Security Infrastructure (OBJ 3.2 & 4.5)
Security Infrastructure
- Encompasses hardware, software, networks, data, and policies working cohesively for information asset safeguarding
- Types
- Web Application
- Unified Threat Management
- Next-generation
- Configuring firewalls
- Rules and access control lists
- Ports and protocols
- Screened subnets
- Mechanisms
- Identifying trends
- Showcasing signatures
Network Appliances
- Specialized hardware or software for specific networking functions or services
- Functions
- Load Balancing
- Proxying
- Monitoring
- Security Enforcement
Port Security
- Network security feature that restricts and controls network access by allowing only authorized devices to connect
- Basis
- Concepts
Securing Network Communications
- Technologies
- Objective
- Create a secure backbone for communication
Software-Defined Wide Area Networks (SD-WAN) and Secure Access Service Edge (SASE)
- SD-WAN
- Manages and optimize WAN connections with software-defined principles
- Across multiple network links including
- SASE
- Cloud-based service integrating security and wide area networking
- Networking security and connectivity framework
- Combines the elements of security services, like a firewall, secure web gateways, VPNs, zero trust network access, altogether with SD-WAN capabilities.
- Simplifies your network and security management while improving your performance and agility.
Infrastructure Considerations
- Aspects
- Device placement, security zones, screen subnets, attack surfaces
- Connectivity
- Concerns and considerations
- Device Attributes
- Active vs. passive, inline vs. taps or monitors
- Failure Mode Options
- Fail-open or fail-closed for security devices
Selection of Infrastructure Controls
- Choosing controls aligned with network needs
- Tailoring
- Ensuring robust security architecture