Architecture
Refers to the system's ability to be operational and accessible when needed. Redundancy, fault tolerance, and high-availability configurations to minimize downtime are the items to consider
Availability
Refers to all of the potential entry points or vulnerabilities within a system, network, or application that attackers could exploit to compromise security and gain unauthorized access
Attack Surface
Process of converting data into a secure format that can only be read by authorized parties with the appropriate decryption key
Encryption
Involves dividing a network into segments to contain the spread of attacks.
Segmentation
Refers to the system's ability to handle increased load or demand. Considerations include horizontal and vertical scalability, load balancing, and distributed architectures
Scalability
May decrease latency (time it takes to send data) and improve physical security
Device Placement
Controls / filters incoming and outgoing network traffic based on predefined security rules.
Firewall
Practice of regularly updating software, operating systems, and applications to address known vulnerabilities and security issues.
Patching
The availability and consumption of power resources required for the system. Energy-efficient hardware, backup power solutions, and optimizing power usage are necessary considerations
Power
Divide a network into logically separated segments, each with its own specific security policy and level of trust.
Security Zones / Network Segmentation
Technique used on unused ports or protocols to reduce attack surface
Disabling ports/protocols
Grants users or processes the minimum level of access or permissions required to perform their job functions
Principle of Least Privilege
Refers to the simplicity and effectiveness of recovering the system after a failure. Backup and restore procedures, disaster recovery plans, and system monitoring are necessary considerations.
Ease of Recovery
Refers to the way different parts of your IT infrastructure are linked together and how they communicate with each other.
Connectivity
What should be done in regards to software or applications on your system
Remove unnecessary software and regularly review installed software
Splits request among servers so if one server fails, other servers can help
Load Balancer
Is the system's ability to respond promptly to user inputs or requests. Consider efficient algorithms, responsive user interfaces, and low-latency communication
Responsiveness
In this mode, a system shuts down or blocks traffic if something goes wrong
Failure Mode: Fail-Closed
Software to continuously monitor and defend against malicious activities on individual devices (antivirus, anti-spyware)
Endpoint Protection
The analogy for a Jump Server
Guarded Front Gate / Airlock / Buffered Zone