Security Architecture
Security Architecture
On a macro level, aspiring cyber security professionals must learn about network architecture models, enterprise infrastructure, data protection, and measures for resilience and recovery.
| Concept | Description |
| IPS | Intrusion prevention system |
| IDS | intrusion detection system |
| EAP | Extensible Authentication Protocol |
| WAF | Web application firewall |
| UTM | Unified threat management |
| NGFW | Next-generation firewall |
| IaC | Infrastructure as code |
| Air-gapped | Hardware isolation of computer/network from external connections to protect it from malicious activity |
| Logical segmentation | Division of computer system into isolated segments using software |
| RTBH | Remotely Triggered Black Hole |
| SDN | Software-defined networking |
| ICS | Industrial control systems |
| SCADA | Supervisory Control and Data Acquisition |
| Containerization | Packaging applications and their dependencies together into a single unit (container) |
| Virtualization | Creation of virtual environments from a single physical machine for efficient use of computing resources |
| RTOS | Real-time operating system |
| Fail-open | A system defaults to an operational state, allowing continued functionality in the event of failure |
| Fail-closed | A system defaults to shutdown and prevention of further operations in the event of failure |
| Serverless | Users can write and deploy code without worrying about the underlying infrastructure |
| Microservices | Infrastructure where small, independent, and loosely coupled services make up an application |
| Active device | Actively participate in network traffic flow |
| Passive device | Only observe network traffic |
| Inline device | Sit in the data path, able to block or modify malicious traffic |
| Tap/monitor device | Passively monitor the traffic but won’t take action upon finding anything malicious |
| Jump server | Funnel traffic through firewalls using a supervised secure channel |
| Proxy server | Gateway between end users and the web pages they visit only; able to prevent cyber attackers from entering a private network |
| IEEE 802.1X | Standard for port-based network access control |
| Responsibility matrix | Responsible, Accountable, Consulted, Informed |
| IoT | Internet of Things |
| Embedded systems | Small computers integrated into larger systems to execute specific tasks such as graphics, data processing, and sensing |
| Remote access | Connecting to networks and systems from remote locations |
| Tunneling | Data transfer by wrapping a data packet in another |
| VPN | Virtual private network |
| TLS | Transport Layer Security |
| IPSec | Internet protocol security |
| SD-WAN | Software-defined wide area network |
| SASE | Secure access service edge |
| Data at rest | On computer storage |
| Data in use/processing | In RAM being accessed |
| Data in transit/motion | Traveling along cables or broadcasting wirelessly |
| Data sovereignty | A country or jurisdiction has the authority and right to govern and control the data generated within its borders |
| Geolocation | Identify the geographical location of a device or user |
| High availability | A system’s ability to operate continuously for a designated uptime despite individual component failure |
| Load balancing | Distribute workloads or network traffic across multiple servers to prevent overloading and improve application performance and availability |
| Clustering | Combination of servers to function as a single unit for redundancy and increased processing power |
| Snapshots | Point-in-time backups of data or systems to aid recovery |
| Cold site | Power, networking capability, and cooling; no servers or storage |
| Warm site | Cold site plus storage hardware; still requires data transportation |
| Hot site | Fully functional backup site with important data mirrored to it |
| COOP | Continuity of operations |
| UPS | Uninterruptiblepower supply |
| Electric Meatball's Digital Garden Home | |
| Terminology📖 |