Comptia Security+ 601 Chapter 9 Summary

CompTIA Security+ Study Guide: Exam SY0-601 8th Edition, by Mike Chapple & David Seidl

Chapter 9 summary of my notes

  1. Environment Management

Redundancy = having more than one of a system, service, device, or other component.

Load balancers, which make multiple systems or services appear to be a single resource, allow for both redundancy and increased ability to handle loads by distributing it to more than one system.

NIC = Network Interface Card

NIC teaming, which combines multiple network cards into a single virtual network connection.

Redundant NICs are also used to ensure connectivity in situations where a system's availability is important and multiple systems cannot be reasonably used.

UPS = Uninterruptible power supply = systems provide battery or other backup power options for short periods of time.

PDU = power distribution units = used to provide intelligent power management and remote control of power delivered inside server racks and other environments.

RAID = Redundant arrays of inexpensive disks = common solution that uses multiple disks with data either striped (spread across disks) or mirrored (completely copied), and technology to ensure that data is not corrupted or lost (parity).

Categories of backup:

  1. full backup, which copies the entire device
  2. incremental backup, which captures the changes since the last backup and is faster to back up but slower to recover;
  3. differential backup, which captures the changes since the last full backup and is faster to recover but slower to back up.

Snapshot = captures the full state of a system or device at the time the backup is completed and are common for virtual machines (VMs),

Images = similar concept to snapshots, but most often they refer to a complete copy of a system or server, typically down to the bit level for the drive.

Virtualization systems and virtual desktop infrastructure (VDI) also use images to create nonpersistent systems, which are run using a “gold master” image.

Off-site storage helps ensure that a single disaster cannot destroy an organization's data entirely.

SANs = storage area networks

NAS = network attached storage devices,

SANs and NAS devices for cloud and third-party off-site backup options have continued to become increasingly common.

Considerations for backups:

  1. Bandwidth requirements for both the backups themselves and restoration time if the backup needs to be restored partially or fully.
  2. Time to retrieve files and cost to retrieve files.
  3. Reliability.
  4. Separation of accounts.
  5. Encryption of data in the remote storage location.

The Security+ exam outline considers SAN devices in two ways:

  1. as a means of replicating data, where SANs use RAID to ensure that data is not lost.
  2. as a type of backup. Here, a SAN can be looked at as a network attached array of disks. NAS devices are only mentioned under backups, not under replication, but they can be used for data replication and backups.

A SAN typically provides block-level access to its storage, thus looking like a physical drive.

NAS devices usually present data as files, although this line is increasingly blurry since SAN and NAS devices may be able to do both.

The Security+ exam focuses on a handful of common response and recovery controls:

  1. nonpersistence. This means the ability to have systems or services that are spun up and shut down as needed.
  2. the ability to return to a last-known good configuration.
  3. Scalability is a common design element and a useful response control for many systems in modern environments where services are designed to scale across many servers instead of requiring a larger server to handle more workload.
  4. Vertical scalability requires a larger or more powerful system or device. Vertical scalability can help when all tasks or functions need to be handled on the same system or infrastructure. Vertical scalability can be very expensive to increase,
  5. Horizontal scaling uses smaller systems or devices but adds more of them. When designed and managed correctly, a horizontally scaled system can take advantage of the ability to transparently add and remove more resources,
  6. Site resiliency has historically been a major design element for organizations, and for some it remains a critical design element.

Hot sites = all the infrastructure and data needed to operate the organization.

Warm sites = some or all of the systems needed to perform the work required by the organization, but the live data is not in place.

Cold sites = space, power, and often network connectivity, but they are not prepared with systems or data.

Restoration order decisions balance the criticality of systems and services to the operation of the organization against the need for other infrastructure to be in place and operational to allow each component to be online, secure, and otherwise running properly.

Site restoration order might include a list like the following:

  1. Restore network connectivity and a bastion or shell host.
  2. Restore network security devices (firewalls, IPS).
  3. Restore storage and database services.
  4. Restore critical operational servers.
  5. Restore logging and monitoring service.
  6. Restore other services as possible.

Industrial camouflage = nondescript location to build a facility.

Fences act as a deterrent by both making it look challenging to access a facility and as an actual physical defense.

Bollards = posts or other obstacles that prevent vehicles from moving through an area.

Bright lighting that does not leave shadowed or dark areas is used to discourage intruders and to help staff feel safer.

Badges = used for entry access via magnetic stripe and radio frequency ID (RFID) access systems and also often include a picture and other information that can quickly allow personnel and guards to determine if the person is who they say they are.

Badges are often used with proximity readers, which use RFID to query a badge without requiring it to be inserted or swiped through a magnetic stripe reader.

Alarms and alarm systems are used to detect and alert about issues.

Fire suppression systems are an important part of safety systems and help with resilience by reducing the potential for disastrous fires.

Signage can remind authorized personnel that they are in a secure area

Some organizations use access control vestibules (often called mantraps) as a means to ensure that only authorized individuals gain access to secure areas and that attackers do not use piggybacking attacks to enter places they shouldn't be.

Security guards are used in areas where human interaction is either necessary or helpful.

Visitor logs are a common control used in conjunction with security guards.

Camera systems are a common form of physical security control, allowing security practitioners and others to observe what is happening in real time

The Security+ exam focuses on two types of camera capabilities:

  1. Motion recognition cameras activate when motion occurs. These types of camera are particularly useful in areas where motion is relatively infrequent.
  2. Object detection cameras and similar technologies can detect specific objects, or they have areas that they watch for changes.

Another form of camera system is a closed-circuit television (CCTV), which displays what the camera is seeing on a screen.

Common sensor systems include motion, noise, moisture, and temperature detection sensors. Motion and noise sensors are used as security sensors, or to turn on or off environment control systems based on occupancy. Temperature and moisture sensors help maintain datacenter environments

USB data blocker = device used to ensure that USB cables can only be used to transfer power, not data when chargers and other devices cannot be trusted.

Vaults are typically room size and built in place, whereas a safe is smaller and portable, or at least movable. Datacenters and vaults are typically designed with secure and redundant environmental controls,

In addition to the security features that are built into datacenters, environmental controls, including the use of hot aisles and cold aisles, play into their ability to safely house servers and other devices.

A hot aisle/cold aisle design places air intakes and exhausts on alternating aisles to ensure proper airflow,

Faraday cage = enclosure made up of conductive mesh that distributes charges from wireless device signals, thus stopping them.

Screened subnet, or a demilitarized zone [DMZ], can be logical or physical segments of a network that are used to contain systems that are accessible by the outside world or some other less secure population.

Screened subnets rely on network security devices like firewalls to provide segmentation that limits the flow of traffic into and out of the screened subnet, thus keeping higher security zones secure.

Air-gap designs physically separate network segments, thus preventing network connectivity. Air-gapped networks require data to be physically transported, typically after careful inspection and approval to enter the secure zone.

When data reaches the end of its lifespan, destroying the media that contains it is an important physical security measure.

Physical destruction is the most secure way to ensure data destruction, but nondestructive options are often desirable in a business environment to allow for the reuse of media or devices.

An even better option is to encrypt the SSD in use using a full-disk encryption tool for its entire lifespan. When the drive needs to be wiped, simply deleting the encryption key ensures that the data is unrecoverable.