Lesson 20 Cyber Security Resilience Flashcards

1
Q

DNS Sinkhole

A

A sinkhole is a defense mechanism typically used against DDoS attacks. When a network device or server detects an incoming attack the “sinkhole” function attempts to send the malicious traffic to a honeypot/net (sandbox) for analysis, away from the originally indented target.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

RAID

A

Redundant Array of Independent Disks
- provides redundancy for storage devices

many disks can act as backups for each other to increase reliability and fault tolerance

RAID levels are fault tolerance levels

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

RAID 1, level 1

A

Level 1 - RAID 1

  • Mirrored drives
  • all drives are identical, ie mirrored
  • provides redundancy
  • Drawback is storage capacity is 50% of entire disk array
  • Not for performance, ie no speed increase
  • only level to use mirroring, no stripping
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

RAID 5 - level 5

A

RAID 5 - level 5

  • striped drives with one parity bit
  • minimum of three disks
  • speed of level 0 and redundancy
  • fault tolerance of 1
  • one disk can fail without losing data
  • size all disks together minus 1
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

RAID 6 - Level 6

A

RAID 6 - Level 6

  • striped drives with two distributed parity bits
    • allows for two disk failures without losing data
  • minimum of four disks
  • speed and more redundancy than level 5
  • size add all disks together then subtract two
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

RAID 0 - Level 0

A

RAID 0 - Level 0

  • striping without parity
  • data written across several disks simultaneously
  • no redundancy
  • minimum of 2 disks
  • good for streaming media
  • zero redundancy, if one disk fails all data is lost
  • size is all disks added together
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

RAID 10 - Level 10

A

RAID 10
Minimum of 4 disks with Mirrored strips
data is striped over half the drives and then mirrored to the remaining disks
no parity bits
increased speed and redundancy than level 6

has to have even number of disks
has mush less space
- half of all disks combined (add all together and divide by 2)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

High Availability

A

Percentage of time the system is online, measured over a defined period typically one year

Also means system is able to cope with rapid growth in demand

Converse is downtime, think MTD (max tolerable downtime)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Scalability vs Elasticity

A

Scalability is the capacity to increase resources to meet demand within similar cost ratios
two types of scalability
-able to scale out - add more resources in parallel with existing resources
-able to scale up - increase the power of existing resources

Elasticity is the systems ability to handle changes on demand in real time

  • quicker scalability demand in real time
  • high elasticity means the system can handle a sudden demand in real time
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Fault Tolerance - meaning of and how to achieve

A

A fault tolerant system means the system can experience failures and still provide the same or nearly the same level of service

Fault tolerance is achieved through provisioning redundancy for critical components or single points of failure (SPoF)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Power Redundancy

A

Protecting systems against power events which could harm system
Dual Power Supplies
Managed Power Distribution Units (PDUs)
Battery Backups and Uninterruptible Power Supplies (UPSs)
Generators

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

NIC Teaming

A

Network Interface Card (NIC) Teaming to provide network redundancy at the adapter level
Means a server is installed with multiple NICs or NICs with multiple ports allowing each port to a separate network cable. Four 1 GB cables allow the network to have an overall bandwidth of 4 GB

Provides for high-bandwidth link in normal operation but if a one NIC or cable has a problem the network connection can still work but at a reduced speed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Switching and Routing Redundancy

A

Design network cabling to allow for multiple paths between switches and routers allowing failure of one part of the network to not affect the rest of the network

Requires use of Spanning Tree Protocol (STP) to prevent loops

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Load Balancers

A

Service Level solutions to balance loads across devices/system

Load balancing switch will distribute workloads between available servers

Load balancing cluster will share data and session information between the cluster of servers to maintain a consistent service

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

multipath I/O for disk redundancy

A

focused on the path/bus between the server and the storage devices or RAID

ensures there is controller redundancy and/or multiple paths to the storage devices

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Data replication

A

technology which maintains exact copies of data at more than one location

SAN - Storage Area Network - utilized fiber optic to connect storage devices, including across WAN links

Database replication needs to maintain consistency between the replicas

Virtual Machine (VM) - across locations may utilize VMs disk image and configuration settings

17
Q

Geographical Dispersal

A

data replication between hot and warm sites physically distant from one another

18
Q

Synchronous Replication

A

writes data to all replicas at the same time

19
Q

asynchronous replication

A

writes data to the primary storage first, then copies data to the replicas at scheduled intervals

20
Q

Backup Method Types

A

Full - all selected data is regardless of when it was previously backed up

Incremental - New files and modified files since last backup

Differential - All new and modified files since the last full backup

Backup/Restore time
Full - High/Low
Incr - Low/High
Diff - Moderate/Moderate

Archive
Full - cleared
Inra - cleared
Diff - Not cleared

Restoral process
Full - restore the last backup after the disaster
Incr - restore the last full backup plus all the incr backups since the last full backup after the disaster
Diff - restore the last full backup plus the last incr backup after the disaster
Don’t do: mix Incr and Diff - restore the last full backup plus all the incremental and only the last diff if it was the last backup in the cycle; CompTIA says to not to do this, should use full backups with differential or fullbackups with incremental

21
Q

Snapshots

A

Databases are in constant use, so use a snapshot in time as a backup

Point-in-time copy of data maintained by a file system

Windows snapshots on NTFS use the Volume Shadow Copy Service (VSS)

Virtual system managers can take a snapshot or cloned copies of VMs

  • snapshot remains linked to the VM
  • clone is a separate VM from the point the image was made
22
Q

Images

A

Used for OS backup solution, should not include user files

Can be done from the hard drive or from a VMs virtual hard disk

23
Q

Disaster Restoration Order

Know for test - important

A

Complex facilities must recover from a Site outage in a specific order as it can cause power shortages or problems in the network, OS or application layers due to dependencies

Order of Restoration
Enable and test:
1. Power delivery systems (grid power, PDUs, UPS, generators)
2. Switch infrastructure, then routining appliances and systems
3. Network security appliances (firewalls, IDS, process)
4. Critical network servers (DHCP, DNS, NTP, and directory services)
5. back-end and middleware (DBs and business logic). Verify data integrity.
6. front-end applications
7. Enable client workstations, devices, and client browser access

24
Q

Site Resiliency

hot, warm, cold sites

A

How fast as site can recover/failover to a backup site
Hot Site - can failover almost immediately, possibly a site with equipment updated with live data
Warm Site - similar to Hot Site, may need the latest data set to be loaded
Cold Site - may just be a location which needs to install equipment, etc.

25
Q

Deception Strategies

A

Utilize Active defense to engage the attackers, by luring or baiting with in the intent to pursue attribution. Attribution means to publicize attackers role and method to be used as threat intelligence.

Deception:
Honeypot a decoy computer system to attract attackers
Honeynets are a network of honeypots
Honeyfiles are files which contain fake data and can be made to be traceable
These are used with a lower defense level network to attract attackers with the intent of identifying attackers and their methods

26
Q

Disruption Strategies

A

Disruption:
aim is to raise the attack cost and tie up attackers resources
Examples:
bogus DNS entries listing non-existent hosts

web server configurations with multiple decoy directories or dynamically generated pages to slow down scanning

fake telemetry data returned when port scanning is detected or opening more bogus ports all designed to slow down scanning efforts

DNS sinkhole to route suspect traffic to a honeynet to be analyzed

27
Q

3-2-1 rule of Back up Storage

A

The 3-2-1 rule for offsite and online backup storage

a rule which states you should have 3 copies of your data, across 2 media types, with 1 copy offline and offsite

28
Q

Backup Media types

A

Disk
NAS (Network Attached Storage - RAID via Win SMB or FTP) - file level backup
Tape
SAN (Storage Area Networks) often used by Cloud
- easier to expand/change as needed, higher scalability than attached storage

29
Q

Non-persistence and recovery of systems

A

Non-persistence means that any given instance is completely static in terms of processing function
- data can be swapped out for a as new copy without suffering configuration problems

Mechanisms to provide this:

  • Snapshot/revert to know state
  • Rollback to know config
  • Live boot media/boot from read-only storage to memory

For automation systems:

  • Master image/gold copy of image
  • Automated build from template
30
Q

Diversity and Defense in Depth

A

Use layered security to provide defense in depth which means to have a system which has many layers of security controls, thus reducing the attack surface for an attacker

31
Q

Control Diversity

A

Security layers of control should combine different technical and administrative controls functions of prevent, detect, correct, and deter.