Please enable JavaScript.
Coggle requires JavaScript to display documents.
CHAPTER 3 (Security Architecture (Framework Model (Zachman Framework,…
CHAPTER 3
Security Architecture
System or Network-centric models
Data centric Model
Framework Model
Zachman Framework
SABSA Framework
Process Model
6
Logging , Monitoring and Detection
Logging
SEM & SIEM
Analyzed and interpreted
INGRESS & EGRESS
Data Loss Prevention (DLP)
Anti-Virus & Anti-Malware
INTRUSION DETECTION SYSTEM
NIDS
HIDS
SNORT
INTRUSION PREVENTION SYSTEM
NIPS
HIPS
7
Encryption
SYMMETRIC
AES
DES
3DES
RC4
ASYMMETRIC
RSA
DH
PGP (PRETTY GOOD PRIVACY)
ECC
Digital Signature
Message Integrity
PKI Public Key Infrastructure
certificate authorities
Register authority
Validation authority
Others Protocols
HTTPS
IPSec
SSH
S/MINE
SET
5
ISOLATION AND SEGMENTATION
EG: ISOLATE WIRELESS FIDELITY
3
Defense in Depth
LAYERS OF PROTECTIONS TO REACH TARGETS
ARCHITECTURE (DID)
VERTICAL
HORIZONTAL
https://ibb.co/CHwHYwj
2
OSI Model
PLEASE DO NOT TRUST SALES MAN PRODUCT ALWAYS
PHYSICAL LAYER
DATA LINK LAYER
LLC
ERROR CHECKING
MAC
NETWORK LAYER
IPv6
IPv4
TRANSPORT LAYER
TCP
UDP
SESSION LAYER
PRESENTATION LAYER
APPLICATION LAYER
4
Information Flow Control
Firewall
Packets filtering
Stateful Inspection
Application Proxy (Proxy Gateway)
Next Gen Firewall (Hybrid)
WAF (WEB APPLICATION FIREWALL)