chapter 13-14-15
Types of CDP
Block level CDP (Entire volumes) File level CDP (Individual files) Application level CDP (Individual application changes)
Types of backups
Full Differential Incremental
Order of volatility data
Register, cache, peripheral memory (first) Random access memory (RAM) (Second) Network state (third) Running processes (Fourth)
The steps in damage control include:
Report the incident to security or the police Confront any suspects Neutralize the suspected perpetrator from harming others Secure physical security features Quarantine electronic equipment Contact the response team
UPS can complete the following tasks if the power goes down:
Send a message to the administrator's pc, page, phone to indicate that the power as failed Notify all the users to save their work immediately Prevent new users from logging on Disconnect users and shut down the server
Differential backup
any data that has changed since last backup. Archive bit is not cleared
Incremental backup
backups any data that has changed since last full backup or last incremental backup. Archive bit is cleared
Continuous data protection (CDP)
data backups that can be restored immediately providing excellent RPO and CDP
Business impact analysis
identifies mission-critical business functions and quantifies the impact a loss of such functions.
FIPS-140
is a government standard that defines procedures, hardware, and software that can be employed when performing forensic investigations of cyber crime.
Sevice level agreement (SLA)
is a service contract between a vendor and a client that specifies what services will be provided, the responsibilities of each party and guarantees of services based on the percentages of guaranteed uptime.
Disaster recovery plan (DRP)
is a written document that details the process for restoring IT functions and services to their former state.
On-line UPS
is always running off its battery while the main power runs the battery charger. Clean the electrical power before it reaches the server also serves as surge protector, keeps intense spikes of electrical current such as thunderstorms.
IT contingency planning
is developing an outline of procedures that are to be followed in the event of major IT incident. Its goal is to ensure the business will continue to function at an acceptable level.
Disk to Disk (D2D) backup
is faster than tape. May be subject to failure or data corruption Some systems file may not be as well suited for this type of backup
Mean time to recovery (MTTR)
is the average amount of time that it will take a device to recover from a failure that is not a terminal failure.
Clustering
is the combination of two or more devices that appear as a single one.
Sever Clustering
is the combination of two or more servers that are interconnected to appear as one.
Off-line UPS
is the least expensive and simple solution. If power is interrupted the UPS will supplies power to the equipment.
Recovery Point objective (RPO)
is the length of time it will take to recover the data that has been backed up
Business continuity planning and testing
is the process of identifying exposure to threats, creative preventive and recovery procedures, and then testing them to determine if they are sufficient.
Asymmetric server cluster
standby server exists only to take over for another sever in the event of a failure. Performs no useful work that be ready if it is needed. Provide high-availability apps that required high level of read and write such as databases, messaging systems, and file and print services
Mean time between failures (MTBF)
the average amount of time until a component fails and cannot be repaired.
Full backup
the starting point for all backups. Archive bit is cleared
Symmetric sever cluster
Performs useful work. If one server fails the other severs continue their normal work. Are more cost-effective because they take advantage of all of the sever. Usually is used in environments in which is the primary sever is for a particular set of applications such as web servers, media servers, and VPN.
Incident response Procedures steps
Preparation: Execution Analysis
Disk to Disk to Tape (D2D2T)
Uses magnetic disk as a temporary storage area. First, data is copy to a disk so the server does not have to be off line for an extended period of time. Then is copy to the tape.
How to calculate single loss expectancy (SLE)?
Asset value (AV) x Exposure factor (EF) (%) = SLE
How to calculate annualized loss expectancy (ALE)?
Asset value (AV) x Exposure factor (EF) (%) x Annualized Rate of Occurrence (ARO) = ALE
Types of sever clusters
Asymmetric sever cluster Symmetric server cluster
