Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

IT architecture > guest lecture > Flashcards

guest lecture Flashcards

1
Q

Intro to cybersecurity :
Definitions of Cybersecurity :

A

Cyber security, also referred to as information technology security, focuses on protecting computers, networks, programs and data from unintended or unauthorized access, change or destruction. University of Maryland University College

The state of being protected against the criminal or unauthorized use of electronic data, or the measures taken to achieve this. ‘some people have argued that the threat to cybersecurity has been somewhat inflated’ Oxford Dictionary

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Intro to cybersecurity :
ITU-T X.1205 Definition

A

Cybersecurity is the collection of tools, policies, security concepts, security safeguards, guidelines, risk management approaches, actions, training, best practices, assurance and technologies that can be used to protect the cyber environment and organization and user’s assets.

Organization and user’s assets include connected computing devices, personnel, infrastructure, applications, services, telecommunications systems, and the totality of transmitted and/or stored information in the cyber environment.

Cybersecurity strives to ensure the attainment and maintenance of the security properties of the organization and user’s assets against relevant security risks in the cyber environment.

The general security objectives comprise the following:
o Availability
o Integrity, which may include authenticity and non-repudiation
o Confidentiality

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Intro to cybersecurity :
Rapid Pace of Change

A

1940s: The first computer is built
1956: First hard-disk drive weighed a ton and stored five megabytes
1991: Space shuttle had a one-megahertz computer
2006: Pocket devices hold a terabyte (one trillion bytes) of data
etc. etc. – driverless cars, autopilot everywhere
(think of security and privacy implications)
Move towards full AI

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Intro to cybersecurity
Introductory thoughts on Cybersecurity

A

Cybersecurity has become a fundamental area of concern in the last 10 years;
Last 10 years may be arbitrary has seen the rise of ‘mass connectivity
Previously it was a case of a PC or laptop at home, now users have multiple access devices, smartphones, tablets etc.
What was a corporate concern has become an issue for everybody, people have become their own ‘IT Managers’; Organisations talk about the ‘consumerisation of IT’, bring your own devices etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

intro to cybersecurity :
The changing World of IT Security

A

Originally machines were ‘dumb terminals’
Transitioned to defined endpoints on networks

‘Home Computing’ limited to basic devices and applications (some exceptions like minitel)

Security was a consideration for most organisations, but limited connectivity typically meant limited risk :
Viruses transferred ‘by hand
Timeline of viruses First 25 years of Computer
Viruses Virus introduced to hardware
Landscape of threat has now changed completely

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

intro to cybersecurity :
IT Security Landscape has moved beyond basic Malware

A

Types of threat :
Viruses
Spam
Adware (Mobile/adware)
Ransomware (HSE, French hospital hit by a ransomware attack | Cybernews)

Phishing attacks

Denial of Service/Distributed denial of service

Spoofing/pretexting/phishing/spear phishing etc. etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Intro to cybersecurity :
Risk Management – from the Corporate to the Personal

A

eCommerce has now extended way beyond the Ryanair website

Our online identities are critical for pretty much all interactions with Financial Services, the State etc

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Intro to cybersecurity :
The nature of cyber/online crime is becoming ever more inventive

A

Tethered endpoints are one thing, however;

The network has exploded, computers are everywhere, corporate networks have become entirely mobile and are made up of all manner of device

The “attack surface” has changed

More people are doing more things online

More devices are coming online

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Intro to cybersecurity :
Rate of change is high – Third Industrial Revolution

A

Privacy and security were not factored in as major requirements in the establishment of machines, networks and internetworks

eCommerce was driven by commerce, not concern for user security or privacy :
Security was addressed in
comparatively basic terms
Consider the equivalent in car safety

From slow beginnings and a disappointing start, mass connectivity is now a fact and has conferred huge benefits with a series of attendant disadvantages and possibly unexpected side-effects

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Intro to cybersecurity :
AI and Machine Learning

A

Artificial Intelligence (AI), Robotics, and Motion:
AI suited to narrow, specialized skills
Robotic devices often special-purpose devices, and may require AI to function
Motion sensing devices are used to give robots the ability to walk, trigger airbags in a crash and cushion laptops when dropped
Year on year more talk about AI and machine learning
Lots of talk about ethics/including profiling

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Intro to cybersecurity :
Benefits are accompanied by Risks

A

Great possibilities and opportunities to businesses of all sizes, and convenience to consumers

Benefits are accompanied by risk however

In today’s digital economy, many enterprises have embraced technology without understanding fully the issues of control that are involved with successful operation of these technologies

Likewise, consumers are exposed to a vast, and increasing, range of risks; credit card fraud on insecure ecommerce websites, identity theft, breaches of privacy etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Intro to cybersecurity :
What is Risk?

A

Risk is the possibility of loss or injury, to someone or something that creates a hazard
In the digital enterprise losses or injury can occur in the form of stolen, corrupted, misused, altered or falsely generated data
Attacks on hardware or software may render systems unable to operate properly
Unauthorised use of hard/software may translate into lost revenue or slow response time for users

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Intro to cybersecurity :
Risk in the Digital Economy

A

Risk is viewed as the possibility of loss of confidential data, or the destruction, generation or use of fatal programmes that physically, mentally or financially harm another party as well as hard hardware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Intro to cybersecurity :
What is Risk Management

A

Identify Risks, including their probabilities and impacts
Identify possible solutions to these risks
Implement the solutions targeting the highest-impact, most-likely risk
Monitor the risks to learn for future risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Intro to cybersecurity :
Where to begin?

A

The ‘endpoint’ :
Desktop, laptop, tablet, mobile phone, connected object (Internet of Things?)
Identity Management, disk encryption, Anti-virus/Anti-spam (could be AI based)

The ‘perimeter’ or ‘network edge’ :
Firewalls, intrusion detection/prevention

The network is everywhere

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Intro to cybersecurity :
Cloud Computing is

A

Based on a utility model …
Outsource risk management
Off-premise rather than on-premise
Subscription rather than license based
All the user needs is a connection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Intro to cybersecurity :
What is IoT ?

A

Dell’s definition; “IoT is an ecosystem where sensors, devices, and equipment are connected to a network and can transmit and receive data for tracking, analysis and action” … and from the IEEE “… IoT … is not a second internet. Rather it is a network of items-each embedded with sensors-which are connected to the Internet”

Issues arising include :
Security & Data Governance
Data Analytics complexity (overload, latency, security)
Lack of Standards
Diversity of solutions and providers (suppliers, hosting etc.)
Where to get return-on-investment (launch, manage, monetize)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Intro to cybersecurity :
IoT example :

A

Implantable biomedical devices, pacemakers, insulin pumps … already established …

Point-of-sale terminals, Industrial Control Systems …

The economics of IoT mean that more devices are being developed faster …

Nature of devices could escape the notice of risk managers; consider data leakage from a networked navigation system
IoT can get in under the radar …

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Intro to cybersecurity :
Regulatory Issues

A

Standards may exist for PCI-DSS conformant Point-of-Sale terminals, but about a networked enabled smoke detector
MRI Scanners may conform with myriad healthcare standards, but a networked thermostat in an operating theatre may not … tell the story of the XP3 upgrade …
What about Industrial IoT
What about the Internet of ‘Interesting’ Things …
… or even the Internet of ‘really really dangerous’ Things …

20
Q

Intro to cybersecurity :
IoT – what could possibly go wrong

A

The ranges of potentially connected devices is vast; household appliances, biomedical devics
“Always-on” deployment models, vast meshes of interconnection, overwhelming complexity in interpreting really big data …
Risk/Value equation; what’s new, what’s good, what’s the risk …
Privacy … just think … are you watching the Television, or is the Television watching you?
“Computer Security becomes everything security” Schneier, 2017
IoT “It’s really a giant robot and we don’t know how to fix it” Palmer, 2017

21
Q

Intro to cybersecurity :
Social Issues

A

Unemployment
Alienation and customer service
Crime
Loss of privacy (CCTV footage, crime detection, loss of privacy)
Errors in systems (driverless cars?)

&
Global reach of net: ease of communication with distant countries
Trade-offs and controversy: increasing security means reducing convenience
Difference between personal choices, business policies, and law – risks of the surveillance society

22
Q

Intro to cybersecurity :

Cybersecurity Careers

A

Job types could include;
Network security specialists
Business Analysts
Security Architects
Security Auditors
Risk Assessors
Compliance officers
Take a look – is any of this on your radar?

23
Q

Finnaci :
What’s Finnaci

A

New product for credit lending sphere

Read in accounting records from industry leading accounting software :
Sage
Quickbooks
Xero

Produces accounting reports
Profit & Loss
Balance Sheet

Provides analytics insights
KPIs e.g. Acid Test Ratio, Return On Capital Invested etc.
Fraud detection
Visualized on dashboard

Many moving parts from APIs to ETL

24
Q

Finnaci :
The Importance Of A Plan

A

A service is a piece of software designed to complete a certain task

Services can be
Simple e.g. Perform a calculation and return a result
Complex e.g. OAuth2 implementation for authentication

You can structure your services as a
Monolith e.g. All your business logic in one body of code
Microservices e.g. Dividing your overall service into mini services
Picture on next slide showing the difference

We will focus on microservices

Plan out all your services

Determine how they all operate together

25
Q

Finnacci :
difference between monolithic and microservices architecture

A

A monolithic application is built as a single unified unit while a microservices architecture is a collection of smaller, independently deployable services.

26
Q

Finnacci :
What Does A Plan Look Like

A

Start off with a diagram of service components (walk through example on next slide)

Outline what your system hopes to achieve at a high level walking through each component on your diagram

NB
Define your database table(s) structure :
Shown in pic to the right
Same is applicable for other data storage (s3 buckets)
Do this in an entity relationship diagram

Define out each column in your database:
General description
Data type
Default/Forign Key/Primary Key?

Note any changes to be made to existing DB structure
Good DB design saves a lot of pain later

After data comes your service : components
Do you need an API to handle I/O with other services?
Do we need to change existing services?
How is input to our service structured?
What does output from our service look like?
What other services are going to depend on this new service?
How does our service account for scalability?

Security :
How is our data secured? (Encryption)
What protocols protect our data in transit? (HTTPS/SSL)
Do we use standard protocols for authentication? (OAuth)
Do we restrict what machines or networks our service may talk to? (Network Rules)

NB Wireframes of your UI i.e. UI diagram (workflow diagrams also good)
As you can see this is long and tedious but good work on your plan prevents worse pain later!

27
Q

Finacci :
Design With Scalability In Mind

A

It’s great if you design a service that takes the inputs you expect and outputs what you expect!

But will it work for 10k users, 250k users, 1M users?

Do some of your operations require more time?

Could this be assisted by running processes in parallel?

Finnaci Example:
Problem: Extracting accounts from online accounting system APIs, one transaction at a time is super slow to the point of being unusable at a modest size of data
Solution: Make a number of requests in parallel across a number of threads and bulk requests as many records as we can at at a time

So how do you design for scalability?
Ascertain expected number of users

Design for handling between double to triple that amount

Determine which processes a user would be fine waiting for and which need to be fast

Take advantage of concepts such as :
Job queuing
Batch processing
Parallelization

28
Q

Finacci :
Microservices

A

how do we implement? :

A microservice is :

Small independent service
Component of your overall system
Does one small job really well

Typically encapsulated in a Docker container :
A container is the environment your code is run in
Eliminates a lot of issues cause by servers not being setup in the same manner
Standard Dockerfile is the setup instructions

Easy to deploy
Take container and run it on your server

So how do I know when to make a part of my project a microservice? :
It’s an art not a science
Look for natural divisions of work
e.g. Logging in and out is distinct from placing an order on a website
Look at where you have complex work occurring and try break it down into simple parts
Jobs that will take a long time and can be potentially run in the background

Use your instincts
You’ll improve at this over time

28
Q

Finacci :
Microservices

A

how do we implement? :

A microservice is :

Small independent service
Component of your overall system
Does one small job really well

Typically encapsulated in a Docker container :
A container is the environment your code is run in
Eliminates a lot of issues cause by servers not being setup in the same manner
Standard Dockerfile is the setup instructions

Easy to deploy
Take container and run it on your server

So how do I know when to make a part of my project a microservice? :
It’s an art not a science
Look for natural divisions of work
e.g. Logging in and out is distinct from placing an order on a website
Look at where you have complex work occurring and try break it down into simple parts
Jobs that will take a long time and can be potentially run in the background

Use your instincts
You’ll improve at this over time

29
Q

Finacci :
Testing Plan

A

After all your hard work how do we ensure we don’t stray from the design? :

Acceptance tests
Written before coding the service to ensure when we write the service it does what we want

Unit tests
Tests how small parts of the system work e.g. Test if function X returns an int

Integration tests :
Ensure the full workflow of the system operates as expected
Test integration with other service e.g. Can we send a request to service X and get response

30
Q

Finacci :
Overview

A

What is infrastructure? :
Servers
Network switches
Cloud resources (can incorporate the previous points)
Power infrastructure (at the scale of Google)

All the components required to run your application

Typically managed by DevOps :
Smaller companies and startups would incorporate this into regular dev duties

30
Q

Finacci :
Overview

A

What is infrastructure? :
Servers
Network switches
Cloud resources (can incorporate the previous points)
Power infrastructure (at the scale of Google)

All the components required to run your application

Typically managed by DevOps :
Smaller companies and startups would incorporate this into regular dev duties

31
Q

Finacci :
Another Plan!? Why should I bother

A

Your infrastructure plan is critical for knowing where your system will operate
It will be the main determining factor for costs
It is critical for the security of your application
It is covered in your system architecture document which should consist of
Your infrastructure plan

31
Q

Finacci :
Another Plan!? Why should I bother

A

Your infrastructure plan is critical for knowing where your system will operate
It will be the main determining factor for costs
It is critical for the security of your application
It is covered in your system architecture document which should consist of
Your infrastructure plan

32
Q

Finacci :
Details Of The Plan

A

you should (if applicable) detail :

The various parts of your system (i.e. each service and how it communicates with the others)
IP Address
Ports
Whitelisting rules
3rd party services you need to communicate with
Databases (include what type e.g. PostgreSQL, MySQL etc.)
Networks (AWS VPCs)
Firewall
DDOS Protection (Cloudflare)
Desktop services

There is a lot to cover but some items require more information than others

33
Q

Security :

A

It is important for internal reference and to reassure investors & users

Start off with Whitelisting rules :

Users from the DCU IP range (136.206.0.0/16) can connect to server with IP address (192.168.0.1) on port 22 with the SSH protocol
Do this for all servers and for all requires open ports

Group your system into isolated networks:
Some services will never have any need to talk to one another
They can therefore be isolated from each other on different networks

Tell us what protocols will be used for communication :
Are external communications secure over HTTPs?
Are internal communications in plain text?

What parts of your system sit outside your firewall? (i.e. could be user accessible)

Tell us how data is securely stored (i.e. do we encrypt data?)

GDPR puts imposition on business to design with security in mind
Design to ingest the minimum amount of data required :
Mo’ data Mo’ problems (to paraphrase Biggie)
Data now has an element of liability to it

Be mindful and write a policy document later about how you’d handle a data breach
Store data in an anonymised fashion to reduce liability
Never store passwords in plain texts (hash & salt)
Be aware of a user’s fundamental data rights while designing

34
Q

Finacci :
Ressource Allocation

A

Budget for x2, x3 of what you need (scalability factor)

How does your system handle resources falling over?
Do you run backup servers or not?

If you have many servers you’ll need to consider load balancing

Use your providers budgeting tools to plan

Use your providers cost monitoring to keep an eye on things

Check regularly as you may set and forget a resource you don’t use

If you are using a high amount of resources reconsider your systems design
Try keep resource usage to a minimum

34
Q

Finacci :
Ressource Allocation

A

Budget for x2, x3 of what you need (scalability factor)

How does your system handle resources falling over?
Do you run backup servers or not?

If you have many servers you’ll need to consider load balancing

Use your providers budgeting tools to plan

Use your providers cost monitoring to keep an eye on things

Check regularly as you may set and forget a resource you don’t use

If you are using a high amount of resources reconsider your systems design
Try keep resource usage to a minimum

35
Q

Finacci :
Vendor Lock In

A

When using cloud resources avoid vendor lock in!
When you use resources that are hard to migrate away from later
These resources are typically :
Very easy to use
Cheap to begin with
Pushed hard by the cloud providers

These resources will be :
A nightmare to debug issues with
Expensive in the long run
An absolute PAIN to migrate away from

Long and short of it don’t use preconfigured solutions from cloud providers

Exception, you may use managed services that just takes a container and runs it or takes some code and runs it (i.e. serverless/cloud functions)

36
Q

Finacci :
Scalability Of Infrastructure

A

Touched on this a moment ago regards allocation
Think about how this is achieved!

Do we scale vertically or horizontally? :
Vertical Scaling = Make current server(s) better, faster stronger (yes I love dated references)
Horizontal Scaling = Add more servers and split the traffic

What is the process for scaling up resources? :
Are we using a system to manage our infrastructure like Terraform?
Change the configuration for our infrastructure
Do we manually provision resources?
Get the DevOps lead to rejig things in the cloud providers

What’s the impact on budget from scaling?
Does the scaling of infrastructure meet business requirements and user needs?

37
Q

Finacci :
Management Of Infrastructure

A

Assign ownership of this job specifically :
If who is responsible for infrastructure is vague, it will be managed badly!

Try automate as much as possible :
Deployments and infrastructure management are boring tedious tasks
It’s therefore easy to do wrong
Set and forget with automating (CI/CD/Terraform/Ansible etc.)

Choice of cloud provider should really just be done on basis of cost and ease of use

If you have the budget, get your people responsible for infrastructure management certified in the chosen cloud providers stack

Alway monitor resource usage over time

37
Q

Finacci :
Management Of Infrastructure

A

Assign ownership of this job specifically :
If who is responsible for infrastructure is vague, it will be managed badly!

Try automate as much as possible :
Deployments and infrastructure management are boring tedious tasks
It’s therefore easy to do wrong
Set and forget with automating (CI/CD/Terraform/Ansible etc.)

Choice of cloud provider should really just be done on basis of cost and ease of use

If you have the budget, get your people responsible for infrastructure management certified in the chosen cloud providers stack

Alway monitor resource usage over time

38
Q

Finacci :
Final Word On All This Planning :

A

Your plans will be out of date the moment you start implementing
This is due to changing business requirements and user needs
Always get feedback on your implementation and be willing to change
If you deviate from the plan
UPDATE THE PLAN DOCUMENT!
The goal is to be well prepared
Things will still go wrong
This minimises problems
Provides accountability
Helps make you and your product look better than the rest!

39
Q

Finacci :
Overall Conclusion

A

Designing out your system prior to implementation is very important

You are saving a lot of future pain!

Security should be discussed in both contexts but especially in Infrastructure
Diagrams are your friend
Avoid vendor lock in

39
Q

Finacci :
Overall Conclusion

A

Designing out your system prior to implementation is very important

You are saving a lot of future pain!

Security should be discussed in both contexts but especially in Infrastructure
Diagrams are your friend
Avoid vendor lock in

IT architecture (3 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions