Videos

hello and welcome to our Network segmentation course I'm professor wool and today's lesson will be discussing the challenges of east-west traffic discovery for a network segmentation so our starting point is you have a data center this sketch is supposed to be the data center you have all kinds of servers in the data center and you have some client networks outside the data center connecting to these servers and there is communication going on from the clients to the servers and possibly among the server's themselves some servers have to communicate with other servers and all of this is working just fine and supporting your business and now you have made the decision to segment the data center because you're concerned about insider attacks you want to partition the internal data center and control what what can be communicated between various points inside and outside of the data center so you've made the decision to segment the data center and now you need to implement that decision well the the first step to do is basically to place a filtering device a firewall in a choke point in the network so you identify where you could place a firewall in the center of the traffic in the data center so that it can see all the traffic flows that it needs to filter and you've made the decision to place the firewall there so far so good but you still have to face a pretty significant challenge of writing the filtering policy on that firewall and writing the filtering policy really needs to be a balancing act that meets two goals first of all it needs to allow all the business traffic to go through because the last thing you want is for that new firewall that you're placing in the middle of your data center to start blocking critical traffic so it needs to allow all the business traffic that is legitimate it needs to allow however you want the filtering power to be precise enough that it's not allowing anything else you do not want to allow any traffic from anywhere to anywhere of course if you write such a rule then you will be allowing all business traffic all business-critical traffic to go through but the firewall will really not be doing anything because it's so broadly configured that it won't block any kind of malicious traffic so there's a delicate balance here you need to on the one hand identify all the business traffic and write firewall rules capturing precisely that traffic on the other hand you want to limit yourself not to be too broad so that you avoid the any any rules and you have something specific that will block any kind of malicious traffic trying to go through okay well the trouble is that you don't really know all these traffic patterns in the data center this is usually undocumented many organizations just don't keep very good records of what each server is doing and what each client requires and what all these communication patterns are really contributing to and if you need to write policy to capture that then you have to find this information out from somewhere and that's a challenge and in our next segment we'll be talking about some techniques and mechanisms that let you do that based on the network traffic that you can observe just to give you a preview fundamentally you can play some kind of traffic sniffer or look at the traffic that is going through the firewall and incrementally build up the policy based on what you see so stay tuned for that thank you for your attention