Chapter 9 - Security+ 601
Degaussing
Magnetically wipes data from tapes and traditional magnetic media like hard hard drives. Only effective on magnetic media; will not work on SSDs, flash media, optical media, or paper.
Drone Defense
A newer concern for organizations is the broad use of drones and unmanned aerial vehicles (UAVs). Drones can be used to capture images of a site, to deliver a payload, or even to take action like cutting a wire or blocking a camera. Although drone attacks aren't a critical concern for most organizations, they are increasingly an element that needs to be considered. Antidrone systems include systems that can detect the wireless signals and electromagnetic emissions of drones, or the heat they produce via infrared sensors, acoustic systems that listen for the sounds of drones, radar that can detect the signature of a drone flying in the area, and of course optical systems that can recognize drones. Once they are spotted, a variety of techniques may be used against drones, ranging from kinetic systems that seek to shoot down or disable drones, to drone-jamming systems that try to block their control signals or even hijack them. Of course, laws also protect drones as property, and shooting down or disabling a drone on purpose may have expensive repercussions for the organization or individual who does so. This is a quickly changing threat for organizations, and one that security professionals will have to keep track of on an ongoing basis
Raid 5
A technique that stripes data across three or more drives and uses parity checking, so that if one drive fails, the other drives can re-create the data stored on the failed drive. RAID 5 drives increase performance and provide fault tolerance. Windows calls these drives RAID-5 volumes.
Which of the following controls helps prevent insider threats? A. Two-person control B. Visitor logs C. Air gaps D. Reception desks and staff
A. Two-person control is specifically intended to prevent insider threats by requiring two individuals to take a given action. Visitor logs help determine who may have been admitted to a facility but would not stop an insider threat. Air gaps protect from network-based attacks, but an insider can bypass the air gap intentionally. Reception staff allow insiders into a facility if they are permitted to enter, which will not stop an insider threat either.
Raid 1
Also called mirroring, this RAID array type provides fault tolerance because all the data is written identically to the two drives in the mirrored set. (2)
Florian wants to ensure that systems on a protected network cannot be attacked via the organization's network. What design technique should he use to ensure this? A. A hot aisle B. An air gap C. A cold aisle D. Protected cable distribution
B. A mantrap uses a pair of doors. When an individual enters, the first door must be closed and secured before the second door can be opened. This helps prevent tailgating, since the person entering will notice anybody following them through the secured area. A Faraday cage is used to stop EMI, a bollard prevents vehicular traffic, and an air gap is a physical separation of networks or devices.
Gabby wants to implement a mirrored drive solution. What RAID level does this describe? A. RAID 0 B. RAID 1 C. RAID 5 D. RAID 6
B. RAID 1 mirrors drives, providing higher read speeds and a redundant copy of the data while using twice the storage space. RAID 0 is striping; RAID 5 and 6 do striping with parity, using additional space to provide checksums for data.
Cynthia wants to clone a virtual machine. What should she do to capture a live machine, including the machine state? A. A full backup B. A snapshot C. A differential backup D. A LiveCD
B. Virtual machine snapshots capture the machine state at a point in time and will allow Cynthia to clone the system. A full backup and a differential backup can be used to capture the disk for the machine but typically will not capture the memory state and other details of the system state. A LiveCD allows you to boot and run a nonpersistent system from trusted media
What type of recovery site has some or most systems in place but does not have the data needed to take over operations? A. A hot site B. A warm site C. A cloud site D. A cold site
B. Warm sites have systems, connectivity, and power but do not have the live or current data to immediately take over operations. A hot site can immediately take over operations, whereas a cold site has space and power, and likely connectivity, but will require that systems and data be put in place to be used. Cloud sites are not one of the three common types of recovery sites.
Pulping
Breaks paper documents into wood pulp, removing ink. Materials can be recycled. Completely destroys documents to prevent recovery.
Why are Faraday cages deployed? A. To prevent tailgating B. To assist with fire suppression C. To prevent EMI D. To prevent degaussing
C. Faraday cages prevent electromagnetic emissions and are used to stop wireless signals and other unwanted EMI. Mantraps are used to prevent tailgating; Faraday cages are not used for fire suppression; and though a Faraday cage would likely stop a degausser, it isn't typically used for that purpose.
Kathleen wants to discourage potential attackers from entering the facility she is responsible for. Which of the following is not a common control used for this type of preventive defense? A. Fences B. Lighting C. Robotic sentries D. Signs
C. Fences, lighting, and signs can all help discourage potential malicious actors from entering an area, although a determined adversary will ignore or bypass all three. Robotic sentries appear in the exam outline but are not a common solution for most organizations.
Gurvinder identifies a third-party datacenter provider over 90 miles away to run his redundant datacenter operations. Why has he placed the datacenter that far away? A. Because it is required by law B. Network traffic latency concerns C. Geographic dispersal D. Geographic tax reasons
C. Geographic dispersal helps ensure that a single natural or man-made disaster does not disable multiple facilities. This distance is not required by law; latency increases with distance; and though there may be tax reasons in some cases, this is not a typical concern for a security professional
Madhuri wants to implement a camera system but is concerned about the amount of storage space that the video recordings will require. What technology can help with this? A. Infrared cameras B. Facial recognition C. Motion detection D. PTZ
C. Motion-detecting cameras can be used to help conserve storage space for video by recording only when motion is detected. In low-usage spaces like datacenters, this means recording will occur only occasionally. In more heavily used areas, the impact on total space used will be smaller but can still be meaningful, particularly after business hours. Infrared cameras, facial recognition, and the ability to pan, tilt, and zoom (PTZ) a camera are important features, but they do not help conserve storage space.
What factor is a major reason organizations do not use security guards? A. Reliability B. Training C. Cost D. Social engineering
C. Security guards can be one of the most costly physical security controls over time, making the cost of guards one of the most important deciding factors guiding when and where they will be employed. Reliability, training, and the potential for social engineering are all possible issues with security guards, but none of these is the major driver in the decision process.
Shredding
Can be done on-site; can support paper or devices using an industrial shredder. Traditional paper shredders may allow for recovery of documents, even from crosscut shredded documents. For high-security environments, burning or pulping may be required.
Cameras and Sensors
Camera systems are a common form of physical security control, allowing security practitioners and others to observe what is happening in real time and to capture video footage of areas for future use when conducting investigations or for other reasons. Cameras come in a broad range of types, including black and white, infrared, and color cameras, with each type suited to specific scenarios. In addition to the type of camera, the resolution of the camera, whether it is equipped with zoom lenses, and whether it has a pan/tilt/zoom (PTZ) capability are all factors in how well it works for its intended purpose and how much it will cost. The Security+ exam focuses on two types of camera capabilities: Motion recognition cameras activate when motion occurs. These types of camera are particularly useful in areas where motion is relatively infrequent. Motion recognition cameras, which can help conserve storage space, will normally have a buffer that will be retrieved when motion is recognized so that they will retain a few seconds of video before the motion started; that way, you can see everything that occurred. Object detection cameras and similar technologies can detect specific objects, or they have areas that they watch for changes. These types of camera can help ensure that an object is not moved and can detect specific types of objects like a gun or a laptop. The Security+ exam objectives do not currently include face recognition technologies—which not only capture video but can help recognize individuals—but we are mentioning facial recognition here because of its increasing role in modern security systems. You should be aware that facial recognition deployments may have privacy concerns in addition to technical concerns. A variety of factors can play into their accuracy, including the sets of faces they were trained on, the use of masks, or even the application of "dazzle paint" designed to confuse cameras. Another form of camera system is a closed-circuit television (CCTV), which displays what the camera is seeing on a screen. Some CCTV systems include recording capabilities as well, and the distinction between camera systems and CCTV systems is increasingly blurry as technologies converge. Cameras are not the only type of sensor system that organizations and individuals will deploy. Common sensor systems include motion, noise, moisture, and temperature detection sensors. Motion and noise sensors are used as security sensors, or to turn on or off environment control systems based on occupancy. Temperature and moisture sensors help maintain datacenter environments and other areas that require careful control of the environment, as well as for other monitoring purposes. Exam objective 2.7 includes "USB data blocker" along with more common physical security tools. This highly specific example is a device used to ensure that USB cables can only be used to transfer power, not data when chargers and other devices cannot be trusted. An alternative is a USB power-only cable.
Mike wants to stop vehicles from traveling toward the entrance of his building. What physical security control should he implement? A. An air gap B. A hot aisle C. A robotic sentry D. A bollard
D. Bollards are physical security controls that prevent vehicles from accessing or ramming doors or other areas. They may look like pillars, planters, or other innocuous objects. An air gap is a physical separation of technology environments; a hot aisle is the aisle where systems in a datacenter exhaust warm air; and unlike in movies, robotic sentries are not commonly deployed and aren't ready to stop vehicles in most current circumstances.
Rick performs a backup that captures the changes since the last full backup. What type of backup has he performed? A. A new full backup B. A snapshot C. An incremental backup D. A differential backup
D. Differential backups back up the changes since the last full backup. Incremental backups back up changes since the last backup, and snapshots are a live copy of a system. This is not a full backup, because it is capturing changes since a full backup.
New security models required for backups.
Separation of accounts, additional controls, and encryption of data in the remote storage location are all common considerations for use of third-party services
Time to retrieve files and cost to retrieve files.
Solutions like Amazon's Glacier storage focus on low-cost storage but have higher costs for retrieval, as well as slower retrieval times. Administrators need to understand storage tiering for speed, cost, and other factors, but they must also take these costs and technical capabilities into account when planning for the use of third-party and cloud backup capabilities
Off-site Storage Done Badly
The authors of this book encountered one organization that noted in an audit response that they used secure off-site storage. When the vendor was actually assessed, their off-site storage facility was a senior member of the organization's house, with drives taken home in that person's car periodically. Not only was their house close to the vendor's offices (rather than 90+ miles away in case of disaster), the only security was that the drives were locked into a consumer-level personal safe. They were not secured during transit, nor were they encrypted. The vendor had met the letter of the requirement but not the spirit of secure off-site storage!
nonpersistence.
This means the ability to have systems or services that are spun up and shut down as needed. Some systems are configured to revert to a known state when they are restarted; this is common in cloud environments where a code-defined system will be exactly the same as any other created and run with that code. Reversion to a known state is also possible by using snapshots in a virtualization environment or by using other tools that track changes or that use a system image or build process to create a known state at startup.
Virtualization systems and virtual desktop infrastructure (VDI)
also use images to create nonpersistent systems, which are run using a "gold master" image. The gold master image is not modified when the nonpersistent system is shut down, thus ensuring that the next user has the same expected experience.
Images
are a similar concept to snapshots, but most often they refer to a complete copy of a system or server, typically down to the bit level for the drive. This means that a restored image is a complete match to the system at the moment it was imaged. Images are a backup method of choice for servers where complex configurations may be in use, and where cloning or restoration in a short timeframe may be desired. Full backups, snapshots, and images can all mean similar things, so it is good to determine the technology and terminology in use as well as the specific implications of that technology and the decisions made for its implementation in any given system or architecture.
Fire suppression systems
are an important part of safety systems and help with resilience by reducing the potential for disastrous fires. One of the most common types of fire suppression system is sprinkler systems. There are four major types, including wet sprinkler systems, which have water in them all the time; dry sprinklers, which are empty until needed; pre-action sprinklers, which fill when a potential fire is detected and then release at specific sprinkler heads as they are activated by heat; and deluge sprinklers, which are empty, with open sprinkler heads, until they are activated and then cover an entire area
Water-based sprinkler systems
are not the only type of fire suppression system in common use. Gaseous agents, which displace oxygen, reduce heat, or help prevent the ability of oxygen and materials to combust, are often used in areas such as datacenters, vaults, and art museums where water might not be a viable or safe option. Chemical agents, including both wet and dry agents, are used as well; examples are foam-dispensing systems used in airport hangars and dry chemical fire extinguishers used in home and other places.
Raid 0
A RAID array in which every time data is written to disk, a portion (block) is written to each disk in turn, creating a "stripe" of data across the member disks. RAID 0 uses the total disk space in the array for storage, without protecting the data from drive failure. (2)
industrial camouflage to help protect them.
A common example is the nondescript location that companies pick for their call centers. Rather than making the call center a visible location for angry customers to seek out, many are largely unmarked and otherwise innocuous. Although security through obscurity is not a legitimate technical control, in the physical world being less likely to be noticed can be helpful in preventing many intrusions that might not otherwise happen.
snapshot.
A snapshot captures the full state of a system or device at the time the backup is completed. Snapshots are common for virtual machines (VMs), where they allow the machine state to be restored at the point in time that the snapshot was taken. Snapshots can be useful to clone systems, to go back in time to a point before a patch or upgrade was installed, or to restore a system state to a point before some other event occurred. Since they're taken live, they can also be captured while the system is running, often without significant performance impact. Like a full backup, a snapshot can consume quite a bit of space, but most virtualization systems that perform enterprise snapshots are equipped with compression and de-duplication technology that helps to optimize space usage for snapshots.
Sally is working to restore her organization's operations after a disaster took her datacenter offline. What critical document should she refer to as she restarts systems? A. The restoration order documentation B. The TOTP documentation C. The HOTP documentation D. The last-known good configuration documentation
A. A documented restoration order helps ensure that systems and services that have dependencies start in the right order and that high-priority or mission-critical services are restored first. TOTP and HOTP are types of one-time password technology, and last-known good configurations are often preserved with a snapshot or other technology that can allow a system to return to a known good status after an issue such as a bad patch or configuration change
Naomi wants to deploy a tool that can allow her to scale horizontally while also allowing her to patch systems without interfering with traffic to her web servers. What type of technology should she deploy? A. A load balancer B. NIC teaming C. Geographic diversity D. A multipath network
A. A load balancer will fit Naomi's needs perfectly. Load balancers can spread traffic across multiple systems while allowing specific systems to be added or removed from the service pools in use. NIC teaming is used to increase bandwidth or to provide multiple network connections to a system, geographic diversity helps ensure that a single disaster impacting an organization cannot take the organization offline, and a multipath network prevents the disruption of a single network path from causing an outage.
Michelle wants to ensure that attackers who breach her network security perimeter cannot gain control of the systems that run the industrial processes her organization uses as part of their business. What type of solution is best suited to this? A. An air gap B. A Faraday cage C. A cold aisle D. A screened subnet
A. An air gap is a physical separation of devices. By implementing an air gap, Michelle can ensure that devices cannot be accessed via the network, thus preventing intruders who have breached her network perimeter security from accessing the industrial control systems she is responsible for securing. A Faraday cage stops electromagnetic signals and emissions (EMI), a cold aisle is the air-conditioned aisle in a datacenter where cold air is pulled into systems, and a screened subnet is where systems that deal with untrusted traffic are placed.
Amanda wants to securely destroy data held on DVDs. Which of the following options is not a suitable solution for this? A. Degaussing B. Burning C. Pulverizing D. Shredding
A. Degaussing only works on magnetic media, and DVDs are optical media. Amanda could burn, pulverize, or even shred the DVDs to ensure that data is properly destroyed.
The Changing Model for Backups
As industry moves to a software-defined infrastructure model, including the use of virtualization, cloud infrastructure, and containers, systems that would have once been backed up are no longer being backed up. Instead, the code that defines them is backed up, as well as the key data that they are designed to provide or to access. This changes the equation for server and backup administrators, and methods of acquiring and maintaining backup storage are changing. It means that you, as a security professional, need to review organizational habits for backups to see if they match the new models, or if old habits may be having strange results—like backups being made of ephemeral machines, or developers trusting that a service provider will never experience data loss and thus not ensuring that critical data is backed up outside of that lone provider.
Pulverizing
Breaks devices down into very small pieces to prevent recovery. The size of the output material can determine the potential for recovery of data; typically pulverizing results in very small fragments of material.
How does technology diversity help ensure cybersecurity resilience? A. It ensures that a vulnerability in a single company's product will not impact the entire infrastructure. B. If a single vendor goes out of business, the company does not need to replace its entire infrastructure. C. It means that a misconfiguration will not impact the company's entire infrastructure. D. All of the above
D. Technology diversity helps ensure that a single failure—due to a vendor, vulnerability, or misconfiguration—will not impact an entire organization. Technology diversity does have additional costs, including training, patch management, and configuration management.
Ben wants to implement a RAID array that combines both read and write performance while retaining data integrity if a drive fails. Cost is not a concern compared to speed and resilience. What RAID type should he use? A. RAID 1 B. RAID 5 C. RAID 6 D. RAID 10
D. RAID 10 (1+0) combines the benefits and downfalls of both RAID 0, striping, and RAID 1 mirroring. In Ben's use case, where speed and resilience are important and cost is not, striped drives with full copies maintained via the mirror is his best option. RAID 5 and RAID 6 have slower performance but can survive a loss of a drive. RAID 1, mirroring, provides redundancy and read speeds but does not improve write speeds.
Scott sends his backups to a company that keeps them in a secure vault. What type of backup solution has he implemented? A. Nearline B. Safe C. Online D. Offline
D. Scott has implemented an offline backup scheme. His backups will take longer to retrieve because they are at a remote facility and will have to be sent back to him, but they are likely to survive any disaster that occurs in his facility or datacenter. Online backups are kept immediately accessible, whereas nearline backups can be retrieved somewhat more slowly than online backups but faster than offline backups. Safe backups is not an industry term
Raid 6
Disk striping with extra parity. Like RAID 5, but with more parity data. Requires five or more drives, but you can lose up to two drives at once and your data is still protected.
Three major types of disaster recovery sites are used for site resilience:
Hot sites have all the infrastructure and data needed to operate the organization. Because of this, some organizations operate them full time, splitting traffic and load between multiple sites to ensure that the sites are performing properly. This approach also ensures that staff are in place in case of an emergency. Warm sites have some or all of the systems needed to perform the work required by the organization, but the live data is not in place. Warm sites are expensive to maintain because of the hardware costs, but they can reduce the total time to restoration because systems can be ready to go and mostly configured. They balance costs and capabilities between hot sites and cold sites. Cold sites have space, power, and often network connectivity, but they are not prepared with systems or data. This means that in a disaster an organization knows they would have a place to go but would have to bring or acquire systems. Cold sites are challenging because some disasters will prevent the acquisition of hardware, and data will have to be transported from another facility where it is stored in case of disaster. However, cold sites are also the least expensive option to maintain of the three types.
Building Cybersecurity Resilience
In the CIA triad of confidentiality, integrity, and availability, a sometimes neglected element of availability is resilience. Availability is a critical part of an organization's security, because systems that are offline or otherwise unavailable are not meeting business needs. No matter how strong your confidentiality and integrity controls are, if your systems, networks, and services are not available when they are needed, your organization will be in trouble.
Reliability.
Many cloud providers have extremely high advertised reliability rates for their backup and storage services, and these rates may actually beat the expected durability of local tape or disk options.
Fences
Many facilities use fencing as a first line of defense. Fences act as a deterrent by both making it look challenging to access a facility and as an actual physical defense. Highly secure facilities will use multiple lines of fences, barbed wire or razor wire at the top, and other techniques to increase the security provided by the fence. Fence materials, the height of the fence, where entrances are placed and how they are designed, and a variety of other factors are all taken into consideration for security fencing.
Burning
Most often done in a high-temperature incinerator. Primarily used for paper records, although some incinerators may support electronic devices. Typically done off-site through a third-party service; leaves no recoverable materials.
Enhanced Security Zones and Secure Areas
Organizations frequently have a need for specific areas to have greater security than the rest of their spaces or areas. Datacenters are one of the most obvious secure areas for most organizations, as are vaults and safes, which are protected to ensure that unauthorized personnel do not gain access to them. Vaults are typically room size and built in place, whereas a safe is smaller and portable, or at least movable. Datacenters and vaults are typically designed with secure and redundant environmental controls, access controls, and additional security measures to ensure that they remain secure. In addition to the security features that are built into datacenters, environmental controls, including the use of hot aisles and cold aisles, play into their ability to safely house servers and other devices. A hot aisle/cold aisle design places air intakes and exhausts on alternating aisles to ensure proper airflow, allowing datacenter designers to know where to provide cool air and where exhaust needs to be handled. Hot and cold aisles aren't typically considered secure areas, although the datacenter where they are deployed usually is. The Security+ exam outline includes them in the same section as air gaps, vaults, and safes, so we have included them here. In some cases, administrative controls like two-person integrity control schemes are put in place to secure safes or vaults. In a two person control scheme, two trusted staff members must work together to provide access—with dual keys, with passwords, or with two portions of an access control factor. This strategy may be familiar to you from many military movies where nuclear weapons are launched only after two individuals insert their keys and turn them at the same time. Additional isolation for systems may be provided by physical controls such as a Faraday cage, which blocks electromagnetic fields. A Faraday cage is an enclosure made up of conductive mesh that distributes charges from wireless device signals, thus stopping them. High-security facilities may be constructed as a Faraday cage, or they may have one inside them to prevent cell phone and other electronic and wireless communications from occurring. Faraday cages are also sometimes used to allow wireless devices to be tested inside them without impacting other production networks and devices
Guards
Security guards are used in areas where human interaction is either necessary or helpful. Guards can make decisions that technical control systems cannot, and they can provide additional capabilities by offering both detection and response capabilities. Guards are commonly placed in reception areas, deployed to roam around facilities, and stationed in security monitoring centers with access to cameras and other sensors. Visitor logs are a common control used in conjunction with security guards. A guard can validate an individual's identity, ensure that they enter only the areas they are supposed to, and ensure that they have signed a visitor log and that their signature matches a signature on file or on their ID card. Each of these can be faked, however, an alert security guard can significantly increase the security of a facility. Security guards also bring their own challenges; humans can be fallible, and social engineering attempts can persuade guards to violate policies or even to provide attackers with assistance. Guards are also relatively expensive, requiring ongoing pay, whereas technical security controls are typically installed and maintained at lower costs. Consequently, guards are a solution that is deployed only where there is a specific need for their capabilities in most organizations.
Physical Security Controls
Security practitioners often focus on technical controls, but one of the most important lines of defense for an organization is the set of physical controls that it puts in place. Physical access to systems, facilities, and networks is one of the easiest ways to circumvent technical controls, whether by directly accessing a machine, stealing drives or devices, or plugging into a trusted network to bypass layers of network security control keeping it safe from the outside world.
Secure Data Destruction
When data reaches the end of its lifespan, destroying the media that contains it is an important physical security measure. Secure data destruction helps prevent data breaches, including intentional attacks like dumpster diving as well as unintentional losses through reuse of media, systems, or other data storage devices. Table 9.2 shows some of the most common options for destruction of paper records as well as media such as hard drives, tapes, flash-based devices, and even complete computers
Raid 10
a combination of RaID 1 and RaID 0 that requires at least four disks to work as an array of drives and provides the best redundancy and performance.
Locks
are one of the most common physical security controls you will encounter. A variety of lock types are commonly deployed, ranging from traditional physical locks that use a key, push buttons, or other code entry mechanisms, to locks that use biometric identifiers such as fingerprints, to electronic mechanisms connected to computer systems with card readers or passcodes associated with them. Locks can be used to secure spaces and devices or to limit access to those who can unlock them. Cable locks are a common solution to ensure that devices like computers or other hardware are not removed from a location. Although locks are heavily used, they are also not a real deterrent for most determined attackers. Locks can be bypassed, picked, or otherwise disabled if attackers have time and access to the lock. Thus, locks are not considered a genuine physical security control. A common phrase among security professionals is "Locks keep honest people honest."
Bollards
are posts or other obstacles like those shown in Figure 9.1 that prevent vehicles from moving through an area. Bollards may look like posts, pillars, or even planters, but their purpose remains the same: preventing vehicle access. Some bollards are designed to be removable or even mechanically actuated so that they can be raised and lowered as needed. Many are placed in front of entrances to prevent both accidents and intentional attacks using vehicles.
Alarms and alarm systems
are used to detect and alert about issues, including unauthorized access, environmental problems, and fires. Alarm systems may be locally or remotely monitored, and they can vary significantly in complexity and capabilities. Much like alerts from computer-based systems, alarms that alert too often or with greater frequency are likely to be ignored, disabled, or worked around by staff. In fact, some penetration testers will even find ways to cause alarms to go off repeatedly so that when they conduct a penetration test and the alarm goes off staff will not be surprised and won't investigate the alarm that the penetration tester actually caused!
access control vestibules (often called mantraps)
as a means to ensure that only authorized individuals gain access to secure areas and that attackers do not use piggybacking attacks to enter places they shouldn't be. An access control vestibule is a pair of doors that both require some form of authorized access to open (see Figure 9.2). The first door opens after authorization and closes, and only after it is closed can the person who wants to enter provide their authorization to open the second door. That way, a person following behind (piggybacking) will be noticed and presumably will be asked to leave or will be reported
Separation of servers and other devices in datacenters is also commonly used to
avoid a single rack being a point of failure. Thus, systems may be placed in two or more racks in case of a single point failure of a power distribution unit (PDU) or even something as simple as a leak that drips down into the rack.
Badges
can play a number of roles in physical security. In addition to being used for entry access via magnetic stripe and radio frequency ID (RFID) access systems, badges also often include a picture and other information that can quickly allow personnel and guards to determine if the person is who they say they are, what areas or access they should have, and if they are an employee or guest. This also makes badges a target for social engineering attacks by attackers who want to acquire, copy, or falsify a badge as part of their attempts to get past security. Badges are often used with proximity readers, which use RFID to query a badge without requiring it to be inserted or swiped through a magnetic stripe reader.
off-site storage for their backup media,
either at a site they own and operate or through a third-party service like Iron Mountain, which specializes in storage of secure backups in environmentally controlled facilities. Off-site storage, a form of geographic diversity, helps ensure that a single disaster cannot destroy an organization's data entirely. As in our earlier discussion of geographic diversity, distance considerations are also important to ensure that a single regional disaster is unlikely to harm the off-site storage
Bandwidth requirements
for both the backups themselves and restoration time if the backup needs to be restored partially or fully. Organizations with limited bandwidth or locations with low bandwidth are unlikely to be able to perform a timely restoration. This fact makes off-site options less attractive if quick restoration is required, but they remain attractive from a disaster recovery perspective to ensure that data is not lost completely.
Diversity of technologies
is another way to build resilience into an infrastructure. Using different vendors, cryptographic solutions, platforms, and controls can make it more difficult for a single attack or failure to have system- or organizationwide impacts. There is a real cost to using different technologies such as additional training, the potential for issues when integrating disparate systems, and the potential for human error that increases as complexity increases.
Signage
may not immediately seem like a security control, but effective signage can serve a number of purposes. It can remind authorized personnel that they are in a secure area and that others who are not authorized should not be permitted to enter and should be reported if they are seen. Signs can also serve as a deterrent control, such as those that read "authorized personnel only." However, much like many other deterrent controls, signs act to prevent those who might casually violate the rules the sign shows, not those actively seeking to bypass the security controls an organization has in place.
Lighting
plays a part in exterior and interior security. Bright lighting that does not leave shadowed or dark areas is used to discourage intruders and to help staff feel safer. Automated lighting can also help indicate where staff are active, allowing security guards and other staff members to know where occupants are
One of the most common ways to build resilience is through
redundancy—in other words, having more than one of a system, service, device, or other component. As you read through these solutions, bear in mind that designing for resilience requires thinking through the entire environment that a resilient system or service resides in. Power, environmental controls, hardware and software failures, network connectivity, and any other factor that can fail or be disrupted must be assessed. Single points of failure—places where the failure of a single device, connection, or other element could disrupt or stop the system from functioning—must be identified and either compensated for or documented in the design.
Vertical scalability
requires a larger or more powerful system or device. Vertical scalability can help when all tasks or functions need to be handled on the same system or infrastructure. Vertical scalability can be very expensive to increase, particularly if the event that drives the need to scale is not ongoing or frequent. There are, however, times when vertical scalability is required, such as for every large memory footprint application that cannot be run on smaller, less capable systems
Use of multiple network paths (multipath) solutions ensures
that a severed cable or failed device will not cause a loss of connectivity.
Geographic dispersal of systems ensures
that a single disaster, attack, or failure cannot disable or destroy them. For datacenters and other facilities, a common rule of thumb is to place datacenters at least 90 miles apart, preventing most common natural disasters from disabling both (or more!) datacenters. This also helps ensure that facilities will not be impacted by issues with the power grid, network connectivity, and other similar issues.
Systems and storage redundancy helps ensure
that failed disks, servers, or other devices do not cause an outage.
Horizontal scaling
uses smaller systems or devices but adds more of them. When designed and managed correctly, a horizontally scaled system can take advantage of the ability to transparently add and remove more resources, allowing it to adjust as needs grow or shrink. This approach also provides opportunities for transparent upgrades, patching, and even incident response.
Protection of power,
through the use of uninterruptible power supply (UPS) systems that provide battery or other backup power options for short periods of time; generator systems that are used to provide power for longer outages; and design elements, such as dual-supply or multisupply hardware, ensures that a power supply failure won't disable a server. Managed power distribution units (PDUs) are also used to provide intelligent power management and remote control of power delivered inside server racks and other environments
an incremental backup,
which captures the changes since the last backup and is faster to back up but slower to recover;
differential backup,
which captures the changes since the last full backup and is faster to recover but slower to back up.
NIC teaming,
which combines multiple network cards into a single virtual network connection. Redundant network interface cards (NICs) are also used to ensure connectivity in situations where a system's availability is important and multiple systems cannot be reasonably used. Redundant NICs are likely to be connected to independent network paths to ensure end-to-end reliability, whereas NIC teams will connect to the same network devices in case of a NIC failure while providing greater bandwidth.
a full backup,
which copies the entire device or storage system
Load balancers,
which make multiple systems or services appear to be a single resource, allowing both redundancy and increased ability to handle loads by distributing it to more than one system. Load balancers are also commonly used to allow system upgrades by redirecting traffic away from systems that will be upgraded and then returning that traffic after they are patched or upgraded.