3.2 Given a Scenario, apply security principles to secure enterprise infrastructure

Device Placement

• Definition: The process of positioning network devices such as firewalls, routers, and switches in a strategic way to optimize security and functionality within the enterprise network.

• Example: Placing a firewall at the network edge to filter incoming and outgoing traffic, and an intrusion detection system (IDS) within the internal network to monitor unauthorized access attempts.

Security Zones

• Definition: Segmented areas of a network that enforce varying levels of security based on the sensitivity of the data and services.

• Example: A DMZ (Demilitarized Zone) houses public-facing servers like web servers and email servers, while internal zones protect sensitive databases with stricter controls.

Attack Surface

• Definition: The collective sum of all potential vulnerabilities or entry points that could be exploited by an attacker.

• Example: Reducing the attack surface by disabling unused network ports, decommissioning outdated devices, and enforcing strong password policies.

Connectivity

• Definition: Refers to the methods and protocols used to enable communication between devices and systems within and outside the network.

• Example: Using TLS (Transport Layer Security) to encrypt communication between a client and a server.

Failure Modes

• Definition: The predictable responses of a system when it encounters a fault or failure, which can be designed to prioritize either availability or security.

• Example: A database server might enter a read-only mode during a failure to ensure data integrity is not compromised.

Fail Open

• Definition: A failure response where systems remain operational to ensure availability but might compromise security.

• Example: A door access control system that unlocks all doors during a power outage to allow safe evacuation.

Fail Closed

• Definition: A failure response where systems shut down to prioritize security over availability.

• Example: A firewall blocking all network traffic during a failure to prevent unauthorized access.

Active vs. Passive

• Active: Devices or systems that directly interact with and modify network traffic in real time.

  • Example: An Intrusion Prevention System (IPS) that actively blocks malicious traffic based on predefined rules.

• Passive: Devices that observe, log, and analyze network traffic without directly altering it.

  • Example: An Intrusion Detection System (IDS) that monitors traffic and sends alerts but does not take action to block it.

Inline vs. Tap/Monitor

• Inline: Devices placed directly in the path of network traffic, capable of modifying or blocking traffic.

  • Example: A firewall filtering all traffic passing through it.

• Tap/Monitor: Devices that observe network traffic without being in the direct path.

  • Example: A packet sniffer capturing and analyzing traffic for troubleshooting.

Network Appliances

• Definition: Specialized devices designed to perform specific functions such as routing, switching, or security tasks.

• Example: A firewall appliance specifically built to enforce security rules at the network perimeter.

Jump Server

• Definition: A hardened and secured server used to access and manage devices in sensitive network zones.

• Example: Using a jump server to access production servers in a data center, requiring multi-factor authentication.

Proxy Server

• Definition: An intermediary server that acts on behalf of clients to access resources, providing anonymity and security.

• Example: A company using a proxy server to filter and log employee web traffic.

Intrusion Prevention System (IPS)

• Definition: A security tool that actively monitors and blocks malicious activities on a network.

• Example: An IPS blocking an attempted SQL injection attack in real-time.

Intrusion Detection System (IDS)

• Definition: A passive security tool that monitors and alerts administrators of suspicious activities.

• Example: An IDS sending an alert about unusual login attempts from a foreign IP address.

Load Balancer

• Definition: A device that distributes incoming network traffic across multiple servers to ensure availability and reliability.

• Example: A load balancer spreading web traffic evenly across a cluster of servers during peak times.

Sensors

• Definition: Devices or software used to collect data about network activity and detect potential security issues.

• Example: Network sensors detecting unusual traffic patterns indicative of a potential DDoS attack.

Port Security

• Definition: A feature on switches that restricts device access to specific ports based on MAC addresses to prevent unauthorized access.

• Example: Enforcing port security to block rogue devices from connecting to a corporate network.

802.1X

• Definition: A network access control protocol that uses authentication to allow or deny devices access to a network.

• Example: A corporate Wi-Fi requiring employees to log in with credentials verified by an 802.1X authentication server.

Extensible Authentication Protocol (EAP)

• Definition: A framework for various authentication methods used in securing network access.

• Example: EAP-TLS providing certificate-based authentication for Wi-Fi networks.

Firewall Types

• Definition: Devices that monitor and control traffic based on pre-defined security rules.

• Example: A stateful firewall tracks ongoing connections and blocks unauthorized traffic.

Web Application Firewall (WAF)

• Definition: A firewall designed to protect web applications by filtering and monitoring HTTP traffic.

• Example: A WAF blocking a cross-site scripting (XSS) attack on an e-commerce website.

Unified Threat Management (UTM)

• Definition: An all-in-one security solution that integrates multiple security functions, like firewall, antivirus, and intrusion detection.

• Example: A UTM appliance providing firewall, VPN, and anti-malware features in a single device.

Next-Generation Firewall (NGFW)

• Definition: Advanced firewalls that include features like application awareness and intrusion prevention.

• Example: An NGFW blocking specific social media applications during work hours.

Virtual Private Network (VPN)

• Definition: A secure communication channel that encrypts traffic between a client and a server.

• Example: Employees using a VPN to securely access corporate resources remotely.

Remote Access

• Definition: The ability to access a network or system from a remote location securely.

• Example: Using RDP (Remote Desktop Protocol) over a secure VPN for remote IT support

Tunneling

• Definition: Encapsulating network traffic within another protocol to securely send it across an untrusted network.

• Example: Using IPsec tunneling to protect sensitive data between branch offices.

Transport Layer Security (TLS)

• Definition: A cryptographic protocol that ensures secure communication over a network.

• Example: HTTPS websites use TLS to encrypt data transferred between a browser and a web server.

Internet Protocol Security (IPsec)

• Definition: A suite of protocols that encrypt and secure IP communications.

• Example: IPsec securing a site-to-site VPN connection between corporate offices.

Software-Defined Wide Area Network (SD-WAN)

• Definition: A virtual WAN architecture that uses software to control connectivity and traffic management.

• Example: SD-WAN dynamically routing traffic over the fastest available path during peak usage.

Secure Access Service Edge (SASE)

• Definition: A cloud-based framework that combines networking and security services.

• Example: Using SASE to enforce security policies across remote users accessing corporate resources.

Selection of Effective Controls

• Definition: The process of choosing and implementing security measures that effectively mitigate risks while supporting business operations.

• Example: Deploying a combination of firewalls, IDS/IPS, and VPNs to secure enterprise infrastructure.