Security Architecture: Security Infrastructure Considerations Flashcards
What are the key factors when designing a cyber security infrastructure?
The strategic placement of security devices is a cornerstone when designing a robust cybersecurity infrastructure. These devices serve as the first line of defense against the escalating and diversifying landscape of cyber threats.
Thoughtful placement of security devices, based on a thorough understanding of network architecture and potential vulnerabilities, ensures comprehensive coverage of critical entry points and data pathways. During cybersecurity-infrastructure design, there are several factors to consider, including:
Security zones.
Attack surfaces.
Connectivity.
Failure modes.
Active and passive devices.
what do you need to consider in a security zone?
Security zones – Might impact device placement; Defining inside or outside zone or DMZ (inflexible)
Cisco Security devices – still have zone concepts and be flexible and allocating ports in/out of the DMZ
Security zones play a pivotal role in a cybersecurity infrastructure, establishing a structured framework to help safeguard sensitive information and critical assets. By categorizing different network segments, based on their risk profiles and access requirements, security zones enable a granular approach to defense.
what do you need to consider in a Attack Surface?
Attack surfaces – Reducing Attack surfaces
Understanding and managing the attack surface is of paramount importance when designing a cybersecurity infrastructure, as it directly influences an organization’s vulnerability landscape. The attack surface encompasses all potential points of entry that malicious actors could exploit to breach a system or network.
Meticulously analyzing and reducing this attack surface helps you to significantly minimize your exposure to threats.
What do you need to consider in Connectivity?
Connectivity – Out-of-Band Management /Multiple ports for communication and used encryption for it
Connectivity is another cornerstone when planning a cybersecurity infrastructure. It serves as both an enabler and a potential vulnerability. While seamless connectivity is crucial for efficient data exchange, collaboration, and business operations, it must be carefully balanced with robust security measures.
The design of secure connectivity mechanisms, such as virtual private networks (VPNs), secure sockets layer (SSL) protocols, and encrypted communication channels, ensures that sensitive data remains encrypted and protected during transmission.
Why is Failure modes crucial in considering Security Infrastructure?
Failure modes
The consideration of failure modes, specifically the choice between fail open and fail closed configurations, holds profound significance in the meticulous planning of a cybersecurity infrastructure. The decision between these modes determines how a system responds in the face of unexpected events or technical malfunctions.
A fail closed approach ensures that if a failure or breach occurs, the system defaults to a secure state, denying access and preserving the integrity of sensitive resources. On the other hand, a fail open strategy, while potentially maintaining operational continuity during failures, could inadvertently expose the network to vulnerabilities and unauthorized access.
Failed closed – Can be susceptible to DoS
Fail Open – Can exploit the amount of traffic flooding the pipeline
What factors do you need to consider in a Active and passive device?
Active and passive devices - Is your device working on the actual traffic or working on a copy of that traffic?
The delineation between active and passive devices carries significant implications in the strategic planning of a cybersecurity infrastructure.
Active devices, such as intrusion detection systems and firewalls, proactively monitor and actively intervene in network traffic to identify and mitigate threats in real-time. Their dynamic response capabilities are vital for swiftly neutralizing emerging threats and enforcing security policies.
In contrast, passive devices, such as network-monitoring tools and audit logs, observe and collect data without actively intervening.
Port Mirroring
In-line vs Monitoring mode