3.8 Explain how resiliency and automation strategies reduce risk.

Question 1

Automation/Scripting

Answer 1

To help reduce security risks, it is important to automate as many tasks as possible. The benefit of automation is that you make fewer mistakes because you simply run the automated tasks or script day in and day out. Fewer configuration mistakes translate to fewer vulnerabilities in the environment.

Not only should you have automated courses of action (configuration steps), but you also should automate any continuous monitoring steps to help ensure that you do not miss any security alerts or notifications. You also want to automate configuration validation, the process of reviewing the configuration settings of the environment to ensure they are accurate.

Question 2

Automation/Scripting - Automated Courses of Action

Answer 2

Automate courses of action (configuration steps)

Question 3

Automation/Scripting - Continuous Monitoring

Answer 3

Automate continuous monitoring steps to help ensure that you do not miss any security alerts or notifications

Question 4

Automation/Scripting - Configuration Validation

Answer 4

Automate configuration validation, the process of reviewing the configuration settings of the environment to ensure they are accurate.

Question 5

Templates

Answer 5

Templates in cloud-based environments allow you to apply standard configuration settings to virtual machines as they are being created.

Question 6

Master Image

Answer 6

(Templates in cloud-based environments allow you to apply standard configuration settings to virtual machines as they are being created.)

Combining these templates of configuration settings with the operating system’s master image allows you to quickly provision virtual machines and have them running in minutes.

Question 7

Non-persistence

Answer 7

When working with cloud solutions or virtualized environments, there are a number of ways to undo changes that are made to the systems.

Question 8

Non-persistence - Snapshots

Answer 8

Within the virtualization environment, you can create snapshots, which are like save points of the configuration state.

Question 9

Non-persistence - Revert to Known State

Answer 9

You can revert your system to a snapshot to undo changes since that snapshot.

Question 10

Non-persistence - Rollback to Known Configuration

Answer 10

Some software automatically saves your configuration state and enables you to roll back to one of those saved configuration states.

Question 11

Non-persistence - Live Boot Media

Answer 11

You can boot from live media, such as an operating system DVD, and choose to recover the system to a point in time from the recovery options. For example, Windows installation media allows you to boot to the installation DVD and choose System Restore from the recovery options.

Question 12

Elasticity

Answer 12

Elasticity in the context of cloud computing refers to spinning up new servers as the workload demands it, and shutting down those servers when the workload decreases.

Question 13

Scalability

Answer 13

Scalability is ensuring that as your needs grow, the solution can grow with you.

Question 14

Distributive Allocation

Answer 14

A great feature of many private cloud solutions is distributive allocation, which allows you to distribute the virtual machines across many hosts systems. Most private cloud solutions will look at the existing workload on the host systems and give a recommendation regarding which host system a virtual machine should run on.

Question 15

Redundancy

Answer 15

A big part of ensuring high availability is to create redundancy in all areas, including the hardware in your environment. The hardware is not limited to having multiple drives in case one fails, but should also include redundancy of the following:

1. Servers
2. WAN links
3. Power

Question 16

Fault Tolerance

Answer 16

Fault tolerance is the concept that if one part of the solution fails, another part will pick up the workload and the solution will continue to function with no data loss.

Question 17

High Availability

Answer 17

It is important to understand that having a RAID array does not ensure that your users can gain access to the data. For example, if you have an e-mail server that is connected to the RAID array, notice that the clients connect to the e-mail server to retrieve the data and not directly to the RAID array. What if the e-mail server fails? Although you have the e-mail data on a RAID array, the users are unable to get to that data because they must make the request through the e-mail server.

High availability is ensuring that clients can always gain access to the services that they need, whether it be an email server, database server, or a WAN link. To have high availability, you must first identify all of your single points of failure and then create redundancy in those areas.

The following are some key areas where single points of failure are found:

1. Servers
2. Hard drives
3. Network equipment such as routers and switches
4. WAN/Internet links
5. Power

Question 18

RAID

Answer 18

Having a data backup is a great idea, and storing a copy of that backup offsite is a better idea to help ensure that you can recover from any type of disaster.

One of the problems with relying only on a backup solution is that if a drive fails on the server, users will need to wait for you to replace the drive and then to restore all the data—this could take hours, depending on the amount of data you are restoring.

To avoid having to replace the drive and to restore the data in the middle of the day during business hours, you could take advantage of fault-tolerant solutions such as Redundant Array of Independent Disks (RAID). RAID is a technology that duplicates data across drives so that if a drive fails, the other drives in the solution can provide the data.

The benefit is that if a drive fails, you can wait to fix the problem at the end of the business day, knowing that the redundancy of your solution will ensure that no data is lost (except in the case of RAID 0).

RAID has different types, known as levels, and each level provides a different benefit with a different type of redundancy. The following subsections describe popular RAID levels supported by different network operating systems.

Question 19

Bonus - RAID 0

Answer 19

RAID 0, known as disk striping, splits the data across all disks in the volume. RAID 0 writes to all disks at the same time, decreasing the time it takes to read or write the data. There is no fault tolerance in RAID 0; it is strictly for performance benefits.

Question 20

Bonus - RAID 1

Answer 20

RAID 1 is known as disk mirroring, which “mirrors,” or stores a full copy of, the data on a second disk in case the first disk fails. Disk mirroring is when you have two drives connected to a single controller, while disk duplexing, which is a form of mirroring, is when the two drives are connected to different controllers.

Question 21

Bonus - RAID 5

Answer 21

RAID 5 volumes are known as striping with parity because this volume type splits the data across all disks but saves parity data on one of the disks per stripe. The parity information is used to calculate the missing data if a disk in the RAID 5 volume fails.