Data is transit - Data transmitted over a network

Most network devices are concerned with forwarding data, not security

To secure a network, we use:

• Network Based Protection - firewalls, IPS
• Transport Encryption - TLS, IPSec

Data at rest - Data on a storage device

To protect data at rest, data is often encrypted before being stored

• Different parts of a device may be encrypted

In addition to encryption, permissions are also used in data storage

Public Key Infrastructure (PKI) - Manages digital certificates and keys for an organization

• Large project that requires lots of planning
• Needed when an org deals with a lot of keys or issues a lot of certificates

Digital Certificates - Given to users and devices, signed by a certificate authority

• Binds a public key with a digital signature from a CA
• Web of Trust - If A trusts B and B trusts C, A trusts C
• Creation of certificates is often built into OS, or can be done by a 3rd party

Certificate Authority - The centralized authority that signs certificates

• Can be 3rd party or created by the organization
• Lets us know that, for example, site can be trusted

Self-signed Certificates

• A custom made CA for an organization. If the organization trusts it, I trust it

IAM (Identity and Access Management)

• Managing users and other entities (ex. programs) access to data
• Access control, authentication, authorization

Least Privilege - A user can access only the bare minimum that is needed for their job

RBAC (Role-Based Access Control) - An admin creates roles, such as "manager" or "shipping department", that have different levels of access then assigns these roles to users

Geographic Restrictions - Restriction based on location

• Can use IP, 802.11, or GPS (least to most accurate)
• "Geofencing" - Adding or removing permissions based on a users location

Camera - CCTV (Closed Circuit TV)

• Modern cameras often include motion or object detection
• Many different cameras and networked together and recorded over time

Door Locks

• Token-based access: RFID badge, magnetic swipe card, key fob
• Biometric: Hand/finger print, retina
• MFA - Example key fob + PIN