Chapter 6. Network Security
In both traditional and cloud environments, network controls are an important part of overall security, because they rule out entire hosts or networks as entry points. If you can’t talk to a component at all, it’s difficult to compromise it. Sometimes network controls are like the fences around a military base; they make it difficult for people to approach the base without being detected. At other times they’re like a goalie that stops the ball after all other defenses have failed.
In this day and age, remaining disconnected from the internet is not an option for most companies. The network is so fundamental to modern applications that it’s also almost impossible to tightly control every single communication. This means that network controls are in many cases secondary controls and are here to help mitigate the effects of some other problem. If everything else were configured absolutely perfectly—that is, if all of your systems were perfectly patched for vulnerabilities, and all unnecessary services were turned off, and all services authenticated and authorized any users or other services perfectly—you could safely have no network controls at all. However, we don’t live in a perfect world, so it’s really important to make use of the principle of defense in depth and add a layer of network controls to the controls we’ve already discussed.
Differences from Traditional IT
Despite cries of “the perimeter is dead!,” for many years, administrators depended ...
Get Practical Cloud Security, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.