ฝัง
- เผยแพร่เมื่อ 25 มี.ค. 2015
- Network Segmentation: Lesson 3
In this lesson, Professor Wool examines common missteps when organizations create security zones and best practices to consider for an improved defense.
Learn more about AlgoSec at www.algosec.com and read Professor Wool's blog posts at blog.algosec.com - วิทยาศาสตร์และเทคโนโลยี
![ภาพนี้ก็ฮาเหมือนกันนะเนี้ย #2 SS8 [ พากย์นรก MEME.EXE ] | easy boy](http://i.ytimg.com/vi/RMhUgxxD49Q/mqdefault.jpg)
great job professor thumbs up. explained in a really simple way. thanks for sharing
Great explanation! Thank you!
Great lesson. Thank you
Man, I'd give you three thumbs up if I could! You explained things so well. Will check out your other vids!
I don't think he wants your third thumb
Excellent video! Helpful to this networking greenhorn who's attempting to design an upgrade to my home network. Thanks very much.
Thank you! that was amazingly clear
great job! looking forward to browse the channel
great video thanks!
Great video!
Great explanation, thank you.
Thanks professor you explained clear in it
Hi @AlgoSec , at around 4:47 , the connection from the DATA-FW , APP-FW , WEB-FW to the MAIN-FW, are they on the same Network or same broadcast doamin ( eg. are all the Interface peering IPs are on the same /24) OR Do they have their own separate network?
Is it possible to do Zones in one firewall rather then virtual firewall contents ?
Now the audio it's very nice
Can we just have a switch between the firewall and servers, so we can have Vlan and separate the traffic.
If it's a layer 2 switch you can only have one VLAN through it, it's all on the same broadcast domain.
You can use roas "router-on-a-stick" approach if u want to use an L2 switch for the servers, so u can have separate vlans in each server.
Yes, you can and this is the best option rather than creating virtual Firewall for each zone. Therefore, simply assign each App, Data, Web systems (phsyical or virtualized servers) into a switch and segreate between them using VLANs. Connect the firewall to the switch as a Trunk and create sub-interfaces, where each sub-interface tagged with a VLAN for each zone. Then in firewall assign each sub-interface into different security zone (Web, App, Data) and start configuring firewall rules between zones.
And we are back to a single hw firewall box as a single point of failure no?
Thank you for you question
a) It's possible to use a virtual firewall if your organization prefers to avoid appliances: all major vendors have virtualized their products to work in both private-cloud or public-cloud environments. Also most vendors allow in-product virtualization (having multiple virtual firewalls inside one big hardware chassis).
b) All firewall vendors offer clustered high-availability solutions to avoid a single-point-of-failure situations (so do router vendors)
c) SDN and cloud platform providers (VMware, Cisco ACI, AWS, Azure, etc) all provide filtering capabilities within their fabric, which is another path to take
So you have plenty of options - and in all them the considerations I discussed in the video are relevant
.
I hope this answers your question.
This was nothing about best practices. more like different design examples.