Security can be roughly divided into two broad domains:
• Organizational security: Protecting the assets and operations of organizations of all sizes and shapes.
• Personal security: Protecting the dignity of individual users of technology.
Sometimes there is tension between these two domains. What is best for the organization is not always best for the person, and what is sometimes best for individuals is not always what is best for the organization. Engineers who deal with data of any kind must learn to understand both sets of requirements when to balance desires and requirements in these domains and
when one domain should override the other.
Figure 18-1 illustrates three primary personal and organizational security goals.
Figure 18-1 Security Domains
The left side of Figure 18-1 shows the two large domains and three security goals.
Confidentiality describes protecting information from access by unauthorized parties. A party is not just a person but also a thing or process; even processes need permission to access information. Data confidentiality is supported by the following:
• Lifecycle controls: Destroyed data is much less likely to be compromised than existing data. Data that has been minimized in some way damages people and organizations more than raw data.
• Encryption: Only authorized users and processes should have access to the keys and processes required to unencrypt data.
• Segmentation: It is more challenging to take, unencrypt, and combine data stored in multiple locations or files than in a single, large file.
• Access Control: Only authorized users should be able to access data.
• Monitoring and Detection: Monitoring systems are sometimes too late to prevent data’s unauthorized taking or use. On the other hand, monitoring systems can raise alerts against suspicious activity, preventing a breach. Monitoring systems can also raise an alert when a breach first occurs so defenders can quickly close the breach, minimizing the damage.
Each of these security methods can improve information confidentiality.
Integrity describes an operator’s confidence that data has not been intentionally or unintentionally changed while stored and processed. The following methods support integrity:
• Encryption: Changes in encrypted data will prevent the data from being unencrypted or producing errors for the modified portions.
• Segmentation: Attackers can change only those parts of the data they can access. If multiple segmented copies of data have overlapping information, you can detect and rebuild altered data.
• Access Control: Attackers can change only the data they can access.
• Monitoring and Detection: Monitoring cannot prevent an unauthorized person or process from changing data.
Monitoring can alert administrators to unexpected data changes.
• Resilience: If data has been unintentionally or unexpectedly changed, resilience methods can help restore data to its original state.
Finally, availability describes a user’s ability to use network-based resources and data to get something done. Availability is often the primary focus of network security because of distributed denial of service (DDoS) and similar attacks.
Note
Chapter 19, “Attacks and Threats, ” discusses specific attacks like DDoS.
Availability relies on the following security methods:
• Segmentation: When a single system is broken down into smaller, replaceable subsystems, attacking—and even shutting down—one of those subsystems will have a smaller impact on the larger system. Further, breaking one large system into subsystems enables faster troubleshooting and isolation of compromised subsystems.
• Access Control: The more access an attacker has to a system, the more damage they can do.
• Monitoring and Detection: Good monitoring reduces the dwell time, or the amount of time an attacker has to compromise a network or system.
• Resilience: More resilient systems can survive in the face of various denial-of-service attacks.
A set of security tools, like data deidentification, compartmentalization, virtualization, and packet filtering, supports these methods.
Note
Chapter 20, “Security Tools,” discusses general security tools. The “Privacy Concepts” section later in this chapter discusses privacy-focused tools.
Shift Left
Shift left is a common term in the network engineering and security communities, but what does it mean? Figure 18-2 gives this term context.
Figure 18-2 shows a standard design/deploy/operate cycle. Most network engineers do not think about security in the design or testing phases because they do not see how security can be designed or effectively tested before deployment.
Shift left means bringing security and privacy into the design, testing, and deployment phases of network engineering.
There are many ways security can be designed into a network.
For instance:
• Encryption: A network’s design can encrypt all carried traffic.
Pervasive encryption requires rethinking monitoring and management systems because it can impact network design and operations in many ways.
• Segmentation: Network engineers often break networks into segments, modules, or virtual topologies to increase scale.
Security is another good reason to create multiple segments, even when one will support the required scale.
• Access Control: Access control is often relegated to the network edge. Designers often assume users who pass through the network edge are authorized to access any network resources. Building a network with security segmentation supports access control and helps stop an attacker’s lateral movement.
• Monitoring and Detection: Monitoring should be used for more than ensuring network operation. Users and data passing through specific barriers in the network should raise alarms, for instance.
• Resilience: A highly resilient network design is one of the primary tools network engineers can use to prevent or counter denial-of-service attacks.
Testing is another good place to bundle in security. Penetration testing, the proper operation of security systems, and many other security issues can be included in design testing.
In short, shifting security left is always a good idea in network design and operations.