301d8 read03 - carlosjorr/reading-notes GitHub Wiki

Network Segmentation

  1. What is CIDR notation? a CIDR block?

CIDR notation, which stands for Classless Inter-Domain Routing notation, is a standard way of representing IP addresses and their associated network prefixes. It allows for more efficient allocation and routing of IP addresses. CIDR notation combines the IP address with a slash ("/") followed by a number, which represents the network prefix length.

A CIDR block refers to a range of IP addresses that share the same network prefix. It is represented in CIDR notation by specifying the base IP address followed by the slash and the network prefix length.

  1. How many octets are found in an IPv4 address?

In an IPv4 address, there are four octets separated by periods. Each octet represents 8 bits, totaling 32 bits for the entire IPv4 address.

  1. Setting binary aside and using the decimal system, what is the range of numbers found in an octet?

When using the decimal system, each octet in an IPv4 address can range from 0 to 255. This is because each octet represents a binary number from 00000000 to 11111111, which translates to decimal numbers from 0 to 255.

  1. What does the final digit after the โ€œ/โ€ represent in an IPv4 address?

the final digit after the "/" in an IPv4 address represents the network prefix length or the number of bits in the network portion of the address. It indicates the size of the network and determines how many IP addresses are available within that network.

  1. How many IP addresses are in the CIDR block 10.0.0.0/24?

CIDR notation, which stands for Classless Inter-Domain Routing notation, is a standard way of representing IP addresses and their associated network prefixes. It allows for more efficient allocation and routing of IP addresses. CIDR notation combines the IP address with a slash ("/") followed by a number, which represents the network prefix length.

A CIDR block refers to a range of IP addresses that share the same network prefix. It is represented in CIDR notation by specifying the base IP address followed by the slash and the network prefix length.

In an IPv4 address, there are four octets separated by periods. Each octet represents 8 bits, totaling 32 bits for the entire IPv4 address.

When using the decimal system, each octet in an IPv4 address can range from 0 to 255. This is because each octet represents a binary number from 00000000 to 11111111, which translates to decimal numbers from 0 to 255.

The final digit after the "/" in an IPv4 address represents the network prefix length or the number of bits in the network portion of the address. It indicates the size of the network and determines how many IP addresses are available within that network.

In the CIDR block 10.0.0.0/24, the "/24" indicates that the first 24 bits (3 octets) represent the network portion, while the remaining 8 bits (1 octet) are available for host addresses. In this case, the CIDR block has a network prefix length of 24, which means it has 2^8 (256) IP addresses available for hosts. However, one address is typically reserved for the network address itself, and another for the broadcast address, so the usable IP addresses in this CIDR block would be 256 - 2 = 254.

  1. In your own words, describe network segmentation.

Network segmentation is the practice of dividing a computer network into smaller, isolated segments or subnetworks. It involves creating separate network segments based on various criteria, such as department, function, or security requirements. Each segment operates independently and has its own set of resources, policies, and access controls. By implementing network segmentation, organizations can enhance network security, improve performance, and control access to sensitive information.

  1. Network segmentation isnโ€™t important as long as the network is using a well configured firewall. Do you agree? Why or why not?

Regarding the statement that network segmentation isn't important as long as the network is using a well-configured firewall, I do not agree with it. While a firewall plays a crucial role in network security by filtering incoming and outgoing traffic, network segmentation provides an additional layer of protection and offers several advantages. It helps contain potential security breaches, limits the lateral movement of threats within the network, and reduces the impact of a compromised segment on the rest of the network. Network segmentation also enables more granular access control, improves network performance by reducing broadcast traffic, and facilitates easier management of network resources. Therefore, both network segmentation and a well-configured firewall are important components of a comprehensive network security strategy.

  1. What is a screened subnet?

A screened subnet, also known as a demilitarized zone (DMZ), is a network segment that acts as an intermediary between an internal network and an external network, such as the internet. The purpose of a screened subnet is to provide an additional layer of security by isolating public-facing services, such as web servers or email servers, from the internal network. It typically includes firewalls and other security measures to control and monitor traffic flowing between the internal network and the external network. The screened subnet allows external users to access public services while protecting the internal network from potential attacks or unauthorized access.

  1. Cameras, ID card scanners, locked doors and biometrics are just a few examples of what type of security?

Cameras, ID card scanners, locked doors, and biometrics are examples of physical security measures. Physical security focuses on protecting physical assets, facilities, and people from unauthorized access, theft, vandalism, or other physical threats. These measures aim to secure the premises, control access to restricted areas, and ensure the safety and protection of individuals and resources. Physical security is an important aspect of overall security strategies, especially in areas where physical access needs to be strictly controlled and monitored.