System Network and Defense

Physical Security

Fencing and Physical Barriers, Biometrics, Badges and Access Logs, Surveillance

Fencing and Physical Barriers

They are the outermost layer of defense and the most visible. All physical barriers should meet specific design requirements and material specifications

Fence

is barrier that encloses secure areas and designated boundaries.

Biometrics

physiological or behavioral characteristics of an individual, and there are security practices based on identifying and granting access using biometrics.

Type I (False Rejection)

error rejects a person that registers and is an authorized user. It means that someone who should gain access is not granted access

Type II (False acceptance )

errors allow entry to people who should not have entry, meaning a cybercriminal can potentially gain access

Badges and Access Logs

Allows an individual to gain access to an area with automated entry points

Surveillance

Many physical access controls, including deterrent and detection systems, ultimately rely on people to intervene and stop the actual attack or intrusion.

Developing and Testing, Staging environments and production, provisioning and deprovisioning

Stages of Application Development

Developing and testing

Software is developed and updated in a development environment, where it can be developed, tested and debugged before being deployed.

Staging environments and Production

By testing in a staging environment, developers can verify that the software runs under the required security settings before deploying to production

Provisioning and Deprovisioning

Provisioning is the creation or updating of software. Deprovisioning is its removal

Code Signing

helps prove that a piece of software is authentic. Executables designed to install and run on a device are digitally signed to validate the author

Secure Cookies

When your client interacts with a server, it sends an HTTP/S response that instructs a browser create 1 cookie which can be use for future request Using secure cookies with HTTPS instead of HTTP to to ensure encryption which protects the information stored on it

Unauthorized access to data centers, computer rooms and wiring closets

Implement policies, standards and procedures for staff and visitors to ensure the facilities are secure

Server and system downtime

Develop a business continuity plan for critical applications to maintain availability of operations
Develop a disaster recovery plan for critical applications and data

Network operating system software vulnerability

Develop a policy to address application software and operating system updates.

Install patches and updates regularly

Unauthorized access to systems

Use multi-factor authentication

Monitor log files

Data loss

Implement data classification standards

implement backup procedures

Software development vulnerabilities

conduct software testing prior to launch

Secure Shell (SSH)

is a protocol that provides a secure (encrypted) remote connection to a device. It is more secure due to strong encryption rather than Telnet

Secure copy (SCP)

securely transfers files between two remote systems. uses SSH for data transfer and authentication, ensuring the authenticity and confidentiality of the data in transit.

VLAN

provide a way to group devices within a local area network (LAN) and on individual switches.

Zero-Trust

is an evolving design approach which recognizes that even the most robust access control systems have their weakness

Demilitarized Zone (DMZ)

host systems that are accessible through the firewall are physically separated from the internal network by means of secured switches or by using an additional firewall to control traffic between the web server and the internal network

Application management

allows you to digitally sign applications so that you can authorize which applications users can install. This helps to ensure that installed applications come from a trusted source.

3 principles of high availability

Eliminating Single Points of Failure, Providing for reliable crossover, Detecting failures as they Occur