Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security+ Guide to Network Security Fundamentals, Third Edition

Published byVance Priest Modified over 9 years ago

Similar presentations

Presentation on theme: "Security+ Guide to Network Security Fundamentals, Third Edition"— Presentation transcript:

1 Security+ Guide to Network Security Fundamentals, Third Edition
Chapter 13 Business Continuity

2 Objectives Define environmental controls
Describe the components of redundancy planning List disaster recovery procedures Describe incident response procedures Security+ Guide to Network Security Fundamentals, Third Edition

3 Environmental Controls
Preventing disruptions or even attacks through environmental controls involves using fire suppression, proper shielding, and configuring HVAC systems Security+ Guide to Network Security Fundamentals, Third Edition

4 Fire Suppression Damage inflicted as a result of a fire continues to remain high Fire suppression is an important concern for the safety of employees and business continuity In order for a fire to occur, four entities must be present at the same time: A type of fuel or combustible material Sufficient oxygen to sustain the combustion Enough heat to raise the material to its ignition temperature A chemical reaction that is the fire itself Security+ Guide to Network Security Fundamentals, Third Edition

5 Fire Suppression (continued)
Security+ Guide to Network Security Fundamentals, Third Edition

6 Fire Suppression (continued)
It is important to use the correct fire suppression system Not only to extinguish the fire but also minimize any residual damage Fires are divided into five categories See Table 13-2 Security+ Guide to Network Security Fundamentals, Third Edition

7 Fire Suppression (continued)
Security+ Guide to Network Security Fundamentals, Third Edition

8 Security+ Guide to Network Security Fundamentals, Third Edition

9 Fire Suppression (continued)
In a server closet or room that contains computer equipment Using a handheld fire extinguisher is not recommended because the chemical contents can contaminate electrical equipment Instead, stationary fire suppression systems should be: Integrated into the building’s infrastructure Release the suppressant in the room Security+ Guide to Network Security Fundamentals, Third Edition

10 Security+ Guide to Network Security Fundamentals, Third Edition

11 Electromagnetic Shielding
Computer systems, cathode ray tube monitors, printers, and similar devices all emit electromagnetic fields That are produced by signals or the movement of data Van Eck phreaking A form of eavesdropping in which special equipment is used to pick up telecommunication signals or data within a computer device By monitoring the electromagnetic fields Security+ Guide to Network Security Fundamentals, Third Edition

12 Electromagnetic Shielding (continued)
Faraday cage A metallic enclosure that prevents the entry or escape of an electromagnetic field Consists of a grounded fine-mesh copper screening Telecommunications Electronics Material Protected from Emanating Spurious Transmissions (TEMPEST) A secret US government standard Intended to “reduce the conducted and radiated emissions from within the sensitive environment to an undetectable level outside the shielded enclosure in uncontrolled areas” Security+ Guide to Network Security Fundamentals, Third Edition

13 Electromagnetic Shielding (continued)
Security+ Guide to Network Security Fundamentals, Third Edition

14 HVAC Heating, ventilation, and air conditioning (HVAC) systems
Provide and regulate heating and cooling for data centers Controlling environmental factors can reduce electrostatic discharge (ESD) The sudden flow of electric current between two objects, which can destroy electronic equipment Another consideration regarding HVAC is the location of computer equipment outside of the data center Security+ Guide to Network Security Fundamentals, Third Edition

15 Redundancy Planning One of the primary ways to ensure business continuity is to use redundancy planning Which involves building excess capacity in order to protect against failures Redundancy planning can involve redundancy for servers, storage, networks, power, and even sites Security+ Guide to Network Security Fundamentals, Third Edition

16 Servers A crash of a single server that supports a critical application can have a significant impact Single point of failure The loss of one entity would adversely affect the organization One common approach is for the organization to design the network infrastructure So that multiple servers are incorporated into the network yet appear to users and applications as a single computing resource Security+ Guide to Network Security Fundamentals, Third Edition

17 Servers (continued) Server cluster
The combination of two or more servers that are interconnected to appear as one There are two types of server clusters: Asymmetric server cluster A standby server exists only to take over for another server in the event of its failure Symmetric server cluster Every server in the cluster performs useful work Security+ Guide to Network Security Fundamentals, Third Edition

18 Servers (continued) Security+ Guide to Network Security Fundamentals, Third Edition

19 Storage Mean time between failures (MTBF) Fault tolerance
Refers to the average (mean) time until a component fails, cannot be repaired, and must be replaced Calculating the MTBF involves taking the total time measured divided by the total number of failures observed Fault tolerance The ability to endure failures Prevents a single problem from escalating into a major failure Can often be achieved by maintaining redundancy Security+ Guide to Network Security Fundamentals, Third Edition

20 Storage (continued) RAID (Redundant Array of Independent Drives)
Uses multiple hard disk drives for increased reliability and performance The most common levels of RAID are: RAID Level 0 (striped disk array without fault tolerance) RAID Level 1 (mirroring) RAID Level 5 (independent disks with distributed parity) RAID 0+1 (high data transfer) Security+ Guide to Network Security Fundamentals, Third Edition

21 Security+ Guide to Network Security Fundamentals, Third Edition

22 Security+ Guide to Network Security Fundamentals, Third Edition

23 Security+ Guide to Network Security Fundamentals, Third Edition

24 Networks Redundant network
“Waits” in the background during normal operations Uses a replication scheme to keep its copy of the live network information current Virtually all network components can be duplicated to provide a redundant network In addition, some organizations contract with more than one Internet Service Provider (ISP) for remote connectivity Security+ Guide to Network Security Fundamentals, Third Edition

25 Power Uninterruptible power supply (UPS) Two primary types of UPS
A device that maintains power to equipment in the event of an interruption in the primary electrical power source Two primary types of UPS Off-line UPS On-line UPS UPS systems can also communicate with the network operating system on a server To ensure that an orderly shutdown occurs Security+ Guide to Network Security Fundamentals, Third Edition

26 Power (continued) A UPS can complete the following tasks:
Send a message to the network administrator’s computer, or page or telephone the network manager to indicate that the power has failed Notify all users that they must finish their work immediately and log off Prevent any new users from logging on Disconnect users and shut down the server Because a UPS can only supply power for a limited amount of time, some organizations turn to using a backup generator to create power Security+ Guide to Network Security Fundamentals

27 Sites Redundancy can also be planned for the entire site itself
Hot site Generally run by a commercial disaster recovery service Allows a business to continue computer and network operations to maintain business continuity Cold site Provides office space but the customer must provide and install all the equipment needed to continue operations Security+ Guide to Network Security Fundamentals, Third Edition

28 Sites (continued) Warm site
Has all of the equipment installed but does not have active Internet or telecommunications facilities, and does not have current backups of data Security+ Guide to Network Security Fundamentals, Third Edition

29 Disaster Recovery Procedures
Procedures and processes for restoring an organization’s IT operations following a disaster Focuses on restoring computing and technology resources to their former state Disaster recovery procedures include planning, disaster exercises, and performing data backups Security+ Guide to Network Security Fundamentals, Third Edition

30 Planning Disaster recovery plan (DRP)
A written document that details the process for restoring IT resources Following an event that causes a significant disruption in service Comprehensive in its scope, a DRP is intended to be a detailed document that is updated regularly All disaster recovery plans are different Security+ Guide to Network Security Fundamentals, Third Edition

31 Planning (continued) Security+ Guide to Network Security Fundamentals, Third Edition

32 Planning (continued) Most disaster recovery plans address the common features included in the following typical outline: Unit 1: Purpose and Scope Unit 2: Recovery Team Unit 3: Preparing for a Disaster Unit 4: Emergency Procedures Unit 5: Restoration Procedures It is important that a good DRP contains sufficient detail Security+ Guide to Network Security Fundamentals, Third Edition

33 Planning (continued) Security+ Guide to Network Security Fundamentals, Third Edition

34 Disaster Exercises Disaster exercises are designed to test the effectiveness of the DRP Objectives of these disaster exercises: Test the efficiency of interdepartmental planning and coordination in managing a disaster Test current procedures of the DRP Determine the strengths and weaknesses in responses Security+ Guide to Network Security Fundamentals, Third Edition

35 Data Backups Data backup Five basic questions that should be answered:
Information copied to a different medium and stored at an offsite location so that it can be used in the event of a disaster Five basic questions that should be answered: What information should be backed up? How often should it be backed up? What media should be used? Where should the backup be stored? What hardware or software should be used? Security+ Guide to Network Security Fundamentals, Third Edition

36 Data Backups (continued)
Backup software can internally designate which files have already been backed up By setting an archive bit in the properties of the file Backing up to magnetic tape has been the mainstay of data backups for over 30 years Grandfather-father-son backup system Divides backups into three sets: a daily backup (son), a weekly backup (father), and a monthly backup (grandfather) Security+ Guide to Network Security Fundamentals, Third Edition

37 Security+ Guide to Network Security Fundamentals, Third Edition

38 Data Backups (continued)
Security+ Guide to Network Security Fundamentals, Third Edition

39 Security+ Guide to Network Security Fundamentals, Third Edition

40 Data Backups (continued)
Recovery point objective (RPO) The maximum length of time that an organization can tolerate between backups Recovery time objective (RTO) The length of time it will take to recover the data that has been backed up An alternative to using magnetic tape is to back up to magnetic disk Such as a large hard drive or RAID configuration This is known as disk to disk (D2D) Security+ Guide to Network Security Fundamentals, Third Edition

41 Data Backups (continued)
D2D offers better RPO than tape However, as with any hard drive, the D2D drive may be subject to failure or data corruption Disk to disk to tape (D2D2T) Combines the best of magnetic tape and magnetic disk Uses the magnetic disk as a temporary storage area Continuous data protection (CDP) Performs continuous data backups that can be restored immediately Security+ Guide to Network Security Fundamentals, Third Edition

42 Data Backups (continued)
Security+ Guide to Network Security Fundamentals, Third Edition

43 Data Backups (continued)
Security+ Guide to Network Security Fundamentals, Third Edition

44 Incident Response Procedures
Incident response procedures include using forensic science and properly responding to a computer forensics event Security+ Guide to Network Security Fundamentals, Third Edition

45 What Is Forensics? Computer forensics
Forensics, also known as forensic science The application of science to questions that are of interest to the legal profession Computer forensics Can attempt to retrieve information—even if it has been altered or erased—that can be used in the pursuit of the attacker or criminal Also used to limit damage and loss of control of data Security+ Guide to Network Security Fundamentals, Third Edition

46 What Is Forensics? (continued)
The importance of computer forensics is due in part to the following: High amount of digital evidence Increased scrutiny by the legal profession Higher level of computer skill by criminals Security+ Guide to Network Security Fundamentals, Third Edition

47 Responding to a Computer Forensics Incident
Secure the crime scene The computer forensics response team should be contacted whenever digital evidence needs to be preserved and serve as first responders The physical surroundings of the computer should be clearly documented Photographs of the area should be taken before anything is touched The computer should be photographed from several angles Cables connected to the computer should be labeled Security+ Guide to Network Security Fundamentals, Third Edition

48 Responding to a Computer Forensics Incident (continued)
Preserve the evidence Team should first capture any volatile data The team should next focus on the hard drive Mirror image backups replicate all sectors of a computer hard drive, including all files and any hidden data storage areas Chain of custody Documents that the evidence was under strict control at all times and no unauthorized person was given the opportunity to corrupt the evidence Security+ Guide to Network Security Fundamentals, Third Edition

49 Responding to a Computer Forensics Incident (continued)
Examine for evidence After a computer forensics expert creates a mirror image of a system: Original system is secured Mirror image is examined to reveal evidence Includes searching word processing documents, files, spreadsheets, and other documents for evidence Hidden clues can also be mined and exposed Including the Windows page file Another source of hidden data is called slack Security+ Guide to Network Security Fundamentals, Third Edition

50 Responding to a Computer Forensics Incident (continued)
Examine for evidence (continued) RAM slack Can contain any information that has been created, viewed, modified, downloaded, or copied since the computer was last booted Drive file slack (sometimes called drive slack) Contains remnants of previously deleted files or data from the format pattern associated with disk storage space that has yet to be used by the computer An additional source of hidden clues can be gleaned from metadata, or data about data Security+ Guide to Network Security Fundamentals, Third Edition

51 Security+ Guide to Network Security Fundamentals, Third Edition

52 Security+ Guide to Network Security Fundamentals, Third Edition

53 Summary Environmental controls are designed to prevent disruptions to an organization One method for ensuring business continuity is to use redundancy planning Power redundancy can be attained by using an uninterruptible power supply (UPS) Disaster recovery is defined as the procedures and processes for restoring an organization’s IT operations following a disaster Forensic science is the application of science to questions that are of interest to the legal profession Security+ Guide to Network Security Fundamentals, Third Edition

Download ppt "Security+ Guide to Network Security Fundamentals, Third Edition"

Similar presentations

Information Technology Disaster Recovery Awareness Program.

Information Technology Disaster Recovery Awareness Program.
Business Plug-In B4 MIS Infrastructures.

Business Plug-In B4 MIS Infrastructures.
Chapter 13: Advanced Security and Beyond Security+ Guide to Network Security Fundamentals Second Edition.

Chapter 13: Advanced Security and Beyond Security+ Guide to Network Security Fundamentals Second Edition.
Chapter 13: Advanced Security and Beyond

Chapter 13: Advanced Security and Beyond
Database Administration and Security Transparencies 1.

Database Administration and Security Transparencies 1.
Discovering Computers Fundamentals, Third Edition CGS 1000 Introduction to Computers and Technology Fall 2006.

Discovering Computers Fundamentals, Third Edition CGS 1000 Introduction to Computers and Technology Fall 2006.
Chapter 5: Server Hardware and Availability. Hardware Reliability and LAN The more reliable a component, the more expensive it is. Server hardware is.

Chapter 5: Server Hardware and Availability. Hardware Reliability and LAN The more reliable a component, the more expensive it is. Server hardware is.
9 - 1 Computer-Based Information Systems Control.

9 - 1 Computer-Based Information Systems Control.
Chapter 10: Operational Security Security+ Guide to Network Security Fundamentals Second Edition Instructor by Sukchatri PRASOMSUK.

Chapter 10: Operational Security Security+ Guide to Network Security Fundamentals Second Edition Instructor by Sukchatri PRASOMSUK.
Slides copyright 2010 by Paladin Group, LLC used with permission by UMBC Training Centers, LLC.

Slides copyright 2010 by Paladin Group, LLC used with permission by UMBC Training Centers, LLC.
Evidor: The Evidence Collector Software using for: Software for lawyers, law firms, corporate law and IT security departments, licensed investigators,

Evidor: The Evidence Collector Software using for: Software for lawyers, law firms, corporate law and IT security departments, licensed investigators,
1 ITC242 – Introduction to Data Communications Week 12 Topic 18 Chapter 19 Network Management.

1 ITC242 – Introduction to Data Communications Week 12 Topic 18 Chapter 19 Network Management.
Chapter 9 - Control in Computerized Environment ATG 383 – Spring 2002.

Chapter 9 - Control in Computerized Environment ATG 383 – Spring 2002.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 6 Enterprise Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 6 Enterprise Security.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 12: Managing and Implementing Backups and Disaster Recovery.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 12: Managing and Implementing Backups and Disaster Recovery.
Processing Integrity and Availability Controls

Processing Integrity and Availability Controls
Security+ Guide to Network Security Fundamentals, Fourth Edition

Security+ Guide to Network Security Fundamentals, Fourth Edition
Concepts of Database Management Seventh Edition

Concepts of Database Management Seventh Edition
Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin CHAPTER FIVE INFRASTRUCTURES: SUSTAINABLE TECHNOLOGIES CHAPTER.

Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin CHAPTER FIVE INFRASTRUCTURES: SUSTAINABLE TECHNOLOGIES CHAPTER.
1 Lesson 3 Computer Protection Computer Literacy BASICS: A Comprehensive Guide to IC 3, 3 rd Edition Morrison / Wells.

1 Lesson 3 Computer Protection Computer Literacy BASICS: A Comprehensive Guide to IC 3, 3 rd Edition Morrison / Wells.

Similar presentations

Ads by Google