Chapter 9 Implementing Controls to protect assets

Question 1

Two vulnerabilities associated with poor asset management?

broadly, not relating to a single asset.

Answer 1

Architecture and design weakness, this relates to how the asset fits within all facets of the organization, network management etc. An approval process limits this.

System sprawl and undocumented assets: Asset management begins before purchase, it evaluates whether there are too many systems etc. It must also be tracked and managed. Without management issues can arise.

Question 2

What is the concept of defence-indepth?

Answer 2

Layered security, implementing security at several layers, so if one fails, there is another.

Question 3

How does diversity contribute to defence-indepth? List some examples

Answer 3

Use of different methods to diversify risk, such as vendor products (different firewalls), technology use (implementing lots of different types, cctv, biometrics, and barracades). Control diversity (Using physical, technical and administrative controls, firewalls+server room locks+pen testing).

Question 4

You’re tasked with creating a secure area, could be a network or server room, what are some options you could consider?

Answer 4

Air gapping a network (depending on what it is), vaults (protecting valuable items, locking inside), Faraday cage (protection against EMF),

Question 5

How does a hot and cold isle work?

Answer 5

Hot isle, airflow comes out the back, the back of cabinets will all be facing one another. Cold is the opposite. Prevents hot and cold air mixing. Saves energy, lower fan speeds etc.

Question 6

Card skimming vs card cloning

Answer 6

Skimming - capturing at POS, ATM, terminal, skimming the device
Cloning - Using stolen data to clone an entire card, more difficult now with chips that encrypt data.

Question 7

List a few redundancies for the following:
Disk
Network
Server
Power
Site

Answer 7

Disk- RAID arrays
Network - NIC teaming, network load balancers
Server - Load balancers
Power - UPS, generators
Site - hot/cold sites

Question 8

A file is spread across multiple physical disks, what is this called and what array uses this? and only this. List an advantage of this method and a disadvantage

Answer 8

Raid 0 , it is striping, provides better read/write performance, but it is not providing any fault tolerance/redundancy.

Question 9

What type of disk array writes what is on one disk to the other disk? name the one that does this in isolation only. Advantages? disadvantages?

Answer 9

Raid 1, it is mirroring. it has fault tolerance, you can lose half the disks and still operate. However, it requires more disk/hardware.

Question 10

What is parity in raid arrays? what raids have parity?

Answer 10

Parity is a calculated value that’s used to restore data from the other drives if one of the drives in the set fails. Raid 5 & 6.

Question 11

What does a raid 5 contain? How many disks, and what is contained within these?

Answer 11

Raid 5 an be three or more disks. They are all striped together. They also contain parity information across these disks. Provides fault tolerance/ data redunancy.

Question 12

What does a raid 6 contain? how many disks?

Answer 12

Raid 6 requires minimum 4 disks. Has an extra parity block to it. Conceptually same as 5, striping + parity. can still operate even if 2 drives fail, unlike raid 5 = if 2 fail, then its game over.

Question 13

Of the raids, which provide fault tolerance and why?

Answer 13

Raid 1, 5 and 6. Raid 1 has mirroring, raid 5 and 6 have parity data.

Question 14

What raids can survive 1 disk failure and only 1 (providing they have the minimum required disks for that class)

Answer 14

Raid 1 (mirroring) and raid 5 (striping with parity) at 2 and 3 disks.

Question 15

Which can survive 2 disk failures providing they have the minimum of that class?

Answer 15

raid 6. Has min 4 disks.

Question 16

Load balancers for fault tolerance, active/active vs active/passive?

Answer 16

An active/active, using 2 as an example, will distribute traffic evenly. They are both active and in communication with each other.

Active/passive, one is active the other is inactive, if the active fails the inactive one takes over. Similarly, both in communication, both have access to external data.

Question 17

How does one administer the process of NIC teaming? why?

Answer 17

Group two or more physical network adapters together into a signal software-based virtual network adapter. It begins working as a single network adapter, increasing performance, fault tolerance, load balancing.

Question 18

What are some examples of redunant power supply options?

Answer 18

UPS , dual supplies (if one fails the other takes over), generators, power distribution units (PDUs) which all measure, control and report to a central powering unit.

Question 19

List the difference types of backups

Types = ways, not full, incremental etc.

Answer 19

Disk backups, network-attached storage (dedicated computer used for storage available through the network), storage area network (similar, but faster, uses different protocols), the cloud

Question 20

What is a cold backup?

Answer 20

a backup performed while the database is offline, it is considered, an offline backup.

Question 21

What is the difference between a differential back up and incremental backup?

Answer 21

a differential backups the data which has changed/is different since last full backup.

An incremental backs up all data that has changed since the last full - or incremental backup.

Question 22

Give a small strategy utilizing full and differential backups

Answer 22

A full back up is likely less frequent due to time/resources (disk space). It may occur once a week. Smaller backups, like differential or incremental more frequently. Maybe every day excluding sunday.

Question 23

You’ve done all your backups, how should they be stored? why?

Answer 23

due to geographical considerations one should be stored off site. Off site should consider wide spanning natural disasters, appropriate distance but still consider legal implications of the data juridiction.

Question 24

What are BCE that need to be considered?

Answer 24

Business continuity elements. Enviornmental (volcanos, hurricanes etc), Person-made, internal vs external (internal fire, stabbing etc, external similar to environmental, but could be other things too, truck crashed into powerlines).

Question 25

Critical business systems and components need to be identified using a …?

Answer 25

business continuity plan, this will involve conducting a business impact analysis. What is the most critical thing to restore after a disaster/event? Hardware, software, people, power outages etc. should also consider their dependencies and the maximum downtime limits. What might create these impacts? refer to business continuity elements.

Question 26

RPO vs RTO?

Answer 26

Recovery point objective vs recovery time objective. RPO - what is an acceptable amount of data to lose, recovering from X in past time. How does this impact backup frequency? Recovery time objective - maximum acceptable downtime for XYZ, RTO < 5minutes etc. All systems must be back up and running in 5 minutes.

Question 27

MTBF vs MTTR

Answer 27

Meantime between failure - How often a system will experience outages. Things that can’t be repaired. How many hours til it fails? what is the average between failures?

Mean time to repair? Average time it takes to restore a system

Question 28

COOP, what is it?

Answer 28

Continuity of operations planning - restoring mission-critical systems at a site that isn’t the primary site. Like a DR site. Operating at an alternative location

Question 29

With regards to site resiliency, compare a hot site, cold site and warm site.

Answer 29

Hot site: 24-7 operations. Can take over from the primary site when needed after outage. Contains a replicia of hardware/software & possibly personale

Cold site: requires electricity/power. Equipment is transferred cheap to maintain difficult to test.

Warm site: Inbetween, may include some hardware, software might not be up to date.

Question 30

What is the purpose of a DRP?

Answer 30

To identify critical system recovery after a disaster, how to prioritize it and provide lessons learned for the next one.

Question 31

What are some ways to test a DRP?

Answer 31

table top exercises - discussion based situations and how a response would look

simulations - can be minor to full blown, a situation occurs as a simulation, and is reacted to.

Walk-throughs: usually training provided before a table top exercise

backups: testing backups before a DR incident occurs.

Question 32

What is multipath used for? and what does it do?

Answer 32

A fault tolerance technique, providing more than 1 path to data storage such as two storage area networks.

Question 33

User connects to same server for entire session, with regards to load balancing, what is this?

Answer 33

Describes persistence.

Question 34

Mission essential vs critical systems? What kind of business plan would require these to make?

Answer 34

Mission essential are supported by critical systems. Biz impact analysis.