SlideShare a Scribd company logo

Chapter 1 - Lesson 1 - Overview Infrastructure Design

C
Carlo Dapino

The document discusses infrastructure design and security. It covers common network models like OT, IT, and PERA. It also discusses why infrastructure is designed the way it is with references to cloud providers like AWS, GCP, and Azure. The document advocates defining building blocks, distinguishing traffic directions, evaluating threats for each, and reviewing IAM and AAA (authentication, authorization, and access control). It concludes by promising a practical example of these concepts.

Education
1 of 11
Download to read offline
2021 - Copyright All Rights reserved - Security Boutique is a registered trademark Chapter 1 Lesson 1 - Overview infrastructure design
2021 - Copyright All Rights reserved - Security Boutique is a registered trademark Chapter 1 - Infra Design security – Lesson 1 [Overview infrastructure design] OT model (Operation Technology) IT model (Information Technology) Purdue Enterprise Reference Architecture (PERA) Core – Distribution – Access layers Src. Juniper’s website
2021 - Copyright All Rights reserved - Security Boutique is a registered trademark Chapter 1 - Infra Design security – Lesson 1 [Overview infrastructure design] The diagram jungle Branch diagram Topology diagram Basic Network diagram Network diagram Cloud diagram Database diagram...storage and way more....
2021 - Copyright All Rights reserved - Security Boutique is a registered trademark Chapter 1 - Infra Design security – Lesson 1 [Overview infrastructure design] Why do we design like we do? AWS GCP AZURE
2021 - Copyright All Rights reserved - Security Boutique is a registered trademark Chapter 1 - Infra Design security – Lesson 1 [Overview infrastructure design] Let’s stop to be so obvious... Company Attacker - Spoofed mail address - Malicious link, attachment, etc - Payload - Session Hijacking - Command Centre - Persistance - A SaaS service - An HTML preview / DNS - An end-point security - A web browser - Reverse connectivity - End-point security
2021 - Copyright All Rights reserved - Security Boutique is a registered trademark Chapter 1 - Infra Design security – Lesson 1 [Overview infrastructure design] Keep my space.... Trusted response from dependencies – from L1/2 for example DHCP up to L7 Proxy/DNS Authenticate User and Device (combine the two) Not have direct network connectivity to avoid reverse connectivity from attacker Isolate browser session – for example site isolation https://support.google.com/chrome/answer/7623121 or remote browser isolation or secure browser Micro segment resources Not execute payloads.... Javascript DOM too... see Magecart Don’t have race time conditions – off-line mode, AAA Don’t have an internal threat actor Don’t trust supply chain... especially your security provider
2021 - Copyright All Rights reserved - Security Boutique is a registered trademark Chapter 1 - Infra Design security – Lesson 1 [Overview infrastructure design] Define your building blocks
2021 - Copyright All Rights reserved - Security Boutique is a registered trademark Chapter 1 - Infra Design security – Lesson 1 [Overview infrastructure design] Always distinguish direction and evaluate threats for ech
2021 - Copyright All Rights reserved - Security Boutique is a registered trademark Chapter 1 - Infra Design security – Lesson 1 [Overview infrastructure design] Review your IAM and overall AAA
2021 - Copyright All Rights reserved - Security Boutique is a registered trademark Chapter 1 - Infra Design security – Lesson 1 [Overview infrastructure design] Now let’s see a practical example
2021 - Copyright All Rights reserved - Security Boutique is a registered trademark Subscribe YouTube https://www.youtube.com/channel/UCK0Z7e2riiRT8hRFvPfiMcw

Recommended

Chapter 1 - Lesson 2 - Web stack error response Vs. security and discovery
Chapter 1 - Lesson 2 - Web stack error response Vs. security and discoveryChapter 1 - Lesson 2 - Web stack error response Vs. security and discovery
Chapter 1 - Lesson 2 - Web stack error response Vs. security and discoveryCarlo Dapino
 
Chapter 1 - Lesson 3 - SSL end-points
Chapter 1 - Lesson 3 - SSL end-pointsChapter 1 - Lesson 3 - SSL end-points
Chapter 1 - Lesson 3 - SSL end-pointsCarlo Dapino
 
Free Course - Infrastructure Security Consultant course by Carlo Dapino
Free Course - Infrastructure Security Consultant course by Carlo DapinoFree Course - Infrastructure Security Consultant course by Carlo Dapino
Free Course - Infrastructure Security Consultant course by Carlo DapinoCarlo Dapino
 
SQL Server Security And Encryption
SQL Server Security And EncryptionSQL Server Security And Encryption
SQL Server Security And EncryptionHamid J. Fard
 
IBM Secret Key management protoco
IBM Secret Key management protocoIBM Secret Key management protoco
IBM Secret Key management protocogori4
 
Security architecture - Perform a gap analysis
Security architecture - Perform a gap analysisSecurity architecture - Perform a gap analysis
Security architecture - Perform a gap analysisCarlo Dapino
 
ICS Threat Scenarios
ICS Threat ScenariosICS Threat Scenarios
ICS Threat ScenariosLuigi Auriemma
 
Cv letter page 2
Cv letter page 2Cv letter page 2
Cv letter page 2Deny Indra Gunawan
 

Recommended

Chapter 1 - Lesson 2 - Web stack error response Vs. security and discovery
Chapter 1 - Lesson 2 - Web stack error response Vs. security and discoveryChapter 1 - Lesson 2 - Web stack error response Vs. security and discovery
Chapter 1 - Lesson 2 - Web stack error response Vs. security and discoveryCarlo Dapino
 
Chapter 1 - Lesson 3 - SSL end-points
Chapter 1 - Lesson 3 - SSL end-pointsChapter 1 - Lesson 3 - SSL end-points
Chapter 1 - Lesson 3 - SSL end-pointsCarlo Dapino
 
Free Course - Infrastructure Security Consultant course by Carlo Dapino
Free Course - Infrastructure Security Consultant course by Carlo DapinoFree Course - Infrastructure Security Consultant course by Carlo Dapino
Free Course - Infrastructure Security Consultant course by Carlo DapinoCarlo Dapino
 
SQL Server Security And Encryption
SQL Server Security And EncryptionSQL Server Security And Encryption
SQL Server Security And EncryptionHamid J. Fard
 
IBM Secret Key management protoco
IBM Secret Key management protocoIBM Secret Key management protoco
IBM Secret Key management protocogori4
 
Security architecture - Perform a gap analysis
Security architecture - Perform a gap analysisSecurity architecture - Perform a gap analysis
Security architecture - Perform a gap analysisCarlo Dapino
 
ICS Threat Scenarios
ICS Threat ScenariosICS Threat Scenarios
ICS Threat ScenariosLuigi Auriemma
 
Cv letter page 2
Cv letter page 2Cv letter page 2
Cv letter page 2Deny Indra Gunawan
 
Web Server Security Guidelines
Web Server Security GuidelinesWeb Server Security Guidelines
Web Server Security Guidelineswebhostingguy
 
Cisco SecureX.pdf
Cisco SecureX.pdfCisco SecureX.pdf
Cisco SecureX.pdfWildhaniIhyaraRahman1
 
CV_almurdh A
CV_almurdh A CV_almurdh A
CV_almurdh A Abdulrahman Al Murdhi
 
Bat Blue Cloud Sec Presentation 4
Bat Blue Cloud Sec Presentation 4Bat Blue Cloud Sec Presentation 4
Bat Blue Cloud Sec Presentation 4bpasdar
 
OMG DDS Security Submission Presentation (September 2013 - 6th Revised Submis...
OMG DDS Security Submission Presentation (September 2013 - 6th Revised Submis...OMG DDS Security Submission Presentation (September 2013 - 6th Revised Submis...
OMG DDS Security Submission Presentation (September 2013 - 6th Revised Submis...Gerardo Pardo-Castellote
 
Cloud Computing by Khalil Jubran-Mindspring Networks
Cloud Computing by Khalil Jubran-Mindspring NetworksCloud Computing by Khalil Jubran-Mindspring Networks
Cloud Computing by Khalil Jubran-Mindspring NetworksKhalil Jubran
 
What is Interactive Electronic Technical Manual IETM and How Does it Work.pdf
What is Interactive Electronic Technical Manual IETM and How Does it Work.pdfWhat is Interactive Electronic Technical Manual IETM and How Does it Work.pdf
What is Interactive Electronic Technical Manual IETM and How Does it Work.pdfs1000dcodeandpixels
 
What is Interactive Electronic Technical Manual IETM and How Does it Work.pdf
What is Interactive Electronic Technical Manual IETM and How Does it Work.pdfWhat is Interactive Electronic Technical Manual IETM and How Does it Work.pdf
What is Interactive Electronic Technical Manual IETM and How Does it Work.pdfCode and Pixels Software Development, Technology
 
CISSP Week 22
CISSP Week 22CISSP Week 22
CISSP Week 22jemtallon
 
Implementing zero trust in IBM Cloud Pak for Integration
Implementing zero trust in IBM Cloud Pak for IntegrationImplementing zero trust in IBM Cloud Pak for Integration
Implementing zero trust in IBM Cloud Pak for IntegrationKim Clark
 
Architecting Secure Web Systems
Architecting Secure Web SystemsArchitecting Secure Web Systems
Architecting Secure Web SystemsInnoTech
 
Building Up Network Security: Intrusion Prevention and Sourcefire
Building Up Network Security: Intrusion Prevention and SourcefireBuilding Up Network Security: Intrusion Prevention and Sourcefire
Building Up Network Security: Intrusion Prevention and SourcefireGlobal Knowledge Training
 
FIWARE Global Summit - Building Personalized FIWARE Enabled IoT Sandbox Solution
FIWARE Global Summit - Building Personalized FIWARE Enabled IoT Sandbox SolutionFIWARE Global Summit - Building Personalized FIWARE Enabled IoT Sandbox Solution
FIWARE Global Summit - Building Personalized FIWARE Enabled IoT Sandbox SolutionFIWARE
 
How Security can be stronger than a Firewall: 13 different ways breaking thro...
How Security can be stronger than a Firewall: 13 different ways breaking thro...How Security can be stronger than a Firewall: 13 different ways breaking thro...
How Security can be stronger than a Firewall: 13 different ways breaking thro...Community Protection Forum
 
Why ClouDoc to protect CAD files?
Why ClouDoc to protect CAD files? Why ClouDoc to protect CAD files?
Why ClouDoc to protect CAD files? Sang Yoo
 
Lesson learns from Japan cloud trend
Lesson learns from Japan cloud trendLesson learns from Japan cloud trend
Lesson learns from Japan cloud trendKimihiko Kitase
 
6th SDN Interest Group Seminar - Session6 (131210)
6th SDN Interest Group Seminar - Session6 (131210)6th SDN Interest Group Seminar - Session6 (131210)
6th SDN Interest Group Seminar - Session6 (131210)NAIM Networks, Inc.
 
Gestiona el riesgo de las grandes amenazas
Gestiona el riesgo de las grandes amenazasGestiona el riesgo de las grandes amenazas
Gestiona el riesgo de las grandes amenazasNextel S.A.
 
CCNAv5 - S1: Chapter11 It's A Network
CCNAv5 - S1: Chapter11 It's A NetworkCCNAv5 - S1: Chapter11 It's A Network
CCNAv5 - S1: Chapter11 It's A NetworkVuz Dở Hơi
 
Chapter 11 : It’s a network
Chapter 11 : It’s a networkChapter 11 : It’s a network
Chapter 11 : It’s a networkteknetir
 
How to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptxHow to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptxCeline George
 
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptxOn_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptxPooja Bhuva
 

More Related Content

Similar to Chapter 1 - Lesson 1 - Overview Infrastructure Design

Web Server Security Guidelines
Web Server Security GuidelinesWeb Server Security Guidelines
Web Server Security Guidelineswebhostingguy
 
Bat Blue Cloud Sec Presentation 4
Bat Blue Cloud Sec Presentation 4Bat Blue Cloud Sec Presentation 4
Bat Blue Cloud Sec Presentation 4bpasdar
 
OMG DDS Security Submission Presentation (September 2013 - 6th Revised Submis...
OMG DDS Security Submission Presentation (September 2013 - 6th Revised Submis...OMG DDS Security Submission Presentation (September 2013 - 6th Revised Submis...
OMG DDS Security Submission Presentation (September 2013 - 6th Revised Submis...Gerardo Pardo-Castellote
 
Cloud Computing by Khalil Jubran-Mindspring Networks
Cloud Computing by Khalil Jubran-Mindspring NetworksCloud Computing by Khalil Jubran-Mindspring Networks
Cloud Computing by Khalil Jubran-Mindspring NetworksKhalil Jubran
 
What is Interactive Electronic Technical Manual IETM and How Does it Work.pdf
What is Interactive Electronic Technical Manual IETM and How Does it Work.pdfWhat is Interactive Electronic Technical Manual IETM and How Does it Work.pdf
What is Interactive Electronic Technical Manual IETM and How Does it Work.pdfs1000dcodeandpixels
 
CISSP Week 22
CISSP Week 22CISSP Week 22
CISSP Week 22jemtallon
 
Implementing zero trust in IBM Cloud Pak for Integration
Implementing zero trust in IBM Cloud Pak for IntegrationImplementing zero trust in IBM Cloud Pak for Integration
Implementing zero trust in IBM Cloud Pak for IntegrationKim Clark
 
Architecting Secure Web Systems
Architecting Secure Web SystemsArchitecting Secure Web Systems
Architecting Secure Web SystemsInnoTech
 
Building Up Network Security: Intrusion Prevention and Sourcefire
Building Up Network Security: Intrusion Prevention and SourcefireBuilding Up Network Security: Intrusion Prevention and Sourcefire
Building Up Network Security: Intrusion Prevention and SourcefireGlobal Knowledge Training
 
FIWARE Global Summit - Building Personalized FIWARE Enabled IoT Sandbox Solution
FIWARE Global Summit - Building Personalized FIWARE Enabled IoT Sandbox SolutionFIWARE Global Summit - Building Personalized FIWARE Enabled IoT Sandbox Solution
FIWARE Global Summit - Building Personalized FIWARE Enabled IoT Sandbox SolutionFIWARE
 
How Security can be stronger than a Firewall: 13 different ways breaking thro...
How Security can be stronger than a Firewall: 13 different ways breaking thro...How Security can be stronger than a Firewall: 13 different ways breaking thro...
How Security can be stronger than a Firewall: 13 different ways breaking thro...Community Protection Forum
 
Why ClouDoc to protect CAD files?
Why ClouDoc to protect CAD files? Why ClouDoc to protect CAD files?
Why ClouDoc to protect CAD files? Sang Yoo
 
Lesson learns from Japan cloud trend
Lesson learns from Japan cloud trendLesson learns from Japan cloud trend
Lesson learns from Japan cloud trendKimihiko Kitase
 
6th SDN Interest Group Seminar - Session6 (131210)
6th SDN Interest Group Seminar - Session6 (131210)6th SDN Interest Group Seminar - Session6 (131210)
6th SDN Interest Group Seminar - Session6 (131210)NAIM Networks, Inc.
 
Gestiona el riesgo de las grandes amenazas
Gestiona el riesgo de las grandes amenazasGestiona el riesgo de las grandes amenazas
Gestiona el riesgo de las grandes amenazasNextel S.A.
 
CCNAv5 - S1: Chapter11 It's A Network
CCNAv5 - S1: Chapter11 It's A NetworkCCNAv5 - S1: Chapter11 It's A Network
CCNAv5 - S1: Chapter11 It's A NetworkVuz Dở Hơi
 
Chapter 11 : It’s a network
Chapter 11 : It’s a networkChapter 11 : It’s a network
Chapter 11 : It’s a networkteknetir
 

Similar to Chapter 1 - Lesson 1 - Overview Infrastructure Design (20)

Web Server Security Guidelines
Web Server Security GuidelinesWeb Server Security Guidelines
Web Server Security Guidelines
 
Cisco SecureX.pdf
Cisco SecureX.pdfCisco SecureX.pdf
Cisco SecureX.pdf
 
CV_almurdh A
CV_almurdh A CV_almurdh A
CV_almurdh A
 
Bat Blue Cloud Sec Presentation 4
Bat Blue Cloud Sec Presentation 4Bat Blue Cloud Sec Presentation 4
Bat Blue Cloud Sec Presentation 4
 
OMG DDS Security Submission Presentation (September 2013 - 6th Revised Submis...
OMG DDS Security Submission Presentation (September 2013 - 6th Revised Submis...OMG DDS Security Submission Presentation (September 2013 - 6th Revised Submis...
OMG DDS Security Submission Presentation (September 2013 - 6th Revised Submis...
 
Cloud Computing by Khalil Jubran-Mindspring Networks
Cloud Computing by Khalil Jubran-Mindspring NetworksCloud Computing by Khalil Jubran-Mindspring Networks
Cloud Computing by Khalil Jubran-Mindspring Networks
 
What is Interactive Electronic Technical Manual IETM and How Does it Work.pdf
What is Interactive Electronic Technical Manual IETM and How Does it Work.pdfWhat is Interactive Electronic Technical Manual IETM and How Does it Work.pdf
What is Interactive Electronic Technical Manual IETM and How Does it Work.pdf
 
What is Interactive Electronic Technical Manual IETM and How Does it Work.pdf
What is Interactive Electronic Technical Manual IETM and How Does it Work.pdfWhat is Interactive Electronic Technical Manual IETM and How Does it Work.pdf
What is Interactive Electronic Technical Manual IETM and How Does it Work.pdf
 
CISSP Week 22
CISSP Week 22CISSP Week 22
CISSP Week 22
 
Implementing zero trust in IBM Cloud Pak for Integration
Implementing zero trust in IBM Cloud Pak for IntegrationImplementing zero trust in IBM Cloud Pak for Integration
Implementing zero trust in IBM Cloud Pak for Integration
 
Architecting Secure Web Systems
Architecting Secure Web SystemsArchitecting Secure Web Systems
Architecting Secure Web Systems
 
Building Up Network Security: Intrusion Prevention and Sourcefire
Building Up Network Security: Intrusion Prevention and SourcefireBuilding Up Network Security: Intrusion Prevention and Sourcefire
Building Up Network Security: Intrusion Prevention and Sourcefire
 
FIWARE Global Summit - Building Personalized FIWARE Enabled IoT Sandbox Solution
FIWARE Global Summit - Building Personalized FIWARE Enabled IoT Sandbox SolutionFIWARE Global Summit - Building Personalized FIWARE Enabled IoT Sandbox Solution
FIWARE Global Summit - Building Personalized FIWARE Enabled IoT Sandbox Solution
 
How Security can be stronger than a Firewall: 13 different ways breaking thro...
How Security can be stronger than a Firewall: 13 different ways breaking thro...How Security can be stronger than a Firewall: 13 different ways breaking thro...
How Security can be stronger than a Firewall: 13 different ways breaking thro...
 
Why ClouDoc to protect CAD files?
Why ClouDoc to protect CAD files? Why ClouDoc to protect CAD files?
Why ClouDoc to protect CAD files?
 
Lesson learns from Japan cloud trend
Lesson learns from Japan cloud trendLesson learns from Japan cloud trend
Lesson learns from Japan cloud trend
 
6th SDN Interest Group Seminar - Session6 (131210)
6th SDN Interest Group Seminar - Session6 (131210)6th SDN Interest Group Seminar - Session6 (131210)
6th SDN Interest Group Seminar - Session6 (131210)
 
Gestiona el riesgo de las grandes amenazas
Gestiona el riesgo de las grandes amenazasGestiona el riesgo de las grandes amenazas
Gestiona el riesgo de las grandes amenazas
 
CCNAv5 - S1: Chapter11 It's A Network
CCNAv5 - S1: Chapter11 It's A NetworkCCNAv5 - S1: Chapter11 It's A Network
CCNAv5 - S1: Chapter11 It's A Network
 
Chapter 11 : It’s a network
Chapter 11 : It’s a networkChapter 11 : It’s a network
Chapter 11 : It’s a network
 

Recently uploaded

How to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptxHow to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptxCeline George
 
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptxOn_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptxPooja Bhuva
 
SOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning PresentationSOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning Presentationcamerronhm
 
Details on CBSE Compartment Exam.pptx1111
Details on CBSE Compartment Exam.pptx1111Details on CBSE Compartment Exam.pptx1111
Details on CBSE Compartment Exam.pptx1111GangaMaiya1
 
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxEsquimalt MFRC
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...Poonam Aher Patil
 
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptxExploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptxPooja Bhuva
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxDenish Jangid
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsMebane Rash
 
Basic Intentional Injuries Health Education
Basic Intentional Injuries Health EducationBasic Intentional Injuries Health Education
Basic Intentional Injuries Health EducationNeilDeclaro1
 
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...Amil baba
 
dusjagr & nano talk on open tools for agriculture research and learning
dusjagr & nano talk on open tools for agriculture research and learningdusjagr & nano talk on open tools for agriculture research and learning
dusjagr & nano talk on open tools for agriculture research and learningMarc Dusseiller Dusjagr
 
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptxHMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptxmarlenawright1
 
How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17Celine George
 
Understanding Accommodations and Modifications
Understanding Accommodations and ModificationsUnderstanding Accommodations and Modifications
Understanding Accommodations and ModificationsMJDuyan
 
How to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSHow to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSCeline George
 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Jisc
 
Wellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxWellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxJisc
 
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptxCOMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptxannathomasp01
 

Recently uploaded (20)

How to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptxHow to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptx
 
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptxOn_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
 
SOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning PresentationSOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning Presentation
 
Details on CBSE Compartment Exam.pptx1111
Details on CBSE Compartment Exam.pptx1111Details on CBSE Compartment Exam.pptx1111
Details on CBSE Compartment Exam.pptx1111
 
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...
 
Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024
 
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptxExploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan Fellows
 
Basic Intentional Injuries Health Education
Basic Intentional Injuries Health EducationBasic Intentional Injuries Health Education
Basic Intentional Injuries Health Education
 
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
 
dusjagr & nano talk on open tools for agriculture research and learning
dusjagr & nano talk on open tools for agriculture research and learningdusjagr & nano talk on open tools for agriculture research and learning
dusjagr & nano talk on open tools for agriculture research and learning
 
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptxHMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
 
How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17
 
Understanding Accommodations and Modifications
Understanding Accommodations and ModificationsUnderstanding Accommodations and Modifications
Understanding Accommodations and Modifications
 
How to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSHow to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POS
 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)
 
Wellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxWellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptx
 
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptxCOMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
 

Chapter 1 - Lesson 1 - Overview Infrastructure Design

  • 1. 2021 - Copyright All Rights reserved - Security Boutique is a registered trademark Chapter 1 Lesson 1 - Overview infrastructure design
  • 2. 2021 - Copyright All Rights reserved - Security Boutique is a registered trademark Chapter 1 - Infra Design security – Lesson 1 [Overview infrastructure design] OT model (Operation Technology) IT model (Information Technology) Purdue Enterprise Reference Architecture (PERA) Core – Distribution – Access layers Src. Juniper’s website
  • 3. 2021 - Copyright All Rights reserved - Security Boutique is a registered trademark Chapter 1 - Infra Design security – Lesson 1 [Overview infrastructure design] The diagram jungle Branch diagram Topology diagram Basic Network diagram Network diagram Cloud diagram Database diagram...storage and way more....
  • 4. 2021 - Copyright All Rights reserved - Security Boutique is a registered trademark Chapter 1 - Infra Design security – Lesson 1 [Overview infrastructure design] Why do we design like we do? AWS GCP AZURE
  • 5. 2021 - Copyright All Rights reserved - Security Boutique is a registered trademark Chapter 1 - Infra Design security – Lesson 1 [Overview infrastructure design] Let’s stop to be so obvious... Company Attacker - Spoofed mail address - Malicious link, attachment, etc - Payload - Session Hijacking - Command Centre - Persistance - A SaaS service - An HTML preview / DNS - An end-point security - A web browser - Reverse connectivity - End-point security
  • 6. 2021 - Copyright All Rights reserved - Security Boutique is a registered trademark Chapter 1 - Infra Design security – Lesson 1 [Overview infrastructure design] Keep my space.... Trusted response from dependencies – from L1/2 for example DHCP up to L7 Proxy/DNS Authenticate User and Device (combine the two) Not have direct network connectivity to avoid reverse connectivity from attacker Isolate browser session – for example site isolation https://support.google.com/chrome/answer/7623121 or remote browser isolation or secure browser Micro segment resources Not execute payloads.... Javascript DOM too... see Magecart Don’t have race time conditions – off-line mode, AAA Don’t have an internal threat actor Don’t trust supply chain... especially your security provider
  • 7. 2021 - Copyright All Rights reserved - Security Boutique is a registered trademark Chapter 1 - Infra Design security – Lesson 1 [Overview infrastructure design] Define your building blocks
  • 8. 2021 - Copyright All Rights reserved - Security Boutique is a registered trademark Chapter 1 - Infra Design security – Lesson 1 [Overview infrastructure design] Always distinguish direction and evaluate threats for ech
  • 9. 2021 - Copyright All Rights reserved - Security Boutique is a registered trademark Chapter 1 - Infra Design security – Lesson 1 [Overview infrastructure design] Review your IAM and overall AAA
  • 10. 2021 - Copyright All Rights reserved - Security Boutique is a registered trademark Chapter 1 - Infra Design security – Lesson 1 [Overview infrastructure design] Now let’s see a practical example
  • 11. 2021 - Copyright All Rights reserved - Security Boutique is a registered trademark Subscribe YouTube https://www.youtube.com/channel/UCK0Z7e2riiRT8hRFvPfiMcw