know Before you continue you should have a basic understanding of the following: HTMLCSSJavaScript What is PHP? PHP is an acronym for “PHP: Hypertext Preprocessor”PHP is a widely-used, open source scripting languagePHP scripts are executed on the serverPHP is free to download and use What is a PHP File? PHP files can contain text, HTML, CSS, JavaScript, and PHP codePHP code are executed on the server, and the result is returned to the browser as plain HTMLPHP files have extension “.php“ What Can PHP Do? PHP can generate dynamic page contentPHP can create, ...

LED Technology at The Met Gala

Spread the love Zendaya’s dress at the 2019 Met Gala was a recreation the famous Cinderella transformation moment, pulled right out of the 1950 animation. I was brought in to a team of stylists and animatronics designers with just 6 weeks to prototype and execute an LED solution for fabric colour changing in a daylight red carpet setting, where other ideas such as thermochromic dye had proven ineffective. A significant part of the transformation effect was a servo-controlled dynamic crinoline, of which Hussein Chalayan’s kinetic catwalk dresses in 2007 were the main precedent — with members of that original team ...

Essential Features of the SQL Developer Test

Spread the love The SQL engineer is the sort of free and it is the totally bolstered graphical instrument that aides in improving the degree of profitability and it likewise helps in disentangling the arrangement of the database improvement errands. By utilizing the SQL engineer instrument the client can alter and peruse and make the different database objects. It additionally helps in the running of the SQL explanations and the equivalent can even alter and troubleshoot the arrangement of the SQL and the PL articulations and can likewise help in the structure of the PL and the SQL unit tests. ...