3.0 Architectures and Designs Flashcards
The use of multiple layers of security to protect resources. Controlled Diversity and Vendor Diversity are two methods organizations implement to provide this.
Defense-in-Depth
The practice of implementing security controls from different vendors to increase security.
Vendor Diversity
The use of different security control types such as technical controls, administrative controls, and physical controls.
Control Diversity
Security controls implemented via administrative or management methods.
Administrative Control
Security controls implemented through technology.
Technical Control
A network architecture that is situated between an untrusted network and a protected network and acts as a protective buffer zone between the two networks.
DMZ (Demilitarized Zone)
The part of an internal network shared with outside entities. They are often used to provide access to authorized business partners, customers, vendors, or others.
Extranet
An internal network. People use this to communicate and share content with each other.
Intranet
A service that translates public IP address to private IP address and vice versa.
NAT (Network Access Translation
A connection mode used by wireless devices without an access point. When wireless devices connect through an access point they are using infrastructure mode.
AD HOC
A method of segmenting traffic, it logically groups several different computers together without regard of their physical location.
VLAN (Virtual Local Area Network)
A technology that allows you to host multiple virtual machines on a single physical system.
Virtualization
A physical security control that provides physical isolation. Systems separated by this don’t typically have any physical connections to other systems.
Airgap
A dedicated device used for VPNs that includes all the services needs to create a VPN, including strong encryption and authentication techniques.
VPN Concentrator
Devices used to handle TLS traffic. Servers can offload TLS traffic to improve performance.
SSL Acelerator
Hardware of software that balances the load between two or more servers.
Load Balancer
An attack on a system launched from multiple sources, intended to make a computers resources or services unavailable to users.
DDoS (Distributive Denial of Service)
A method to encrypt an entire disc.
FDE (Full Disc Encryption)
A drive that includes the hardware and software necessary to encrypt a hard drive.
SED (Self Encrypting Drive)
Hardware chip on a motherboard included in many laptops and some mobile devices.
TPM (Trusted Platform Module)
A removable or external device that can generate, store, and manage RSA keys using asymmetric encryption.
HSM (Hardware Security Module)
A method used to boot some systems and intended to replace BIOS firmware.
UEFI/BIOS
Interference caused by motors, power lines, and fluorescent lights.
EMI/EMP (Electromagnetic Interference/ Pulse)
A freestanding device that operates in a largely self-contained manner.
Appliance
A core principle of secure system design. Systems should be deployed with only the services, application, and protocols needed to meet their purpose.
Least Functionality
A list of applications that a system allows.
Application White Listing
A list of applications that a system denies.
Application Black Listing
The use of an isolated area on a system, typically for testing.
Sandboxing
The state of a system when all required OS software and applications as well as configuration details have been configured exactly according to predetermined standard.
Baselining
A system used to control an ICS such as a power plant or a water treatment facility.
SCADA (Supervisory Control and Data Acquisition)
The network of physical devices connected to the Internet.
IoT (Internet of Things)
Physical security control that increase availability by regulating air flow within data centers and server rooms.
HVAC
An integrated circuit that includes a computing systems within the hardware. Many mobile devices include this.
SoC (System on a Chip)
An operating system that reacts to input within a specific time.
RTOS (Real Time Operating System)
Software development cycle using a top down approach. It uses multiple stage; with each stage starting after the previous stage is completed.
Waterfall Method
The process of managing and provisioning computer datacenters through machine-readable definition files.
Infrastructure as Code
The process of organizing data and columns in a database.
Normalization
An attempt to make something unclear or difficult to understand.
Obfuscation
A method of testing that intentionally enters invalid input to see if the application can handle it.
Fuzzing
Subjecting a system to workloads that are extreme.
Stress Testing
Virtualization method that is independent of the operating system and boots before the OS.
Type I Hypervisor
Virtualization method that is dependent on the operating system.
Type II Hypervisor
A model of cloud computing in which the consumer can use the provider’s applications, but they do not manage or control any of the underlying cloud infrastructure.
SaaS
A cloud service model wherein the consumer can deploy but does not manage or control any of the underlying cloud infrastructure.
PaaS
A model of cloud computing that utilizes virtualization; clients pay an outsourcer for the resources used.
IaaS
A cloud delivery model owned and managed internally.
Private Cloud
A cloud delivery model available to others.
Public Cloud
Any cloud delivery model that combines two or more of the other delivery model types.
Hybrid Cloud
Cloud delivery model in which the infrastructure is shared by organizations with something in common.
Community Cloud
A subscription-based business model intended to be more cost effective than smaller individuals/corporations could ever achieve on their own.
Security as a Service
Image of a virtual machine at a moment in time.
Snapshot
A method to bring a system back quickly to its pre-attack state without needing a fixed set of hardware, OS, or configuration.
Non-persistence
The capability to support future network growth beyond its current needs.
Scalability
To have more than one of something, or some functioning feature of a system, or even another complete system.
Redundancy
The capability of any system to continue functioning after some part of the system has failed. RAID is an example.
Fault Tolerance
A configuration of multiple hard disks used to provide fault tolerance should a disk fail. Different levels of RAID exist.
RAID
A device, such as a small room, that limits access to one or a few individuals. They typically use electronic locks and other methods to control access.
Mantrap
An electrically conductive wire mesh or other conductor woven into a “cage” that surrounds a room and prevents electromagnetic signals from entering or leaving the room through the walls.
Faraday Cage
Human physical characteristics that can be measured and saved to be compared as authentication and granting the user access to a network or resource.
Biometrics
An authentication device or file.
Token
A physical security deterrent used to protect a computer.
Cable Lock
The management of all aspects of cryptographic keys in a cryptosystem, including key generation, exchange, storage, use, destruction and replacement.
Key Management
A method of software development meant to be rapid.
Agile Development
