Security Architecture & Design

The principles of security architecture and design.

9/7/20242 min read

Introduction

Hello, hackers! Let's briefly talk about security architecture and design, the often-overlooked foundational principle of cybersecurity. So, what is security architecture and design, you ask? Well, it's quite simple: it's the blueprint of your network's security!

All the objects, both physical and software-based, that are in place to ensure your network's security make up what is known as the security architecture. The design is the flow and rules set based on the objects in your network's security architecture.

Now that you know a little bit about security architecture and design, let's dig into some of its principles and best practices:

Economy of Mechanism

This principle states that your security architecture and design should be as simple as possible. Follow Kelly Johnson's KISS (Keep It Simple, Stupid!) principle!

Fail-safe Defaults

Your design should deny access by default, implicitly deny, and only explicitly allow. Your network components should have no default passwords, no sample users, and a password length policy should be set in place to ensure passwords have a length greater than 8 characters.

Separation of Privilege

Access should depend on more than one condition; multi-factor authentication meets this criteria! Compartmentalization of your network objects is key, especially for devices with highly regulated data. Finally, you should be sandboxing to test unknown, experimental, and unfinished programs. Spin up a flurry of VMs!

Complete Mediation

Your design should have complete access control; it should check every access to every object. Authentication is crucial! Make sure that the subject (user/client) is communicating with the authentication program, and any value that can be influenced by the subject should not be trusted.

Least Privilege

Only necessary permissions to get the job done should be given. Some components of a system should be less privileged than others.

Usability

Your security solution must be easy to use; it should feel like magic to the subject.

These principles form the foundation of a robust security architecture and design. By implementing them, you can create a more secure and efficient network infrastructure.

References