TeachApex

Network Security
Module 02: Network Design Elements
and Components
Course Objectives

○ DMZ ○ NAC
○ VLAN ○ Virtualization
○ Subnetting ○ Cloud Computing
○ NAT ○ iOT
○ Remote Access A network design & the network components
○ Layered security / Defense in depth play an important role in implementing the
○ Telephony overall security of an organization. The
objective of this course is to learn network
components such as DMZ, VLANs, and
perimeter network boundaries that distinguish
between private networks, intranets, and the
Internet.

TeachApex
2
Network Security
Network Design
Elements and
Components –
Part 1

TeachApex
3
Network Security
DMZ (Demilitarized
Zone)

A DMZ (Demilitarized Zone) is a

subnet used to keep public information
separate from private information.

TeachApex
4
Network Security
VLAN (Virtual Local
Area Network)

Virtual LANs (VLANs) are a solution to

allow you to separate users into
individual network segments for
security and other reasons.

TeachApex
5
Network Security
Subnetting

The practice of dividing a network into two or

more smaller networks.

Subnets may be arranged logically in a

hierarchical architecture, partitioning an
organization's network address space into a
tree-like routing structure.

TeachApex
6
Network Security
Network Design
Elements and
Components –
Part 2

TeachApex
7
Network Security
NAT (Network Address Translation)

Remapping one IP address space into another by

modifying network address information in the IP
header of packets while they are in transit across a
traffic routing device.

TeachApex
8
Network Security
Types of Network Address Translation (NAT)

Port Address Translation

Static NAT Dynamic NAT
(PAT)

• A single unregistered • An unregistered IP • Many local (private) IP

(Private) IP address is
mapped with a legally
registered (Public) IP
address.
• This is generally used for
Web hosting.
address is translated into a addresses can be
registered (Public) IP translated to single
address from a pool of registered IP address.
public IP address.
• Port numbers are used to
distinguish the traffic i.e.,
which traffic belongs to
which IP address.
• Also known as NAT
overload.

TeachApex
9
Network Security
RAS (Remote Access
Services)
RAS allows remote clients to connect through
a telephone line or other wide area network
(WAN) link to the RAS server.

TeachApex
10
Network Security
Telephony

○ A technology which allows voice and/or interactive ○ When it comes to security, telephony services have
communication between two points through the to be protected in the same way as other network
usage of appropriate equipment. services.

TeachApex
11
Network Security
NAC (Network Access
Control)
A security solution that enforces policy on
devices that access networks to increase
network visibility and reduce risk.

TeachApex
12
Network Security
General Capabilities of a NAC Solution

Policy Profiling and Guest Security Incidence Bidirectional

Lifecycle Visibility Networking Posture Response Integration
Management Access Check

TeachApex
13
Network Security
Types of Network Access Control

Agent-Based Agentless
Network Access Network Access
Control Control

Hardware-Based Dynamic Network

Network Access Access Control
Control

TeachApex
14
Network Security
Network Design
Elements and
Components –
Part 3

TeachApex
15
Network Security
Virtualization
Insert or Drag and Drop your Screen Design here

○ “Virtual Machine” (VM): a tightly

isolated software container with an
operating system and application
inside.
○ A hypervisor is a program for
creating and running virtual machines.

TeachApex
16
Network Security
Types of Virtualization

Network Functions
Server Virtualization Desktop Virtualization
Virtualization

Data Virtualization OS Virtualization

TeachApex
17
Network Security
Why do we Need Cloud
Computing?
Cloud Computing
Using Cloud Computing, users are able to
access software and applications from wherever
they need, while it is being hosted by an outside
party – in “the cloud”.

TeachApex
19
Network Security
3 types of Cloud Computing
Software as a Service
(SaaS)
Run on distant computers “in
the cloud” that are owned and
operated by others and that
connect to users’ computers
via the internet and (usually)
a web browser.
Infrastructure as a Service
(IaaS)
Provides companies with
computing resources —
including servers, networking,
storage and data-center
space on a pay-per-use
basis.
Platform as a Service
(PaaS)
Provides a cloud-based
environment with everything
required to support the
complete lifecycle of building
and delivering web-based
(cloud) applications — all
without the cost and
complexity of buying and
managing the underlying
hardware, software,
provisioning and hosting.
TeachApex
20
Network Security
Cloud Computing Deployment Models

Public Cloud Private Cloud Hybrid Cloud Multi Cloud

TeachApex
21
Network Security
Network Design
Elements and
Components –
Part 4

TeachApex
22
Network Security
What is the Internet of
Things, or IoT?

○ IoT devices are becoming a part of

the mainstream electronics culture
and people are adopting smart
devices into their homes faster than
ever.
○ By 2020, it is estimated that there
will be up to 21 billion connected
devices to the internet.

TeachApex
23
Network Security
10 Predictions about the Future of IoT
(Continued..)

By 2025, it is Cybercriminals will More cities will Artificial Routers will continue
estimated that there continue to use IoT become “smart” Intelligence will to become more
will be more than to devices to facilitate continue to become a secure and smarter
21 billion IoT devices DDoS attacks bigger thing

TeachApex
24
Network Security
10 Predictions about the Future of IoT

5G Networks will Cars will get even 5G’s arrival will also IoT-based DDoS Security and
continue to fuel IoT smarter open the door to new attacks will take on privacy concerns will
growth privacy and security more dangerous drive legislation and
concerns forms regulatory activity

TeachApex
25
Network Security
Defense In Depth: Layered Security
○ Defense-in-depth security architecture is based on controls that are designed to protect the physical,
technical and administrative aspects of your network.

○ Defense-in-depth is an information assurance strategy that provides multiple, redundant defensive measures
in case a security control fails or a vulnerability is exploited.

TeachApex
26
Network Security
Defense In Depth
An approach to cybersecurity in which a series of defensive
mechanisms are layered in order to protect valuable data and
information.

Physical Controls Technical Controls Administrative

Controls

TeachApex
27
Network Security
Defense In Depth
Additionally, the following security layers help protect individual facets of your network:

Access Measures Workstation Data Protection Perimeter Monitoring and

Defenses Defenses Prevention
Include authentication Include antivirus and Include data at rest Include firewalls, Involves logging and
controls, biometrics, anti-spam software. encryption, hashing, intrusion detection auditing network activity,
timed access and VPN. secure data systems and intrusion vulnerability scanners,
transmission and prevention systems. sandboxing and security
encrypted backups. awareness training.

TeachApex
28
Network Security
Thank You!

TeachApex
29
Network Security