Secure Infrastructures

Device Placement

• Strategic placement of infrastructure devices within a network to enhance security and performance.
  • Firewalls: Placed at network perimeters to filter and block unauthorized access.
  • Jump Servers: Positioned to provide secure, controlled access to internal systems from external networks.
  • Load Balancers: Placed to distribute network traffic across multiple servers, ensuring availability and preventing overload.
  • Sensors: Deployed throughout the network to monitor traffic, detect intrusions, and gather security data.
  • Other devices (e.g., IDS/IPS, routers, etc.)

Security Zones

A way to segment a network into different parts, each with its own security policies, actions, or philosophies.

• Trusted vs. Untrusted: Segments that differentiate internal, secure areas from external, potentially malicious areas.
• Internal vs. External: Separates areas within the organization from those outside (e.g., internal corporate network vs. internet).
• Zones: Internal, database, external, DMZ (Demilitarized Zone), etc.

Attack Surface

The total number of potential entry points or vulnerabilities that an attacker could exploit within a network.

• Application Code: Vulnerabilities in software code that could be exploited.
• Open Ports: Unsecured or unnecessary network ports that can expose services to attacks.
• Authentication: Weak or misconfigured authentication methods that may allow unauthorized access.
• Other factors (e.g., misconfigurations, unpatched systems).

The objective is to minimize the attack surface by reducing vulnerabilities and securing access points.

Connectivity

• Securing physical network cables and access points to prevent unauthorized physical tampering.
• Applying encryption at the application level (e.g., TLS/SSL) to ensure data security during transmission.
• Using IPsec tunnels, VPNs, and other secure protocols for external network-level connections.