Glen D. Singh - Cisco Certified CyberOps Associate 200-201 Certification Guide: Learn blue teaming strategies and incident response techniques to mitigate cybersecurity incidents

As you dive further into the world of cybersecurity, you will learn about various security concepts and strategies that many organizations implement to secure their assets from both internal and external cyber threats and attacks. Having a solid understanding of the importance of information security is vital, and in this chapter, you will be exposed to the three pillars that are used to keep organizations and their assets safe from cyber attacks.

Throughout this chapter, you will learn about these three pillars and how they are used within any organization, whether small or large, to create a secure network designed to protect its users, devices, and data. Furthermore, you will learn about various security deployments, key security terminologies, and access control models. These key topics will help you understand what is needed and expected of a cybersecurity professional and an information security professional in the industry. Hackers are not waiting for cybersecurity professionals to get ahead of the game; it is our responsibility to stay up to date and ahead of the bad guys.

In this chapter, we will cover the following topics:

• Introducing the principles of defense in depth
• Exploring security terminologies
• Exploring access control models
• Understanding security deployment

Without further ado, let's dive into the chapter!

Simply by connecting a device to a network and the internet, organizations are opening up a doorway for hackers to infiltrate their network and wreak havoc. There are many organizations that have a firewall on their network and so think that both their internal network and users are protected from threats on the internet. A firewall as the only network appliance deployed between the internal network and the internet is simply a single layer of security for the entire organization. Many people will ask the question, Isn't the firewall designed to filter malicious inbound and outbound traffic?

Many years ago, the answer would have been simply a solid yes. However, as hackers are always looking for new strategies to infiltrate a network, we cannot just rely on a single layer of security to safeguard our assets. The answer to the question is not an easy yes anymore simply because there are many traffic types that use insecure network protocols to exchange messages between a source and a destination.

The following are just a few of the many questions that should be asked by a cybersecurity professional:

• Is the organization actively monitoring Domain Name System (DNS) messages for threats?
• Does the organization have any security solutions protecting the company's inbound and outbound email messages?
• If there's an outbreak of a cyber attack on the network, are there systems implemented to proactively block and alert the Information Technology (IT) team?
• Is there a dedicated security team or person within the organization for managing the overall security of the entire organization?
• Are there any security policies and technical controls implemented to safeguard the internal network?

Many security vendors use a lot of marketing strategies and throw out many buzzwords to influence potential customers to purchase their all-in-one security appliances. The key point that many unknowing customers miss is how the security solution or product is going to protect all users and all traffic types, safeguard them when using insecure protocols, and so on. An example is using endpoint protection; you can think of this solution as anti-malware software with centralized management for the administrator. While many anti-malware and endpoint protection solutions offer amazing features, this is still a single layer of security that simply protects the host only. Not all endpoint protection or anti-malware solutions safeguard from email-based threats or even social engineering attacks. To put it simply, an organization cannot rely on a single approach only to safeguard its assets; it needs a multi-layered approach known as Defense in Depth (DiD).

The DiD strategy simply implies that a single layer of security should not be used as the only countermeasure against cyber attacks. Should that one layer fail to protect the network, then everything (assets) is exposed for hackers to compromise. In DiD, a multi-layered approach is implemented to protect all assets from various types of cyber attacks, where if one layer fails to safeguard an asset, another layer is already in place to keep the asset secure. You can think of the multi-layered approach as like having multiple defense mechanisms protecting a king in his castle. Should an invasion occur, the invaders will need to pass multiple layers of defense, including knights and other barriers, before they can reach the king (the asset).

To further understand the importance of DiD, let's dive into exploring the three pillars of information security:

• Confidentiality
• Integrity
• Availability

These three pillars are commonly referred to as the CIA triad. Each pillar plays a vital role in providing information security to any organization. In the following sub-section, you will learn about the characteristics of confidentiality, integrity, and availability and how they are used in the industry to ensure that our networks are safe.

As more people are connecting to and sharing information over networks, whether it's their private network at home, the corporate network at the office, or even the internet, privacy is a major concern. Every day, organizations are generating new data as they send and receive messages between devices. Imagine an organization that uses email as their only messaging platform; each person creates an email message, which is data, and this data uses some amount of storage space on the local system. When the destination receives the email, the email is stored on the recipient's computer if they are using a host-based email application such as Microsoft Outlook. Another example is data being transmitted across a network: Is the connection secure? Is the communication protocol secure? Is the network secure? These are just some simple questions we may ask when thinking about the security of our data.

Confidentiality simply ensures that messages and other data are kept private from unauthorized persons or devices. In the field of IT, confidentiality is implemented in the form of data encryption. People use devices to perform tasks, whether to send an email, download a file, or even send a message using a smartphone. It's important to protect these messages at all times.

Data usually exists in the following states:

• Data at rest
• Data in motion (transit)
• Data in use

Data at rest is data that is neither in use by an application nor a system. It is currently stored in storage media such as a Hard Disk Drive (HDD) on a local or remote system. When data is at rest, it's vulnerable to attackers attempting to either steal or modify it. Security professionals implement both authentication methods and encryption algorithms to encrypt and protect any data at rest. An example is using