Sec+ Set C Security Architecture

On-Premises Architecture

Infrastructure owned, operated, and physically located within an organisation’s facilities. Organisation has full control and responsibility for security. Higher upfront cost. Data never leaves the organisation’s physical control.

Cloud Architecture

Infrastructure hosted and managed by a third-party cloud provider. Shared responsibility model - provider secures the infrastructure, customer secures their data and applications. Scalable, pay-as-you-go.

Shared Responsibility Model

In cloud computing, security responsibilities are split between the cloud provider and the customer. Provider responsible for security OF the cloud (hardware, hypervisor, physical). Customer responsible for security IN the cloud (data, OS, applications, access).

IaaS Security Responsibilities

Provider secures physical hardware, hypervisor, and network. Customer secures OS, applications, data, network configuration, identity, and access management.

PaaS Security Responsibilities

Provider additionally secures the OS and runtime. Customer secures applications, data, and user access.

SaaS Security Responsibilities

Provider secures almost everything. Customer secures data access, user accounts, and configuration of the application. Least customer responsibility.

Virtualisation Security

VMs share physical hardware but must be isolated from each other. VM escape - attacker breaks out of VM to access hypervisor or other VMs. Snapshot security - snapshots may contain sensitive data. Hypervisor compromise affects all VMs.

VM Escape

An attack where malicious code in a VM breaks out to interact with the hypervisor or other VMs on the same host. Critical vulnerability - hypervisor must be kept patched.

Container Security

Containers share the host OS kernel making them less isolated than VMs. Container escape is possible. Containers should run as non-root. Use read-only file systems. Scan images for vulnerabilities.

IoT Security Challenges

IoT devices often have weak or no security - default credentials, no update mechanism, limited processing for encryption. Should be isolated on dedicated VLANs. Firmware updates critical. Change all default credentials immediately.

ICS (Industrial Control System) Security

Controls physical processes (power grids, manufacturing, water treatment). Historically air-gapped. Now increasingly network-connected creating risk. High consequence of compromise - physical damage or safety risk. Prioritise availability over confidentiality.

SCADA (Supervisory Control and Data Acquisition)

Industrial control systems monitoring and controlling physical infrastructure. Often run legacy OS that cannot be patched. Require network isolation and strict access controls.

OT (Operational Technology)

Hardware and software monitoring and controlling physical devices and processes. Distinct from IT - availability and safety are paramount. Convergence of IT and OT creates new attack surface.

IaC (Infrastructure as Code)

Managing infrastructure through machine-readable configuration files rather than manual processes. Security benefit - consistent, auditable, version-controlled configurations. Risk - misconfiguration in code deploys everywhere instantly.

Defence in Depth

Layered security approach where multiple controls protect assets. If one layer fails, others remain. No single point of failure. Combines preventive, detective, and corrective controls across physical, technical, and administrative domains.

Secure Network Design - Screened Subnet (DMZ)

A network zone between internet and internal network hosting public-facing servers. Internet can reach DMZ, but not internal network directly. Two firewalls - one between internet and DMZ, one between DMZ and internal.

Jump Server (Jump Box)

A hardened, monitored server used as the only access point to manage devices in a secure network zone. Administrators connect to the jump server first, then to target systems. Reduces attack surface for administrative access.

Bastion Host

A specially hardened server exposed to the internet. Provides access to a private network. Similar concept to jump server. All non-essential services disabled. Heavily monitored.

Air Gap

Physical isolation of a computer or network from the internet and other unsecured networks. Used for highest-security environments. Data transfer only via physical media (USB) which creates its own risks.

Data Classification

Categorising data by sensitivity to apply appropriate security controls. Common levels - Public (no restriction), Internal (employees only), Confidential (limited access), Restricted/Top Secret (highest protection). Drives access control and encryption decisions.

Data Types

Regulated data (subject to compliance - PII, PHI, PCI). Intellectual property. Trade secrets. Financial records. Human-readable vs non-human-readable. Classification determines handling requirements.

PII (Personally Identifiable Information)

Any information that can identify a specific individual. Examples - name, SSN, address, email, biometrics, IP address. Regulated by GDPR, CCPA, and other privacy laws.

PHI (Protected Health Information)

Health information linked to a specific individual. Regulated by HIPAA in the US. Strict requirements for storage, transmission, and access.

Data Sovereignty

The concept that digital data is subject to the laws of the country where it is physically located or collected. Affects cloud storage decisions - data stored in EU must comply with GDPR regardless of company location.

Geographic Restrictions

Legal requirements limiting where data can be stored or processed. Driven by data sovereignty laws. Must be considered in cloud architecture decisions.

High Availability (HA)

System design minimising downtime by eliminating single points of failure. Achieved through redundancy, load balancing, clustering, and failover. Often expressed as uptime percentage (99.99% = four nines).

Fault Tolerance

The ability to continue operating even when one or more components fail. Requires full redundancy at every layer. More robust than HA - true zero downtime goal.

RAID (Redundant Array of Independent Disks)

Uses multiple drives for redundancy and/or performance. RAID 0 - striping (speed, no redundancy). RAID 1 - mirroring (full redundancy). RAID 5 - striping with parity (balance). RAID 10 - mirror + stripe (performance + redundancy).

Backup Types

Full - complete copy of all data. Differential - all changes since last full backup. Incremental - changes since last backup of any type. Fastest restore uses full + differential. Smallest daily backup uses incremental.

Backup 3-2-1 Rule

Keep 3 copies of data, on 2 different media types, with 1 copy stored offsite. The offsite copy protects against site-level disasters. The media diversity protects against media-specific failures.

RPO (Recovery Point Objective)

Maximum acceptable data loss measured in time. Drives backup frequency. If RPO is 4 hours, backups must run at least every 4 hours.

RTO (Recovery Time Objective)

Maximum acceptable downtime after a failure. Drives decisions on hot/warm/cold site and redundancy level.

Business Continuity Plan (BCP)

A comprehensive plan ensuring critical business functions continue during and after a disaster. Broader than DR - covers entire business operations not just IT.

Disaster Recovery Plan (DRP)

Specific procedures for restoring IT systems and data after a disaster. Subset of BCP. Includes recovery procedures, RTO/RPO targets, and contact lists.

Power Redundancy

UPS (battery backup for short outages), generators (long-term backup), dual power supplies in servers, redundant PDUs, diverse power feeds from utility.