Domain 3 – Telecom and Network Security Flashcards
DSL
Digital Subscriber Line
ISDN
Integrated Services Digital Network
PAP
Password Authentication Protocol – clear text
CHAP
Challenge Handshake Authentication Protocol – protects password
Remote User Management
- Justification of remote access
- Support Issues
- Hardware and software distribution
Intrusion Detection…
- Notification
* Remediation
CIRT
Computer Incident Response Team CIRT Performs • Analysis of event • Response to incident • Escalation path procedures • Resolution – post implementation follow up
Network Based IDS
Commonly reside on a discrete network segment and monitor the traffic on that network segment.
Host Based IDS
Use small programs, which reside on a host computer. Detect inappropriate activity only on the host computer, not the network segment.
Knowledge Based IDS
Signature based Pros: Low false alarms Alarms Standardized Cons: Resource Intensive New or unique attacks not found
Behavioral Based IDS
Statistical Anomaly Pros : Dynamically adapts Not as operating system specific Cons: High False Alarm rates User activity may not be static enough to implement
CIRT – (CERT)
Computer Incident Response Team Responsibilities: • Manage the company’s response to events that pose a risk • Coordinating information • Mitigating risk, minimize interruptions • Assembling technical response teams • Management of logs • Management of resolution
Network Availability
- RAID – Redundant Array of Inexpensive Disks
- Back Up Concepts
- Manage single points of failure
RAID
Redundant Array of Inexpensive Disks
• Fault tolerance against server crashes
• Secondary – improve system performance
• Striping – Caching and distributing on multiple disks
• RAID employs the technique of striping, which involves partitioning each drive’s storage space into units ranging from a sector (512 bytes) up to several megabytes. The stripes of all the disks are interleaved and addressed in order.
• Hardware and software implementation
FRDS+
- Protect from disk failure – can reconstruct disks by automatically hot swapping while server is running
- Includes environmental
- FRDS+ adds hazard warnings
RAID Advisory Board
• Three types – Failure Resistant Disk Systems (FRDS) - the only current standard, Failure Tolerant Disk Systems, and Disaster Tolerant Disk Systems.
• FRDS: provides the ability to reconstruct the contents of a failed disk onto a replacement disk.
• Enables the continuous monitoring of these parts and the alerting of their failure
FRDS+
RAID 0 (STRIPPING)
- Creates one large disk by using multiple disks – striping
- No redundancy
- No fault tolerance (1 fail = all fail)
- Read/Write performance is increased
RAID 1 (MIRRORING)
- Mirroring
- Duplicates data on other disks (usually one to one ratio)
- Expensive (doubles cost of storage)
RAID 2 (HAMMING CODE PARITY)
- Multiple disks
- Parity information created using a hamming code
- Can be used in 39 disk array 32 Data and 7 recovery
- Not used, replaced by more flexible levels
RAID 3 (BYTE LEVEL PARITY) RAID 4 (BLOCK LEVEL PARITY)
- RAID 3 – Byte level
- RAID 4 – Block level
- Stripe across multiple drives
- Parity information on a parity drive
- Provides redundancy
- Can affect performance with single parity drive
RAID 5 (INTERLEAVE PARITY)
- Most popular
- Stripes data and parity information across all drives
- Uses interleave parity
- Reads and writes performed concurrently
- Usually 3-5 drives. If one drive fails, can reconstruct the failed drive by using the information from the other 2.
RAID 7 (SINGLE VIRTUAL DISK)
- Functions as a single virtual disk
- Usually software over Level 5 hardware
- Enables the drive array to continue to operate if any disk or any path to any disk fails.
RAID Summary
0 – Striping 1 – Mirroring 2 – Hamming code parity 3 – Byte level parity 4 – Block level parity 5 – Interleave parity 7 – Single Virtual Disk
Redundant Servers
- Primary Server mirrors to secondary server
- Fail-over or rollover to secondary in the event of a failure
- Server fault tolerance can be warm or hot