optical media
cd. dvd
solid state media
flash drive and memory cards
hard copy
paper, microfiche
original media
should be controlled thru a software librarian
inventory scans of installed software
should be conducted to identify unauthorized installations or license violations
IDS
maybe deployed out of band - will not affect processes or cause latency, but attacks will likely reach their intended target
IPS
in-line, cause some latency and slow down processes, but affected attacks will not likely reach their intended target
signature or pattern matching systems
matches known attacks
protocol anomaly based systems
network traffic confirms to the defined standard for that protocol
statistical anomaly based system
establish baseline, detect deviations
Security Event Information Management (SEIM)
provides common platform for log collection, collation, and analysis in real-time to allow for more effective and efficient response
containment strategy
need to preserve forensic evidence, availability of services, damage leaving affected component in place, time required for containment strategy to be efective, resources needed to contain
forensic evidence
obtain image of ram and hard drive, then determine how to mitigate
US COmputer Emergency Readiness Team (US-CERT)
Government agaencies must report breach of PII within an hour of discovery
configuration management
process of identifying and dcoumenting hardware components, software, and the associated settings
Fail-safe
focus on failing with a minimum of harm to personnel or systems
Fail-secure
focus on failing in a controlled manner to block access while the system is in an inconsistent state
NAS
simply store and serve files
SAN
block level storage
RAID 0
stripes across multiple disks without parity, fast reading, no redundancy
RAID 1
Creates two indentical drives - data mirroring
RAID 2
not used in practice - data spread across at bit level
RAID 3/4
Strioing and redundancy in form of parity drive - RAID 3 - byte level - more efficient, RAID 4 - block level - faster
RAID 5
Like RAID4 but parity is striped
RAID 6
2 sets of parity, allows for failure of 2 drives, less performance, not frequently used
Electronic vaulting
backing up system over network - separate location (vault site), sent in real time when implemented as a mirror
Journaling
provides redundancy for transactions