• Home
  • Hacking & Security
    • Network Hacking
    • Web Hacking
    • Social Engineering
    • Kali Linux
    Submit An Article
  • Courses
    • All Courses
    • Bundles
    • Masterclass
    • VIP Membership
    • FAQ

    Popular Courses

  • Shop
    • Hardware Bundles
    • Wireless Adapters
    • Pentesting Tools
    • Security
    • Accessories
    • Clothing
    • Books
    • All
  • Competition
  • Services
    Penetration Testing
    Consulting
    Code Review
    One on one Training
    Online Courses
    VPN
  • Blog
      • Cart

    VIP Membership Masterclass
    Got a question?
    [email protected]
    RegisterLogin
    zSecurity
    • Home
    • Hacking & Security
      • Network Hacking
      • Web Hacking
      • Social Engineering
      • Kali Linux
      Submit An Article
    • Courses
      • All Courses
      • Bundles
      • Masterclass
      • VIP Membership
      • FAQ

      Popular Courses

    • Shop
      • Hardware Bundles
      • Wireless Adapters
      • Pentesting Tools
      • Security
      • Accessories
      • Clothing
      • Books
      • All
    • Competition
    • Services
      Penetration Testing
      Consulting
      Code Review
      One on one Training
      Online Courses
      VPN
    • Blog
        • Cart

      Security

      Monitoring Architectural Risk

      • Posted by Neil Rerup
      • Date September 11, 2018

       

      Learn how to monitor architectural risk in this article by Neil Rerup, the person responsible for the security architecture for the Vancouver 2010 Winter Olympics and Milad Aslaner, a mission-focused security professional and an award-winning speaker and technical expert at global conferences, such as Microsoft Ignite, Microsoft Tech Summit, and Microsoft Build.

      There are different types of threats posing a risk to the organization. However, as an architect you need to focus on security. There are architectural risks that have to be thought about and provided as an input into the strategy.

      What are architecture risks?

      Architecture risks are those risks that arise as a result of the architecture components that are in your organization. You can have different types of solutions that provide the same security posture but have different architecture risks and those are things that have to be considered.

      Take, for example, the ever-present legacy infrastructure. The infrastructure that everyone wishes would just go away but you can’t get rid of because of the dependencies. Every organization has a legacy Windows NT Server still sitting around simply because there’s an application that can only run on Windows NT and there is a business requirement to keep that application. Having the Windows NT server in your environment will create an architectural risk because of the lack of support from Microsoft.

      Legacy systems are the biggest source of architecture risk that you have to consider. You can understand this with the help of an anti-virus (AV) example as a way of talking about architecture risk. When you look at your current AV solution, you have to look at both the capabilities of the AV package as well as the infrastructure that it is residing on. Maybe, in your analysis, the AV package is able to support the needs of the business for another three years. However, the operating system that it is residing on will reach the end of life in one year. Now you have to put into your security architecture strategy a change to the AV because the infrastructure supporting the AV has to be changed.

      When you are working with your security architecture strategies, look at the different components and the dependencies of those components. Look at the age and capabilities of those components and then map the architecture risks associated with those components. Do this using a table of sort, such as the one shown in the following example:

      In this example, there are three sample projects but, more importantly, there are five options for laying out how to deal with your architecture risks by planning longer term. Those five options are as follows:

      • Investigate: The investigate option is all about looking into the current solution, the requirements that a solution is supposed to meet, and then determining if there are options out there that might be better than the current solution. In this option, you want to be looking into all the possible solutions, including sticking with the current solution.
      • Select: The select option is about deciding about which solution to use and how to use it. You’ll be comparing the pros and cons of each possible solution and, if you do this properly, you’ll make use of your Key Decision Document(KDD) for describing your final decision in regards to your long-term strategy on reducing architecture risk.
      • Deploy: The deploy option is the timeframe that you need for rolling out a new option and it’s never as easy as you expect. Remember that the preceding table also describes the timeframes for the activities, so don’t discount how long it will take to deploy a new solution. There will be all sorts of gotchas that come up and you need to plan for it.

      One of the mistakes that commonly occurs with architects is that they assume that the amount of time to deploy a solution is similar to how long it would take them to deploy a solution. But there’s a reason why architects are more senior to other roles—they’ve been through the trenches and learned the lessons to dealing with solutions. The people that will actually do the deployment will be more junior to you so really build in a buffer for time to deploy new solutions.

      • Operate/sustain: Once the solution has been deployed, it will sit in production for a long time, likely several years. This will be the longest timeframe associated with the strategy timetables and it’s easy to forget about solutions during this period. This is why your asset inventory is so important and what you use in your planning (so that you don’t forget about solutions once they’ve been put into production).

      Keep an eye on the solution and touch-base with the operations group to determine how it’s doing. Is it continuing to meet its original requirements? Are changes to other environmental component impacting the solution itself to the point where the solution may need to be upgraded? Remember, technologies change, and the direction of organizations change as well. This may impact the functionality of a perfectly good solution in a way that may require changing directions.

      • Retire: Here’s where you want to actually retire the older solutions. Many times, you’ll want to maintain the old solution in parallel with the new solution, just in case something happens. But then you want to retire the old solution and that isn’t as easy as just pulling the plug. There will be tools that have to removed, IP addresses released, VLANs changed, and so on. All these can impact an organization if not done correctly and that also raises the architectural risk.

      Align your retirement option with when your current solutions are going end of life. Ideally, you replace the current solution a year before it reaches its end of life so that you don’t have to deal with a raised architectural risk.

      One other thing to remember about retirement of solutions—you don’t necessarily have to be bound to them when they reach the end of life. Sometimes, if you talk to the vendor, you may be able to pay a premium to continue getting support from them even after products reach the end of life. Vendors may be ending support simply because they have a new product that they want to be pushing, but they seldom will turn down money.

      Another option for a solution that has reached its end of life is to find support from unauthorized sources. For example, a piece of infrastructure has reached its end of life and is no long supported by the vendor. You’ve talked to them and they don’t want to continue providing support even after end of support. Maybe there’s someone in the marketplace that has deep expertise of the product that would be willing to support the product. Support doesn’t necessarily have to come from the vendor itself. And this will help your operations teams as they are trying to support the product inhouse.

      If you found this article interesting, you can explore Neil Rerup and Milad Aslaner’s Hands-On Cybersecurity for Architects to architect solutions with robust security components for your infrastructure. This book will help you to successfully design, integrate, and implement complex security structures in any solution whilst ensuring that the solution functions as expected.

       

       

      • Share:
      author avatar
      Neil Rerup

      Neil is Enterprise Cyber Security Architect’s President and Chief Security Architect. ECSA is a company that provides Security Architecture services for Enterprises and large organisations around the world. Neil is responsible for putting forward the Strategic Plans and Security Architecture, both Enterprise and Project, for ECSA Clients.

      During his career, Neil has been involved with numerous clients across Canada and Globally. Some of the project Neil has been involved in are the development of the Security Architecture for GM Defense and the Bank of Canada, development of Security (both Policy and Technological levels) for the City of Calgary, as well as handled the Outsourced project security for such clients as Scotiabank, TD Bank, and the BC Ministry of Provincial Revenue and BC Pensions. He was also the Security Architect for the Vancouver 2010 Olympic Games and BC Hydro’s Enterprise Security Architect, which included being responsible for the Smart Meter Program’s security architecture. He also developed EDS’ Application SDLC and was the Security Architect for the creation of EDS Advanced Solutions.
      An avid sports coach, Neil has over 73 seasons of coaching experience teach youth the sports of Basketball, Soccer, and Football. He is a Certified University-level Football coach and has won numerous Provincial championships in all sports that he has coached.

      Previous post

      Installing Drivers for RealTek RTL8812AU on Kali Linux & Testing Monitor Mode & Packet Injection
      September 11, 2018

      Next post

      Bit-Flipping Attacks against Cipher Block Chaining Algorithms
      October 30, 2018

      You may also like

      Copy_of_free_Delivery_370x208
      Network Security for beginners
      21 September, 2022
      zs-interview
      CyberNews Interview “skilful ethical hackers don’t have to hold college degrees”
      8 April, 2022
      Zsec Post (1)
      MOSINT – Email OSINT Tool
      23 February, 2022

      Leave A Reply Cancel reply

      You must be logged in to post a comment.

      Categories

      • Cryptography
      • Cryptography
      • CTF
      • Forensics
      • Hacking & Security
      • Hardware
      • IOT
      • Kali Linux
      • Network Hacking
      • News
      • OSINT
      • Post Exploitation
      • Post Exploitation
      • Privacy
      • Programming
      • Security
      • Social Engineering
      • Uncategorized
      • Web Hacking

      Popular Posts

      Got a Blank Screen After Importing Kali in Virtual Box ? Here’s How To Fix It
      25Jan2018

      Connect with us

      • Facebook
      • Twitter
      • LinkedIn
      • Instagram
      • Youtube

      “Everything related to ethical hacking

      & cyber security in one place.”

      Quick Links

      • Home
      • About Us
      • Hacking & Security
      • Download Custom Kali
      • Contact
      • FAQ

      Services

      • Penetration Testing
      • Consulting
      • Code Review
      • One on one training
      • VPN
      • VIP Membership

      Company

      • About Us
      • Contact
      • Vulnerability Disclosure

      Support

      • FAQ
      • Forums

      Copyright © 2022 Z IT SECURITY LTD t/a zSecurity. All rights reserved.

      • Privacy
      • Shipping
      • Refunds
      • Terms

      Contribute

      Share your knowledge with the world

      SUBMIT AN ARTICLE

      Login with your site account

      Lost your password?

      Not a member yet? Register now

      Register a new account


      Are you a member? Login now

      Enroll in this course to access this lesson!

      All of our courses include:

      ✔ Lifetime, unlimited access to course materials & training videos.

      ✔ Watch online or download lectures for offline use.

      ✔ Verifiable certificate of completion from zSecurity, signed by the course instructor, Zaid.

      ✔ Get answers from our Support Team within a maximum of 15 hours.

      ✔ Unlimited Updates.

      Get free 1 month VIP membership per course with:

      ✔ Live mentorship and Q&A session with the course instructor, Zaid.

      ✔ Instant support from community members through our private discord channel.

      ✔ Daily updates with the latest tutorials & news in the hacking world.

      ✔ Daily resources like CTFs, bug bounty programs, onion services and more!

      ✔ Access our VIP community & connect with like-minded people.

      ✔ Discounts on other zSecurity products and services.

      We are using cookies to give you the best experience on our website. This includes but is not limited to:

      • Storing your settings and preferences.
      • Remember your access information
      • Track website performance and make our website more relevant to you.

      You can find out more about which cookies we are using or switch them off in settings.

      Privacy Overview

      This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

      Strictly Necessary Cookies

      Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.

      3rd Party Cookies

      This website uses Google Analytics and Linkedin to collect anonymous information such as the number of visitors to the site, and the most popular pages.

      Keeping this cookies enabled helps us to improve our website.

      Please enable Strictly Necessary Cookies first so that we can save your preferences!

      Powered by  GDPR Cookie Compliance