Security Plus - Chapter 9 Flashcards
Continuity of Operations
Ensuring that the operations of an organization will continue even if issues ranging from single system failures to wide-scale natural disasters occur.
Redundancy
Having more than one of a system, service, device, or other component.
Common Design Elements for Redundancy
Geographic Dispersion - Place a secondary system far enough from the original system that a single disaster or attack cannot disable or destroy them.
Separation of servers and other devices in a datacenter - Place a secondary system in a different rack away from the original in the event of a power failure of that rack or something dripping on the original rack system.
Use of multiple network paths - Ensures that a severed cable or failed device will not cause loss of connectivity
Redundant network devices like routers, firewalls, IDS/IPS, or other appliances are not a single point of failure.
Ways to Implement High Availability
Load Balancing - Makes multiple systems or services appear to be a single resource, allowing both redundancy and increased ability to handle loads by distributing them to more than one system.
Clustering - Groups of computers connected together to perform the same task.
Protection of Power - By using uninterruptable power supply systems (UPS) which provide battery or other power backup options.
Managed Power Distribution Units (PDUs) - Provide intelligent power management and remote control of power delivered inside server racks and other environments.
Systems and storage redundancy - Ensures that filed disks, servers, or other devices do not cause an outage.
Platform diversity - Diversify between technologies and vendors. Using different vendors, cryptographic solutions, platforms, and controls can make it more difficult for a single attack or failure to have system or organizational wide impacts.
Architectural Design of Redundant Systems
- Availability targets should be set
- Resilience - A component of availability that determines what type and level of potential disruptions the service or system can handle without an issue
- Cost - Understanding all of the expenses
- Responsiveness - The ability of the system or service to respond in a timely manner as desired or required to.
- Scalability - The ability to expand or deflate either horizontally or vertically as needed to support availability, resilience, and responsiveness goals.
- Ease of deployment - The complexity and work required to deploy the solution that often factors into initial costs and may impact ongoing expenses.
- Risk transference - Transfer the risk through insurance, contracts, or other means is assessed
- Ease of recovery - Part of availability, resilience and ease of deployment as complex solutions may have high costs.
- Patch availability - Assessed to determine patching cadence
- Vendor Support - Does the vendor appropriately support the solution
- Inability to patch - If high availability is a requirement or other factors like scalability do not allow for the system to be patched without downtime or other interruptions.
Power Consumption - Could increase ongoing costs and should be considered as part of datacenter design
Compute requirements - Drives ongoing costs in the cloud and up front and recurring replacement costs for on prem.
Storage Resiliency
Using redundant disk drives in arrays like the RAID solutions being mirrored or striped across multiple drives to ensure data is not corrupt or lost.
RAID Levels
RAID 0 - Striping - Data is spread across all drives in the array. Speed is faster. If a drive fails, the data from that drive is lost.
RAID 1 - Mirroring - All data is duplicated to another drive or drives. High read speed. Data is available if one drive fails. More expensive, uses twice the storage space
RAID 5 - Striping with parity - Data is striped across drives with one drive used for parity of the data. High read speeds, but slower write speeds. Drive failures can be rebuilt as long as only one drive fails. Rebuilding of drives is a slow process and could impact availability.
RAID 10 - Mirroring and striping - Requires at least 4 drives with drives added in pairs. Data is mirrored then striped across the drives. Combines advantages and disadvantages of RIAD 0 and RAID 1
Backups
A copy of the live storage system
Full backup - Backs up all data
Incremental - Backs up the changes since the last backup - faster to backup, but longer for recovery
Differential - Backs up the changes since the last full backup. Faster to recover but slower to backup.
Replication
Focuses on using synchronous or asynchronous methods to copy live data to another location or device. This is constantly occurring as changes are made. Good for multi-site, multi-system designs, ensuring that changes are carried over to all systems or clusters of the architecture. Synchronous occurs as changes are made, asynchronous occurs after the fact but more regularly than a typical backup.
Journaling
Creates a log of changes that can be reapplied if an issue occurs. Used for databases and virtual machines typically.
Backup Frequency
How often a backup is performed. This is based on determining the criticality of the data and how quickly the data will need to be restored on the system in the event of a failure.
Recovery Point Objectives (RPO)
Determines how often backups are taken and balances cost for the storage versus the potential for data loss.
Recovery Time Objectives (RTO)
Determines how long a recovery can take without causing significant damage to the organization.
Snapshot
Captures the full state of a system or device at the time the backup is completed. Commonly used with virtual machines (VM). They allow the machine state to be restored at the point in time the snapshot was taken.
Images
A complete copy of a system or server down to the bit level of the drive. Method of choice for complex server configurations or when cloning or restoring in a short time frame is desired. Used for VM or virtual desktop infrastructure (VDI) for maintaining a “ gold” or “master” copy of the standard base infrastructure.