• No results found

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 13 Business Continuity

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 13 Business Continuity"

Copied!
65
0
0

Loading.... (view fulltext now)

Download now ( 65 Page )

Full text

(1)

Security+ Guide to Network

Security Fundamentals,

Fourth Edition

Chapter 13

(2)

Objectives

• Define environmental controls

• Describe the components of redundancy planning

• List disaster recovery procedures

(3)

What Is Business Continuity?

• Organization’s ability to maintain operations after a

disruptive event

• Examples of disruptive events

– Power outage – Hurricane

– Tsunami

• Business continuity planning and testing steps

– Identify exposure to threats

– Create preventative and recovery procedures

(4)

What Is Business Continuity? (cont’d.)

• Succession planning

– Determining in advance who is authorized to take over if key employees die or are incapacitated

• Business impact analysis (BIA)

– Analyzes most important business functions and quantifies impact of their loss

– Identifies threats through risk assessment – Determines impact if threats are realized

(5)

What Is Business Continuity? (cont’d.)

• Questionnaires used to prompt thinking about

impact of a disaster

• In-person interviews held

– Discuss different disaster scenarios

– BIA interview form helps organize information obtained from the interview

(6)
(7)

Disaster Recovery

• Subset of business continuity planning and testing

• Also known as contingency planning

• Focuses on protecting and restoring information

technology functions

• Mean time to restore (MMTR)

– Measures average time needed to reestablish services

• Disaster recovery activities

(8)

Disaster Recovery Plan

• Written document detailing process for restoring IT

resources:

– Following a disruptive event

• Comprehensive in scope

• Updated regularly

• Example of disaster planning approach

– Define different risk levels for organization’s operations based on disaster severity

(9)
(10)

Disaster Recovery Plan (cont’d.)

• Common features of most disaster recovery plans

– Definition of plan purpose and scope

– Definition of recovery team and their responsibilities – List of risks and procedures and safeguards that

reduce risk

– Outline of emergency procedures – Detailed restoration procedures

(11)

Figure 13-1 Sample excerpt from a DRP

(12)

Disaster Recovery Plan (cont’d.)

• DRP must be adaptable

• Backout/contingency option

– Component of a DRP

– If plan response is not working properly, technology is rolled back to starting point

– Different approach taken

• Disaster exercises

(13)

Disaster Recovery Plan (cont’d.)

• Disaster exercise objectives

– Test efficiency of interdepartmental planning and coordination in managing a disaster

– Test current DRP procedures

(14)

Redundancy and Fault Tolerance

• Single point of failure

– Component or entity which will disable the entire system if it no longer functions

• Remove single point of failure

– Primary mechanism to ensure business continuity – Results in high availability

(15)
(16)

Redundancy and Fault Tolerance

(cont’d.)

• Redundancy and fault tolerance

– Way to address single point of failure

– Building excess capacity to protect against failures

• Redundancy planning

– Applies to servers, storage, networks, power, sites

• Servers

– Play a key role in network infrastructure

(17)

Redundancy and Fault Tolerance

(cont’d.)

• Some organizations stockpile spare parts for

servers

– Or have redundant servers

• Server cluster

– Multiple servers that appear as a single server – Connected through public and private cluster

connections

• Types of server clusters

– Asymmetric – Symmetric

(18)

Redundancy and Fault Tolerance

(cont’d.)

• Asymmetric servers perform no function except to

be ready if needed

– Used for databases, messaging systems, file and print services

• All servers do useful work in a symmetric server

cluster

– If one server fails, remaining servers take on failed server’s work

– More cost effective than asymmetric clusters – Used for Web, media, and VPN servers

(19)

Figure 13-2 Server cluster

(20)

Redundancy and Fault Tolerance

(cont’d.)

• Hard drives

– Often first components to fail

– Some organizations keep spare hard drives on hand

• Mean time between failures (MTBF)

– Measures average time until a component fails and must be replaced

– Can be used to determine number of spare hard drives an organization should keep

(21)

Redundancy and Fault Tolerance

(cont’d.)

• Redundant Array of Independent Devices (RAID)

– Uses multiple hard disk drives to increase reliability and performance

– Can be implemented through software or hardware – Several levels of RAID exist

• RAID Level 0 (striped disk array without fault

tolerance)

– Striping partitions hard drive into smaller sections – Data written to the stripes is alternated across the

drives

(22)

Figure 13-3 RAID Level 0

(23)

Redundancy and Fault Tolerance

(cont’d.)

• RAID Level 1 (mirroring)

– Disk mirroring used to connect multiple drives to the same disk controller card

– Action on primary drive is duplicated on other drive – Primary drive can fail and data will not be lost

• Disk duplexing

– Variation of RAID Level 1

– Separate cards used for each disk

(24)

Figure 13-4 RAID Level 1

(25)

Redundancy and Fault Tolerance

(cont’d.)

• RAID Level 5 (independent disks with distributed

parity)

– Distributes parity (error checking) across all drives – Data stored on one drive and its parity information

stored on another drive

• RAID 0+1 (high data transfer)

– Nested-level RAID

– Mirrored array whose segments are RAID 0 arrays – Can achieve high data transfer rates

(26)

Figure 13-5 RAID Level 5

(27)

Figure 13-6 RAID Level 0+1

(28)
(29)
(30)

Redundancy and Fault Tolerance

(cont’d.)

• Redundant networks

– May be necessary due to critical nature of connectivity today

– Wait in the background during normal operations – Use a replication scheme to keep live network

information current

– Launches automatically in the event of a disaster – Hardware components are duplicated

– Some organizations contract with a second Internet service provider as a backup

(31)

Redundancy and Fault Tolerance

(cont’d.)

• Uninterruptible power supply (UPS)

– Maintains power to equipment in the event of an interruption in primary electrical power source

• Offline UPS

– Least expensive, simplest solution – Charged by main power supply

– Begins supplying power quickly when primary power is interrupted

– Switches back to standby mode when primary power is restored

(32)

Redundancy and Fault Tolerance

(cont’d.)

• Online UPS

– Always running off its battery while main power runs battery charger

– Not affected by dips or sags in voltage – Can serve as a surge protector

– Can communicate with the network operating system to ensure orderly shutdown occurs – Can only supply power for a limited time

• Backup generator

(33)

Redundancy and Fault Tolerance

(cont’d.)

• Sites

– Backup sites may be necessary if flood, hurricane, or other major disaster damages buildings

– Three types of redundant sites: hot, cold, and warm

• Hot site

– Run by a commercial disaster recovery service – Duplicate of the production site

– Has all needed equipment

(34)

Redundancy and Fault Tolerance

(cont’d.)

• Cold site

– Provides office space

– Customer must provide and install all equipment needed to continue operations

– No backups immediately available – Less expensive than a hot site

– Takes longer to resume full operation

• Warm site

– All equipment is installed

(35)

Redundancy and Fault Tolerance

(cont’d.)

• Warm site (cont’d.)

– No current data backups

– Less expensive than a hot site

– Time to turn on connections and install backups can be half a day or more

(36)

Data Backups

• Essential element in any DRP

• Copying information to a different medium and

storing offsite to be used in event of disaster

• Questions to ask when creating a data backup

– What information should be backed up? – How often should it be backed up?

– What media should be used?

– Where should the backup be stored?

(37)

Data Backups (cont’d.)

• Backup software

– Can internally designate which files have already been backed up

• Archive bit set to 0 in file properties

– If file contents change, archive bit is changed to 1

• Types of backups

– Full backup

– Differential backup – Incremental backup

(38)
(39)
(40)

Data Backups (cont’d.)

• Recovery point objective (RPO)

– Maximum length of time organization can tolerate between backups

• Recovery time objective (RTO)

– Length of time it will take to recover backed up data

• Magnetic tape backups have been standard for

over 40 years

– Can store up to 800GB of data – Relatively inexpensive

(41)

Data Backups (cont’d.)

• Disadvantages of magnetic tape backups

– Slow backup speed – High failure rates

– Data not encrypted on tape

• Disk to disk

– Large hard drive or RAID configuration – Better RPO and RTO than magnetic tape – May be subject to failure or data corruption

(42)

Data Backups (cont’d.)

• Disk to disk to tape

– Uses magnetic disk as a temporary storage area – Server does not need to be offline for an extended

time period

– Data later transferred to magnetic tape

• Continuous data protection

– Performs data backups that can be restored immediately

– Maintains historical record of all changes made to data

(43)
(44)
(45)

Environmental Controls

• Methods to prevent disruption through

environmental controls

– Fire suppression – Proper shielding

(46)

Fire Suppression

• Requirements for a fire to occur

– Fuel or combustible material – Oxygen to sustain combustion

– Heat to raise material to its ignition temperature – Chemical reaction: fire itself

(47)

Figure 13-8 Fire triangle

(48)
(49)
(50)
(51)
(52)

Electromagnetic Interference (EMI)

Shielding

• Attackers could pick up electromagnetic fields and

read data

• Faraday cage

– Metal enclosure that prevents entry or escape of electromagnetic fields

(53)

HVAC

• Data centers have special cooling requirements

– More cooling necessary due to large number of systems generating heat in confined area

– Precise cooling needed

• Heating, ventilating, and air conditioning (HVAC)

systems

– Maintain temperature and relative humidity at required levels

• Controlling environmental factors can reduce

electrostatic discharge

(54)

HVAC (cont’d.)

• Hot aisle/cold aisle layout

– Used to reduce heat by managing air flow

– Servers lined up in alternating rows with cold air intakes facing one direction and hot air exhausts facing other direction

• Location of computer data center an important

consideration

– Placing a wireless access point in a plenum can be a hazard

(55)

Incident Response Procedures

• When unauthorized incident occurs:

– Response is required

• Incident response procedures

(56)

What Is Forensics?

• Applying science to legal questions

– Analyzing evidence

• Computer forensics

– Uses technology to search for computer evidence of a crime

• Reasons for importance of computer forensics

– Amount of digital evidence

– Increased scrutiny by the legal profession – Higher level of computer skill by criminals

(57)

Basic Forensics Procedures

• Four basic steps are followed

– Secure the crime scene – Collect the evidence

– Establish a chain of custody – Examine for evidence

• Secure the crime scene

– Goal: preserve the evidence

– Damage control steps taken to minimize loss of evidence

(58)

Basic Forensics Procedures (cont’d.)

• Secure the crime scene (cont’d.)

– First responders contacted

– Physical surroundings documented

– Photographs taken before anything is touched – Computer cables labeled

– Team takes custody of entire computer – Team interviews witnesses

(59)

Basic Forensics Procedures (cont’d.)

• Preserve the evidence

– Digital evidence is very fragile

• Can be easily altered or destroyed

– Computer forensics team captures volatile data

• Examples: contents of RAM, current network connections

– Order of volatility must be followed to preserve most fragile data first

– Capture entire system image

– Mirror image backup of the hard drive

(60)
(61)

Basic Forensics Procedures (cont’d.)

• Establish the chain of custody

– Evidence maintained under strict control at all times – No unauthorized person given opportunity to corrupt

the evidence

• Examine for evidence

– Computer forensics expert searches documents – Windows page files can provide valuable

investigative leads

– Slack and metadata are additional sources of hidden data

(62)

Figure 13-10 RAM slack

(63)

Figure 13-11 Drive file slack

(64)

Summary

• Business continuity is an organization’s ability to

maintain its operations after a disruptive event

• Disaster recovery

– A subset of business continuity planning

– Focuses on restoring information technology functions

– Disaster recovery plan details restoration process

• A server cluster combines two or more servers that

are interconnected to appear as one

(65)

Summary (cont’d.)

• Network components can be duplicated to provide

a redundant network

• Data backup

– Copying information to a different medium and storing (preferably offsite) for use in event of a disaster

• Recovery point objective and recovery time

objective help an organization determine backup

frequency

• Fire suppression systems include water, dry

chemical, and clean agent systems

References

Download now ( PDF - 65 Page - 1.20 MB )

Related documents

Building Blocks For Your Success

Complete machine tool expertise and support since 1968 Broad range of high quality and reputable machine tools Long standing relationships with machine tool suppliers..

Advanced Management Practices MBA 610 Syllabus for Fall semester SCOB - Robinson

Excerpt from online catalog: Advanced coverage of three essential management practices required for long-term business success: problem identification and

Transfer learning on ultrasound spectrograms of RF signal for diagnosing nonalcoholic fatty liver disease

A transfer learning approach was used, where a pretrained VGG-19 model was used as the base model and was fine-tuned by training the last few convolution layers and fully-connected

Edexcel IGCSE ICT Student's Book Answers

3 Any reasonable answer, for example: Many search engines use this format, for example, see Google. 5 a) Any reasonable answer, for example: The most appropriate way to

A Policy Framework for the Digital Library

Eprints Metadata re-use permitted for not-for-profit purposes; Re-use of full data items permitted for not-for-profit purposes; Content policies explicitly undefined ;

Monitorowanie parametrów SLA oraz SAT (Service ActivationTest) w oparciu o urządzenia CE2.0 Raisecom. Marcin Bała / Tomasz Wolanin

ETH-CC (Ethernet Continuity Check - Fault detection) ETH-LB (Ethernet Loopback - Fault acknowledgement) ETH-LT (Ethernet Link Trace - Fault location).

Towards a Resource Aware Scheduler in Hadoop

Instead of having a fixed number of available computation slots configured on each TaskTracker node, we compute this number dynamically using the resource metrics obtained from

Influence of the low temperature drying process on optical alternations of organic apple slices

Based on the achieved results an optimized control strategy for the industrial batch drier is suggested in which the product is first dried at low temperature and low humidity