🟠 Security Architecture

🟠 3.1 Compare and contrast security implications of different architecture models.

🔹 Architecture and Infrastructure Concepts:

● Cloud:

- Responsibility Matrix: Defines which security and operational responsibilities belong to the cloud provider and which belong to the customer, helping ensure compliance and risk management.

- Hybrid Considerations: Involves the challenges and security risks associated with integrating on-premises infrastructure with cloud-based environments, requiring careful data flow and identity management.

- Third-party Vendors: Businesses often rely on external vendors for additional cloud services, increasing the need for security assessments, vendor risk management, and contractual security obligations.

- Infrastructure as Code (IaC): A method of managing infrastructure through machine-readable configuration files, ensuring consistency, reducing human errors, and enabling automation.

- Serverless: A cloud computing execution model where cloud providers handle infrastructure management, allowing developers to focus purely on application logic while benefiting from automatic scaling and cost efficiency.

- Microservices: A software architecture approach where applications are divided into small, loosely coupled services that communicate over APIs, improving scalability, fault isolation, and deployment flexibility.

🔹 Network Infrastructure:

● Physical Isolation: Refers to completely separating network environments at the hardware level, often used in highly secure environments where air-gapped networks are required.

● Logical Segmentation: Dividing a network into segments through VLANs, firewalls, or software-defined networking (SDN) to limit access and reduce the attack surface.

● Software-defined Networking (SDN): A network architecture approach that centralizes control using software-based controllers, enabling dynamic network configuration, enhanced security, and automation.

● On-premises: Infrastructure that is physically hosted and maintained within an organization’s own data center, offering greater control but requiring significant management and security measures.

● Centralized vs. Decentralized: Centralized models consolidate resources and security in a single location, while decentralized architectures distribute resources across multiple locations, impacting performance, security, and manageability.

● Containerization: A virtualization method where applications and dependencies are packaged together in lightweight, isolated environments (e.g., Docker, Kubernetes) to enhance portability and security.

● Virtualization: The process of creating virtual instances of computing resources (e.g., virtual machines, virtual networks) to improve resource efficiency, scalability, and security.

● IoT: A network of interconnected smart devices (e.g., sensors, cameras, industrial controllers) that pose significant security risks due to limited processing power and lack of built-in security controls.

● ICS / SCADA: Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) systems monitor and manage industrial processes but require robust security due to vulnerabilities in legacy designs.

● RTOS: Real-Time Operating Systems (RTOS) are used in embedded systems for time-sensitive applications, such as medical devices and industrial automation, requiring strict security controls.

● Embedded Systems: Specialized computing devices integrated within larger hardware systems, often lacking update mechanisms and security protections, making them vulnerable to exploits.

● High Availability: The design principle of ensuring that systems and services remain operational and accessible with minimal downtime through redundancy, failover mechanisms, and load balancing.

🔹 Considerations:

● Availability: The ability of a system to remain operational and accessible, often achieved through redundancy, failover strategies, and robust infrastructure planning.

● Resilience: The capability of a system to recover from failures, cyberattacks, or unexpected disruptions, requiring disaster recovery and incident response planning.

● Cost: The financial impact of deploying and maintaining infrastructure, balancing security, performance, and business needs.

● Responsiveness: The agility of infrastructure to adapt to changing workloads, cyber threats, or operational demands.

● Scalability: The ability of a system to expand or contract resources efficiently, ensuring performance remains stable under varying workloads.

● Ease of Deployment: How quickly and efficiently infrastructure can be set up, configured, and operationalized, affecting time-to-market and security risks.

● Risk Transference: Shifting security risks to third-party providers, such as cloud service providers or cyber insurance companies, to mitigate liability.

● Ease of Recovery: The speed and efficiency of restoring services following a failure or cyberattack, depending on backup and disaster recovery strategies.

● Patch Availability: The frequency and reliability of security updates, ensuring systems remain protected against known vulnerabilities.

● Inability to Patch: The challenge of securing legacy systems that lack vendor support or patching options, requiring compensating security controls.

● Power: Ensuring a reliable power supply for infrastructure, including backup power solutions such as uninterruptible power supplies (UPS) and generators.

● Compute: Efficiently managing processing resources to optimize performance, cost, and energy consumption.

🟠 3.2 Given a scenario, apply security principles to secure enterprise infrastructure.

🔹 Infrastructure Considerations:

● Device Placement: Strategic positioning of network devices and assets based on their role and security requirements to minimize exposure and optimize performance.

● Security Zones: Dividing network resources into distinct segments based on trust levels or security requirements (e.g., DMZ, internal, external), reducing exposure and limiting attack surface.

● Attack Surface: The total potential entry points that attackers can exploit, which can be minimized through proper segmentation, secure coding practices, and system hardening.

● Connectivity: Establishing reliable, secure connections between devices and networks while considering factors such as bandwidth, latency, and reliability to ensure proper communication.

🔹 Failure Modes:

● Fail-Open: Systems or devices that, upon failure, default to an insecure or open state, potentially exposing the network to unauthorized access or attacks.

● Fail-Closed: Devices or systems that, when they fail, default to a secure or closed state, preventing unauthorized access and maintaining security despite disruptions.

🔹 Device Attributes:

● Active vs. Passive: Active devices (e.g., firewalls) take direct action on data, such as filtering or blocking traffic, while passive devices (e.g., network monitoring tools) observe and analyze data without interrupting traffic flow.

● Inline vs. Tap/Monitor: Inline devices are placed directly in the data path, allowing them to actively filter or modify traffic, whereas tap/monitor devices are placed outside the data path, passively observing traffic.

🔹 Network Appliances:

● Jump Server: A secure intermediary server used to access and manage devices within isolated or secure network segments, reducing direct exposure to sensitive systems.

● Proxy Server: Acts as an intermediary between clients and other servers, offering functionalities like web caching, access control, and traffic anonymization.

● Intrusion Prevention System (IPS) / Intrusion Detection System (IDS): IPS and IDS monitor network traffic for suspicious activity, with IPS actively blocking threats, while IDS only detects and alerts.

● Load Balancer: Distributes network traffic across multiple servers to improve performance, scalability, and availability, reducing the risk of server overload and downtime.

● Sensors: Devices that monitor the network environment, collecting data for security analysis, threat detection, and monitoring of system health.

🔹 Port Security:

● 802.1X: IEEE standard for port-based network access control, enabling authentication and authorization of devices before granting access to the network, ensuring that only authorized devices can connect.

● Extensible Authentication Protocol (EAP): A framework used in 802.1X and other protocols to support multiple types of network authentication methods, including certificates, smart cards, and passwords.

🔹 Firewall Types:

● Web Application Firewall (WAF): A firewall designed to protect web applications from attacks such as SQL injection, cross-site scripting (XSS), and other common web vulnerabilities.

● Unified Threat Management (UTM): An integrated security appliance combining multiple security features (e.g., firewall, antivirus, IDS/IPS, content filtering) into a single platform for easier management and enhanced security.

● Next-Generation Firewall (NGFW): A modern firewall that combines traditional firewall capabilities with advanced features like application awareness, deep packet inspection, and intrusion prevention.

● Layer 4/Layer 7: Firewalls can operate at different layers of the OSI model. Layer 4 firewalls filter traffic based on IP addresses and port numbers, while Layer 7 firewalls examine traffic based on application-layer data (e.g., HTTP, FTP).

🔹 Secure Communication/Access:

● Virtual Private Network (VPN): A secure encrypted tunnel for remote users to access an organization’s internal network over the internet, ensuring confidentiality and integrity of transmitted data.

● Remote Access: Allows users to securely connect to network resources from outside the organization’s premises, typically via VPN or other secure methods.

🔹 Tunneling:

● Transport Layer Security (TLS): A cryptographic protocol used to secure communications over a computer network, ensuring data integrity and confidentiality for web traffic, email, and other services.

● Internet Protocol Security (IPSec): A suite of protocols for securing IP communications by authenticating and encrypting each IP packet, commonly used in VPNs to secure traffic between devices.

● Software-Defined Wide Area Network (SD-WAN): A technology that uses software to manage and optimize WAN traffic, improving network performance, reducing costs, and enhancing security by dynamically routing traffic.

● Secure Access Service Edge (SASE): A security framework that combines wide-area networking (WAN) and cloud security capabilities, offering secure, direct-to-cloud connectivity for remote users.

🔹 Selection of Effective Controls:

● Choosing appropriate security controls based on a thorough risk assessment, regulatory compliance needs, and the specific requirements of the organization’s infrastructure, ensuring they effectively mitigate identified threats and vulnerabilities.

🟠 Data Protection Concepts and Strategies

🟠 3.3 Compare and contrast concepts and strategies to protect data.

🔹 Data Types:

● Regulated Data: Data subject to laws governing its handling, such as HIPAA for health information or PCI DSS for payment card information, requiring stringent security measures.

● Trade Secret: Confidential business information that provides a competitive edge, protected under intellectual property laws to prevent unauthorized access.

● Intellectual Property: Creations like inventions and artistic works, safeguarded by patents, copyrights, or trademarks, ensuring exclusive ownership and use.

● Legal Information: Data linked to legal proceedings, including contracts and litigation documents, which may have legal protections or confidentiality requirements.

● Financial Information: Data concerning financial transactions, such as investment details, payment card data, and personally identifiable information (PII), requiring protection against fraud.

● Human-Readable vs. Non-Human-Readable: Data that can be understood by humans (e.g., text, images) versus machine-readable formats (e.g., encrypted data, binary data).

🔹 Data Classifications:

● Sensitive: Data requiring protection due to its potential impact if exposed, such as personal health information or financial records.

● Confidential: Data that must be kept private and only disclosed to authorized parties under confidentiality agreements or legal obligations.

● Public: Data that is openly available for distribution without any security concerns, like public domain content or open-source software.

● Restricted: Data with limited access, often requiring specific authorizations, commonly containing sensitive or confidential information.

● Private: Data for internal organizational use, not intended for public access or sharing.

● Critical: Data vital for the organization’s operations, whose loss or compromise could have severe consequences for business continuity.

🔹 General Data Considerations:

● Data States:

- Data at Rest: Data stored in storage systems, including hard drives or databases.

- Data in Transit: Data being transmitted across networks or communication channels.

- Data in Use: Data actively processed or accessed by users or applications.

● Data Sovereignty: Refers to the jurisdiction governing data and the legal obligations tied to its storage and processing.

● Geolocation: Tracking the physical location of data, which may have implications for compliance with data privacy laws.

🔹 Methods to Secure Data:

● Geographic Restrictions: Limiting access based on user location to comply with local regulations and reduce exposure.

● Encryption: Transforming data into unreadable ciphertext to prevent unauthorized access, essential for securing sensitive information in storage or transit.

● Hashing: Converting data into a fixed-size string for integrity checks, ensuring that the original data has not been tampered with.

● Masking: Concealing sensitive portions of data while retaining its usability for authorized purposes, useful in development or testing environments.

● Tokenization: Replacing sensitive data with a non-sensitive token that maintains the same structure and length but cannot be exploited.

● Obfuscation: Scrambling data to make it unintelligible to unauthorized users, often used to protect intellectual property or proprietary algorithms.

● Segmentation: Dividing networks into smaller parts to limit the impact of security breaches and prevent lateral movement.

● Permission Restrictions: Applying strict access controls based on roles and privileges to minimize exposure and enforce the principle of least privilege.

🟠 Resilience and Recovery in Security Architecture

🟠 3.4 Explain the importance of resilience and recovery in security architecture.

🔹 High Availability:

● Load Balancing: Distributes incoming network traffic evenly across multiple servers to ensure optimal resource usage, minimize downtime, and improve availability.

● Clustering: Multiple servers or nodes work together as a single system, providing redundancy and ensuring fault tolerance, so if one node fails, others can take over.

🔹 Site Considerations:

● Hot Site: A fully equipped backup facility ready to become operational quickly after a disaster, ensuring minimal downtime.

● Cold Site: A basic facility without infrastructure, requiring setup before it can be used, typically leading to longer recovery times.

● Warm Site: Partially equipped facility that provides some infrastructure, allowing quicker recovery than a cold site but slower than a hot site.

● Geographic Dispersion: Distributing critical resources across different locations to reduce risks from regional disasters or disruptions.

🔹 Platform Diversity:

● Utilizing a mix of hardware, software, and cloud services to reduce the risk of dependency on a single vendor or platform, increasing system resilience.

🔹 Multi-cloud Systems:

● Spreading applications and services across multiple cloud providers to ensure redundancy, prevent vendor lock-in, and enhance flexibility and resilience.

🔹 Continuity of Operations:

● Ensuring that essential business operations continue without interruption during and after disruptions, including maintaining critical services and processes.

🔹 Capacity Planning:

● People: Ensuring availability of skilled personnel to manage systems during normal and emergency operations.

● Technology: Assessing and preparing resources to meet future demand, such as hardware, software, and network infrastructure.

● Infrastructure: Optimizing IT infrastructure to scale up or down to accommodate changes in workload or business requirements.

🔹 Testing:

● Tabletop Exercises: Simulated walkthroughs of disaster scenarios to assess readiness and refine response plans.

● Failover: Testing automatic or manual switching to backup systems in case of failure to ensure continued operations.

● Simulation: Creating real-world disaster scenarios to evaluate the effectiveness of recovery and business continuity plans.

● Parallel Processing: Running tasks simultaneously across systems to improve performance and resilience.

🔹 Backups:

● Onsite/Offsite: Storing data backups either within the same physical location (onsite) or at a different location (offsite) to reduce risks of data loss.

● Frequency: Setting up backup schedules based on the criticality of the data and business needs, ensuring regular and timely backups.

● Encryption: Encrypting backup data to protect confidentiality and prevent unauthorized access.

● Snapshots: Capturing point-in-time images of data to enable fast recovery and ensure data consistency.

● Replication: Creating real-time or near-real-time copies of data to ensure availability in case of a disaster or failure.

● Journaling: Recording changes to data or systems over time for easy rollback or recovery.

🔹 Power:

● Generators: Backup power systems that ensure continued operation during power outages, protecting critical systems and data.

● Uninterruptible Power Supply (UPS): Provides short-term backup power to prevent data loss and damage to equipment during outages or power fluctuations.