Chapter 6. Network Security

In both traditional and cloud environments, network controls are an important part of overall security, because they rule out entire hosts or networks as entry points. If you can’t talk to a component at all, it is difficult to compromise it. Sometimes network controls are like the fences around a military base, in that they make it more difficult to even get started without being detected. At other times they’re like a goalie that stops the ball after all other defenses have failed.

In this day and age, remaining disconnected from the internet is not an option for most companies. The network is so fundamental to modern applications that it’s also almost impossible to tightly control every single communication. This means that network controls are in many cases secondary controls and are here to help mitigate the effects of some other problem. If everything else were configured absolutely perfectly--that is, if all of your systems were perfectly patched for vulnerabilities, and all unnecessary services were turned off, and all services authenticated and authorized any users or other services perfectly—you could safely have no network controls at all! However, we don’t live in a perfect world, so we need to make use of the principle of defense in depth and add a layer of network controls to the controls we’ve discussed.

Differences from Traditional IT

Despite cries of “the perimeter is dead!” for many years, administrators have depended heavily upon ...

Get Practical Cloud Security now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.