reflection 4
Implementing Cybersecurity Resilience
Lesson 20
1
Implement Redundancy Strategies
Topic 20A
CompTIA Security+ Lesson 20 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
2
2
2.5 Given a scenario, implement cybersecurity resilience
Syllabus Objectives Covered
CompTIA Security+ Lesson 20 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
3
High Availability
Maximum tolerable downtime (MTD)
Scheduled service intervals versus unplanned outages
Scalability
Increase capacity within similar cost ratio
Scale out versus scale up
Elasticity
Cope with changes to demand in real time
Fault tolerance and redundancy
| Availability | Annual Downtime |
| 99.9999% | 00:00:32 |
| 99.999% | 00:05:15 |
| 99.99% | 00:52:34 |
| 99.9% | 08:45:36 |
| 99.0% | 87:36:00 |
CompTIA Security+ Lesson 20 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
4
Power Redundancy
Power problems
Spikes and surges
Blackouts and brownouts
Dual power supplies
Component redundancy for server chassis
Managed power distribution units (PDUs)
Protection against spikes, surges, and brownouts
Remote monitoring
Battery backups and uninterruptible power supply (UPS)
Battery backup at component level
UPS battery backups for servers and appliances
Generators
CompTIA Security+ Lesson 20 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
5
Network Redundancy
Network interface card (NIC)/adapter teaming
Adapters with multiple ports
Multiple adapters
More bandwidth (except during failover)
Switching and routing
Design network with multiple paths
Load balancers
Load balancing switch to distribute workloads
Clusters provision multiple redundant servers to share data and session information
CompTIA Security+ Lesson 20 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
6
Disk Redundancy
Redundant array of independent disks (RAID)
RAID 1
Mirroring
50% storage efficiency
RAID 5 and RAID 6
Striping with distributed parity
Better storage efficiency
Nested RAID
Better performance or redundancy
(RAID 0)
Multipath
Controller and cabling redundancy
CompTIA Security+ Lesson 20 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
7
Replication context
Local storage (RAID)
Storage area network (SAN)
Database
Virtual machine (VM)
Geographic dispersal
Asynchronous and synchronous replication
Synchronous (must be written at both sites—expensive)
Asynchronous (one site is primary and the others secondary)
Optimum distances between sites
On-premises versus cloud
Geographical Redundancy and Replication
CompTIA Security+ Lesson 20 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
8
Redundancy Strategies
CompTIA Security+ Lesson 20 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
9
Review Activity
Implement Backup Strategies
Topic 20B
CompTIA Security+ Lesson 20 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
10
10
2.5 Given a scenario, implement cybersecurity resilience
Syllabus Objectives Covered
CompTIA Security+ Lesson 20 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
11
Backups and Retention Policy
Short term retention
Version control and recovery from corruption/malware
Long term retention
Regulatory/business requirements
Recovery window
Recovery point objective (RPO)
Screenshot used with permission from Acronis.
CompTIA Security+ Lesson 20 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
12
Backup Types
CompTIA Security+ Lesson 20 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
13
Snapshots
Snapshots
Feature of file system allowing open file copy
Volume Shadow Copy Service (VSS)
VM snapshots and checkpoints
Image-based backup
System images
Screenshot used with permission from Acronis.
CompTIA Security+ Lesson 20 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
14
Backup Storage Issues
Backup security
Access control and encryption
Offsite storage
Distance consideration
Physical transfer
Network/cloud backups
Online versus offline backups
Speed of restore operations
Risk to online backup data
3-2-1 rule
CompTIA Security+ Lesson 20 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
15
Backup Media Types
Disk
SOHO backups
Lack enterprise-level capacity and manageability
Network attached storage (NAS)
File-level/protocol-based access
No offsite option
Tape
Enterprise-level capacity and manageability
Storage area network (SAN) and cloud
Block-level access to storage devices
Highly configurable
Mix storage technologies to implement performance tiers
CompTIA Security+ Lesson 20 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
16
16
Restoration Order
Power delivery systems
Switch infrastructure then routing appliances and systems
Network security appliances
Critical network servers
Backend and middleware and verify data integrity
Front-end applications
Client workstations and devices and client browser access
CompTIA Security+ Lesson 20 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
17
Non-Persistence
Separate compute instance from data
Snapshot/revert to known state
Rollback to known configuration
Live boot media
Provisioning
Master image
Automated build from template
Configuration validation
CompTIA Security+ Lesson 20 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
18
Backup Strategies
CompTIA Security+ Lesson 20 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
19
Review Activity
Assisted Lab
Backing Up and Restoring Data in Windows and Linux
CompTIA Security+ Lesson 20 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
20
Lab Activity
Implement Cybersecurity Resiliency Strategies
Topic 20C
CompTIA Security+ Lesson 20 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
21
21
2.1 Explain the importance of security concepts in an enterprise environment
2.5 Given a scenario, implement cybersecurity resilience
5.3 Explain the importance of policies to organizational security
Syllabus Objectives Covered
CompTIA Security+ Lesson 20 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
22
Configuration Management
Service assets
Configuration items (CIs)
Assets that require configuration management
Baseline configuration
Configuration management system (CMS)
Creating and updating diagrams
Workflows
Physical and logical network topologies
Network rack layouts
…
CompTIA Security+ Lesson 20 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
23
23
Inventory/asset management database
Asset identification and standard naming conventions
Barcodes and RFID tags
Standard naming conventions for asset IDs
Attribute fields and tags
Internet protocol (IP) schema
Static allocation versus DHCP ranges
IP address management (IPAM) software suites
Asset Management
CompTIA Security+ Lesson 20 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
24
24
Change Control and Change Management
Change control
Assess whether a change should be made
Classifying change (reactive, proactive, risk)
Request for Change (RFC)
Change Advisory Board (CAB)
Change management
Ensure changes are applied with minimum disruption
Rollback plan
CompTIA Security+ Lesson 20 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
25
Site Resiliency
Alternate processing sites/recovery sites
Provide redundancy for damage to resources stored on the primary site
Failover to alternate processing site (or system)
Hot site
Instantaneous failover
Warm site
Some delay or manual configuration before failover occurs
Cold site
Significant delay and configuration before failover can occur
CompTIA Security+ Lesson 20 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
26
Diversity and Defense in Depth
Layered security and defense in depth
Technology and control diversity
Provision different classes and types of controls
Mix technical, administrative, and physical controls
Deploy controls to prevent, deter, detect, and correct
Vendor diversity
Use more than one supplier
Crypto diversity
CompTIA Security+ Lesson 20 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
27
Asymmetry of attack and defense
Active defense
Fake/decoy assets
Honeypots, honeynets, and honeyfiles
Breadcrumbs
Disruption strategies
Bogus DNS records
Decoy directories and resources
Port spoofing to return fake telemetry/monitoring data
DNS sinkholes
Deception and Disruption Strategies
CompTIA Security+ Lesson 20 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
28
Cybersecurity Resiliency Strategies
CompTIA Security+ Lesson 20 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
29
Review Activity
Summary
Lesson 20
CompTIA Security+ Lesson 20 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
30
30