Given a scenario, implement cybersecurity resilience

Question 1

Redundancy

Answer 1

Geographic dispersal
Disk
Network
Power

Overprovisioning resources at the component, host, and/or site level so that there is failover to a working instance in the event of a problem.

Question 2

Geographic dispersal

Answer 2

Resiliency mechanism where processing and data storage resources are replicated between physically distant sites.

Question 3

Disk

Answer 3

Redundant array of inexpensive disks (RAID) levels
Multipath

Disk and storage resources are critically dependent on redundancy. While backup provides integrity for when a disk fails, to restore from backup would require installing a new storage unit, restoring the data, and testing the system configuration. Disk redundancy ensures that a server can continue to operate if one, or possibly more, storage devices fail.

Question 4

Redundant array of inexpensive disks (RAID) levels

Multipath

Answer 4

Specifications that support redundancy and fault tolerance for different configurations of multiple-device storage systems.

Question 5

Network

Answer 5

Load balancers
Network interface card (NIC) teaming

Networking is another critical resource where a single point of failure could cause significant service disruption.

Question 6

Load balancers

Answer 6

NIC teaming provides load balancing at the adapter level. Load balancing and clustering can also be provisioned at a service level:

A load balancing switch distributes workloads between available servers.
A load balancing cluster enables multiple redundant servers to share data and session information to maintain a consistent service if there is failover from one server to another.

Question 7

Network interface card (NIC) teaming

Answer 7

Network interface card (NIC) teaming, or adapter teaming, means that the server is installed with multiple NICs, or NICs with multiple ports, or both. Each port is connected to separate network cabling. During normal operation, this can provide a high-bandwidth link. For example, four 1 GB ports gives an overall bandwidth of 4 GB. If there is a problem with one cable, or one NIC, the network connection will continue to work, though at just 3 GB.

Question 8

Power

Answer 8

Uninterruptible power supply (UPS)
Generator
Dual supply
Managed power distribution units (PDUs)

All types of computer systems require a stable power supply to operate. Electrical events, such as voltage spikes or surges, can crash computers and network appliances, while loss of power from brownouts or blackouts will cause equipment to fail. Power management means deploying systems to ensure that equipment is protected against these events and that network operations can either continue uninterrupted or be recovered quickly.

Question 9

Replication

Answer 9

Storage area network
VM

Synchronous replication is designed to write data to all replicas simultaneously. Therefore, all replicas should always have the same data all of the time. Asynchronous replication writes data to the primary storage first, and then copies data to the replicas at scheduled intervals.

Asynchronous replication isn’t a good choice for a solution that requires data in multiple locations to be consistent, such as data from product inventory lists accessed in different regions. Many geo-redundant replication services rely on asynchronous replication due to the distances between data centers in multiple regions. In some cases, business solutions work around the limitations of asynchronous replication. For example, an online retailer may choose only to show inventory from their local regional warehouse.

Question 10

On-premises vs. cloud

Answer 10

High availability through redundancy and replication is resource-intensive, especially when configuring multiple hot or warm sites. For on-premises sites, provisioning the storage devices and high-bandwidth, low-latency WAN links required between two geographically dispersed hot sites could incur unaffordable costs. This cost is one of the big drivers of cloud services, where local and geographic redundancy are built into the system, if you trust the CSP to operate the cloud effectively. For example, in the cloud, geo-redundancy replicates data or services between data centers physically located in two different regions. Disasters that occur at the regional level, like earthquakes, hurricanes, or floods, should not impact availability across multiple zones.

Question 11

Backup types

Answer 11

Full
Incremental
Snapshot
Differential
Tape
Disk
Copy
Network-attached storage (NAS)
Storage area network
Cloud
Image
Online vs. offline
Offsite storage

Question 12

Full

Answer 12

All selected data regardless of when it was previously backed up

Question 13

Incremental

Answer 13

New files, as well as files modified since the last backup

Question 14

Snapshot

Answer 14

Snapshots are a means of getting around the problem of open files. If the data that you’re considering backing up is part of a database, such as SQL data or an Exchange messaging system, then the data is probably being used all the time. Often copy-based mechanisms will be unable to back up open files. Short of closing the files, and so too the database, a copy-based system will not work. A snapshot is a point-in-time copy of data maintained by the file system. A backup program can use the snapshot rather than the live data to perform the backup.

Question 15

Differential

Answer 15

All new and modified files since the last full backup

Question 16

Tape

Answer 16

Tape media provides robust, high-speed, high-capacity backup storage. Tape drives and autoloader libraries can be connected to the SATA and SAS buses or accessed via a SAN.

Question 17

Disk

Answer 17

Individual removable hard drives are an excellent low-cost option for SOHO network backups, but they do not have sufficient capacity or flexibility to be used within an automated enterprise backup solution.

Question 18

Copy

Answer 18

Most software also has the capability to do copy backups. These are made outside the tape rotation system and do not affect the archive attribute.

Question 19

Network-attached storage (NAS)

Answer 19

A storage device with an embedded OS that supports typical network file access protocols (TCP/IP and SMB for instance).

Question 20

Storage area network

Answer 20

A RAID array or tape drive/autoloader can be provisioned as direct attached storage, where a server hosts the backup devices, usually over serial attached SCSI (SAS). Direct attached storage has limited scalability, so enterprise and cloud storage solutions often use storage area networks (SAN) as a layer of abstraction between the file system objects presented to servers and the configuration of the actual storage media. Where NAS uses file-level access to storage, a SAN is based on block-level addressing. A SAN can incorporate RAID arrays and tape systems within the same network. SANs can achieve offsite storage through replication.

Question 21

Cloud

Answer 21

A RAID array or tape drive/autoloader can be provisioned as direct attached storage, where a server hosts the backup devices, usually over serial attached SCSI (SAS). Direct attached storage has limited scalability, so enterprise and cloud storage solutions often use storage area networks (SAN) as a layer of abstraction between the file system objects presented to servers and the configuration of the actual storage media. Where NAS uses file-level access to storage, a SAN is based on block-level addressing. A SAN can incorporate RAID arrays and tape systems within the same network. SANs can achieve offsite storage through replication.

Question 22

Image

Answer 22

A duplicate of an operating system installation (including installed software, settings, and user data) stored on removable media. Windows makes use of image-based backups and they are also used for deploying Windows to multiple PCs rapidly.

Question 23

Online vs. offline

Answer 23

As well as the onsite/offsite consideration, you should also be aware of a distinction between online and offline backups. An online backup system is instantly available to perform a backup or restore operation without an administrator having to transport and connect a device or load some backup media. An offline backup is disconnected from the host and must be connected manually.

An online system is faster, but an offline backup offers better security. Consider the case of cryptoransomware, for instance. If the backup system is connected to the infected host, the ransomware will encrypt the backup, rendering it useless.

Question 24

Offsite storage

Answer 24

Distance considerations

Question 25

Distance considerations

Answer 25

Linked to offsite storage

Question 26

Non-persistence

Answer 26

means that any given instance is completely static in terms of processing function. Data is separated from the instance so that it can be swapped out for an “as new” copy without suffering any configuration problems. There are various mechanisms for ensuring non-persistence:

Revert to known state
Last known-good configuration
Live boot media

Question 27

Revert to known state

Answer 27

Snapshot/revert to known state—this is a saved system state that can be reapplied to the instance.

Question 28

Last known-good configuration

Answer 28

Rollback to known configuration—a physical instance might not support snapshots but has an “internal” mechanism for restoring the baseline system configuration, such as Windows System Restore.

Question 29

Live boot media

Answer 29

Live boot media—another option is to use an instance that boots from read-only storage to memory rather than being installed on a local read/write hard disk.

Question 30

High availability

Answer 30

The property that defines how closely systems approach the goal of providing data availability 100 percent of the time while maintaining a high level of system performance.

Scalability

Question 31

Scalability

Answer 31

Scalability is the capacity to increase resources to meet demand within similar cost ratios. This means that if service demand doubles, costs do not more than double. There are two types of scalability:

To scale out is to add more resources in parallel with existing resources.
To scale up is to increase the power of existing resources.

Question 32

Restoration order

Answer 32

A concept that dictates the sequence in which systems must be brought back online during disaster recovery.

In very general terms, the order of restoration will be as follows:

Enable and test power delivery systems (grid power, power distribution units (PDUs), UPS, secondary generators, and so on).
Enable and test switch infrastructure, then routing appliances and systems.
Enable and test network security appliances (firewalls, IDS, proxies).
Enable and test critical network servers (DHCP, DNS, NTP, and directory services).
Enable and test back-end and middleware (databases and business logic). Verify data integrity.
Enable and test front-end applications.
Enable client workstations and devices and client browser access.

Question 33

Diversity

Answer 33

Cybersecurity resilience strategy that increases attack costs by provisioning multiple types of controls, technologies, vendors, and crypto implementations.

Technologies
Vendors
Crypto
Controls

Question 34

Technologies Diversity

Answer 34

echnology diversity refers to environments that are a mix of operating systems, applications, coding languages, virtualization solutions, and so on.

Question 35

Vendors Diversity

Answer 35

As well as deploying multiple types of controls, you should consider the advantages of leveraging vendor diversity. Vendor diversity means that security controls are sourced from multiple suppliers. A single vendor solution is a tempting choice for many organizations, as it provides interoperability and can reduce training and support costs. Some disadvantages could include the following:

Not obtaining best-in-class performance—one vendor might provide an effective firewall solution, but the bundled malware scanning is found to be less effective.
Less complex attack surface—a single vulnerability in a supplier's code could put multiple appliances at risk in a single vendor solution. A threat actor will be able to identify controls and possible weaknesses more easily.
Less innovation—dependence on a single vendor might make the organization invest too much trust in that vendor's solutions and less willing to research and test new approaches.

Question 36

Crypto Diversity

Answer 36

This concept can be extended to the selection of algorithms and implementations of cryptography. Adoption of methods such as blockchain-based IAM (ibm.com/blogs/blockchain/2018/10/decentralized-identity-an-alternative-to-password-based-authentication) or selecting ChaCha in place of AES as a preferred cipher suite (blog.cloudflare.com/it-takes-two-to-chacha-poly) forces threat actors to develop new attack methods.

Question 37

Controls Diversity

Answer 37

Control diversity means that the layers of controls should combine different classes of technical and administrative controls with the range of control functions: prevent, detect, correct, and deter.