Security Architecture: it ties policies, principles, rules, and components through which we can make the system more and more secure. This is the combination of some pre-checks to make the system more secure.
What is the difference between developer architecture and security architecture?
developers think about how to make a system that can fulfill our requirements while security architectures think about how to make a system that can not break and fulfill the project's requirements.
here, the question arises of how to make a system that can not break. Some key points need to be kept in mind to build a secure architecture for any system.
1. Defense in Depth
2. Least Privilege
3. separation of duties
4. secure by design
5. KISS
- Defense in Depth: it is a security mechanism in which we secure the system by applying multiple security layers to protect data or assets. This layered approach ensures that if one defense fails, others remain in place to protect critical systems and information. There are different layers like IAM(user), Application, Endpoint, Network, and Data, and above all the layers you can implement different security rules and policies like encryption, firewall, and monitoring systems like SIEM and SOAR to get deeper insights into threat and build more and more secure system.
- Least Privilege: privilege means the rights that a person or system has to perform a particular action. if there are no rights that means no access. there are four key points to keep in mind to giving roles or privileges to a person or system.
1. Only give minimal roles that are only required. keep it minimal as much as you can.
2. Harden the system by removing unnecessary services or extra roles. For example, if you are hosting a website, check for open ports other than 443. If any other ports are open and those services are not needed, be sure to turn them off.
3. privilege creep is the gradual accumulation of access rights beyond what individuals need to do their jobs. this is Google’s definition😅. it means that extra roles are provided that are not needed to perform some tasks. don’t do that. Just give them what they need. remove those extra roles.
4. Just in case is mainly happens in an organization where sometimes the IT team gives extra roles “Just in case” users needed and they don’t have to come back and ask for those roles. so avoid that and give only the roles that are needed at the time. don’t predict the future requirements and give minimal roles. - Separation of Duties (SoD) is a security principle that prevents a single person or entity from having complete control over a critical process. SoD has two key terms “No SPOK” and “Collision”.
No SPOK stands for no single point of context. to perform a critical action group of users agree then the action should be performed and if a Collision happens then the system or program should be stopped. - Secure by Design is a security architecture that tells us not to wait till the PROD version is ready. start implementing security in every phase of your agile cycle. if you start finding weaknesses in the PROD version then it might cost 10X or 100X than if you solved it in an earlier stage of the cycle.
5. KISS(keep it simple stupid): don’t try to make the system more complicated. the reason behind this is that complexity is not equal to security. make the system simple so no hidden doors stay open.
To build a secure architecture, incorporating these core principles is essential. Together, these principles form a holistic foundation that strengthens overall security and resilience, helping to safeguard systems against evolving threats. Along with this, you all are aware of the CIA tried. it is the combination of 3 key principles
- Confidentiality: the message is only readable by the sender and receiver, the middleman or attacker should not be able to understand the message content and its meaning. Confidentiality can be achieved by Encryption and Access control. Encryption can easily encrypt data into an unreadable form and access control prevents access to unknown or unauthorized used from accessing this message or information.
- Integrity: Ensures data remains accurate, consistent, and protected from unauthorized changes. Hashing, Access Controls, and Encryption through which we can achieve integrity.
- Availability: Ensures data and systems are accessible and operational for authorized users whenever needed. To keep the system always up to authorized users, Disaster Recovery, Redundancy, backups, and load balancing are essential.
These are the key points that need to be kept in mind to build a secure system. this are the basic topics that I have covered in this first part. The second part will contain all trades of tools or we can call them attack surfaces that security engineer uses to build a secure system. part 2 will contain domains like IAM, Endpoint, Network, Application, Data, Monitoring, and Incident Response. These are the 7 domains in which we need to keep an eye to make the system secure.