Security Architecture, Network Controls, and Endpoint Management

This chapter covers the structural design choices that support a secure environment. The exam focus is on how architecture and network controls limit exposure, contain compromise, and support monitored access.

In This Chapter

• Network Segmentation and Isolation explains how dividing environments reduces attack spread and control failure impact.
• Firewalls, Intrusion Detection and Prevention Systems (IDPS) covers common perimeter and monitoring controls.
• Endpoint Security, System Hardening, and Patch Management focuses on protection at the device and system level.
• Secure VPNs, Wireless Networks, and Remote Access addresses secure connectivity outside the traditional office boundary.
• Mobile Device Management (MDM) and BYOD explains how organizations govern personally used and portable devices.

How to Use This Chapter

• Read this chapter when security controls are being discussed at the environment level rather than the identity level.
• Focus on what each control prevents, detects, or contains.
• Revisit it whenever an ISC question turns on network design or remote-access risk.

In this section

• Network Segmentation, Isolation, and Attack Containment
  Network segmentation, isolation, and attack containment.
• Firewalls, Intrusion Detection, and Intrusion Prevention Controls
  Firewalls, intrusion detection, and intrusion prevention controls.
• Endpoint Security, Hardening, and Patch Discipline
  Endpoint security, hardening, patching, and device-level protection.
• Secure VPNs, Wireless Security, and Remote Access Control
  Secure VPNs, wireless safeguards, and remote access control.
• Mobile Device Management, BYOD, and Policy Enforcement
  MDM, BYOD governance, and mobile-device policy enforcement.