Topic 7: Security

Architecture
Mr. Jonelle Angelo S. Cenita, MSIT, LPT
BAINFSMX Information Security and Management
1. Designing a Secure IT
Infrastructure (Zero Trust
Architecture, Cloud Security)
Information Technology
• Information Technology refers to the use of computers,
software, networks, and other digital tools to store,
process, transmit, and retrieve data and information. It
encompasses both the hardware (physical devices) and
software (programs and applications) used to manage
and support information systems in various
environments such as businesses, schools, and
government institutions.
Information Technology
Infrastructure
• Information Technology Infrastructure is the combined
set of hardware, software, networks, data centers, and
related equipment and services used to develop, test,
operate, manage, and support IT services. It forms the
foundation upon which IT services and solutions are built
and delivered to users.
• IT infrastructure is the “backbone” or “foundation” that
supports everything related to computers and
technology in an organization—like servers, internet
Secure Infrastructure Design
• Secure Infrastructure Design refers to the practice of
building IT systems and networks in a way that protects
data, users, and resources from cyber threats and
unauthorized access. It involves applying key principles
to ensure the confidentiality, integrity, and availability of
information systems.
Zero Trust Architecture
• Zero Trust Architecture (ZTA) is a modern cybersecurity
approach that assumes no user, device, or system—
inside or outside the network—should be trusted by
default. Instead of automatically trusting anyone within
the network perimeter, Zero Trust continuously verifies
every access request as though it originated from an
open and untrusted network.
• Zero Trust means no one and nothing gets automatic
access—you must prove who you are and that you’re
Key Components of Zero Trust
Architecture
• 1. Identity and Access Management (IAM)
• Ensures that only verified users and devices can access resources.
• Uses tools like Multi-Factor Authentication (MFA), Single Sign-On
(SSO), and role-based access control (RBAC).
• 2. Device Security
• Monitors the health and status of devices attempting to connect.
• Devices must meet security requirements (e.g., updated OS,
antivirus) to be trusted.
• 3. Micro-Segmentation
• Breaks the network into smaller zones, so even if one part is
compromised, attackers can't move laterally.
Key Components of Zero Trust
Architecture
• 4. Least Privilege Access
• Grants users only the minimum level of access needed for their job or task.
• 5. Data Security
• Protects sensitive information using encryption, data classification, and
loss prevention tools.
• 6. Continuous Monitoring and Analytics
• Uses tools like Security Information and Event Management (SIEM) to
monitor user behavior, detect threats, and respond in real-time.
• 7. Automation and Orchestration
• Automates responses to detected threats, such as blocking access or
alerting administrators, to speed up reaction time.
Key Components of Zero Trust
Architecture
• Zero Trust works by checking who you are, what device
you’re using, and what you’re trying to access, every
single time. It uses tools, rules, and constant monitoring
to block threats before they do damage.
Cloud Security Strategies
• Cloud Security Strategies are the plans and techniques
used to protect cloud-based systems, data, and
infrastructure from cyber threats, unauthorized access,
and data loss. These strategies help ensure that cloud
environments remain secure, compliant, and reliable.
• Cloud security strategies are the ways we protect data
and systems in the cloud. You and the provider share
the responsibility, and you can use tools like encryption,
strong access controls, backups, and monitoring to keep
Key Cloud Security Strategies
• 1. Shared Responsibility Model
• A fundamental strategy where security duties are divided
between the cloud service provider (like AWS, Azure, Google
Cloud) and the customer.
• Cloud Provider: Secures the underlying infrastructure
(servers, storage, networking, etc.).
• Customer: Secures what they use or store in the cloud (data,
access, applications, configurations).
• Example: If you store files in cloud storage, it's your job to
manage file permissions, but the provider keeps the storage
Key Cloud Security Strategies
• 2. Data Encryption
• Encrypt data both at rest (stored) and in transit (moving
across networks).
• Ensures that even if data is intercepted or accessed illegally,
it cannot be read without the encryption key.
• Example: A bank encrypts financial records before storing them in
the cloud, ensuring only authorized parties can view them.
Key Cloud Security Strategies
• 3. Identity and Access Management (IAM)
• Define who can access what in the cloud environment.
• Use strong passwords, Multi-Factor Authentication (MFA),
and role-based access control (RBAC) to reduce risk of
unauthorized access.
• Example: Only HR staff can access employee data in the cloud,
and they must enter a code sent to their phone.
Key Cloud Security Strategies
• 4. Regular Security Audits and Compliance Checks
• Regularly evaluate the cloud environment to ensure it
follows security policies and industry regulations (e.g.,
GDPR, HIPAA, ISO 27001).
• Example: A healthcare provider runs monthly audits to ensure
patient data in the cloud is compliant with HIPAA.
Key Cloud Security Strategies
• 5. Backup and Disaster Recovery
• Implement automated backups and disaster recovery plans
to ensure data can be recovered after a cyberattack, outage,
or error.
• Example: A business backs up its cloud data daily and can restore
it within hours after a ransomware attack.
Key Cloud Security Strategies
• 6. Security Monitoring and Threat Detection
• Use tools like SIEM (Security Information and Event
Management) and intrusion detection systems (IDS) to
monitor cloud environments for unusual or suspicious
activity.
• Example: If someone logs in from an unusual location, the system
triggers an alert and blocks access.
2. Security Technologies:
Firewalls, VPNs, IDS/IPS,
and SIEM
Security Technologies
• Security technologies are tools and systems designed to
protect computer networks, devices, and data from
unauthorized access, cyberattacks, and other security
threats. These technologies help detect, prevent, and
respond to potential risks in IT environments.
Overview of Perimeter and Network
Security
• Perimeter and Network Security refers to the set of
security measures used to protect an organization’s
internal network and its boundaries from unauthorized
access, attacks, and data breaches. It focuses on
controlling and monitoring network traffic, especially at
the entry and exit points of the network.
Overview of Perimeter and Network
Security
• Perimeter and Network Security refers to the set of
security measures used to protect an organization’s
internal network and its boundaries from unauthorized
access, attacks, and data breaches. It focuses on
controlling and monitoring network traffic, especially at
the entry and exit points of the network.
Perimeter Security
• Perimeter security protects the outer boundary of a
network (like a digital fence).
• It is the first line of defense against external threats.
• Keep attackers outside the network.
• Common tools include:
• Firewalls – block unauthorized access
• Intrusion Detection/Prevention Systems (IDS/IPS) – detect
and stop attacks
• VPN Gateways – secure remote access
Network Security
• Network security protects the entire internal network,
including all devices, systems, and data.
• Protect against internal and external threats, and limit
damage if the perimeter is breached.
• It involves:
• Access controls – determine who can use network resources
• Antivirus and anti-malware – block harmful software
• Encryption – protects data as it moves across the network
• Network segmentation – separates parts of the network for better
control and isolation
Firewall
• A firewall is a security system that monitors and controls
incoming and outgoing network traffic based on
predetermined security rules. Its primary purpose is to
block unauthorized access while allowing legitimate
communication.
• There are different types of firewalls, each with unique
features suited for various use cases.
Types of Firewalls
• 1. Packet-Filtering Firewalls
• A packet-filtering firewall inspects network packets
(small chunks of data) and decides whether to allow or
block them based on predefined rules such as IP
addresses, ports, and protocols.
• Example: Blocking access to a specific port used by malicious
traffic while allowing other traffic through.
Types of Firewalls
• 2. Stateful Inspection Firewalls
• These firewalls track the state of active connections and make
decisions based on the context of the traffic. They allow or
block packets depending not just on the packet itself but on
the state of the connection (whether it's part of an established
communication).
• Example: Ensuring that packets coming from an internal network are
part of a legitimate communication, rather than a new, unauthorized
attempt.
Types of Firewalls
• 3. Proxy Firewalls (Application-Level Firewalls)
• A proxy firewall acts as an intermediary between the
internal network and external networks. It inspects and
filters requests at the application level, meaning it
evaluates the data within the packet for malicious
content (e.g., web traffic, email).
• Example: Acting as a middleman for web traffic, filtering
requests to websites and blocking suspicious sites before
they can reach the internal network.
Types of Firewalls
• 4. Next-Generation Firewalls (NGFW)
• NGFWs combine traditional firewall features with
advanced capabilities such as deep packet inspection,
intrusion prevention systems (IPS), application
awareness, and cloud-delivered threat intelligence.
• Example: A business uses NGFWs to prevent malicious
traffic, inspect applications in real-time, and block known
threats while monitoring encrypted traffic.
Types of Firewalls
• 5. Virtual Firewalls
• Virtual firewalls are software-based firewalls designed to
protect virtual environments, such as cloud networks or
virtual machines (VMs). They function similarly to
hardware firewalls but are more flexible and scalable in
virtualized or cloud-based infrastructures.
• Example: A cloud service provider uses virtual firewalls to
manage the security of hundreds of virtual machines on the
same physical server.
VPNs: Tunneling Protocols and
Secure Remote Access
• A VPN (Virtual Private Network) is a technology that
creates a secure and encrypted connection between a
user's device and a remote network, typically over the
internet. It allows users to send and receive data as if
their devices were directly connected to a private
network, providing a secure way to access resources
remotely.
Tunneling Protocols in VPNs
• Tunneling protocols are methods used to encapsulate
and protect data that is transmitted over the VPN. These
protocols ensure that the data is kept private and secure
during transit by creating a "tunnel" between the user's
device and the remote network.
Secure Remote Access with VPNs
• Secure Remote Access refers to the ability of employees
or users to access a company’s internal network and
resources securely from a remote location via the
internet. VPNs are a critical part of secure remote access
because they allow encrypted connections, ensuring
that sensitive information remains private even when
transmitted over unsecured networks like public Wi-Fi.
VPNs: Tunneling Protocols and
Secure Remote Access
• A VPN is like a secret tunnel that keeps your data safe
when you're browsing or accessing company resources
from anywhere.
• The tunneling protocol is the method that ensures your
data travels safely through that tunnel, and secure
remote access means that you can work or access
information from anywhere, as long as you're
authenticated and using encryption.
IDS vs. IPS: Detection vs. Prevention
• IDS (Intrusion Detection System) and IPS (Intrusion
Prevention System) are both crucial components of
network security, but they serve different roles in
protecting an organization's infrastructure from cyber
threats. While they share some similarities, their core
function—detection versus prevention—sets them
apart.
1. Intrusion Detection System (IDS)
• An IDS monitors network traffic for suspicious activity or
potential threats. It analyzes incoming traffic and
compares it to a database of known attack patterns or
uses anomaly detection to identify unusual behavior. If a
potential threat is detected, it alerts administrators but
does not block or stop the attack.
2. Intrusion Prevention System (IPS)
• An IPS not only detects potential threats but also
prevents them by actively blocking or stopping the
suspicious traffic. It sits in-line with the network traffic
and is capable of taking immediate action to prevent
attacks from succeeding, such as blocking traffic from
malicious IP addresses, terminating sessions, or
modifying traffic.
Key Differences: IDS vs. IPS
Key Differences: IDS vs. IPS
• IDS is like a watchdog that barks when it sees something
suspicious but doesn't intervene; it leaves the response
up to a human.
• IPS is like a security guard who stops the intruder right
away before they can do any damage.
Security Information and Event
Management (SIEM)
• Security Information and Event Management (SIEM) is a
comprehensive approach to security management that
combines real-time monitoring, event collection, log
management, and data analysis from across an
organization’s IT infrastructure. SIEM systems are
designed to provide a centralized view of security-related
data, enabling faster identification of potential threats,
compliance with regulatory requirements, and the ability
to respond to incidents more effectively.
What SIEM Does?
• SIEM systems collect, normalize, and analyze security
events from various sources, such as network devices,
servers, firewalls, databases, and applications, to detect
and respond to security incidents. It aggregates and
correlates logs and events to provide actionable insights
and alerts.
What SIEM Does?
• A SIEM is like a security control center that collects and
analyzes data from all over an organization to spot any
unusual or potentially harmful activities. It helps security
teams detect threats, respond quickly, and keep records
for compliance and future investigations.