Presentation is loading. Please wait.

Presentation is loading. Please wait.

CompTIA Security+ Study Guide (SY0-401)

Published byBrook Spencer Modified over 6 years ago

Similar presentations

Presentation on theme: "CompTIA Security+ Study Guide (SY0-401)"— Presentation transcript:

1 CompTIA Security+ Study Guide (SY0-401)
Chapter 12: Disaster Recovery and Incident Response

2 Chapter 12: Disaster Recovery and Incident Response
Given a scenario, implement basic forensic procedures. Summarize common incident response procedures. Summarize risk management best practices. Explain the proper use of penetration testing versus vulnerability scanning.

3 Disaster Recovery Disaster recovery Backups
The ability to recover system operations after a disaster Backups Duplicate copies of key information, ideally stored in a location other than the one where the information is currently stored

4 Business Continuity Planning
Business continuity planning (BCP) The process of implementing policies, controls and procedures to counteract the effects of losses, outages, or failures of critical business processes Critical business functions(CBF) Systems that are needed to make the business operational (does not include things that aren’t key to making the business run) Two key components of BCP: business impact analysis (BIA) risk assessment (RA)

5 Calculating BIA and RA

6 Classify/Quantify Risk

7 Calculating Risk

8 Why Backups? Determining backup frequency depends on your comfort level with… Accidental Deletions Application errors causing failures Natural Disasters Server failures Malware attacks Workstation failure Sensitive Data

9 Storage Mechanisms Working copy (a.k.a. shadow backups)
Partial or full backups (most recent) that are kept on-site for immediate recovery purposes E.g. server crash On-site storage Somewhere on the site of the computer center that is used to store information E.g. a secure, locked, fireproof cabinet Off-site storage Tapes/HDDs are sent off-site for safe keeping E.g. Iron Mountain

10 Creating a DRP Professor Messer's Overview

11 DRP “Issues” Backup Plan Considerations Databases User Files
Transaction logs, audit files User Files E.g. Word docs, inventory codes, budgets, etc Applications What apps to your users need? What happens when we update or need a specific version?

12 Knowing Backup Types Full Backup
A complete, comprehensive backup of all files on a disk or server Incremental Backup A partial backup that stores only the information that has been changed since the last full or the last incremental backup Differential Backup A backup of any files that have been altered since the last full backup; it makes duplicate copies of files that haven’t changed since the last differential backup

13 Differential vs Incremental

14 Developing a Backup Plan
Grandfather, Father, Son method Grandfather, Father, Son method is based on the philosophy that a full backup should occur at regular intervals, such as monthly or weekly

15 Backup Options Cont’d Full Archival method (less popular, costly)
All backups are kept forever Backup Server method Server becomes a repository for backups Backup the server periodically and you have layers of backups

16 Recovering a System Know the basic idea: Backout vs. Backup
Install the OS, install the App, install the backup Backout vs. Backup Backing out a change can be done by restoring a backup Alternate or backup sites What if an earthquake, flood, war, etc makes your real estate unusable

17 Hot/Warm/Cold Site Hot Site – fully functional backup site
Warm Site – furniture, some tech Cold site – empty real estate RTO – Recovery Time Objective RPO – Recovery Point Objective

18 Incident Response Incident response
encompasses forensics and refers to the process of identifying, investigating, repairing, documenting, and adjusting procedures to prevent another incident Incident response plan (IRP) outlines what steps are needed and who is responsible for deciding how to handle an incident Incident The occurrence of any event that endangers a system or network (a security event)

19 Side note: Alienvault Incident Response Guide
The guide

20 Incident Response Process
Identifying the Incident Investigating the Incident Repairing the Damage Documenting and Reporting the Response Adjusting Procedures

21 Incident Response Process

22

23 Forensics (at a glance)
Act in Order of Volatility RAM(memory), HDD, Backups, etc Capture a System Image Document Network Traffic and Logs Record Time Offset (different time zone?) Take Hashes (prove files have not been altered) Capture Screenshots Talk to Witnesses Track Man Hours and Expenses

24 Forensics Extras SANS Investigative Forensics Toolkit (SIFT)
SANS Cheat Sheets Random Tools Volatility (Python tools for RAM analysis) OSXcollector Encase (expensive)

25 Disaster Recovery Cont’d
Succession planning Outlines those internal to the organization who have the ability to step into positions. E.g. What if Steve Jobs gets hit by a bus? Tabletop Exercises Test the plan, simulate disaster What did we forget? Typically involves some form of actual testing, e.g. try to call certain people, try to recall backup tapes

26 DRP - Vendor Support Who you gonna call?!?!
Software vendors and hardware vendors are necessary elements in the process of building systems and applications

27 Service-Level Agreements
Service-level agreement (SLA) An agreement between you or your company and a provider, typically a technical support provider Recovery Time Objectives (RTO) is the maximum amount of time that a process or service is allowed to be down and the consequences still considered acceptable Mean Time Between Failures (MTBF) is the measure of the anticipated incidence of failure for a system or component Mean Time To Restore (MTTR) is the measurement of how long it takes to repair a system or component once a failure occurs Bonus: Mean Time To Detection (MTTD) How long it takes for you to detect an intrusion

28 Code Escrow Agreements
The storage and conditions of release of source code provided by a vendor (what if you go out of business?!?!)

29 Penetration (Pen) Testing
Penetration testing Simulate an attack and look for holes that exist (in order to be able to fix them later)

30 Pen Testing Basics Scan/identify vulnerabilities
Verify a vulnerability exists Bypass security controls Actively Test Security Controls

31 Pen Testing Cont’d Black Box White Box Gray Box
Pen tester acts as if they have no prior knowledge of the network/system White Box Pen tester is told everything about the system/network Gray Box Some info is fed to the pen tester

32 Vulnerability Scanning
Looking for vulnerabilities (unpatched) in networks, computers, or even applications Five major goals: Passively Testing Security Controls Interpreting Results Identifying Vulnerability Identifying Lack of Security Controls Identifying Common Misconfigurations

33 Vulnerability Scanners
Some are free! Nessus Qualys Credentialed scans are better… Less noisy More reliable vulnerability list Deeper scan of apps on the machine Deep OS scan (e.g. password policies)

34 Chapter 12 Summary Disaster Recovery Plans are important!
Backup Types (full, incremental, differential, grandfather, father, son) Steps to recover from a failure or disaster Incident Response policy basics Basic forensics (volatility)

Download ppt "CompTIA Security+ Study Guide (SY0-401)"

Similar presentations

Information Technology Disaster Recovery Awareness Program.

Information Technology Disaster Recovery Awareness Program.
Case Study: Business Continuity Planning for Site- Level Disaster Kimberley A. Pyles Northrop Grumman Corporation

Case Study: Business Continuity Planning for Site- Level Disaster Kimberley A. Pyles Northrop Grumman Corporation
Backup and Disaster Recovery (BDR) A LOGICAL Alternative to costly Hosted BDR ELLEGENT SYSTEMS, Inc.

Backup and Disaster Recovery (BDR) A LOGICAL Alternative to costly Hosted BDR ELLEGENT SYSTEMS, Inc.
Backup Strategy. An Exam question will ask you to describe a backup strategy. Be able to explain: Safe, secure place in different location. Why? – For.

Backup Strategy. An Exam question will ask you to describe a backup strategy. Be able to explain: Safe, secure place in different location. Why? – For.
© 2009 EMC Corporation. All rights reserved. Introduction to Business Continuity Module 3.1.

© 2009 EMC Corporation. All rights reserved. Introduction to Business Continuity Module 3.1.
Business Continuity Planning and Disaster Recovery Planning

Business Continuity Planning and Disaster Recovery Planning
Evidor: The Evidence Collector Software using for: Software for lawyers, law firms, corporate law and IT security departments, licensed investigators,

Evidor: The Evidence Collector Software using for: Software for lawyers, law firms, corporate law and IT security departments, licensed investigators,
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 12: Managing and Implementing Backups and Disaster Recovery.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 12: Managing and Implementing Backups and Disaster Recovery.
Processing Integrity and Availability Controls

Processing Integrity and Availability Controls
Preservasi Informasi Digital.  It will never happen here!  Common Causes of Loss of Data  Accidental Erasure (delete, power, backup)  Viruses and.

Preservasi Informasi Digital.  It will never happen here!  Common Causes of Loss of Data  Accidental Erasure (delete, power, backup)  Viruses and.
1 Disaster Recovery Planning & Cross-Border Backup of Data among AMEDA Members Vipin Mahabirsingh Managing Director, CDS Mauritius For Workgroup on Cross-Border.

1 Disaster Recovery Planning & Cross-Border Backup of Data among AMEDA Members Vipin Mahabirsingh Managing Director, CDS Mauritius For Workgroup on Cross-Border.
Backup & Restore The purpose of backup is to protect data from loss. The purpose of restore is to recover data that is temporarily unavailable due to some.

Backup & Restore The purpose of backup is to protect data from loss. The purpose of restore is to recover data that is temporarily unavailable due to some.
Copyright © 2015 Pearson Education, Inc. Processing Integrity and Availability Controls Chapter 10 10-1.

Copyright © 2015 Pearson Education, Inc. Processing Integrity and Availability Controls Chapter
Processing Integrity and Availability Controls

Processing Integrity and Availability Controls
Chapter 10 Information Systems Controls for System Reliability—Part 3: Processing Integrity and Availability Copyright © 2012 Pearson Education, Inc.

Chapter 10 Information Systems Controls for System Reliability—Part 3: Processing Integrity and Availability Copyright © 2012 Pearson Education, Inc.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 12: Managing and Implementing Backups and Disaster Recovery.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 12: Managing and Implementing Backups and Disaster Recovery.
November 2009 Network Disaster Recovery October 2014.

November 2009 Network Disaster Recovery October 2014.
Security+ All-In-One Edition Chapter 16 – Disaster Recovery and Business Continuity Brian E. Brzezicki.

Security+ All-In-One Edition Chapter 16 – Disaster Recovery and Business Continuity Brian E. Brzezicki.
Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Disaster Recovery, Business Continuity, and Organizational Policies.

Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Disaster Recovery, Business Continuity, and Organizational Policies.
Business Continuity and Disaster Recovery Chapter 8 Part 2 Pages 914 to 945.

Business Continuity and Disaster Recovery Chapter 8 Part 2 Pages 914 to 945.

Similar presentations

Ads by Google