Chapter 3.

0
Countermeasure
in Cybersecurity
DFC20313 Cybersecurity Fundamentals
Prepared By: Fatimah Zahra

Part 1
CLO & PLO
Upon completion of this course, students should be able
to:

CLO1
Explain cybersecurity threats and hazard using
appropriate tools and techniques for secured
environment in organizations

Apply design and architecture to

PLO2 Information Technology solutions using

appropriate tools and techniques.
 3.1
3.1 Explain level of IT infrastructures types.

Topic 3.1.1 Classify the IT infrastructures

a.Data
b.Application

Content c.Network
d.Physical

3.2
3.2 Examine common types of infrastructure security.

3.2.1 Describe classification of infrastructure security

a.Devices
b.Media
c.Security topologies
d.Intrusion detection
e.Security baseline
f.Application hardening

3.2.2 Discover common security infrastructure security

a.Firewalls
b.VPN
c.IDS
d.Honeypots
e.DMZ
f.Network monitoring/diagnostic
LEVEL OF IT INFRASTRUCTURES TYPES
• IT infrastructure refers to the combined components
needed for the operation and management of
enterprise IT services and environments
• The levels of IT infrastructure include the physical
layer (hardware and cabling), network layer (routers
and switches), storage layer (servers and data
storage), and application layer (software and
applications)
IT infrastructure levels:
Physical Level:
• Hardware: This includes physical devices such as servers, storage
devices, routers, switches, and data centers. These components
form the foundation of IT infrastructure.
• Facilities: The physical spaces where hardware is housed,
including data centers and server rooms, which provide power,
cooling, and security.
Network Level:
• Networking Equipment: Devices like routers, switches, and hubs
that facilitate communication between hardware components.
• Network Topology: The arrangement and interconnection of
network devices, which can be structured in various ways (e.g.,
star, mesh, ring).
IT infrastructure levels:
Virtualization Level:
• Virtual Machines (VMs): Software-based simulations of physical
computers that run operating systems and applications.
• Hypervisors: Software that creates and manages VMs, allowing
multiple VMs to run on a single physical server.
Operating System Level:
• Operating Systems (OS): Software that manages hardware
resources and provides services for applications. Examples include
Windows, Linux, and macOS.
IT infrastructure levels:
Application Level:
• Software Applications: Programs that perform specific tasks for
users, such as word processors, databases, and web servers.
• Middleware: Software that connects different applications and
allows them to communicate and share data.
Cloud Level:
• Public Cloud: Services provided over the internet by third-
party providers, such as AWS, Azure, and Google Cloud.
• Private Cloud: Cloud infrastructure operated solely for a single
organization, either on-premises or hosted by a third party.
• Hybrid Cloud: A combination of public and private clouds,
allowing data and applications to be shared between them.
IT infrastructure levels:
Security Level:
• Security Measures: Tools and practices to protect IT
infrastructure, including firewalls, encryption,
intrusion detection systems, and access controls.
• Compliance: Adherence to regulations and standards
to ensure data protection and privacy.
• Each level of IT infrastructure plays a crucial role in
ensuring the smooth operation, security, and
scalability of IT services
IT infrastructures Classifications

Storage Systems: Software Applications: Networking Equipment: Hardware:

Databases, data Programs that perform Routers, switches, firewalls, Physical servers, storage devices,
warehouses, and specific tasks. and load balancers. and networking equipment.
storage area networks Network Topology: The
Middleware: Software that arrangement and Facilities:
(SANs).
connects different interconnection of network Data centers, server rooms, and
Data Management applications and allows them devices. other physical spaces housing IT
Tools: to communicate. Communication Protocols: infrastructure.
Software for data TCP/IP, HTTP, FTP, and other
Power and Cooling Systems:
backup, recovery, and Development Tools: protocols that enable data
Uninterruptible power supplies
archiving. Integrated development exchange. (UPS), generators, and HVAC
environments (IDEs), version systems to maintain optimal
control systems, and operating conditions.
continuous
integration/continuous
deployment (CI/CD) tools.
COMMON TYPES OF
INFRASTRUCTURE
SECURITY
 COMMON TYPES OF
INFRASTRUCTURE SECURITY
This involves protecting physical assets like servers and data centers with
Physical Security 1 measures such as locked doors, security cameras, and backup generators

Network This focuses on protecting data as it travels across the network. It

Security 2 includes firewalls, traffic encryption, and authentication systems

Application This ensures that applications are secure from threats like SQL
Security 3 injections and unauthorized access. It involves hardening
applications and protecting databases
 COMMON TYPES OF
INFRASTRUCTURE SECURITY
Data This involves protecting data wherever it is stored, using
Security 4 encryption, backups, and anonymization techniques

These are measures to ensure that only authorized individuals

Access Controls 5 can access certain systems or data. This includes strict
authentication protocols

Behavioral This involves monitoring user behavior to detect and respond

Analytics 6 to unusual activities that might indicate a security threat

These layers of security work together to create a robust defense against various
threats, ensuring the resilience and integrity of an organization’s infrastructure.
CLASSIFICATION OF
INFRASTRUCTURE
SECURITY
Classification of infrastructure
security
Devic
01
es
02 Media
03
Security
topologies
04
Intrusion
detection
Security
05
baseline
Application
06
hardening
 01 Devices

Devices in infrastructure security refer to

hardware components like routers,
firewalls, switches, and gateways.
These devices are crucial for managing and
securing network traffic. For instance,
firewalls control incoming and outgoing
network traffic based on predetermined
security rules.
 02 Media

Media security involves protecting data storage

and transmission media.
This includes:
• Physical Media: Hard drives, USB drives, and
CDs. Security measures include encryption
and physical access controls.
• Digital Media: Cloud storage and virtual
drives. Security measures include data
encryption, access controls, and regular
backups.
 03 Security topologies

Security topologies refer to the layout and

design of a network’s security
architecture. This includes the
arrangement of devices and how they
interact to protect the network.
Common topologies include star, mesh,
and hybrid configurations, each with its
own security implications.
 04 Intrusion detection

Intrusion detection systems (IDS) monitor

network traffic for suspicious activity and
potential threats.
They can be signature-based, anomaly-
based, or use stateful protocol analysis to
detect and respond to intrusions.
These systems are essential for identifying
and mitigating security breaches
 05 Security baseline

• A security baseline is a set of minimum

security standards and configurations
that must be met to ensure a secure
environment. This includes guidelines
for :
i. Configuration Settings:
Standardized settings for
operating systems and
applications.
ii. Patch Management: Regular
updates and patches to fix
vulnerabilities.
iii. Access Controls: Defined user
roles and permissions to ensure
only authorized access
Application hardening involves
implementing measures to protect
applications from vulnerabilities and
attacks.
This can include code reviews, patching,
and configuring security settings to
reduce the attack surface.
The goal is to make applications more
resilient against threats
COMMON SECURITY
INFRASTRUCTURE
COMPONENTS
 COMMON
SECURITY
INFRASTRUCT
URE
COMPONENTS
INFRASTRUCTURE COMPONENTS
Firewalls
Act as a barrier between your internal network and external
networks (like the internet). They monitor and control incoming and
COMMON SECURITY

outgoing network traffic based on predetermined security rules.

Firewalls can be hardware-based, software-based, or a combination
of both.
INFRASTRUCTURE COMPONENTS
VPN (Virtual Private Network)
• A VPN creates a secure, encrypted connection over a less secure
network, such as the internet. This allows users to send and receive
COMMON SECURITY

data as if their devices were directly connected to the private

network, ensuring privacy and security.
INFRASTRUCTURE COMPONENTS IDS (Intrusion Detection System)
• An IDS monitors network traffic for suspicious activity and
potential threats. It can be configured to alert administrators
when it detects unusual patterns that may indicate a security
COMMON SECURITY

breach.
• There are two main types:
i. Network-based IDS (NIDS)
ii. Host-based IDS (HIDS)
INFRASTRUCTURE COMPONENTS
Honeypots
Honeypots are decoy systems or networks designed to attract cyber
attackers. They mimic real systems to lure attackers away from actual
targets and gather information about their methods and tools. This
COMMON SECURITY

helps in understanding and mitigating threats.

INFRASTRUCTURE COMPONENTS
DMZ (Demilitarized Zone)
A DMZ is a physical or logical subnetwork that separates an internal
local area network (LAN) from other untrusted networks, usually
the internet. It adds an extra layer of security by isolating external-
COMMON SECURITY

facing services (like web servers) from the internal network.

 Network Monitoring/Diagnostics
INFRASTRUCTURE COMPONENTS
• Network monitoring involves continuously observing a network for
performance issues, failures, or security threats. Tools used for
network diagnostics can help identify, troubleshoot, and resolve
COMMON SECURITY

network problems, ensuring the network runs smoothly and securely.

END OF CHAPTER 3
PART 1