Chapter 12: Disaster Recovery and Incident Response Flashcards Preview

CompTIA Security+ > Chapter 12: Disaster Recovery and Incident Response > Flashcards

Flashcards in Chapter 12: Disaster Recovery and Incident Response Deck (32)
Loading flashcards...

Business Continuity

The act of hardening your business, essentially. Making it easier to recover from disaster


Business Continuity Planning (BCP)

Implementing policies, controls, and procedures to plan for recovery from failure


Critical Business Functions (CBFs)

Identifying which aspects of your business are most important to restore ASAP


Business Impact Analysis (BIA)

Business impact analysis (BIA) is a systematic process to determine and evaluate the potential effects of an interruption to critical business operations as a result of a disaster, accident or emergency.


Risk Assessment

How likely is an attack or failure to occur?


What are the most common reasons you'll have to restore information from a backup?

-Accidental deletion
-Application errors
-Natural Disasters
-physical attacks
-Server failure
-Virus infection
-Workstation failure


Working Copies (Shadow Copies)

Partial or full backups stored for the purpose of immediate recovery. They're updated pretty frequently


Journaled File System (JFS)

A log file of all changes and transactions that occur within a set period of time, so you can recover after a crash


Onsite Storage

Your means of backup storage are right there in your building. These systems are in a protected environment rated for fire, moisture, and pressure resistance


Offsite Storage

Your means of backup are located elsewhere. This can range from your backup being at a remote office, or a high-security, nuclear-hardened facility. See the Mormon Church's Granite Mountain Records Vault.


Disaster Recovery Plan

Your plan to recover after a disaster, such as system failure, network failure, natural disaster, etc. It's primarily focused on reestablishing services and minimizing losses.


Database System Backup Plans

Keep your databases backed up. This could be a SAN kind of deal, or even on magnetic tapes (which are becoming less and less prevalent).
-You should decide based on the needs of the company what information gets backed up, which changes get backed up, and how often/under what conditions data gets written


User Files Backup Plans

You will have to backup a humongous amount of user files, which can seem daunting at first, but the nice thing is that once these files are created, they probably won't be modified super often. This means that when a new backup is made, you only have to backup new files and newly modified files.


Applications Backup Plans

Keep one single up to date backup for each application the company needs, and if it needs to be restored system-wide, you can deploy it to every computer right from the backup media.


Hierarchal Storage Management (HSM)

Continuous online backup. It appears as an infinite disk to your system


Creating a backup in SUSE Enterprise

-Log in as root, start YaST
-Choose System and System Backup
-Click Profile Management and choose Add, then enter a name for the new profile
-Click OK
-Enter a backup name (with the path you want), and make sure that the archive type is set to a tar variety
-At the File Selection window, leave all the default options
-Leave the Search Constraints at default
-At the main YaST System Backup dialog box, click Start Backup.


Grandfather, Father, and Son backup plan

When you do full backups, you keep the previous two. So the son is the most recent one, and when a new backup is created it becomes the father, then the grandfather. Each monthly backup replaces the monthly backup from the previous year, which is stored at an offsite facility. Common practice keeps backups for seven eyars.


Full Archival backup plan

All backups are kept forever. This pretty mcuh eliminates the potential for data loss.


Backup Server backup plan

You have a large server with a lot of disk space that does nothing but store backup data. Time to crack out the Dell Storage Array!


Backout vs. Backup

A backout is undoing a change that was made that fucked somethign up.


Alternative Site

When you have a backup site so if your power is out for a long period of time, you can operate from another site.


Hot Site

A location that con provide operations very soon after failure. It would contain everything you need; servers, networks, telecommunications, etc. They're expensive, and only should be used for short-term situations.


Warm Site

Like a less functional hot site. The customer will have to do more work for things to be operational.


Cold Site

A facility that's not immediately ready to use. You have this site sitting here for your usage, but after data failure you'll have to get people to bring their own architecture in, set up systems, and THEN get going. this can take months.


Incident Response Policies

When incidents occur, how exactly will you respond?


Computer Security Incident Response Team (CSIRT)

You throw a team together after an incident occurs to try and get the situation rectified as soon as possible.


The steps of incident Response

1. Identify the incident
-What happened? Do you need to escalate the problem?
2. Investigating the Incident
-Where did this come from? What tools may have been used to cause this incident?
3. Repairing the Damage
-Begin to rectify the problems
4. Document and report the response
-Keep full and comprehensive documents of the steps you took to remediate. Report your findings and solutions to whoever needs to see them
5. Adjusting procedures
-How will you stop this from happening again?


Act in Order of Volitality (OOV)

Deal with the biggest problems first


Forensics steps

-Capture a system image
-document network traffic and logs
-capture video
-record time offset
-take hashes
-Capture screenshots
-talk to witnisses
-track man hours and expenses


Tabletop exercises

Simulations of disasters. There are five levels of testing:
-Document review
0Parallel Test
0Cutover Test