3.0 Security Architecture

3.1 Compare and contrast security implications of different architecture models

Architecture and infrastructure concepts

• Cloud

  • Responsibility matrix

    • Definition: A framework that defines which parties (such as an organization and a service provider) are responsible for specific security tasks in a shared environment.

    • Example: A company using cloud storage follows a structured plan where the cloud provider manages hardware security while the business is responsible for data encryption and user access controls.

  • Hybrid considerations

    • Definition: Security challenges and strategies involved in environments that combine both cloud and on-premises infrastructure.

    • Example: A business runs its customer database in a local data center but uses an online platform for web applications, requiring secure connections between the two environments

  • Third-party vendors

    • Definition: External companies that provide products or services, including software, hardware, or IT support, to an organization.

    • Example: A business contracts an external provider to manage network security and implement threat detection systems.

• Infrastructure as code (IaC)

  • Definition: A method of managing and provisioning computing resources through automated scripts rather than manual configuration.

  • Example: A development team uses a script to automatically deploy and configure virtual machines, ensuring consistency across all environments.

• Serverless

  • Definition: A cloud-based computing model where the provider manages infrastructure, and developers only focus on writing and running code.

  • Example: A company hosts an event-driven function that automatically processes data whenever a file is uploaded, without needing to maintain a dedicated server.

• Microservices

  • Definition: A software architecture that breaks applications into small, independent services that communicate with each other.

  • Example: An online retail system has separate components for user accounts, payments, and inventory, allowing independent updates without affecting the entire application.

• Network infrastructure

  • Definition: The physical and virtual components that support network communication, including routers, switches, firewalls, and cloud networking.

  • Example: A company sets up multiple layers of security devices to filter incoming traffic and protect internal systems.

    • Physical isolation

      • Definition: The separation of a system or network from external access to enhance security.

      • Example: A research lab keeps its sensitive projects on computers that are not connected to the internet to prevent unauthorized access.

    • Air Gapped

      • Definition: A security measure that physically separates a network or system from external connections to prevent cyber threats.

      • Example: A government agency stores classified documents on a computer that has no internet access and is not connected to any external network.

    • Logical segmentation

      • Definition: The division of a network into isolated sections using software controls instead of physical barriers.

      • Example: A financial company restricts its accounting department’s systems from accessing the software development team’s environment to prevent unauthorized data exposure.

    • Software-defined networking (SDN)

      • Definition: A network management approach where software controls how data flows, allowing for dynamic and automated configurations.

      • Example: A company uses a centralized system to automatically adjust network settings and reroute traffic based on demand, improving efficiency and security.

• On-premises

  • Definition: Computing infrastructure that is physically located within an organization's facility rather than being hosted by an external provider.

  • Example: A financial institution stores sensitive customer data on locally managed servers within its data center for greater control and security.

• Centralized vs. decentralized

  • Definition: A comparison between systems where control is maintained from a single authority versus those that distribute responsibilities across multiple locations.

  • Example: A corporation uses a centralized identity management system where all user access is controlled from a single directory, while a blockchain network operates in a decentralized manner with no single controlling entity.

• Containerization

  • Definition: A technology that packages applications and their dependencies into lightweight, portable units that can run in any environment.

  • Example: A development team deploys a web application using separate, isolated packages for its database, front-end, and backend services, ensuring consistency across different computing environments.

• Virtualization

  • Definition: The creation of multiple simulated environments or machines on a single physical system to maximize resource efficiency.

  • Example: A company runs multiple operating systems on a single physical server, allowing different teams to test applications without needing separate hardware.

• IoT

  • Definition: A network of connected smart devices that collect and share data over the internet.

  • Example: A manufacturing facility monitors production efficiency using connected sensors that provide real-time performance data.

• Industrial control systems (ICS) / Supervisory control and data acquisition (SCADA)

  • Definition: Specialized systems used to manage and automate industrial operations such as power grids, water treatment plants, and factories.

  • Example: A utility company remotely controls and monitors its electrical grid using a digital system designed for real-time adjustments.

• Real-time operating system (RTOS)

  • Definition: A software system that processes data and executes tasks within strict timing constraints, often used in embedded systems.

  • Example: An autonomous vehicle uses a specialized software environment to ensure instant response times for braking and obstacle detection.

    • Embedded systems

      • Definition: Computing components that are integrated into a larger device and designed to perform dedicated tasks.

      • Example: A smart thermostat includes a built-in processor that regulates temperature settings based on user preferences.

• High availability

  • Definition: A design approach that ensures systems remain operational with minimal downtime by incorporating redundancy and failover mechanisms.

  • Example: A cloud-based streaming service runs on multiple servers, so if one fails, another automatically takes over to keep services running smoothly.

Considerations

• Availability

  • Definition: Ensuring that systems, applications, and data are accessible when needed, with minimal downtime.

  • Example: A cloud service provider implements redundant servers to keep applications running even if one fails.

• Resilience

  • Definition: The ability of a system to withstand and recover from failures, attacks, or other disruptions.

  • Example: A bank’s transaction system continues operating during a cyberattack due to built-in failover mechanisms.

• Cost

  • Definition: The financial investment required for infrastructure, security, maintenance, and scalability.

  • Example: A business chooses a cloud provider that offers a pay-as-you-go model to minimize upfront expenses.

• Responsiveness

  • Definition: The speed at which a system reacts to user requests or changes in workload.

  • Example: An online retailer’s website automatically adjusts server capacity during peak shopping hours to handle increased traffic.

• Scalability

  • Definition: The ability of a system to expand or contract based on demand without affecting performance.

  • Example: A video streaming platform adds more server capacity as more users subscribe to its service.

• Ease of deployment

  • Definition: How quickly and efficiently a system or application can be set up and configured.

  • Example: A company deploys a new web application in minutes using an automated cloud infrastructure.

• Risk transference

  • Definition: Shifting the responsibility for potential security risks to a third party, such as a cloud provider or cybersecurity insurance.

  • Example: A business purchases a cybersecurity insurance policy to cover financial losses from a potential data breach.

• Ease of recovery

  • Definition: How quickly a system can restore normal operations after a failure or attack.

  • Example: A company uses automatic daily backups, allowing it to quickly restore lost data after a ransomware attack.

• Patch availability

  • Definition: The frequency and speed at which security updates or software fixes are provided by vendors.

  • Example: A mobile operating system releases monthly security updates to protect against new vulnerabilities.

• Inability to patch

  • Definition: A situation where software or hardware cannot be updated due to compatibility issues or lack of vendor support.

  • Example: A hospital continues using outdated medical devices that cannot receive security updates, increasing the risk of exploitation.

• Power

  • Definition: The energy requirements of a system, including backup power solutions to prevent outages.

  • Example: A data center uses backup generators to keep operations running during a power failure.

• Compute

  • Definition: The processing power and resources required for a system to function efficiently.

  • Example: A company provisions high-performance virtual machines to support artificial intelligence workloads.

• Zone Redundancy

  • implies data replication across multiple zones within a region. This increases data availability as even if one zone experiences an outage, the data is still accessible from another zone.

• Third-party mobile device management (MDM)

  • Third-party MDM solutions allow single sign-on, device diversity support, and cloud application access control. They transfer some risk to the provider via service level agreements (SLAs) and often feature rapid recovery options.

  • Definition: A security solution provided by an external vendor that allows organizations to remotely manage, monitor, and secure employee devices.

  • Example: A company uses an external platform to enforce security policies on employee smartphones, such as requiring encryption and blocking unauthorized apps.

     

3.2 Given a scenario, apply security principles to secure enterprise infrastructure

Infrastructure considerations

• Device placement

  • Definition: The strategic positioning of hardware and network components to maximize security and efficiency.

  • Example: A company places its firewalls at the network perimeter and intrusion detection systems within internal networks to monitor for threats.

• Security zones

  • Definition: Segmented areas within a network with different security levels to control access and reduce risks.

  • Example: A business separates public-facing web servers from internal databases using a demilitarized zone (DMZ) to prevent direct external access.

• Attack surface

  • Definition: The total number of possible points where an attacker could exploit a system or network.

  • Example: A company reduces its exposure by closing unnecessary ports and disabling unused services on its servers.

• Connectivity

  • Definition: The way devices and networks are linked to communicate securely and efficiently.

  • Example: A remote workforce uses a virtual private network (VPN) to securely access company resources from different locations.

• Failure modes

  • Fail-open

    • A system remains operational when a failure occurs, potentially allowing unrestricted access.

      • Example: A firewall fails and allows all traffic instead of blocking it, leaving the network vulnerable.

  • Fail-closed

    • A system shuts down or blocks access during a failure to prevent security breaches.

      • Example: A biometric access system locks all doors when it detects an authentication system failure, preventing unauthorized entry.

• Device attribute

  • Active Monitoring

    • Proactively tests system performance and security with synthetic transactions. Example: An online store sends test purchases to verify the checkout process.

  • Passive Monitoring

    • Observes real user data and traffic to identify security threats. Example: An online store analyzes actual customer behavior to detect suspicious activities.

  • Inline vs. tap/monitor

    • Inline

      • Involves placing monitoring tools directly in the path of network traffic. This allows for real-time analysis and intervention but can introduce latency and potential points of failure.

        Example: Firewalls are typically placed inline to inspect and filter traffic as it passes through.

    • Tap/Monitor

      • A hardware device that passively copies network traffic for monitoring without affecting the flow of data. It provides a complete and accurate capture of traffic but requires physical installation.

        Example: A TAP device is inserted between two network devices to duplicate traffic for analysis.

• Network appliances

  • Jump server

    • A specially secured device used to access and manage critical systems remotely.

      • Example: An administrator connects to a secured management system through a single controlled access point rather than accessing it directly.

  • Proxy server

    • A system that acts as an intermediary between users and the internet, enhancing security and anonymity.

      • Example: A company routes employee web traffic through a filtering system that blocks malicious sites.

  • Intrusion prevention system (IPS)

    • Monitors network traffic for suspicious activity and alerts administrators when potential threats are detected. It does not take direct action to stop the threats; it only identifies and reports them.

      Example: IDS detects an unusual spike in traffic indicating a possible DDoS attack and notifies the security team.

  • Intrusion detection system (IDS)

    • monitors and detects suspicious activity like an IDS, but also takes proactive measures to block or prevent potential threats in real-time.

      Example: IPS detects and automatically blocks a malicious traffic attempt from accessing the network.

  • Load balancer

    • A system that distributes traffic across multiple servers to ensure performance and reliability.

      • Example: A high-traffic e-commerce website evenly distributes incoming customer requests to multiple backend servers to prevent overload.

Secure communication/access

• Virtual private network (VPN)

  • Encrypts internet connections to protect data transmitted between remote users and a corporate network.

    • Example: A remote employee securely accesses company files from home using an encrypted connection

• Remote access

  • The ability to connect to a network or system from a different location.

    • Example: An IT administrator logs into a corporate server from another city to perform updates.

• Tunneling

• Transport Layer Security (TLS)

  • A cryptographic protocol that secures online communications by encrypting data between a client and a server.

    • Example: A banking website ensures secure transactions by encrypting user data during login and payment processing.

Firewall types

• Web application firewall (WAF)

  • Protects web applications by filtering and monitoring HTTP traffic to prevent attacks like SQL injection and cross-site scripting.

    • Example: An online shopping website deploys a security solution that blocks suspicious user inputs to prevent hacking attempts.

• Unified threat management (UTM)

  • A multi-function security system that includes firewall, antivirus, intrusion detection, and content filtering in one solution.

    • Example: A small business uses an all-in-one security appliance that scans for malware, filters web traffic, and blocks unauthorized access.

• Next-generation firewall (NGFW)

  • An advanced security solution that includes deep packet inspection, intrusion prevention, and application awareness.

    • Example: A company deploys an advanced security system that detects and blocks sophisticated threats in real time.

• Layer 3 Firewall (Router)

  • Sits on the ingress/egress of the network and often provide network address translations

• Layer 4

  • Filter traffic by port number, like UTM

• Layer 7 Firewall

  • Filters traffic by application, on the OSI 7 layer

Other considerations

• Sensors

  • Definition: Devices that monitor network traffic, system activity, or environmental factors to detect security threats.

  • Example: A data center uses temperature and motion detectors to prevent overheating and detect unauthorized access attempts.

• Port security

  • Definition: A method of controlling access to network ports to prevent unauthorized devices from connecting.

  • Example: A corporate network restricts connections to only approved employee devices to prevent rogue access.

• 802.1X

  • or NAC, port based network access control, EAP integrates with 802.1x, prevents access to network until authenticated. A network authentication protocol that requires devices to verify their identity before accessing the network.

    • Example: An office Wi-Fi network requires employees to log in with unique credentials before they can connect.

• Extensible Authentication Protocol (EAP)

  • A framework used in secure wireless authentication that supports various encryption and authentication methods.

    • Example: A university uses a secure wireless login system where students authenticate with a digital certificate.

• Internet Protocol Security (IPSec)

  • Definition: A protocol suite that encrypts and secures data transmitted over an IP network to prevent interception and tampering.

  • Example: A company secures communication between branch offices by encrypting traffic using a network security protocol, preventing unauthorized access.

• Software-defined wide area network (SD-WAN)

  • A network management approach that uses software to intelligently route traffic across multiple connections for better performance and security.

  • Example: A multinational company connects its offices globally using a cloud-based solution that dynamically selects the best available internet path for data transmission, reducing costs and improving efficiency.

• Secure Access Service Edge (SASE)

  • Definition: A security framework that combines wide-area networking and security services into a cloud-based solution to provide secure remote access.

  • Example: A business with remote workers implements a cloud-based solution that ensures encrypted connections, access controls, and threat monitoring across multiple locations.

3.3 Compare and contrast concepts and strategies to protect data

Data Types

• Regulated

  • Definition: Information governed by legal or industry regulations that require strict protection and compliance.

  • Example: A healthcare provider encrypts patient medical records to comply with data privacy laws and prevent unauthorized access.

• Trade secret

  • Definition: Confidential business information that provides a competitive advantage and must be protected from disclosure.

  • Example: A technology company safeguards its proprietary software algorithms to prevent competitors from replicating its innovations.

• Intellectual property

  • Definition: Legally protected creations of the mind, such as patents, copyrights, and trademarks.

  • Example: A movie studio prevents the unauthorized distribution of its newly released film by using digital rights management (DRM) technology.

• Legal information

  • Definition: Documents and records related to contracts, compliance, and regulatory matters that require secure storage.

  • Example: A law firm securely stores signed contracts and court documents in an encrypted document management system.

• Financial information

  • Definition: Data related to monetary transactions, including banking records, credit card details, and financial reports.

  • Example: An online payment service encrypts customer credit card information to protect against fraud and data breaches.

• Human- and non-human-readable

Data Classifications

• Sensitive

  • Definition: Information that requires protection due to privacy, security, or regulatory concerns.

  • Example: A government agency restricts access to personnel records to authorized employees only to prevent data leaks

• Confidential

  • Definition: Information that is restricted to specific individuals or groups to prevent unauthorized disclosure.

  • Example: A corporate HR department encrypts employee salary records to ensure that only approved personnel can access them.

Data Visibility Levels

• Public

  • Definition: Information that is openly available to anyone and does not require protection.

  • Example: A government agency publishes a report on population statistics that is accessible to the public.

• Restricted

  • Definition: Information that has limited access and requires authorization to be viewed or shared.

  • Example: A university restricts access to student exam results so that only faculty members and the student can view them.

• Private

  • Definition: Personal or confidential information that is protected to maintain privacy and prevent unauthorized access.

  • Example: A social media platform encrypts user messages to ensure that only the sender and recipient can read them.

• Critical

  • Definition: Essential information that, if lost or compromised, would severely impact business operations or security.

  • Example: A financial institution secures its transaction records with multiple backups to prevent loss due to cyberattacks.

General Data Considerations

• Data states:

  • Data at rest

    • Definition: Information stored on physical or digital media that is not actively being used or transferred.

    • Example: A company encrypts stored customer records on its database to prevent unauthorized access.

  • Data in transit

    • Definition: Information being transferred from one location to another over a network.

    • Example: A secure payment gateway encrypts credit card details while processing an online transaction.

  • Data in use

    • Definition: Information that is actively being processed, modified, or accessed by an application or user.

    • Example: An employee works on a confidential financial spreadsheet that is temporarily stored in system memory.

• Data sovereignty

  • Definition: The legal and regulatory requirements that dictate where information is stored and processed based on geographic location.

  • Example: A cloud storage provider ensures that European customer data is stored within the EU to comply with data protection laws.

• Geolocation

  • Definition: The identification of a device or user’s physical location based on GPS, IP address, or network information.

  • Example: A banking app requires additional authentication if a customer attempts to log in from an unfamiliar country.

Methods to Secure Data

• Geographic restrictions

  • Definition: Limiting access to data based on the physical location of users or systems to prevent unauthorized access from certain regions.

  • Example: An online banking service blocks logins from foreign countries unless pre-approved by the account holder.

• Encryption

  • Definition: Converting data into an unreadable format using cryptographic techniques to protect it from unauthorized access.

  • Example: A healthcare provider encrypts patient records so they can only be accessed with a secure decryption key.

• Hashing

  • Definition: A process that converts data into a fixed-length unique value, often used to verify integrity.

  • Example: A website hashes user passwords before storing them to prevent attackers from easily retrieving them if breached.

• Masking

  • Definition: Concealing portions of sensitive data to protect it while still allowing limited visibility for legitimate use.

  • Example: A customer service portal displays only the last four digits of a credit card number for security reasons.

• Tokenization

  • Definition: Replacing sensitive data with a unique identifier (token) that has no exploitable value.

  • Example: A payment processor substitutes actual credit card numbers with random tokens to prevent exposure during transactions.

• Obfuscation

  • Definition: Modifying data to make it difficult to understand or interpret without proper decoding.

  • Example: A software application obfuscates its source code to prevent hackers from analyzing its functionality.

• Segmentation

  • Definition: Dividing data or networks into separate sections to limit access and minimize security risks.

  • Example: A company stores employee payroll data in a separate, restricted database that is not connected to other systems

• Permission restrictions

  • Definition: Controlling user access to data by defining specific privileges based on roles and responsibilities.

  • Example: An HR employee has permission to view salary details but cannot edit them, ensuring that only authorized personnel can make changes.

3.4 Explain the importance of resilience and recovery in security architecture

High Availability

• Load balancing

  • Load is distributed across multiple servers, the servers are often unaware of each other, can be with different OS, it can be added to increase capacity or removed if not responding or fails

• Clustering

  • Combines two or more servers and appears as one, easily can increases capacity and availability, usually has all the same OS

• HA, Always on, if one system fails, another takes over the additional load, to ensure availability

Site Considerations

Recovery site is prepared

• Hot

  • A fully operational backup facility that can take over immediately in case of a disaster.

    • Example: A bank maintains an identical backup center with real-time data replication, allowing operations to continue instantly if the primary site goes down.

• Cold

  • A backup location with infrastructure but no active systems, requiring setup before use.

    • Example: A company rents an empty office space with basic equipment that can be set up as a temporary workspace after a major disaster.

• Warm

  • A partially configured backup location that requires some setup before becoming fully operational.

    • Example: A call center keeps backup servers and networking equipment at a secondary site, which can be brought online within a few hours if needed.

• Geographic dispersion

  • Distributing systems across multiple locations to ensure resilience against regional failures.

    • Example: A cloud provider hosts data across different continents, so if one data center fails, users are automatically redirected to another.

• Multi-cloud systems

  • Definition: Using multiple cloud providers to distribute workloads and improve availability and flexibility.

  • Example: A media streaming service stores videos on different cloud platforms to ensure service continuity if one provider experiences downtime.

• Platform Diversity

  • Definition: Using multiple types of hardware, operating systems, or software solutions to reduce the risk of failure from a single point of failure.

  • Example: A business runs its applications on both Linux and Windows servers to ensure compatibility and redundancy.

• Continuity of Operations

  • Definition: The ability of an organization to maintain essential functions during and after a disruption.

  • Example: A government agency implements an emergency response plan that allows employees to work remotely during a natural disaster.

• Capacity planning

  • Definition: Preparing for future growth by ensuring sufficient resources (such as computing power, storage, and personnel) to meet demand.

    • Example: An IT department monitors system performance and scales up server capacity in anticipation of increased website traffic during a holiday sale.

    • People

      • Ensuring that the workforce is trained and available to handle business operations during disruptions.

        • Example: A cybersecurity team cross-trains employees so they can respond to incidents even if key personnel are unavailable.

• Technology

  • Definition: The hardware, software, and tools used to support business operations and security.

  • Example: A company uses cloud-based collaboration tools to allow employees to work remotely during an office outage.

• Infrastructure

  • Definition: The foundational physical and digital systems that support an organization's IT and business operations.

  • Example: A data center installs redundant cooling and network systems to ensure reliability and prevent downtime.

Testing

• Tabletop exercises

  • A discussion-based practice where teams review their response to potential incidents in a simulated environment.

    • Example: A cybersecurity team walks through a ransomware attack scenario to ensure proper response procedures are in place.

• Failover

  • A backup process that automatically switches operations to a standby system when the primary system fails.

    • Example: A cloud-based application automatically redirects users to a backup server if the main server crashes.

• Simulation

  • A controlled test that replicates real-world security incidents or failures to evaluate response effectiveness.

    • Example: A company simulates a phishing attack by sending test emails to employees to assess awareness and training effectiveness.

• Parallel processing

  • Running backup systems alongside the primary systems to ensure a seamless transition in case of failure.

    • Example: A bank keeps a live replica of its transaction processing system that operates simultaneously with the main system.

Backups

• Onsite

  • These backups are stored locally, within the same physical location as your primary data. They offer quick access and recovery since they're close at hand but are vulnerable to physical disasters like fires, floods, or theft.

• Offsite

  • These backups are stored in a different physical location from your primary data. They provide better protection against physical disasters but might have slower access and recovery times due to distance.

    Example: Using a cloud storage service or a remote data center to store backups of your data.

• Frequency

  • The schedule for regularly saving copies of important data to minimize data loss.

    • Example: A financial institution performs nightly backups of all transaction records to prevent data loss in case of failure.

• Encryption

  • Protecting backup data by converting it into a secure format that only authorized users can decrypt.

    • Example: A company encrypts its database backups before storing them on external drives to prevent unauthorized access.

• Snapshots

  • Capturing the state of a system or database at a specific moment for quick recovery.

    • Example: A cloud service takes hourly system snapshots so that in case of failure, the last saved version can be restored instantly.

Recovery

• Replication

  • Continuously copying data between systems or locations to ensure real-time availability.

    • Example: A global enterprise syncs its customer database across multiple data centers to prevent service interruptions.

• Journaling

  • Recording all changes made to data over time to allow for rollback in case of corruption or loss.

    • Example: A database logs every modification to customer records, allowing it to be restored to a previous state if necessary.

Power

• Generators

• Uninterruptible power supply (UPS)