Ready to Start Your Career?

Cloud+ Outline - Module 10

cdoyle 's profile image

By: cdoyle

April 22, 2017

cloud-4_resize_1020x1020Module 10: Security and RecoveryAccess ControlAuthentication
  • Something you know
    • Something you have
    • Something you are
Single Sign-On
  • Allows a shared login to many networks
  • Uses SSO to allow users or devices to other network resources
  • When 2 companies agree that users can login to 1 network and access info from another server
Role Based Access Controls (RBAC)
  • Most commonly used with Active Directory
  • Groups and/or roles manage the permissions
  • Permissions are inherited
  • Groups permissions is called implicit permissions
  • Users permissions is called explicit permissions
Mandatory Access Controls (MAC)
  • Permissions are determined by policies (local group policy/GPOs)
  • The OS enforces the policies
Discretionary Access Controls (DAC)
  • The OS or applications do not have power over the permissions
  • Permissions are allowed/managed only by the owner of the data
  • Resources have an access control list (ACL) (who has access to the resource)
Information Security
  • Symmetric Encryption
  • Uses one key that encrypts and decrypts data
  • Used to encrypt files
  • VPN and Wi-Fi networks can be secured
  • PGP
Asymmetric Encryption
  • Uses two keys that encrypts and decrypts data (keys offered by GAL – global access list)
  • A public key and a private key
  • Keys are stored in an account database or on a smartcard
  • Public key is shared
  • Private key is saved by the owner of the key
Common Ciphers
  • AES – 256 WiFi
  • DES – 56 however 3DES is 56+56+56=168
  • RC4 – 128 old WiFi (WEP/WPA, but not WPA2) and Radius
  • Network Security
Layered Security
  • DMZ
  • IDS/IPS Host and Network
  • Firewall
  • Denial of Service (DoS)
  • Distributed Denial of Service (DDoS)
  • Ping of Death (PoD)
  • Ping Flood
  • Unnecessary software
  • Firmware
  • Control account access
  • Disable unneeded network ports
  • Antivirus software
Penetration Testing
  • Simulates an attack on the network
  • Designed to look for vulnerabilities in the network
  • Exploits security vulnerabilities
Vulnerability Assessments
  • Finds vulnerabilities and weakness in a network
  • Designed to fix vulnerabilities and keep the network secure
Secure Storage
  • Most important part of any network
  • Encryption
  • Backups
Training and up-to-date tools
  • Needed to keep the IT staff up-to-date with current technologies
  • Allows the IT staff to release software that keep the network safe
  • Gives admins the ability to perform job functions and respond to incidents
  • Rapid deployment allows admins to release solutions as quick as possible
High Availability
  • Fault Tolerance
  • Allows a device to function after a hardware failure
  • Hard drives are the most common fault tolerance device
  • Geo Clustering connects multiple computers in different geographic locations
  • Multipathing gives multiple paths to a device
  • Allows redundancy for the system
  • Usually used with storage devices
  • Load Balancing
  • Distributes the workload
  • Disaster Recovery Methods
  • Mean Time Between Failures (MTBF)
  • How long a device will function it fails (i.e. projector)
  • Mean Time to Repair (MTTR)
  • The typical amount of time it takes to repair a failed component (i.e. few minutes)
  • Recovery Time Objective (RTO)
  • The time in-between an outage and the restoration (i.e. Exchange)
  • Recovery Point Objective (RPO)
  • The max time that data can be missed due to an incident
Multisite Configuration
  • Cold Site (physical move to another site)
  • Hot Site (take nothing, all is in place prior)
  • Warm Site (a few items may be required to continue working, minimal downtime)
Backups and Recovery
  • Backup is used to copy data in the event of a failure
  • Four different backup functions
  • Full (on Sunday)
Incremental (on Monday, Tuesday, Wednesday…) keeps sizes small in betweenOnly restore Full, then M, T, Wk –  FIII must be restored) Differential (on Monday, Tuesday, Wednesday…)sizes compound between Full, less downtimeOnly restore Full (Sunday) and Wednesday (last taken)Image – complete image of the server Snapshots
  • Used with VM
  • Captures the state of a VM (specific VM)
  • Is not a replacement for backups
  • Has all data and files in the VM
  • Used for short term recovery (no more than a month)
Unit SummaryDescribed Access ControlDescribed Information SecurityDescribed Network SecurityDescribed High AvailabilityDescribed Recovery 
Schedule Demo