Security Architecture (Chapter 3) Flashcards
Network Segmentation
Is splitting a network into separate segments to create a “security zone”
Trunk link
Are links between switches that allows VLANs to extend over multiple switches.
Physical segmentation of a network
Air-gap
- Is the process of segmenting a portion of a network so that it has no connection to the network.
- most secure
- vulnerability: Removable media, Environmental control compromise
VLAN Segmentation
Is segmenting a network over switches by dividing the ports up into VLANs
- Can be extended over multiple switches via trunk links
- Vulnerability: VLAN hopping
High Availability
Refers to a system that continuously operates, with no downtime.
- accomplished by having multiple redundancy features, to allow for components failure and repairs
Clustering
Having 2 or more hosts that act as a single unified system, that s
Share data and run the same service
- hosts needs to have a link between eachother for ‘heartbeat’ communication
- each host has it’s own IP address and MAC address
- the cluster itself has a separate IP address and MAC address, which the DNS uses
- active/standby
Load balancing
Multiple hosts that act as a single system, that runs the same service but doe not share data
- clients connect to a load balancing application that forwards request to the service hosts
- hosts have separate IP and MAC address
- load balancer has itself a IP and MAC address
Replication
Similar to load balancing but does not share a common name, IP address or MAC address and are often on separate networks, each server runs a copy of the service and data are replicated across the servers.
- eg Directory Domain Controllers
Virtualization
Is creating multiple systems (Virtual Machines) that runs on a singular machines that can utilize all of th machines resources making it more efficient.
Virtual Desktop Infrastructure (VDI)
Aka thin client
Is a virtualization infrastructure that creates multiple virtual desktop for each users that is run off of a server.
The user connects to the server via a VPN link and all applications and data are stored in the VM.
Software Defined Networking (SDN)
A virtual network, that uses software based controllers that communicates with underlying hardware infrastructure, direct traffic on a network.
Allows for VMs to communicate
Containerization
Is a lightweight Virtual Machine that has everything it needs to run a specific apps.
Infrastructure as Code (IaC)
The managing and provisioning of infrastructure (servers) through code instead of manual processes
Serverless Architecture
A way of building and running applications and services without having to manage the infrastructure (servers, VLAN, ect)
Microservices
An organisational approach to software development that is composed of small independent services that communicate over well defined APIs. Having independent services allows each service to be independently updated
IoT Architecture
End devices
- devices with sensors that gather telemetry data
IoT Gateway
- gateway to connect IoT to other devices on a network
Data System
-Allows the IoT devices to connect, store and process telemetry data
Remote Control
- apps can be used to access IoT devices remotely
RTOS System
Real-time Operating System are systems that accepts and performs process within a short amount of time (1/10 of a second).
-Used in mission critical applications that overrides other processes including security
Embedded systems
A system in which avcomputer is included as an integral part of an overall system
Reducing Attack Surface
- Maintain consistent policies
- defense-in-depth
- zero Trust
- endpoint protection protects the network from the devices
Failure Modes
Fail Closed
- mode that if a system detects a failure the system will shut down and stop functioning.
- used to secure the device
Failed Open
- a mode that if a system detect a failure the system will continue to work as intended
- used when access is more important than security
Web application Firewall (WAF)
Used to inspect web traffic and blocks malicious traffic
- needs decryption certificate so it can inspect HTTPS
Unified Threat Management (UTM)
A multi-purpose appliance that contains a firewall, VPN server, Antivirus and other security features
Next-generation Firewall (NGFW)
A firewall that performs deep packet inspection (can look into the payload of traffic)
Layer 4 firewall
A firewall that doesn’t inspects application-layer payloads but looks at the encapsulation headers
Layer 7 firewall
A firewall that looks at all layers of TCP/IP
Stateless Firewall
A firewall that is set up to inspect every packet and is compared to a list of rules
- has no memory of previous packets
- best used for when high performance is critical
Stateful Firewall
A firewall the inspects packets and compares them with a list of rules.
- it maintains a state table for every connection which is used to verify that connection is legit
- filters packet at the network and transport layer
Circuit-level Gateway
Works at session Layer (layer 5)
- allows/disallows entire connections as opposed to individual packets
Application level Gateway
Filters packets at the application Layer (layer 7), and examines the payload
Types of Intrusion Detection Systems
Network based
- NIDS (network intrusion detection system)
- NIPS (Network intrusion prevention system)
- a separate system on the network that monitors the traffic on the network for any malicious activities
Host Based
-HIDS (Host-based Intrusion Detection Systems)
- HIPS (host-based prevention system)
- application on a host system that audits events and monitors of malicious activity on the host
Network Intrusion Detection
Signature Based
- uses a list ‘signatures’ of a previously used attacks to detect an attack
- is only protected against known attacks and not 0-Days
Anomaly-Based
- Uses a previously created baseline of the network activity to detects any anomalies that could be malicious
- Prone to false positives
NIDS
Network Intrusion Detection Systems
- a passive monitoring system that monitors traffic when it passes a IDS sensors which is then compared to a rule set
- if traffic matches a rule then it’s logged and an alert can be triggered
NIPS
Network Intrusion Prevention System
- an active monitoring and control system that compares traffic to ‘signatures’
- if a signature is matched packet is dropped
Host-based HIDs/HIPs
Software based Intrusion systems are installed on a host system and only monitors the activity of that host.
HIDs - logs suspicious activity
HIPs - prevent suspicious activity
WiFi IPs
Wireless intrusions prevention system
- monitors the radio spectrum for the presence of unauthorized access points and automatically implements countermeasures is detected
Proxy
A server that fetches data on behalf of a client, thus hiding the clients information.
Forward Proxy - fetches data from the internet
Reverse Proxy - fetched data from a private network
Jump server
A secure system that spans two or more networks allowing a connected client to ‘jump’ onto another network
VPN
Virtual Private Network
- a mechanism that creates a secure connection over an unsecured network
- traffic is encrypted before transmission
TLS
Transport Layer Security
A secure means of transmitting traffic on a network by encrypting the Payload for an HTTPs connection (port 443)
IP Security
Most common type of VPN thatbises Internet Key Exchange to negotiate a session.
consists of 2 protocols
- Authentication Header
- Encapsulating Security Payload
As well as it’s ability for Tunneling and Transport (Encryption)
IPSEC Transport mode
Host-to-Host VPN
IPSEC Tunnel Mode
Router-to-Router VPN used for site to site connection
