O'Reilly logo

Practical Cloud Security by Chris Dotson

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 6. Network Security

In both traditional and cloud environments, network controls are an important part of overall security, because they rule out entire hosts or networks as entry points. If you can’t talk to a component at all, it is difficult to compromise it. Sometimes network controls are like the fences around a military base, in that they make it more difficult to even get started without being detected. At other times they’re like a goalie that stops the ball after all other defenses have failed.

In this day and age, remaining disconnected from the internet is not an option for most companies. The network is so fundamental to modern applications that it’s also almost impossible to tightly control every single communication. This means that network controls are in many cases secondary controls and are here to help mitigate the effects of some other problem. If everything else were configured absolutely perfectly--that is, if all of your systems were perfectly patched for vulnerabilities, and all unnecessary services were turned off, and all services authenticated and authorized any users or other services perfectly—you could safely have no network controls at all! However, we don’t live in a perfect world, so we need to make use of the principle of defense in depth and add a layer of network controls to the controls we’ve discussed.

Differences from Traditional IT

Despite cries of “the perimeter is dead!” for many years, administrators have depended heavily upon ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required