Summary
Highlights
This section introduces Domain 3 of the Security Plus exam, focusing on security architecture. It outlines key topics such as architecture models, securing enterprise architecture, data protection strategies, and resilience and recovery. The presenter mentions a PDF copy of the presentation and clickable table of contents for navigation, and recommends official study guides for exam preparation.
This part delves into architecture models, particularly cloud technology. It covers the Shared Responsibility Model (Responsibility Matrix), hybrid cloud considerations, and concepts like Infrastructure as Code (IaC), serverless computing, and microservices. The discussion also touches upon physical and logical networking, on-premises vs. cloud, virtualization, containerization, and specialized embedded systems such as IoT and real-time operating systems.
A detailed explanation of cloud service models is provided, including Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). The shared responsibility matrix illustrates how security responsibilities are divided between the cloud service provider (CSP) and the customer for each service model, emphasizing that as services become more managed, the customer's responsibility generally decreases.
This section distinguishes between different cloud deployment models: public cloud (e.g., AWS, Azure), private cloud (on-premises data centers), hybrid cloud (combining public and private), community cloud (shared by multiple organizations), and multicloud (using multiple public cloud providers). Each model's advantages and disadvantages, particularly regarding cost, control, scalability, and compliance, are discussed.
The transition to third-party cloud providers involves understanding logical data center design and multi-tenancy. Logical isolation for multi-tenancy makes cloud computing affordable but raises security and privacy concerns if isolation is breached. Both CSP and customer share responsibility in managing multi-tenant risks.
Infrastructure as code (IaC) is introduced as a DevOps practice where infrastructure is managed using code, ensuring consistent deployments and reducing configuration drift. Serverless architecture is explained as a cloud execution model where the CSP dynamically manages server allocation, and resources are stateless and triggered on demand, offering efficiency and lower costs compared to traditional PaaS.
Microservices are defined as fine-grained, loosely coupled services designed for specific functions, minimizing dependencies and simplifying deployment. This architecture reduces attack surface by exposing services as APIs. Physical isolation (air-gap) and logical segmentation (VLANs, VPNs, VRF, subnets, SDN) are discussed for network security, contrasting their mechanisms and security implications.
This part contrasts on-premises and off-premises (cloud/colocation) deployments, highlighting shifts in responsibility and budgeting from capital expense (CapEx) to operational expense (OpEx). Centralized vs. decentralized models are also examined, evaluating their impact on cost, management, and outage resilience.
Containerization (e.g., Docker, Kubernetes) is presented as a lightweight, portable way to package applications, sharing a single OS kernel for increased density and efficiency compared to server virtualization (VMs). Security concerns for server virtualization, such as VM escape and VM sprawl, are also addressed, along with distinctions between type 1 (bare-metal) and type 2 (hosted) hypervisors.
Discussion moves to specialized systems like the Internet of Things (IoT), SCADA/ICS (Supervisory Control and Data Acquisition/Industrial Control Systems), Real-Time Operating Systems (RTOS), and embedded systems. Security considerations for these systems, including limited compute resources, patching difficulties, and the need for isolation and layered security, are highlighted.
This section outlines critical considerations for architecture design: resilience, cost, responsiveness, scalability, ease of deployment, transferring risk, ease of recovery, patch availability, inability to patch, power, and compute. Each factor is explained in terms of its impact on security and business needs, emphasizing the importance of balancing these aspects.
This segment focuses on applying security principles to enterprise infrastructure. Topics include device placement based on purpose and network segmentation (security zones like Intranet, Extranet, DMZ). The concept of attack surface minimization through vulnerability management, access control, network segmentation, and system hardening is also covered.
The discussion focuses on secure connectivity through appropriate traffic filtering and security zones. Failure modes (fail-open vs. fail-closed) are examined, and the implications of each for availability and security. Device attributes related to intrusion prevention and detection, such as inline/inband vs. tap/out-of-band configurations, active vs. passive TAPs, are also explained.
Key network appliances like jump servers, forward proxies, reverse proxies, and load balancers are described. Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS), including host-based vs. network-based and behavior-based vs. signature-based detection methods, are detailed.
Load balancing for redundancy and scalability is discussed, covering NIC teaming, hardware load balancers, active-active/active-passive configurations, and scheduling options. Port security, particularly 802.1X and Extensible Authentication Protocol (EAP) variants (PEAP, LEAP, EAP-TLS, EAP-TTLS), are explored for controlling network access.
Various firewall types are distinguished: static packet filtering, application-level, circuit-level, stateful inspection, deep packet inspection, stateless vs. stateful, Web Application Firewalls (WAF), and Next-Generation Firewalls (NGFW). Their operational layers, capabilities, and common use cases are outlined.
Secure communication methods include Virtual Private Networks (VPNs) with split and full tunnel options, and IPsec protocols (AH and ESP) and modes (transport and tunnel). Software-Defined Wide Area Networks (SD-WAN) and Secure Access Service Edge (SASE), a modern cloud-centric approach merging networking and security functions, are also explained.
The process of selecting appropriate security controls involves identifying valuable assets, vulnerabilities, and threats; collaborating with business stakeholders; conducting vulnerability scans and threat modeling; developing data flow diagrams; and performing impact analysis. Understanding the organization's unique threat landscape and industry-specific risks is emphasized.
This segment introduces data protection strategies. It begins by defining different data types: regulated data (PII, PHI, financial), trade secrets, intellectual property (patents, copyrights, trademarks), legal information, and human/non-human readable data. Data classifications—public, private, confidential, restricted, sensitive, and critical—are then detailed along with their potential impact if compromised.
General considerations for data protection include encrypting data at rest (storage service encryption, full disk encryption, transparent data encryption) and in motion (TLS/HTTPS). Data in use (in memory) and methods like Credential Guard are also mentioned. Concepts of data sovereignty (legal implications based on where data is stored) and geolocation (using location for access control) are discussed.
Various methods for securing data are covered: hashing (one-way function for integrity), encryption (two-way function for confidentiality), data masking (partial visibility), tokenization (replacing data with tokens), pseudonymization (replacing identifiers with pseudonyms), anonymization (removing all identifiable data), geographic restrictions, obfuscation (making data less readable), segmentation, and permission restrictions (access control).
The data life cycle is outlined: creation (by users or systems), classification (for proper handling), storage (with adequate security controls), use (data in transit/motion), archival (for compliance), and destruction (to prevent recovery and reduce risk).
This section explains the importance of resilience (ability to remain functional during disruptions) and recovery (restoration of data and systems after incidents) in security architecture. Resilience is proactive (shield), and recovery is reactive (repair kit), both essential for business continuity.
High availability concepts for resilience and recovery are explored. Load balancing distributes traffic, preventing overload and enabling faster failover. Clustering combines multiple servers for continuous service and automatic failover, often used with data replication for quick data restoration.
Multi-cloud systems (distributing data/apps across multiple public cloud providers) and platform diversity (using various OS, software, cloud providers) are presented as strategies to enhance resilience, mitigate vendor lock-in, and facilitate faster recovery by reducing reliance on a single point of failure.
Continuity of operations involves proactive planning and procedures to maintain critical business functions during disruptions. Recovery sites (hot, warm, cold) provide secondary locations to restore IT infrastructure after major disruptions, balancing cost and recovery effort. Geographic considerations for recovery sites are also discussed.
Capacity planning is defined as proactively assessing and ensuring sufficient organizational resources—people (skilled workforce, manageable workload), technology (appropriate security software and tools), and infrastructure (adequate system-level resources, storage, networking)—to meet current and future demands and prevent bottlenecks.
Four types of incident response exercises are covered: tabletop exercise (structured walkthrough), failover plan (shutting down primary site), simulation (functional exercises in a simulated environment), and parallel processing (activating recovery site alongside main site). Each approach's benefits and considerations are highlighted.
Backup strategies include on-site/off-site storage, backup frequency, encryption, snapshots, and recovery processes (replication, journaling). The importance of backups for security against ransomware, accidental deletion, hardware failures, and compliance is stressed. Finally, power redundancy (UPS for clean power and graceful shutdown; generators for sustained alternate power) is covered to ensure system availability.