Chapter 60 Β· Concepts

Other Infrastructure β€” Quick Reference

Architecture stacks, comparison tables, IoT and ICS security controls, HA design, and infrastructure type reference.

On-Premises vs. Cloud Security β€” Decision Matrix

FactorCloudOn-PremisesExam Tip
Physical infrastructure securityProvider's responsibilityOrganization's responsibilityIaaS = customer owns OS up; physical = provider always
Hardware managementNo hardware to manage β€” provider supplies itOrganization purchases, racks, maintains all hardwareCloud eliminates hardware attack surface for customer
Data sovereigntyRequires provider selection + configuration controlsFull β€” data never leaves premisesGovernment/classified often requires on-prem
Security customizationLimited to platform optionsComplete β€” any tool can be deployedNiche security tools β†’ on-prem advantage
Speed of changeFast β€” API-driven, no procurementSlow β€” procurement + deployment cyclesEmergency security patches faster in cloud
Cost modelOpEx β€” pay as you goCapEx β€” large upfront hardware investmentCloud = lower upfront; on-prem = lower long-term at scale
Multi-tenancy riskPresent β€” shared infrastructureNone β€” dedicated infrastructureSide-channel attacks more relevant in cloud
Attacker perspectiveIrrelevant β€” attackers target data regardless of locationControls matter; location does not

Virtualization Stack vs. Containerization Stack

LayerVirtualizationContainerization
Top (Applications)App A, App B, App C (one per VM)App A through App G (many per host)
OS LayerGuest OS per VM (full OS β€” Windows, Linux, etc.)No per-container OS β€” containers share host kernel
Abstraction LayerHypervisor (VMware ESXi, Hyper-V, KVM)Container Engine (Docker, containerd, Podman)
Host OSNo host OS for Type 1 hypervisor (bare-metal)Host Operating System (single OS shared by all containers)
Bottom (Hardware)Infrastructure (physical servers)Infrastructure (physical servers)

Virtualization vs. Containerization β€” Security Comparison

CharacteristicVirtualization (VMs)Containerization
OS per workloadFull guest OS per VM β€” high resource overheadShared host OS kernel β€” minimal overhead
Startup timeMinutes (full OS boot sequence)Milliseconds (process launch)
Isolation boundaryHardware abstraction β€” hypervisor enforces VM boundaryOS namespaces/cgroups β€” kernel enforces container boundary
Isolation strengthStrong β€” hypervisor separates at hardware levelStrong but narrower β€” all containers share one kernel
Worst-case security failureVM escape β€” attacker breaks out of guest OS to hypervisor or other VMsContainer escape β€” attacker breaks out to host OS, affecting all containers
Kernel vulnerability impactIsolated per VM β€” guest OS kernel vuln affects only that VMShared β€” host kernel vuln potentially affects all containers
Image sizeLarge (GB β€” includes full OS)Small (MB β€” application + dependencies only)
Best use caseMixed OS environments, strong isolation requirements, legacy appsCloud-native apps, microservices, rapid scaling

Specialized Infrastructure Type Reference

TypeDefinitionExamplesSecurity RiskPrimary Control
IoTNetwork-connected devices for sensing, automation, data collection β€” designed by domain specialists, not security engineersSmart thermostats, video doorbells, wearables, facility automation, industrial sensorsWeak defaults, no update mechanism, unencrypted comms, single device = network footholdDedicated IoT VLAN; treat as untrusted endpoint; disable unused services; replace end-of-life devices
SCADA/ICSSupervisory Control and Data Acquisition β€” monitors and controls industrial physical processes at scalePower grids, oil refineries, water treatment, manufacturing lines, railwaysCyberattack = physical destruction, safety incident, critical service disruptionPhysical air gap from IT network; no direct internet; strict change management; jump server with logging for any access
RTOSDeterministic OS β€” guarantees task completion within strict time windowsABS/airbags in cars, industrial robot controllers, pacemakers, military guidanceSecurity tools incompatible with timing requirements; disruption = safety failure; difficult to patchPhysical and network isolation; no general-purpose connectivity; physical security for device access
Embedded SystemPurpose-built hardware+software for one function; no general-purpose OS; cannot load arbitrary softwareTraffic light controllers, digital watches, MRI scanners, industrial actuatorsLong lifecycle with unpatched firmware; no monitoring; minimal update mechanismNetwork isolation; compensating controls at network boundary; lifecycle policy for end-of-support tracking

High Availability β€” Redundancy vs. HA vs. Active/Active

ConceptDefinitionFailoverDowntime on FailureCostExample
RedundancySpare system available in case primary failsManual β€” staff must bring spare online, configure, and connectMinutes to hours (manual intervention)Lower β€” spare hardware onlySpare switch in storage room; cold standby server
Active/Passive HAPrimary handles traffic; standby is synchronized and ready; automatic failoverAutomatic β€” failover in secondsSeconds (automatic failover) β€” brief interruption possibleMedium β€” standby hardware + synchronization infrastructureFirewall HA pair; primary/standby database cluster
Active/Active HABoth systems handle traffic simultaneously; load shared; neither is a "standby"None needed β€” surviving node absorbs full load seamlesslyZero β€” surviving node was already handling trafficHighest β€” both nodes must handle full load individuallyActive/active load-balanced web servers; clustered databases

IoT Security Controls Checklist

ControlImplementationAddresses
Network isolationPlace all IoT devices on a dedicated VLAN with ACLs blocking access to corporate systemsFoothold-to-lateral-movement path β€” compromised device cannot reach corporate network
Default credential changeChange all factory default usernames and passwords before deployment; disable accounts that cannot be changedCredential-based compromise β€” most IoT attacks use factory defaults
Firmware update managementSubscribe to vendor security advisories; apply firmware updates as released; replace devices with no update supportKnown vulnerabilities in unpatched firmware
Disable unnecessary servicesAudit open ports and services on IoT devices; disable any service not required for the device's function (Telnet, unused web interfaces)Unnecessary attack surface on each device
Inventory and lifecycle trackingMaintain a complete inventory of all IoT devices including model, firmware version, and end-of-support dateUnknown devices on network; continued use of end-of-life devices with no update path
Encrypted communicationsVerify IoT devices use encrypted protocols for data transmission; avoid devices that transmit in plaintextNetwork interception of sensor data or control commands

Centralized vs. Decentralized Management Tradeoffs

AspectCentralizedDecentralized
Alert visibilityCorrelated across all systems β€” cross-source attack patterns visibleSiloed β€” events in one system invisible to another
Log analysisSingle query spans entire environmentRequires manual correlation across multiple interfaces
Patch managementUnified view of patch status across all systemsEach system managed independently β€” gaps easily missed
Failure impactConsole failure = loss of visibility across entire environmentIndividual system failure affects only that system's visibility
ScalabilityConsole must scale with log and alert volume growthEach system scales independently
Attack target valueHigh β€” compromising the console = visibility into everythingLower β€” each system is a separate target