1 00:00:07,340 --> 00:00:08,780 - [Instructor] Another dilemma is 2 00:00:08,780 --> 00:00:11,070 the machine-to-machine communication 3 00:00:11,070 --> 00:00:14,280 between different systems and applications. 4 00:00:14,280 --> 00:00:17,090 How do you also segment and protect that 5 00:00:17,090 --> 00:00:19,110 in an effective manner? 6 00:00:19,110 --> 00:00:22,340 In today's virtualized and containerized environments, 7 00:00:22,340 --> 00:00:25,030 traffic between applications may never leave 8 00:00:25,030 --> 00:00:27,210 a physical device or server. 9 00:00:27,210 --> 00:00:29,963 This is illustrated in the diagram below. 10 00:00:30,880 --> 00:00:35,520 This is why micro-segmentation is so popular nowadays. 11 00:00:35,520 --> 00:00:39,500 A solution of the past is to include virtual firewalls 12 00:00:39,500 --> 00:00:43,870 between VMs as shown in the diagram below. 13 00:00:43,870 --> 00:00:44,960 Machine-to-machine 14 00:00:44,960 --> 00:00:49,180 or application-to-application communication also needs 15 00:00:49,180 --> 00:00:53,060 to be segmented within an organization. 16 00:00:53,060 --> 00:00:55,600 For instance, let's take a look at this figure. 17 00:00:55,600 --> 00:01:00,100 Does your active directory servers need to communicate 18 00:01:00,100 --> 00:01:03,190 to Network Time Protocol Servers? 19 00:01:03,190 --> 00:01:05,853 What is their relationship in data interaction? 20 00:01:06,700 --> 00:01:09,580 NTP implementation send and receive timestamps 21 00:01:09,580 --> 00:01:12,040 using UDP port 123. 22 00:01:12,040 --> 00:01:14,760 However, NTP Servers can also use 23 00:01:14,760 --> 00:01:16,850 broadcasting or multicasting 24 00:01:16,850 --> 00:01:20,410 where clients passively listen to time updates 25 00:01:20,410 --> 00:01:24,540 after an initial roundtrip calibrating exchange. 26 00:01:24,540 --> 00:01:27,640 Which of the two need to be allowed or protected? 27 00:01:27,640 --> 00:01:30,590 Of course, this is a simple example. 28 00:01:30,590 --> 00:01:34,410 And in this case, UDP port 123 can be used. 29 00:01:34,410 --> 00:01:39,040 However, what if an attacker can tunnel traffic over NTP 30 00:01:39,040 --> 00:01:43,200 and exfiltrate information from the organization? 31 00:01:43,200 --> 00:01:46,010 All these questions need to be answered 32 00:01:46,010 --> 00:01:49,310 when you are creating your segmentation strategy. 33 00:01:49,310 --> 00:01:52,190 Furthermore, do you know what applications are running 34 00:01:52,190 --> 00:01:53,940 in your environment? 35 00:01:53,940 --> 00:01:56,800 What applications are talking to the cloud? 36 00:01:56,800 --> 00:01:59,040 Which are hosted in the cloud? 37 00:01:59,040 --> 00:02:02,740 How do you do application enumeration and mapping? 38 00:02:02,740 --> 00:02:05,710 However, one of the most elegant solutions 39 00:02:05,710 --> 00:02:08,720 of micro-segmentations is the one provided 40 00:02:08,720 --> 00:02:13,720 by Cisco Application Centric Infrastructure, or ACI.