CompTIA Security+ 501 Summary Part 9

Feb. 27, 2023, 5:32 a.m.

This is a summary of my notes on Chapter 9 of the CompTIA Security+ Get Certified Get Ahead by Darril Gibson, 5th Edition

Things to keep in mind:

CompTIA is releasing an updated version of the Security+ Exam in November 2020 so this edition will soon be outdated. 90% of the book will remain the same in accordance with the updated exam. New threats and cloud-computing technology will probably make up the majority of that new 10% of content.

Synthesizing paragraphs with a huge list of facts sometimes results in dreadful sentences. It also results in some streams of thought that end abruptly. Some notes cannot be digested any further and remain identical in this summary. In any case, these are just notes and not an essay.

Some things are repeated but this is simply to reinforce.

Hackers are referred to as actors.

Access Points are referred to as AP

1. Defenses

Defense in Depth == Layered Security. Vendor diversity means using controls from different vendors. Servers and network rooms should be secure in areas where only IT personnel can access them. Airgaps is when a system or network is physically isolated from another system or network. Cipher locks have numbers on them that employees would press in a certain order to unlock the door. Proximity cards are credit card-sized access cards that users scan at designated readers to unlock doors. Biometrics is a third option for physical access security. Cipher locks do not identify users, but proximity cards and biometrics do. Video surveillance provides proof of activity but you can only record in public areas and you must notify users of the surveillance. Recording audio is illegal. Bollards are barricades for vehicles.

Tailgating is a social engineering tactic where an actor can get past a physical security access point by closely following behind a user who already authenticated.

Asset management is the process of onboarding, tracking, and removing assets from within your environment and helps reduce design weakness by forcing new assets to go through an approval process. System sprawl is when asset management has failed to maintain a tight system.

Higher-tonnage HVAC systems provide more cooling. Hot and cold aisles help regulate data centers with multiple rows. HVAC system increase availability and ensure a constant temperature. In the case of a fire, focus on removing the heat, removing the oxygen, removing the fuel, or disrupting the chain reaction. You can remove heat with a fire extinguisher, remove the oxygen with carbon dioxide for displacement, removing the flammable material to remove the fuel, and use specific chemicals to stop the chain.

2. Fault Tolerance

Redundancy provides fault tolerance. Redundant Array of Inexpensive Disks, or RAID, failover clustering, UPSs, and generators remove single point of failures. RAID-0 (striping) does not provide fault tolerance because files are spread across two or more disks. RAID-1 (mirroring) uses two disks. If one of the disks fails the other can pick up the pace. RAID-5 is three or more disks that are striped together. Parity information is striped across each of the drives. If one of the drives fails, the system can read the information on the remaining drives and determine what the actual data should be.

RAID-6, an extension of RAID-5, requires a minimum of four disks. RAID-5 can survive the failure of one disk. RAID-6 can survive the failure of two disks. A RAID-10 configuration combines the features of mirroring (RAID-1) and striping (RAID-0).

Failover clusters provide high availability for servers by removing single points of failure. Load balancing increases the overall processing power of a service by sharing the load among multiple servers. Configurations can be active-passive, or active-active. Scheduling methods include round-robin and source IP address affinity. Source IP address affinity scheduling ensures clients are redirected to the same server for an entire session. An UPS provides fault tolerance for power and can protect against power fluctuations.

The following backup types are commonly used:

Full backups provide the fastest recovery time. Full/incremental strategies reduce the amount of time needed to perform backups. Full/differential strategies reduce the amount of time needed to restore backups. Test restores are the best way to test the integrity of a company’s backup data. Backup media should be protected with the same level of protection as the data on the backup. Geographic considerations for backups include storing backups off-site, choosing the best location, and considering legal implications and data sovereignty.

3. Business Plans

A business impact analysis, BIA, is an important part of a Business Continuity Plan. It helps an organization identify critical systems and components that are essential to the organization’s success. The BIA identifies mission-essential functions and critical systems that are essential to the organization’s success. It also identifies maximum downtime limits for these systems and components, various scenarios that can impact these systems and components, and the potential losses from an incident.

A privacy threshold assessment is typically a simple questionnaire that helps identify if a system processes data that exceeds the threshold for PII. If the system processes PII, a privacy impact assessment helps identify and reduce risks related to potential loss of the PII. The recovery time objective, RTO, identifies the maximum amount of time it should take to restore a system after an outage. It is derived from the maximum allowable outage time identified in the BIA. The recovery point objective, RPO, refers to the amount of data you can afford to lose.

The mean time between failures, MTBF, provides a measure of a system’s reliability and is usually represented in hours. Mean time to recover, MTTR. The mean time to recover, MTTR, identifies the average (the arithmetic mean) time it takes to restore a failed system.

A hot site includes personnel, equipment, software, and communication capabilities of the primary site with all the data up to date. A hot site provides the shortest recovery time compared with warm and cold sites. It is the most effective disaster recovery solution, but it is also the most expensive to maintain. Hot sites are generally too expensive for most organizations, and cold sites sometimes take too long to configure for full operation.

A cold site will have power and connectivity needed for a recovery site, but little else. Cold sites are the least expensive and the hardest to test. A warm site is a compromise between a hot site and a cold site. Mobile sites do not have dedicated locations, but can provide temporary support during a disaster.

A disaster recovery plan, DRP, includes a hierarchical list of critical systems and often prioritizes services to restore after an outage. Testing validates the plan. The final phase of disaster recovery includes a review to identify any lessons learned and may include an update of the plan. You can validate business continuity plans through testing. Tabletop exercises are discussion-based only and are typically performed in a classroom or conference setting. Functional exercises are hands-on exercises.