Security Plus - Chapter 9 Flashcards

1
Q

Continuity of Operations

A

Ensuring that the operations of an organization will continue even if issues ranging from single system failures to wide-scale natural disasters occur.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Redundancy

A

Having more than one of a system, service, device, or other component.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Common Design Elements for Redundancy

A

Geographic Dispersion - Place a secondary system far enough from the original system that a single disaster or attack cannot disable or destroy them.
Separation of servers and other devices in a datacenter - Place a secondary system in a different rack away from the original in the event of a power failure of that rack or something dripping on the original rack system.
Use of multiple network paths - Ensures that a severed cable or failed device will not cause loss of connectivity
Redundant network devices like routers, firewalls, IDS/IPS, or other appliances are not a single point of failure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Ways to Implement High Availability

A

Load Balancing - Makes multiple systems or services appear to be a single resource, allowing both redundancy and increased ability to handle loads by distributing them to more than one system.
Clustering - Groups of computers connected together to perform the same task.
Protection of Power - By using uninterruptable power supply systems (UPS) which provide battery or other power backup options.
Managed Power Distribution Units (PDUs) - Provide intelligent power management and remote control of power delivered inside server racks and other environments.
Systems and storage redundancy - Ensures that filed disks, servers, or other devices do not cause an outage.
Platform diversity - Diversify between technologies and vendors. Using different vendors, cryptographic solutions, platforms, and controls can make it more difficult for a single attack or failure to have system or organizational wide impacts.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Architectural Design of Redundant Systems

A
  • Availability targets should be set
  • Resilience - A component of availability that determines what type and level of potential disruptions the service or system can handle without an issue
  • Cost - Understanding all of the expenses
  • Responsiveness - The ability of the system or service to respond in a timely manner as desired or required to.
  • Scalability - The ability to expand or deflate either horizontally or vertically as needed to support availability, resilience, and responsiveness goals.
  • Ease of deployment - The complexity and work required to deploy the solution that often factors into initial costs and may impact ongoing expenses.
  • Risk transference - Transfer the risk through insurance, contracts, or other means is assessed
  • Ease of recovery - Part of availability, resilience and ease of deployment as complex solutions may have high costs.
  • Patch availability - Assessed to determine patching cadence
  • Vendor Support - Does the vendor appropriately support the solution
  • Inability to patch - If high availability is a requirement or other factors like scalability do not allow for the system to be patched without downtime or other interruptions.
    Power Consumption - Could increase ongoing costs and should be considered as part of datacenter design
    Compute requirements - Drives ongoing costs in the cloud and up front and recurring replacement costs for on prem.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Storage Resiliency

A

Using redundant disk drives in arrays like the RAID solutions being mirrored or striped across multiple drives to ensure data is not corrupt or lost.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

RAID Levels

A

RAID 0 - Striping - Data is spread across all drives in the array. Speed is faster. If a drive fails, the data from that drive is lost.
RAID 1 - Mirroring - All data is duplicated to another drive or drives. High read speed. Data is available if one drive fails. More expensive, uses twice the storage space
RAID 5 - Striping with parity - Data is striped across drives with one drive used for parity of the data. High read speeds, but slower write speeds. Drive failures can be rebuilt as long as only one drive fails. Rebuilding of drives is a slow process and could impact availability.
RAID 10 - Mirroring and striping - Requires at least 4 drives with drives added in pairs. Data is mirrored then striped across the drives. Combines advantages and disadvantages of RIAD 0 and RAID 1

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Backups

A

A copy of the live storage system
Full backup - Backs up all data
Incremental - Backs up the changes since the last backup - faster to backup, but longer for recovery
Differential - Backs up the changes since the last full backup. Faster to recover but slower to backup.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Replication

A

Focuses on using synchronous or asynchronous methods to copy live data to another location or device. This is constantly occurring as changes are made. Good for multi-site, multi-system designs, ensuring that changes are carried over to all systems or clusters of the architecture. Synchronous occurs as changes are made, asynchronous occurs after the fact but more regularly than a typical backup.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Journaling

A

Creates a log of changes that can be reapplied if an issue occurs. Used for databases and virtual machines typically.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Backup Frequency

A

How often a backup is performed. This is based on determining the criticality of the data and how quickly the data will need to be restored on the system in the event of a failure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Recovery Point Objectives (RPO)

A

Determines how often backups are taken and balances cost for the storage versus the potential for data loss.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Recovery Time Objectives (RTO)

A

Determines how long a recovery can take without causing significant damage to the organization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Snapshot

A

Captures the full state of a system or device at the time the backup is completed. Commonly used with virtual machines (VM). They allow the machine state to be restored at the point in time the snapshot was taken.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Images

A

A complete copy of a system or server down to the bit level of the drive. Method of choice for complex server configurations or when cloning or restoring in a short time frame is desired. Used for VM or virtual desktop infrastructure (VDI) for maintaining a “ gold” or “master” copy of the standard base infrastructure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Backup Media Options

A

Tape - Lowest cost per capacity for large-scale backups
Disks - Can be either magnetic or in solid-state form, are typically more expensive for the same amount of capacity as tapes, but are often faster to process. Usually used with network attached storage (NAS) or storage area networks (SAN).]
Optical media - Blu-ray or DVD’s were used more in the past, but due to capacity reasons are rarely used now.
Flash media - SD cards and USB drives are used for short-term copies and not large capacity due to sizes of drives.

16
Q

Other Backup Options

A

Offline - Backups are stored in a storage facility without constant access to the network or are stored on physical drives or tapes that are disconnected from the network.
Online - Backups are stored with the ability to quickly perform the backup or restore in a quick manner.
Nearline - Backups that are not immediately available but can be retrieved in a reasonable amount of time. Ex. Tape robots.

17
Q

Considerations for Cloud and Offsite Storage Backup Process

A

Bandwidth requirements - How much network traffic will be needed to perform backups or restores.
Time to retrieve files - How much time is permitted for a restore to be performed
Cost to retrieve files - What is the expense for restoring files back to the system until full recovery
Reliability - Ensure choosing the backup vendor that provides extremely high reliability rates which usually perform better than tape and disk drive backups.
New security models required for backups - Make sure third-party providers are able to meet the most recent security requirements such as:
- Separation of accounts
- Encryption of data - At rest and in transit
- Additional security controls - technological access controls, physical datacenter
access, etc.

18
Q

Response Controls

A

Used to allow organizations to respond to an issue. Could be an outage, compromise, or disaster.
Nonpersistence - The ability to have systems or services that are spun up and shut down as needed.
Reversion - Return to the last known good state of operations or configuration.
Scalability - Services are designed to scale across many servers instead of requiring a larger server to handle more workload.
- Vertical - Requires a larger, more powerful system to help when all tasks or
functions need to be handled on the same system or infrastructure. Usually
more expensive.
- Horizontal - Uses smaller systems but adds more of them to spread the task
processes. Allows the ability to adjust the system and move resources in and out
as needed.
Geographic dispersion - Utilizing facilities or cloud-hosted sites across multiple locations that are spread in many geographic locations.

19
Q

Recovery Controls

A

Focus on returning an organization to normal operations.

20
Q

Areas of Capacity Planning

A

People - Ensure the necessary staffing and skillsets are available in the event of a recovery need.
Technology - Focuses on understanding the technologies that an organization has deployed and its ability to scale as needed.
Infrastructure - Knowing what underlying systems and networks need to be available and scale. Includes network connectivity, throughput, and storage.

20
Q

Types of Disaster Recovery Sites

A

Hot site - All of the infrastructure and data needed to operate the organization in place and ready to switch over. Sometimes operating in conjunctions with the main system including splitting traffic and load between multiple sites.
Warm site - Have some systems in place that are needed to perform the work required by the organization, but the live data is not in place. Expensive to maintain, but quicker restoration times.
Cold site - These have the space, power, and often network connectivity, but they are not prepared with systems or data. The organization knows they have a facility to use in case of a disaster but would have to bring in or acquire systems. The least expensive option of disaster recovery sites.

21
Q

Site Restoration Order

A
  1. Restore network connectivity and a bastion or shell host
  2. Restore network security devices (firewalls, IPS/IDS, etc.)
  3. Restore storage and database services
  4. Restore critical operational servers
  5. Restore logging and monitoring services
  6. Restore other services as able to
22
Q

Resiliency Testing

A

Tabletop exercises - Use discussions between key personnel assigned to roles that will be involved in the efforts of returning the systems back to normal operations.
Simulation - Drills or practices in which personnel simulate what they would do in an actual event. Not performing any of the activities on the production network.
Parallel processing - Move processing over to a hot site or alternate/backup system or facility to validate that the backup can perform as expected.
Failover exercises - This tests a full switch from production to an alternate site or system. This can include a warm or cold site. This is the biggest chance for disruption of the system, but also provides certain validation if the system is capable of handling a real-world scenario.

23
Q

Site Security Plan

A

Provides decision making for the physical security of an organization’s facility or facilities. Deciding what physical controls to establish to protect the facility from threats and risks for each location.
Examples:
Fences
Bollards
Lighting
Cameras
Security Guards
Access Badges
Mantraps

24
Q

Attacks to Physical Security

A

Brute-Force - Breaking down doors, cutting off locks to force entry into a secured area
Radio frequency identification (RFID) cloning - The ability to make a copy of an RFID access badge. Need to utilize physical observation to verify the user identity and then scan the id.
Environmental attack - Targeting an organization’s heating or cooling systems, maliciously activating a water sprinkler system, or similar actions.