Page 806 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 806

Secure Network Components


               The internet is host to countless information services and numerous
               applications, including the Web, email, FTP, Telnet, newsgroups, chat,
               and so on. The internet is also home to malicious people whose

               primary goal is to locate your computer and extract valuable data from
               it, use it to launch further attacks, or damage it in some way. You
               should be familiar with the internet and able to readily identify its
               benefits and drawbacks from your own online experiences. Because of
               the success and global use of the internet, many of its technologies

               were adapted or integrated into the private business network. This
               created two new forms of network segments: intranets and extranets.

               An intranet is a private network that is designed to host the same
               information services found on the internet. Networks that rely on
               external servers (in other words, ones positioned on the public
               internet) to provide information services internally are not considered
               intranets. Intranets provide users with access to the web, email, and

               other services on internal servers that are not accessible to anyone
               outside the private network.

               An extranet is a cross between the internet and an intranet. An
               extranet is a section of an organization’s network that has been
               sectioned off so that it acts as an intranet for the private network but
               also serves information to the public internet. An extranet is often
               reserved for use by specific partners or customers. It is rarely on a

               public network. An extranet for public consumption is typically labeled
               a demilitarized zone (DMZ) or perimeter network.

               Networks are not typically configured as a single large collection of
               systems. Usually networks are segmented or subdivided into smaller
               organizational units. These smaller units, grouping, segments, or
               subnetworks (i.e., subnets) can be used to improve various aspects of
               the network:

               Boosting Performance Network segmentation can improve

               performance through an organizational scheme in which systems that
               often communicate are located in the same segment, while systems
   801   802   803   804   805   806   807   808   809   810   811