Cloud Network Security

Important concepts

• VPC - A virtual private cloud is a private network space within a public cloud. It lets organizations have their own isolated network in the cloud, with control over IP addresses, security, and routing. It provides a secure environment for running applications and services in the cloud while maintaining network control.

• Benefits of a VPC - Flexible business growth, satisfied customer, reduced risk across the entire data lifecycle, more resources to channel toward business innovation due to reduced costs.

• Subnet - Is a range of IP addresses in your VPC

• Public Subnet - Hosts public-facing services like a web site or file server

• Private Subnet - Does not allow access to resources from outside the VPC, and is instead meant for internal resources

• NAT Gateway - Enables instances in a private subnet to connect to the internet or other AWS services, but prevents the internet from initiating a connection with those instances

• On-prem corporate networks can extend into the cloud using an IPsec VPN tunnel, we can call this a Hybrid Cloud

• Security Groups - Basically a firewall in the AWS

• Defencing Depth

• ACLs - Access Control Lists, is a list of rules that limit who can access a particular subnet within your VPC

Questions

What are some of the key features of the VPC model?

Privacy and Isolation, Network Segmentation, Control Over Routing, Enhanced Security and Scalability.

What are the three tiers that comprise the three-tier architecture model?

Presentation Tier, Application Tier and Data Tier

Describe the differences between a VPC and a VPN to someone you know from your previous job.

A VPN is a secure connection that enables remote users to access a private network securely. It ensures privacy and protects data when connecting to the network remotely. A VPC is a private network within a public cloud. It allows organizations to have their own isolated network in the cloud, giving them control and security for their applications and services.