Lesson 7: Explain Resiliency and Site Security Concepts Flashcards
Define a ‘acquisition/procurement’ policy
Policies and processes that ensure asset and service purchases and contracts are fully managed, secure, use authorized suppliers/vendors, and meet business goals.
Define ‘total cost of ownership (TCO)’
The initial purchase price along with the ongoing costs of maintenance, updates, and potential security incidents associated with an asset.
Define ‘Configuration management’
Ensures that each configurable element within an asset inventory has not diverged from its approved configuration.
Define ‘Change control’
The process by which the need for change is recorded and approved.
Define ‘change management’
The process through which changes to the configuration of information systems are implemented as part of the organization’s overall configuration management efforts.
Define a ‘Service Asset’
Things, processes, or people that contribute to delivering an IT service.
Define a ‘Configuration Item (CI)’
An asset that requires specific management procedures to be used to deliver the service.
Define a ‘baseline configuration’
A list of settings that an asset, such as a server or application, must adhere to.
Define a ‘Security Baseline’
Minimum set of security configuration settings a device or software must maintain to be considered adequately protected.
Define a ‘configuration management system (CMS)’
The tools and databases used to collect, store, manage, update, and report information about CIs.
Define ‘Data deduplication’
Data compression technique that identifies and eliminates redundant data.
Define ‘On-site backups’
Backup that writes job data to media that is stored in the same physical location as the production system.
Define ‘Off-site backups’
Backup that writes job data to media that is stored in a separate physical location to the production system.
How can an organization identify potential issues in their data recovery process?
Testing backups/restore capabilities and making necessary improvements.
Define a ‘Snapshot’
Image backup; Used to create the entire architectural instance/copy of an application, disk, or system at a specific point in time.
What is the purpose of a snapshot?
It is used in backup processes to restore the system or disk of a particular device at a specific time.
Define a ‘VM snapshot’
Capture the state of a virtual machine, including its memory, storage, and configuration settings.
Define a ‘Filesystem snapshot’
Capture the state of a file system at a given moment, enabling users to recover accidentally deleted files or restore previous versions of files in case of data corruption.
Define a ‘SAN snapshot’
taken at the block-level storage layer within a storage area network which capture the state of the entire storage volume.
Define ‘Replication’
Creating and maintaining exact copies of data on different storage systems or locations.
Define ‘Journaling’
A method used by file systems to record changes not yet made to the file system in an object called a journal before the file indexes are updated.
Define ‘Sanitization’
Process of removing sensitive information from storage media to prevent unauthorized access or data breaches.
Define ‘continuity of operations planning (COOP)’
Processes and procedures to ensure critical business functions can continue during and after a disruption.
What is the purpose of continuity of operations planning (COOP)?
Minimize downtime, protect essential resources, and maintain business resilience.
What are key components of continuity of operations planning (COOP)
Identifying critical business functions, establishing priorities, determining the resources needed to support these functions; Involves creating redundancy for IT systems and data.
What is the difference between continuity of operations planning (COOP) and Business continuity planning (BCP)?
Continuity of operations is a component of the broader business continuity concept; COOP is primarily concerned with the immediate response and restoration of critical functions, while business continuity encompasses a more comprehensive approach to ensure the overall resilience and recovery of the entire organization.
Define ‘Capacity Planning’
Organizations assess their current and future resource requirements to ensure they can efficiently meet their business objectives to support anticipated growth or changes in demand.
What are the variables/subjects that are taken into account when Capacity Planning?
Personnel, storage, computer hardware, software, and connection infrastructure resources.
What might be taken into consideration when capacity planning for physical infrastructure?
Evaluating physical facilities to see if they can accommodate growth; Power, cooling, and connectivity.
What metrics can an organization use to assist in capacity planning?
Trend analysis, simulation modeling, and benchmarking.
Define ‘Trend analysis’ and its function
Examines historical data to identify patterns and trends in resource usage, demand, and performance to forecast future resource requirements by understanding past patterns.
Define the purpose of ‘Trend analysis’
Help identify potential bottlenecks or other areas that require attention.
Define ‘Simulation modeling’ and its function
Leverages computer-based models to simulate real-world scenarios; Assess the impact of changes in demand, different resource allocation strategies, or system configurations.
Define ‘Benchmarking’ and its function
A comparison of an organization’s performance metrics against industry standards or best practices; A way to identify areas for improvement and establish performance targets.
What is the ultimate goal of capacity planning?
Allows organizations to optimize resource allocation, reduce costs, and minimize the risk of downtime or performance issues.
What are ‘people’ risks associated with capacity planning?
Insufficient staffing, skills gaps, lack of cross-training/succession planning, resistance to change, lack of employee engagement, or ineffective communication.
Define ‘High availability (HA) clustering’
Redundant systems that can automatically take over operations in case of a failure, minimizing downtime.
What does creating a high availability environment involve?
Designing and implementing hardware components, servers, networking, datacenters, and physical locations for fault tolerance and redundancy.
What physical components attribute to high availability systems?
Redundant hardware components, such as power supplies, hard drives, and network interfaces.
How is availability measured?
Measured as an uptime value, or percentage; Can also be calculated as the time or percentage that a system is unavailable (downtime).
What timeframe is used to describe high availability?
24x7 or 24x365 days
How is fault tolerance achieved?
By provisioning redundancy for critical components and single points of failure.
Define ‘Failover’
A technique that ensures a redundant component, device, application, or site can quickly and efficiently take over the functionality of an asset that has failed.
How does a load balancer provide failover capabilities?
Load balancer can detect when a server/site has gone down and redirect inbound traffic to other sites in the pool.
Define a ‘Hot site’
A fully configured alternate processing site that can be brought online either instantly or very quickly after a disaster.
Define a ‘Cold site’
A predetermined alternate location where a network can be rebuilt after a disaster.
Define a ‘Warm site’
An alternate processing location that is typically dormant but can be rapidly converted to a key operations site if needed.
Define ‘Geographic dispersion’
Processing and data storage resources are replicated between physically distant sites.
What is the purpose of geographic dispersion?
To ensure that recovery sites are located far enough apart to minimize the impact of regional disasters.
What are 3 ways to test high availability of a system/service?
- Load testing
- Failover testing
- Monitor system testing
Define ‘load testing’ and its purpose
Software tools to validate a system’s performance under expected or peak loads and identify bottlenecks or scalability issues.
Define ‘failover testing’
Validating failover processes to ensure a seamless transition between primary and secondary infrastructure.
Define ‘Clustering’
A load balancing technique where a group of servers are configured as a unit and work together to provide network services.
Define a ‘Virtual IP’ and its purpose/function
An IP address that is shared by nodes in a cluster/pool that allow a load balancer to direct traffic to the active servers in a pool without the use of multiple IPs.
What protocol is used to implement a virtual IP address?
Common Address Redundancy Protocol (CARP)
How does Common Address Redundancy Protocol (CARP) allow a group of nodes to share the same virtual IP?
The instances are configured with a private connection, on which each is identified by its “real” IP address, enabling the active node to “own” the virtual IP and respond to connections.
How does the Common Address Redundancy Protocol (CARP) know which node in a pool is available to receive traffic?
The redundancy protocol also implements a heartbeat mechanism to allow failover to the passive node if the active one should suffer a fault.
Define ‘Active/passive clustering’
If one node is active, the other is passive.
Define ‘Active/active clustering’
Both nodes are processing connections concurrently.
What is the biggest advantage of active/passive clustering?
Performance is not adversely affected during failover.
Define ‘Application clustering’
Allows servers in the cluster to communicate session information to one another for fault tolerance.
What are forms of power redundancy?
- Appliances with dual power supplies each connected to a different source
- Power Distribution Units (PDUs)
- Uninterruptible Power Supplies (UPSs)
- Generators
Define a ‘power distribution unit (PDU)’
An advanced strip socket that provides filtered output voltage.
What is the purpose of a power distribution unit (PDU)?
“Clean” the power signal; provide protection against spikes, surges, and under-voltage events; and integrate with uninterruptible power supplies (UPSs)
Define a ‘Uninterruptible Power Supply (UPS)’ and its purpose
A battery-powered device that supplies AC power that an electronic device can use in the event of power failure.
Define a ‘Battery Backup’ and its purpose
Provisioned at the component level for disk drives and RAID arrays to protect any read or write operations cached at the time of power loss.
Define ‘Platform diversity’
Concept in that refers to using multiple technologies, operating systems, and hardware or software components within an organization’s infrastructure.
What is the purpose of platform diversity?
By incorporating a variety of platforms, businesses can reduce the risk of a single vulnerability or attack affecting their entire infrastructure.
Why is it good to implement platform diversity?
A diverse technology landscape makes it more challenging for threat actors to navigate, as they must be familiar with multiple platforms and exploit techniques.
Why is it insecure to rely on a single vendor and not implement vendor diversity?
Can create a single point of failure; Entire infrastructure is as risk if a vulnerability is discovered in the vendor’s products.
What are the benefits to business function of implementing vendor diversity?
If a vendor stops doing business, goes bankrupt, or experiences a significant disruption, having alternatives helps maintain business continuity.
Define ‘Deception and disruption technologies’
Cybersecurity resilience tools and techniques to increase the cost of attack planning for the threat actor.
Define a ‘Honeypot’ and its purpose
Decoy system that mimics real systems and applications designed to allow security teams to monitor attacker activity and gather information about their tactics and tools.
Define a ‘Honeynet’
A network of interconnected honeypots that simulate an entire network, providing a more extensive and realistic environment for attackers to engage with.
Define a ‘Honeyfile’ and its purpose
Fake files that appear to contain sensitive information, used to detect attempts to access and steal data.
Define ‘Honeytoken’ and its purpose
False credentials, login credentials, or other data types used to distract attackers, trigger alerts, and provide insight into attacker activity.
Define a ‘Disruption strategy’ and its purpose
Aim is to raise the attack cost and tie up the adversary’s resources.
What are examples of ‘disruption’ strategies?
Configuring a web server with multiple decoy directories or dynamically generated pages to slow down scanning; Using a DNS sinkhole to route suspect traffic to a different network, such as a honeynet.
Define a ‘DNS sinkhole’
A temporary DNS record that redirects malicious traffic to a controlled IP address.
Define a ‘Tabletop Exercise’
A discussion of simulated emergency situations and security incidents.
What is the purpose of a Tabletop Exercise
To help identify knowledge, communication, and coordination gaps, ultimately strengthening the organization’s incident response capabilities.
Define a ‘Parallel Processing Test’
Running primary and backup systems simultaneously to validate the functionality and performance of backup systems without disrupting normal operations.
Why is physical security important to cybersecurity?
Provides the first line of defense against physical access to an organization’s critical assets.
Describe authentication in physical security
Creates access lists and identifies mechanisms to allow approved persons through the barriers.
Describe authorization in physical security
Creates barriers around a resource to control access through defined entry and exit points.
Describe accounting in physical security
Records when entry/exit points are used and detects security breaches.
Describe the concept of physical security through environmental design
Uses the built environment to enhance security and prevent crime.
How is physical security through environmental design achieved?
Barricades; Entry/Exit points; Fencing; Lighting
Define an ‘Access Control Vestibule (Mantrap)’
A secure entry system with two gateways, only one of which is open at any one time.
Define a ‘physical access control system (PACS)’
A combination of hardware and software designed to control who can access specific locations within a building or site; Access cards, card readers, access control panels, and a centralized control network
Define a ‘circuit alarm/sensor’
Circuit-based alarm that sounds when the circuit is opened or closed, depending on the type of alarm.
What is the most secure version of a circuit alarm?
A closed-circuit alarm is more secure because it cannot be defeated by cutting the circuit like an open-circuit alarm.
