Profile picture

skam.me

Now Playing on Spotify

Small Sec+ Notes

3 min read

This article is adapted from personal study notes and is not really written for others, hopefully it can still be useful somehow.

Core Definitions

  • DRP (Disaster Recovery Plan)
    A documented strategy for restoring systems and data after a disruptive event.

  • Port Scans
    A form of active reconnaissance used to identify open services on a host.

  • ARO (Annualized Rate of Occurrence)
    The expected frequency of a risk event per year.

Authentication & Access Concepts

  • Password Spraying
    If a username changes but the password stays the same, this indicates password spraying rather than brute force.

  • Non-Repudiation
    Ensures actions or messages can be reliably attributed to an individual.

  • Federation vs SSO
    Using existing credentials from a third-party site is federation, not single sign-on (SSO).

Zero Trust & Network Architecture

  • Zero Trust (Data Plane Focus)
    The most relevant element to evaluate is the subject role, which determines access decisions.

  • Bastion Host
    The most secure method for providing administrative access while minimizing exposed traffic.
    A bastion host is a hardened server placed in a perimeter network (DMZ) to withstand attacks.

  • Segmentation
    Used to isolate:

    • Legacy IoT devices

    • Customer data stored separately from the corporate network

sequenceDiagram
    User->>PolicyEngine: Access request
    PolicyEngine->>IdentityProvider: Verify identity
    PolicyEngine->>Device: Check posture
    PolicyEngine->>Resource: Allow / Deny access

Monitoring, Detection & Response

  • SIEM Investigation on Employee Laptop
    Use endpoint logs to gather executable and process-level details.

  • Intrusion Prevention System (IPS)
    Best for detecting and blocking known, signature-based attacks in real time.

  • File Integrity Monitoring (FIM)
    Detects and tracks unauthorized changes to files and system configurations.

  • Automation
    The most reliable way to consistently verify daily security configuration changes.

  • Data Loss Prevention (DLP)
    Helps detect accidental exposure of sensitive data such as emailed PII.

Risk Management & Governance

  • Risk Register
    Documents risks, responsible parties, and thresholds.

  • Cyber Insurance
    Represents a risk transfer strategy.

  • Change Management Procedure
    Must be followed when:

    • Creating firewall rules

    • Applying high-priority patches to production systems

  • Internal PCI DSS Failure
    Results in audit findings (external assessments may lead to fines).

Business Continuity & Disaster Recovery

  • Warm Sites
    Best when cost-benefit is a priority and RTO/RPO are around two days.

    • Infrastructure partially ready

    • Faster than cold sites, cheaper than hot sites

  • Off-Site Replication
    Recommended for earthquake-prone regions to reduce data-loss risk.

Encryption & Endpoint Security

  • Full Disk Encryption (FDE) Planning Priorities

    • Key escrow – ensures data recovery if keys are lost

    • TPM presence – protects encryption keys using hardware security

Cloud & Infrastructure

  • Serverless Framework
    A low-cost, cloud-based application hosting solution.

  • Infrastructure as Code (IaC)
    Enables consistent, repeatable deployment of cloud resources.

  • Compensating Control
    Example: a host-based firewall on a legacy Linux system restricting access to specific internal IPs.

Secure Remote Access

  • Jump Server Exposure
    Recommendation: place the jump server inside the firewall and require VPN access.

  • Secure Consultant Access
    Most appropriate solution: IPSec

  • Scaling VPN Issues
    Deploy SASE to reduce VPN and internet circuit load while maintaining encryption and visibility.

Compliance & Vendor Risk

  • Supply Chain Risk
    Opening firewall ports for a SaaS-supported system introduces vendor risk.

  • Classified Storage Arrays
    Organizations should request vendor certification.

  • Air-Gapped Networks
    The most common data-loss path is removable media.

Email & Identity Controls

  • DMARC
    Provides email origination authorization and domain protection.

Development & Insider Threat Prevention

  • Best Insider Threat Control in Development
    Peer review and approval before code changes are merged.

Agreements & Documentation

  • SOW (Statement of Work)
    Defines project scope, cost, and timeline.

  • MOA (Memorandum of Agreement)
    A document between parties agreeing to cooperate on a shared objective or project.

graph TD
    Internet --> Firewall
    Firewall --> BastionHost
    BastionHost --> InternalNetwork
    InternalNetwork --> Database

Graph View