Designing Defensive Network Infrastructure
We live in a world that is tightly connected to the medium of the internet. During the time when protocols used in today's communication over the internet were designed, there was little importance given to security. Due to this, there were many ways in which a malicious user could take an advantage of it and perform attacks.
This is one of the reasons why additional work needs to be done at the network level.
The network is generally one of the first layers of defense in the cloud environment. This is why we need to spend some time to review and improve the design of our network infrastructure.
In the communication channel, the data is packaged into small pieces called packets and these packets are transported over the communication channel. The protocols responsible for this are TCP and IP.
In order for the packets to reach their destination, they might have to travel through multiple systems across many countries. Since TCP/IP protocols do not provide any security by default, anyone who has access to the communication path will be able to easily read and manipulate the data.
In this chapter we begin with TCP/IP model and once we have the base revised, we begin with:
- Understanding the stateful and stateless nature of firewall followed by the best practices
- Implementing IPS in cloud environment
- Bastion hosts
- Virtual Private Network (VPN)
- Using private hosted zones for DNS with VPN