Security Architecture
Architecture patterns, defense in depth, secure design principles, and reference architectures.
Overview
Security architecture provides a structured approach to security design.
Architecture Patterns
Architecture Diagram
+-------------------------------------+
| Presentation |
| (Web, Mobile, API) |
+-------------------------------------+
| Application |
| (Business Logic, Auth) |
+-------------------------------------+
| Data |
| (Database, Cache, Storage) |
+-------------------------------------+
| Infrastructure |
| (Network, Servers, Containers) |
+-------------------------------------+
Secure Design Principles
| Principle | Description |
|---|---|
| Least Privilege | Minimum access needed |
| Defense in Depth | Multiple security layers |
| Fail Secure | Default to secure state |
| Separation of Duties | Split critical tasks |
| Complete Mediation | Check every access |
| Economy of Mechanism | Simple is better |
| Open Design | Don't rely on secrecy |
Reference Architecture
security_architecture:
perimeter:
- firewall
- waf
- ddos_protection
network:
- segmentation
- ids_ips
- vpn
application:
- authentication
- authorization
- encryption
data:
- encryption_at_rest
- encryption_in_transit
- backup
monitoring:
- siem
- logging
- alerting
Network Security Zones
Architecture Diagram
+-------------------------------------+
| Untrusted |
| (Internet) |
+-------------------------------------+
| DMZ |
| (Public services) |
+-------------------------------------+
| Internal |
| (Application servers) |
+-------------------------------------+
| Restricted |
| (Databases, sensitive data) |
+-------------------------------------+
Practice
Design a secure architecture for a cloud-native application.