Domain 2.0 Architecture/Design

Diagrams

Visual representations created by network professionals to outline configurations such as servers, routers, and switches, often made using tools like Microsoft Visio.

Baseline Configuration

Minimum setup required for systems, including software, firewall settings, antivirus, etc., with the creation of an image deployed to all desktops.

Standard Naming Conventions

Company-specific naming of systems and devices, ensuring consistency across departments like Accounting, Marketing, etc.

IP schema

Internal IP addressing using private IP addresses like 10.x.x.x, 192.168.10.x, etc., allocated to different departments for network organization.

Data Sovereignty

Data subject to laws and governance of the nation where it is collected, emphasizing restrictions on data transfer between countries.

DLP

Data Loss Prevention software to stop confidential data from leaving the organization, crucial for industries like Healthcare and Finance.

Masking (Data Masking)

Technique to conceal confidential data for internal sharing without compromising security, not used for payment transactions.

Tokenization

Data protection method replacing sensitive data with non-sensitive placeholders, meeting PCI DSS requirements for secure storage.

Encryption

Process of encoding data to make it unreadable to unauthorized users, ensuring data security and integrity.

Data States

Data classification into At rest, In transit, and In-use states, each requiring specific security measures like encryption and access controls.

IRM

Information Rights Management secures information to prevent unauthorized access or copying by individuals or businesses.

HSM (Hardware Security Module)

Physical computing module managing cryptographic keys securely within servers or devices.

Geographical Considerations

Legal implications and regulations based on the geographical region where data is created or stored, impacting data access and storage.

Response and Recovery Controls

Procedures and software to respond to security incidents and recover data from backups or reimaging computers.

SSL/TLS Inspection

Inspection of SSL/TLS traffic for malware, ensuring secure connections and trust via certificates from Certificate Authorities.

Hashing

Process of transforming data into a short code (hash) for data integrity verification, using algorithms like MD5, SHA 1, etc.

API considerations

Vulnerabilities related to API usage, including on-path attacks, API injections, and DDoS attacks, requiring security measures.

Cold Site

Alternative site without equipment or data, used in case of disaster recovery, taking weeks to relocate equipment.

Warm Site

Site with some equipment ready for use, requiring a few days for setup, suitable for faster recovery than a cold site.

Hot Site

Replica of the main data center with all equipment ready for immediate use, ensuring quick data recovery within hours but being the most expensive option.

SECaaS

Security as a Service (SECaaS) provides various security services to organizations without the need for maintaining a cybersecurity staff.

Public (Cloud)

A cloud service provider offers resources over the Internet, cost-effective, and efficient for organizations, utilizing a multitenant model.

Private (Cloud)

A company creates its own cloud environment for internal use, responsible for design, operation, and hosting, suitable for high-security needs.

Hybrid (Cloud)

Combines benefits of public and private cloud, allowing organizations to use both resources, with strict data hosting rules.

Community Cloud

Shared cloud service for specific organizations or employees with similar security and compliance needs, sharing resources and costs.

CSP

Cloud Service Provider (CSP) offers cloud-based services like platforms, infrastructure, applications, or storage.

MSP

Managed Service Provider (MSP) manages technology aspects for clients, sometimes offering cloud services, including network management and disaster recovery.

MSSP

Managed Security Service Providers (MSSP) specialize in IT security, managing firewall, patching, security audits, and emergency responses.

On-Premises vs Off-Premises

On-Premises services run locally, while Off-Premises services are hosted externally, often in third-party data centers.

Cloud Computing Pros & Cons

Cloud computing offers on-demand computing, massive data storage, and fast implementation but may face challenges like latency and data protection.

Edge Computing

Technology processing data on devices themselves, reducing latency, suitable for devices with poor connectivity.

Fog Computing

Data preprocessing at local gateways before sending to the cloud, reducing latency and enabling local decisions from local data.

Thin Clients

Simple computers optimized for connecting to virtual desktops, running applications on remote servers with minimal local operating system.

Containers

Provide reproducible compute environments with code and dependencies, self-contained applications running inside a small OS.

API's

Application Programming Interfaces connect applications in microservice architecture, acting as the glue for scalable, resilient, and secure applications.

IaC

Infrastructure as Code automates infrastructure management and provisioning using scripted code, common in cloud technologies for efficient configuration.

SDN

Software Defined Network routes packets through a software-based controller, improving security, performance, and control in a network.

SDV

Software Defined Visibility monitors network traffic flow, enabling understanding of data flow and deployment of security devices.

Serverless Architecture

Backend as a Service where a third-party hosts applications, allowing building and running applications without managing infrastructure.

Services Integration

Combining business and IT services seamlessly to provide a single solution for businesses.

Normalization

Process of organizing databases to eliminate redundancies and inconsistent dependencies, making the database more secure and fast.

Stored Procedure

Reusable prepared SQL code that prevents code modification by attackers and uses parameterized queries to prevent SQL injections.

Obfuscation

Process of hiding or masking source code to prevent understanding by competitors or attackers, using techniques like XOR, ROT13, and steganography.

Code Reuse

Practice of reusing high-quality code from code libraries to develop applications efficiently.

Dead Code

Code that is never executed and should be removed promptly to avoid consuming unnecessary resources.

Server-side vs

Distinguishing between server-side (backend) and client-side (front-end) code execution and validation for security and performance.

Memory Management

Writing code to minimize memory consumption, prevent memory leaks, and avoid buffer overflows for secure and efficient applications.

Use of 3rd Party Libraries

Incorporating third-party libraries to extend programming language functionality, balancing application features with potential security risks.

Software Development Kits (SDK)

Set of tools created by vendors to facilitate application development, which may introduce security vulnerabilities if not selected carefully.

Data Exposure

Securing application data through encryption, limited access, input validation, and data protection techniques to prevent theft by attackers.

OWASP

Open Web Application Security Project, an organization focused on improving software and web security through open-source initiatives and community education.

Compiler

Software that translates high-level programming language code into machine code for computer execution.

Binary

Numbering scheme with two possible values (0 or 1) used in computing systems for operational instructions and user input.

Automated Courses of Action

Using technology to automate IT processes, such as incident responses in a SOAR system for efficient threat management.

Automation

Process of automating tasks through scripts or GUI to eliminate the need for human intervention.

Continuous Monitoring

Logging system failures and security vulnerabilities for timely remediation.

Continuous Deployment

Automatically pushing changes to the production environment after testing.

Continuous Delivery

Fixing bugs before moving an application into production, typically in the staging environment.

Continuous Validation

Testing applications to ensure they meet requirements and function as intended.

Continuous Integration

Process where multiple developers consolidate and test code in the test environment to ensure functionality.

Elasticity

Automatically adjusting resources to meet demand for efficient resource utilization, commonly seen in cloud computing.

Scalability

Ability to increase capacity either vertically or horizontally to accommodate growing operational demands.

Version Control

Managing and tracking changes to software code using version control systems.

Directory Services

Storing and managing information about objects like user accounts and resources, commonly used for authentication like Microsoft Active Directory.

Federation Services & Authentication

Collection of domains with established trust for shared access to resources, used for authentication between different organizations.

SAML

Security Assertion Markup Language, an XML-based authentication standard for passing credentials between companies.

Attestation

Confirming device compliance with company policies, often done remotely for device verification.

Smart Card Authentication

Using integrated circuit cards for physical and digital access, often with multiple factors of authentication like PIN or fingerprint.

TOTP

Time-Based One-Time Password algorithm for generating time-sensitive login credentials.

HOTP

HMAC-based One-Time Password algorithm for event-based OTP using a counter and secret key.

HOTP vs

Comparison between HOTP and TOTP authentication methods, where TOTP is time-based and HOTP is event-based.

Short Message Service (SMS) Authentication

Authentication method using text messages, less secure than authentication apps and biometrics.

Push Notification (Authentication)

Sending authentication information to mobile devices via push notifications, considered more secure than SMS but may have vulnerabilities.

Authentication Applications

Software-based authenticators implementing 2-step verification using TOTP and HOTP algorithms for secure user authentication.

Static Codes

A set of unchanging numbers or letters used for authentication, like passwords or passphrases.

Token key

A one-time password generated by software or hardware for authentication purposes.

Fingerprint (Biometrics)

Biometric authentication based on unique fingerprint patterns.

Retina (biometric)

Biometric authentication using retinal scans.

Iris (biometric)

Biometric authentication based on iris scans.

Voice Recognition (Biometrics)

Authentication based on voice patterns.

Facial Recognition

Authentication based on facial features.

Veins (Biometrics)

Authentication based on the unique vein patterns in the body.

Gait Analysis (for biometrics)

Authentication based on the unique way a person walks.

FAR

False Acceptance Rate, where an unauthorized user is mistakenly authenticated.

FRR

False Rejection Rate, where an authorized user is wrongly rejected.

CER

Crossover Error Rate, where FAR equals FRR for optimal biometric accuracy.

Efficacy Rates

Measure of biometric system accuracy, with lower rates indicating fewer errors.

Factors

Different characteristics used for authentication, including something you know, have, or are.

AAA

Authentication, Authorization, and Accounting framework for centralized services.

MFA

Multi-Factor Authentication, using multiple factors for enhanced security.

Cloud versus On-Premises Authentication

Contrasting centralized cloud-based and local on-premises authentication.

Redundancy

Duplicating system parts for continuous availability in case of failures.

Geographical Dispersal

Creating redundant systems in different geographical locations for uptime.

RAID

Redundant Array of Independent Disks, a method of storing data across multiple drives for redundancy and performance.

RAID 5

Utilizes a minimum of 3 hard drives, distributes parity information across disks for redundancy, can withstand the failure of one drive, and offers fault tolerance.

RAID 6

Requires a minimum of 4 hard drives, similar to RAID 5 but with an additional disk for parity, can tolerate the loss of 2 drives due to double parity.

Most Common RAID Types

RAID 0, 1, and 5 are widely used for various purposes, balancing performance and redundancy.

Load Balancers

Devices distributing network/application traffic across servers, ensuring active servers, and providing redundancy.

NIC Teaming

Combining multiple network adapters into a virtual NIC for performance, load balancing, and redundancy, commonly done on Windows Servers.

Power Redundancies

Include UPS, generators, dual supply, and PDUs to ensure continuous power supply and protect against failures.