Lesson 20

Implementing Cybersecurity Resilience

Topic 20A
Implement Redundancy Strategies

CompTIA Security+ Lesson 20 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 2
Syllabus Objectives Covered

• 2.5 Given a scenario, implement cybersecurity resilience

CompTIA Security+ Lesson 20 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 3
High Availability

• Maximum tolerable downtime Availability Annual Downtime

(MTD) 99.9999% 00:00:32
• Scheduled service intervals versus
unplanned outages 99.999% 00:05:15

• Scalability 99.99% 00:52:34

• Increase capacity within similar 99.9% 08:45:36

cost ratio
• Scale out versus scale up 99.0% 87:36:00

• Elasticity
• Cope with changes to demand in
real time
• Fault tolerance and redundancy

CompTIA Security+ Lesson 20 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 4
Power Redundancy

• Power problems
• Spikes and surges
• Blackouts and brownouts
• Dual power supplies
• Component redundancy for server chassis
• Managed power distribution units (PDUs)
• Protection against spikes, surges, and brownouts
• Remote monitoring
• Battery backups and uninterruptible power supply (UPS)
• Battery backup at component level
• UPS battery backups for servers and appliances
• Generators
CompTIA Security+ Lesson 20 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 5
Network Redundancy

• Network interface card (NIC)/adapter teaming

• Adapters with multiple ports
• Multiple adapters
• More bandwidth (except during failover)
• Switching and routing
• Design network with multiple paths
• Load balancers
• Load balancing switch to distribute workloads
• Clusters provision multiple redundant servers to share data and session
information

CompTIA Security+ Lesson 20 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 6
Disk Redundancy

• Redundant array of independent disks (RAID)

• RAID 1
• Mirroring
• 50% storage efficiency
• RAID 5 and RAID 6
• Striping with distributed parity
• Better storage efficiency
• Nested RAID
• Better performance or redundancy
• (RAID 0)
• Multipath
• Controller and cabling redundancy
CompTIA Security+ Lesson 20 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 7
Geographical Redundancy and Replication

• Replication context
• Local storage (RAID)
• Storage area network (SAN)
• Database
• Virtual machine (VM)
• Geographic dispersal
• Asynchronous and synchronous replication
• Synchronous (must be written at both sites—expensive)
• Asynchronous (one site is primary and the others secondary)
• Optimum distances between sites
• On-premises versus cloud

CompTIA Security+ Lesson 20 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 8
Topic 20B
Implement Backup Strategies

CompTIA Security+ Lesson 20 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 9
Syllabus Objectives Covered

• 2.5 Given a scenario, implement cybersecurity resilience

CompTIA Security+ Lesson 20 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 10
Backups and Retention Policy

• Short term retention

• Version control and recovery from
corruption/malware
• Long term retention
• Regulatory/business requirements
• Recovery window
• Recovery point objective (RPO)

Screenshot used with permission from Acronis.

CompTIA Security+ Lesson 20 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 11
Backup Types

CompTIA Security+ Lesson 20 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 12
 Snapshots

• Snapshots
• Feature of file system allowing
open file copy
• Volume Shadow Copy Service
(VSS)
• VM snapshots and checkpoints
• Image-based backup
• System images

Screenshot used with permission from Acronis.

CompTIA Security+ Lesson 20 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 13
Backup Storage Issues

• Backup security
• Access control and encryption
• Offsite storage
• Distance consideration
• Physical transfer
• Network/cloud backups
• Online versus offline backups
• Speed of restore operations
• Risk to online backup data
• 3-2-1 rule

CompTIA Security+ Lesson 20 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 14
Backup Media Types

• Disk
• SOHO backups
• Lack enterprise-level capacity and manageability
• Network attached storage (NAS)
• File-level/protocol-based access
• No offsite option
• Tape
• Enterprise-level capacity and manageability
• Storage area network (SAN) and cloud
• Block-level access to storage devices
• Highly configurable
• Mix storage technologies to implement performance tiers

CompTIA Security+ Lesson 20 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 15
Restoration Order

1. Power delivery systems

2. Switch infrastructure then routing appliances and systems
3. Network security appliances
4. Critical network servers
5. Backend and middleware and verify data integrity
6. Front-end applications
7. Client workstations and devices and client browser access

CompTIA Security+ Lesson 20 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 16
Non-Persistence

• Separate compute instance from data

• Snapshot/revert to known state
• Rollback to known configuration
• Live boot media
• Provisioning
• Master image
• Automated build from template
• Configuration validation

CompTIA Security+ Lesson 20 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 17
Topic 20C
Implement Cybersecurity Resiliency Strategies

CompTIA Security+ Lesson 20 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 18
Syllabus Objectives Covered

• 2.1 Explain the importance of security concepts in an enterprise

environment
• 2.5 Given a scenario, implement cybersecurity resilience
• 5.3 Explain the importance of policies to organizational security

CompTIA Security+ Lesson 20 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 19
Configuration Management

• Service assets
• Configuration items (CIs)
• Assets that require configuration management
• Baseline configuration
• Configuration management system (CMS)
• Creating and updating diagrams
• Workflows
• Physical and logical network topologies
• Network rack layouts
• …

CompTIA Security+ Lesson 20 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 20
Asset Management

• Inventory/asset management database

• Asset identification and standard naming conventions
• Barcodes and RFID tags
• Standard naming conventions for asset IDs
• Attribute fields and tags
• Internet protocol (IP) schema
• Static allocation versus DHCP ranges
• IP address management (IPAM) software suites

CompTIA Security+ Lesson 20 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 21
Change Control and Change Management

• Change control
• Assess whether a change should be made
• Classifying change (reactive, proactive, risk)
• Request for Change (RFC)
• Change Advisory Board (CAB)
• Change management
• Ensure changes are applied with minimum disruption
• Rollback plan

CompTIA Security+ Lesson 20 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 22
Site Resiliency

• Alternate processing sites/recovery sites

• Provide redundancy for damage to resources stored on the primary site
• Failover to alternate processing site (or system)
• Hot site
• Instantaneous failover
• Warm site
• Some delay or manual configuration before failover occurs
• Cold site
• Significant delay and configuration before failover can occur

CompTIA Security+ Lesson 20 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 23
Diversity and Defense in Depth

• Layered security and defense in depth

• Technology and control diversity
• Provision different classes and types of controls
• Mix technical, administrative, and physical controls
• Deploy controls to prevent, deter, detect, and correct
• Vendor diversity
• Use more than one supplier
• Crypto diversity

CompTIA Security+ Lesson 20 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 24
Deception and Disruption Strategies

• Asymmetry of attack and defense

• Active defense
• Fake/decoy assets
• Honeypots, honeynets, and honeyfiles
• Breadcrumbs
• Disruption strategies
• Bogus DNS records
• Decoy directories and resources
• Port spoofing to return fake telemetry/monitoring data
• DNS sinkholes

CompTIA Security+ Lesson 20 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 25
Lesson 20
Summary

CompTIA Security+ Lesson 20 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 26