Chapter 9 - Implementing Controls to Protect Assets Flashcards
Air gap
A physical security control that ensures that a computer or network is physically isolated from another computer or network.
EX: ensuring a computer is not connected to any other system in the network.
Classified networks are often separated from unclassified networks to ensure that classified networks are not accessible by other internal networks or the internet.
Faraday cage
Typically a room that prevents radio frequency (RF) signals from entering into or emanating beyond a room. Includes electrical features that reach the boundary of the room to be reflected back.
Malicious USB
A malicious USB cable has an embedded wifi controller capable of receiving commands from nearby wireless devices such as a smartphone. If an attacker connects to a malicious USB cable he can send commands to the computer.
Malicious flash drive
Includes malware configured to infect a computer when the drive is plugged in.
Redundancy
Adds duplication to critical system components and provides fault tolerance. If a critical system has a fault, the duplication allows the service to continue as if the fault never occured, ie a system with fault tolerance can suffer a fault but tolerate it and continue to operate.
Organizations often add redundancies to eliminate single points of failure:
- Disk redundancies using RAID
-NIC redundancy with NIC teaming
-Server redundancies by adding load balancers
-Power redundancies by adding generators or a UPS
-Site redundancies by adding hot, cold, or warm sites
SPOF
Single point of failure, a component within a system that can cause the entire system to fail if the component fails.
When designing redundancies an organization will examine different components to determine if they are a spof, and if so take steps to provide redundancy or fault tolerance, with the goal of increasing the reliability and availability of the system.
RAID
Redundant Array of Inexpensive Disks
Provides fault tolerance for hard drives and is a relatively inexpensive way to add fault tolerance to a system and increase data availability.
If a server uses a single drive, the system will crash if the single drive fails
Even if a disk fails, most RAID subsystems can tolerate the failure and the system will continue to operate. There are various RAID levels.
Any system has four primary resources: processor, memory, disk, and the network interface. Of these, disk is slowest and most susceptible to failure, which is why network admins often upgrade disk subsystems to improve their performance and redundancy.
RAID-0
Also called striping. It actually does not provide any redundancy or fault tolerance. It includes 2 or more physical disks. Files stored on RAID-O array are spread across each of the disks.
-Main benefit of RAID-0 is increased read and write performance since a file is spread across multiple physical disks, the different part of the file can be read from or written to each of the disks simultaneously.
-If you have three 500GB drives in a RAID-0, you have 1,500GB (1.5 TB) of storage space.
RAID-1
Also called mirroring, RAID-1 uses two disks. Data written to one disk is also written to the other disk. If one of the disks fails, the other disk still has all the data, so the system can continue to operate without any data loss.
–> If you mirror all the drives in a system you can actually lose half of the drives and continue to operate.
-You can aid additional disk controllers to a RAID-1 configuration to remove the disk controller as a SPOF. In this configuration, each of the disks has its own disk controller - adding a second disk controller to a mirror is called disc duplexing.
-If you have two 500 GB drives using RAID-1 mirroring, you have 500GB of storage space, since the other 500GB is dedicated to the fault tolerant, mirrored volume.
NOTE: RAID-2, RAID-3, and RAID-4 are rarely used.
RAID-5
RAID-5 is three or more disks that are striped together, similar to RAID-0. However, the equivalent of one drive includes parity information. This parity information is striped across each of the drives in a RAID-5 and provides fault tolerance.
If one of the drives fails, the disk subsystem can read the remaining drives’ information and re-create the original data. If two of then drives fail in a RAID-5, the data is lost.
-Offers a balance between performance and fault tolerance. Minimum of 3 disks
-Can survive the failure of one disk, but if two drives fail, the data is lost.
Data striping
Data striping involves dividing the data into blocks and distributing these blocks across multiple disks in the RAID array. Each disk contains a portion of the data, and by spreading the data across multiple disks, RAID-5 can improve read and write performance.
Parity information
Parity information is an additional piece of data calculated from the corresponding blocks of data on the other disks in the array. It is used for error detection and data recovery in case of disk failure.
RAID-6
RAID-6 is an extension of RAID-5, with the big difference being that it uses an additional parity block and requires an additional disk, so a minimum of 4 disks.
-The huge benefit of a RAID-6 subsystem is that it will continue to operate even if two disk drives fail.
-Requires a minimum of 4 disks.
RAID-10ch
RAID-10 configuration combines the features of mirroring (RAID-1) and striping (RAID-0). It is sometimes called RAID 1+0, and there are variations like RAID-01 or RAID-0+1.
The minimum number of drives in RAID-10 is 4. When adding more drives, you add two more (or multiples of 2, such as 4/6/8etc).
If you have four 500GB drives in a RAID-10 system, you have 1TB of usable storage.
High availability
Refers to a system or service that needs to remain operational with almost zero downtime. It is possible to achieve 99.999% uptime (called 5 9s) by implementing redundancy and fault tolerance methods, but 5 9s is expensive.
If the potential cost of an outage is high then the cost of redundant technologies is justified, ie on an ecommerce store that generates lots of revenue by the minute.
Load Balancer
A load balancer can be hardware or software.
A hardware load balancer accepts traffic and directs it to servers based on factors such as processor utilization and the number of current connections to the server.
A software based load balancer using software running on each of the servers to balance the load.
Load balancing provides scalability and availability and increases the overall processing power of a service by sharing the load among multiple servers.
Scalability = the ability of a service to serve more clients without any decrease in performance.
Some load balancers use different scheduling methods and will send new requests round robin to its server farm while others detect the load on the individual servers and send new clients to the least used server.
Source IP address affinity scheduling ensures clients are redirected to the same server for an entire session, and provides session persistence.
Active/active vs. active/passive
An active/active load balancer can optimize and distribute data loads across multiple computers or multiple networks.
EXAMPLE: if an organization hosts a popular website, it can use multiple servers hosting the same website in a web farm. Load balancing distributes traffic equally among all the servers in the web farm, typically located in a DMZ.
____
In an active/passive configuration, one server is active, and the other server is inactive. If the active server fails, the inactive server takes over.
NIC Teaming
NIC Teaming allows you to group two or more physical network adapters into a single software-based virtual network adapter, providing increased performance because the NIC team handles all the individual NIC bandwidths as if the NIC team is a single physical network adapter.
Additionally, the NIC team uses load-balancing algorithms to distribute traffic equally among the NICs.
NIC teaming also eliminates any physical NIC as a SPOF. If one NIC in the NIC team fails, the software detects the failure and logically removes the team’s failed NIC.
Power Redundancies
-UPS -Uninterruptible Power Supplies. Provides short term power and can protect against power fluctuations.
-Dual supply - a second/redundant power supply that can power a device if the primary power supply fails. Usually hot swappable.
-Generators - provide long-term power during extended outages such as disasters
-Managed power distribution units - PDUs are commonly used within the racks in data centers to power the devices, similar to how a power strip delivers power via multiple outlets. Managed PDUs monitor the quality of power such as voltage/current/consumption and report these measurements to a central monitoring console, along admins to monitor power within a data center from a single application.
Backup media
-Disc
-NAS (Network attached storage): a dedicated computer used for file storage and accessible on a network. Can have multiple drives and often runs a stripped-down version of Linux for simplicity and to reduce costs.
-SAN (storage area network): provides block-level data storage via a full network. Organizations use SANs to provide high speed access to disk arrays or tape libraries. Can also be used for real-time replication of data - not always hardware, can use standard network protocols such as TCP and IP
-Cloud
Offline backups
Use traditional backup media within a network such as tapes, local disks, drives in a NAS, and even backup targets within a SAN. Provide an organization an easy access to backups, better control of the backup media, and relatively fast backup and restore capabilities.
BUT it can fail, be destroyed or even stolen.
Online backups
Stored within the cloud, often accessible via internet. Even if a natural disaster destroys all offline backups, they remain available in the cloud. CSPs also automatically encrypt data preventing unauthorized access to backups.
DATABASES:
Online database backup is a hot backup meaning it backs up the database when it is operational and captures changes as they are occurring.
Offline database backup is a cold backup or backup performed while the database is online, like a local backup.
Full backup
Backs up all data specified in the backup, for example, several folders on the D: drive. If you specify these folders in the backup program, it will backup all the data in these folders.
*Though possible to do a full backup on a daily basis, it is rare in most production environments due to TIME (hours, can interfere with operations and system maintenance) and MONEY (need to be stored on some type of media, doing them every day requires more media which can be cost prohibitive).
Most organizations combine full backups with differential or incremental backups.
*A full backup is easiest and quickest to restore. You only need to restore the single full backup, and you’re done.
Differential backup
Differential backups start with a full backup, and capture all the data that has changed since the last full backup.
Example:
Sunday: Full Backup
Monday: Differential Backup (Captures changes since Sunday)
Tuesday: Differential Backup (Captures changes since Sunday)
Wednesday: Differential Backup (Captures changes since Sunday)
Thursday: Differential Backup (Captures changes since Sunday)
Friday: Differential Backup (Captures changes since Sunday)
Saturday: Differential Backup (Captures changes since Sunday)
In this scenario, each differential backup captures all changes made since the last full backup, regardless of any previous differential backups. While each differential backup may take longer than an incremental backup, restoring data typically requires accessing only the full backup and the most recent differential backup.
Differential backups optimize for speed to recover data since they simplify the restoration process by requiring access to only the full backup and the most recent differential backup, compared to potentially multiple incremental backups.
