Security and Recovery (part 2)

Video Activity

This module teaches about network security: Layered security Hardening Penetration testing Vulnerability Assessments Secure Storage Training and up to date tools It also addresses high availability: 1. Fault tolerance Multipathing Load Balancing Finally it also talks about recovery: 1. Disaster recovery methods Multisite configuration Backups and r...

Join over 3 million cybersecurity professionals advancing their career
Sign up with

Already have an account? Sign In »

2 hours 28 minutes
Video Description

This module teaches about network security:

  1. Layered security

  2. Hardening

  3. Penetration testing

  4. Vulnerability Assessments

  5. Secure Storage

  6. Training and up to date tools

It also addresses high availability: 1. Fault tolerance

  1. Multipathing

  2. Load Balancing

Finally it also talks about recovery: 1. Disaster recovery methods

  1. Multisite configuration

  2. Backups and recovery

  3. Snapshots

Video Transcription
network security
and never executed. We would talk about layer security, hardening penetration, testing vulnerabilities, secure storage
and training and up to date tools were layer security. You have a *** C and A D M Z is a buffer that separates the external net from the Internet, is called a demilitarized zone, and Demilitarized Zone is like a neutral ground. It doesn't allow people inside and doesn't allow people to get outside.
HAVER India Mzee Whenever it comes to a network, what it does is it stops people from the cloud from coming all the way into your network.
But at the same time, it allows the people on the inside of the network to go outside and browse the web if needed most of time. The D. M. Z has a Web server in it. And what the DMC allows you to do is when have you access YouTube? You're accessing a portion of their *** Z that away. You can view what it is that they want you to view,
but yet you're not able to go inside and see what service have
what PC is there running or possibly what switches A rod is they're using I guess an I. P s stand for intrusion detection system and intrusion prevention system.
They're extremely important. There's two different types of them you have host based which host based visits on every computer and you have network base. Which means that the network one is at one position. Sometimes it's that a proxy server
with ideas and i ps the intrusion detection system will detect if there's a malicious activity inside of your network to turn an I. D. S into an I. P. S. All you have to do is implement some sort of prevention. That prevention might be
shutting off a port, shutting off the nick so that away,
once there is
a malicious activity on that computer, it shuts down the nick so that away people aren't able to do anything on that computer anymore. The next type of security that we have has to deal with the new novel service distributed denial of service, the pink of death and opinion flood
up. Four of them are pretty much the same, but with a little bit different.
This knowledge service and the distributed Knowledge service is where somebody an attacker tries to shut down a Web server, where they're basically trying to stop the server from giving off the normal functions that needs to give up.
The difference between the two is distributed uses AH, host of computers, and these host of computers are called zombies on what it does is a hacker will take over some user's computer. It can either be within the same network or not within the same network.
And then what's your computer has taken over? It sends a ping to a particular place, say www dot google dot com. And it does this with the hope of interrupting their service that away users will stop using their service is much.
The pink of death, however,
sends a packet that it's so large that the computer router switched doesn't know what to do with it. Most pink packets are anywhere from 50 to lessen. 90 This with the ping of death, they go up to 65 megs, so it's exceeding that amount. Ping flood is where somebody sends
ah, large amount of packets
in a particular direction
and the process. The reason why they do that is for the hope of shutting that system down to causing it to reboot,
where it sends so much information to the
the computer that it doesn't know what to do, and it has to shut down.
Yes, we have hardening. The purpose of hardening is to remove unnecessary software. When have you bought a new computer? Usually, when have you bought a new computer? Has a lot of stuff on it. Free trials, this program that program, things you don't use, things you probably never ever used with hardening.
You get ready rid of all that stuff, so you have a clean slate.
The purpose behind that is to close as many security holes as you can. Also, and hardening. We have firm, where firmware is a bit of software that isn't most motherboards and most chips that tells the motherboard how to operate, how, what to do with what information and how to do it with firm where you need to update your firmware.
with farm where
you typically don't update the firmware unless it's needed.
If there is a an immediate security incident and that people need to update their firmware to keep from having that security incident happening on their computer
or if there is
you and Saul a new type of system or a new chip, maybe a PC I card onto your PC, and then it's not compatible. Well, updating the firmware could fix that. Next thing gives control. I can't access and controlling account access. This rolls back to the R B, a C, the M A C and the D. A. C.
This is where you want to make sure
that accounts don't get into information that they don't need to get to. You want to lock it down so that way accounting can only access. Accounting business can only access business, not the i T step isn't abusing that their rights and accessing things that they don't need to be accessing
network ports now reportedly been disabled
because the reason why you won't disable network poorest
if you leave FTP open on your port 20 and 21 people can tell net through F C, P or
FTP straight into your network, and then do what they need to d'oh
another port that you might want to disable. It's Telenet Telnet is an unsecure protocol, and it allows you to access another person's computer and be able to control every time you click the mouse, or every time that you open up a Nikon, you're using a telling that command. So if you're able to do all that through, tell Net.
You want to be able to say with that so people don't log again to your computer and perform actions that you don't want them to.
Antivirus and advice is very important, and it allows you to stop worms, Trojans malware or possibly viruses from getting onto your computer. You want to make sure that your antivirus is up to date. If you're anti virus is a week old,
it's not such a big deal, but you do want to get it updated. You want to make sure that it stays out today and that you're not getting viruses. One incident with the virus. Everybody knows about the target incident. Well, the target incident was actually a Trojan, and that Trojans name was Zeus
and Zeus was actually designed so that away it stills banking information
but and said they loaded it onto the target network.
And then once it was loaded onto the target network, it was able to take care of and take everybody's credit cards.
That's one reason why you want to make sure virus software is up to date penetration. Testing
penetration testing is very important.
It allows you to simulate attack on your network is also designed to look for vulnerabilities. Vulnerability, for instance, would be an open port
with a penetration test. It finds these vulnerabilities, and then it allows you to block them up that if you might have tohave FTP open for cameras something like that. But do you have to have FTP open on your outside router?
That could be a security risk. So therefore, you would close those ports on your outside router going to the Internet, but then keep it open on your Internet. So that way it's open inside of your company.
Vulnerability assessment is designed to find vulnerabilities and weaknesses inside the network. These vulnerabilities could be simple. They could just be patches updating patches. Adobe. At one time they release an update, and the update was specifically designed to close a backdoor that Adobe forgot to close happens all the time.
Microsoft has actually made updates that cause people issues and acted like a virus.
So you want to be aware of this and you want to actually read through the updates as you implement them, but you want to make sure that your computer is is out today. As can be,
the purpose of a vulnerability assessment is to keep it up to date, to close the weaknesses and to make your network secure. So that way, people aren't just coming into your network and then doing as they want. Another thing that you wanna might want to check for, for instance, is auto play on auto play is whenever you put in a CD or thumb, drive into into your computer
and automatically execute what
is ever on that city or thumb drive.
That's also how target happened. The target incident happened. They plugged in a thumb drive and then executed a virus onto their network. It saw that was an E x C, and then it just ran and did what it needs to do.
Next thing we have is secure storage and secure storage is very important. Whenever it comes to the network, the dad and the network is the most important part of the network. You want to make sure that that storage is encrypted. You're gonna make sure that you're performing backups on that network
the encryption you might use something. For instance, True Crypt, which True crypt is a program that's designed to make encrypted containers for you to put information in, or you can use it to make your
your home's hard drive encrypted. The reason why you would want to encrypt a hard drive is in case that laptop or that computer is stolen. And then once they get that computer that they'll open up the hard drive, try to go inside of it and they won't be able to access it because it's encrypted. All they'll see is just one lars file
or they will see garbage, and they won't be able to access what your company has. The company secrets.
Accounting information is very important. And if somebody that if a hacker gets accounting information, they can do extremely bad things to your company.
training is extremely important, and the purpose behind training is to keep I t up to date on current technologies throughout the world. Cloud plus plus wasn't very big a few years, but however now it is getting really big.
Back in the nineties, people most people didn't have a computer inside their house. However, now everybody has a computer, a company cannot do anything without a computer. Even the companies that you think don't use computers. They have some form of technology, whether it's their phone, for instance, a heating and air company and heating in their company
doesn't really use a lot of tech stuff,
but they keep a database. Other customers, they have phones. The service representatives have phones, and on top of that, the stuff that they use to bend the sheet metal to make the duck work for the A. C well, that was invented with technology that they still had to have a computer. Make that equipment. So that way they can make the
things that you need to get a siento inside your house.
Having up to date information is very important inside of any network. Whenever it comes to I t.
The other part on training enough today is having the correct up to date software.
If your company is using Microsoft 2003 they're pretty far behind. However, if they didn't know that Microsoft
2010 came out, then they would never migrated up to it. So for keeping your I t staff up to date and getting the new software as it comes out. For instance, if you have pea S t files, Well, if he had PSD falls created from 2000
you're gonna have issues plugging them into outlook nowadays that some of them will not work because of the new Otway. The network was the science or the way that the program itself was designed. So keeping the information up today is very important.
The last part of this is rapid deployment, and the purpose behind rapid deployment is to get the software and an issue it out so that away it's
available to the customers as quick as possible. Databases are very important. Whenever comes the database. You have Oracle, my obscure Oh, the two leading ones.
Well, with rapid deployment that allows you to get the newest database program and do get your information up to date and then send it to the customers as quickly as possible.
The purpose behind rapid deployment is a stay up to date and to give your customers what they need when they need it.
Hi. Viability
is very important. With high availability, you have fault tolerance multi patching and load balancing
fault. Tolerance is very important. Fault tolerance is primarily used with hard drives and the purpose behind fault tolerance. It's so that away your if they hardware fails, you're able to replace it without having a loss of service.
We talked about rate and the purpose behind each rate. Is that the way you have high fault tolerance? Great five. For example, if you lose ah, hard drive, you're able to continue on until you're able to replace that hard drive.
A lot of times, companies will have something called a hot spare, and a hot spare is where you have a ready standby instead of where you're using. Three Raid hard drives Rate five. The fourth rate hard drive that you have implemented will automatically pick up whenever one hard drive is removed or fails.
Geo clustering is another very important aspect whenever it comes the fault. Tolerance. The purpose behind geo clustering is so that away you're gonna have multiple sites at multiple locations, for instance, Google has high geo clusters. They have one in Washington state. They also have one in China, and they also have one in the Middle East. So that way, it provides
many customers
with the ability to connect to what they need to connect to multi patching. Multi patching is very important, but multi passing allows you to do. Is the have many ways to connect to a storage device that allows for redundancy? Redundancy is extremely important whenever it comes through, the customers getting what they need when they want it.
That if you go to sign on to Google and it says Google is unavailable, well, you're probably not going to use Google, then you're gonna move to somewhere else. And then once you move to somebody else, say Francis, being you're going to continuously use B
you're not going to rely on Google anymore. The next one is low. Balancing on load balancing is designed to distribute the workload. Say Francis and your network. We have to routers, and the two routers distribute the workload of sending out the packet so that away, it's not just one router being overwhelmed.
Is it easier for you to read 100 page book and then recite the whole Hunter Page book or to take the 100 page book and divide it between two people 50 and 50 and then for them to decide for the 100 page book recovery. Next thing, we're gonna talk about his recovery and recover. We have disaster recovery methods,
multi site configurations, backup recovery
and then snapshots.
The next thing that we have is disaster recovery methods with disaster recovery. Met this. The 1st 2 are the meantime, between failure and the meantime to repair the meantime between failure is whenever a device is going to die. The best example that I can think of as with the projector projector has a lightbulb. Lightbulb has a life well,
lose. The life reaches zero.
The projector shuts off to keep the projector from being damaged. That would be empty. BF. And that keeps the device from causing a hardware failure. Inside the projector itself. The next thing is MT. T R. And the NT TR is the typical amount of time it takes to repair. I fell component for the projector.
It would be maybe a few minutes to repair the light bulb toe,
take a light bulb out and put a new light bulb in. However, that was still be part of the MT. Tr for other devices, say, for a switch. The switch could take a long time to switch out.
Switches are extremely heavy, so whenever you're replacing a swish, you need to have two or three people there, so therefore, you might have to schedule down time. Schedule the outage, schedule people to meet up at the exact same time, sledding. When you can get that switch in tow, it's correct place and then be able to set it up. That would be the M T tr.
The next method is with Artie Oh, or recovery time objective recovery time. Objective is the time in between the outage and the restoration,
the best example after this is with exchange Exchange is a database that allows people to access e mails and to be able to share information via that way
well, with exchange. It does have issues, and it does come down every now and then. Well, whenever it goes down, then you need to have a r t o. They expect amount of time that it's going to be toe have exchanged. Loaded back on
that time could be a day or two. It could be a week, depending on what information you have. The last point is recovery point objective, and that's the max time.
That data can be missed to the incident.
Well, the max time could be set in place by the CEO or the person that is in charge of the company or the department. And that time could be a week that they might say exchange has died. So therefore, you have one week to get it back online. And if you if you go past that one week, there could be issues with that.
So you need to comply with the R. P. O.
The other thing is with multi site configuration and the way to relieve he ate some of these other previous points is with multi site configuration, having a code site, a warm site in the hot site. Ah, Colt site is another place where if there is a disaster, all you have to do is take the PCs, take the hard drives or take something.
Go to that new site and you're able to continue on,
say, there was an earthquake or a hurricane, and the site the building that you usually work out of this flooded or destroyed. Well, you're able to go to the next site. Take a few items, take your laptop or take your gear, and that you're able to go to the next site and be able to continue where you are. Ah, hot site, on the other hand, is where you take nothing.
That is where once your ability has been demolished
or there has been a fire inside your building, you're able to go to the next site. Continue one that you have backups at that place. You have sight replication to that place that you're able to continue and have no downtime.
A warm site is in between co site hot site.
A warm site is where you might have to take a few items. You might have to do a little bit. There might not be enough rooms for you to take everybody, but you're able to go back to that place and continue where you left off and, with minimal downtime,
back out some recovery. Becca is extremely important without backups. I t is probably wouldn't even have a job if you perform backups on your network. But then something happens and you lose all your backup data and or you lose the data that the users have Well,
you don't have huge issues and you might be out of a job at that point.
So back up recovery. There are four things you need to remember about backups. There are full, full backups, incremental backups differential. And then there's an image. Each one has a function that they need to perform
with backups. We have several different types of backups. You have the full incremental in differential backups whenever it comes to backups. Most time you want to be able to get all your information restored as quickly as possible. Ah, full backup will allow you to do that. However, a full backup can be large if you have a terabyte of data.
Full backup would be a terabyte of data
tour alleviate that they came up with incremental and differential
incremental differential. Very good. Whenever it comes, we're storing backup.
Here's a good example. Say, on every Sunday you perform a full backup,
and then throughout the rest of the week you're performing incremental, an incremental sacramental.
You perform another full back up on
Sunday. Well, with with this set up right here,
what happens is whenever you need to restore data and say the servers crashed on Thursday,
and now they're gone.
Whenever the service crashed on Thursday, you need to restore all the information back upto Wednesday. Well, to do that, you would restore your full backup from Sunday. Then you restore your incremental on Monday. He committed on Tuesday incremental on Wednesday. This keeps your backup small that, say, for instance, your full backup on Sunday was a terabyte.
But the rest of week
only 10 get the data was changed. Within each one of these backups will be 10 gigs
with incremental. You have to restore every day up to that point,
the next top of act up.
It's called a differential,
and with differential, it's a little bit different.
So say Monday, Tuesday, Wednesday, Thursday, Friday Saturday, you perform a differential backup
with this. Say the servers die on Thursday. Also
differential. All you have to restore is your full backup from Sunday and your differential on Wednesday.
What this allows you to do is that have less downtime
with incremental. You'd have to keep putting in the new device and then restore and then restore and then restore restore differential. You put in the tape for the full and then you restored that backup. They restore the the differential for the closest time to the disaster.
One down followed. This is say, every day. There was 10 gigs
that was
Well, the differential this day would be 10 gigs. This day would be 20 gigs because it would have Mondays and Tuesdays. This day will be 30 gigs, because that have Monday, Tuesday and Wednesday. Whereas Incremental, it would just have 10 gigs for Monday. 10 gigs from Cheers, 18 gigs from Thursday so it allows you to be able to
with Lisa MTA tapes Differential does an incremental allows you to back up quicker so that away you case backups have tohave downtime.
The last thing that we talked about was image and what images is a complete
back up of the server or of the computer. However, with image, it's a little bit different instead of a full backup and differential in incremental, just being the data and image is a complete mirror of that computer as it is in that state. In time
images most the time are used with cloning and things of that nature, which we talked about previously.
The last thing that we have a snap shots with snapshots, but that is, is you specifically with V EMS in snapshots allow you to capture the image of the V M as it is in that state in time, but it is not a replacement for backups. It allows you to see where your dad itwas That way you can restore back to that point.
It also has all data and follows in the view,
but it's only meant to be used for short term.
I would use it for about a month.
Use a snapshot for about a month, other than that backup. So where you really need to copy your data with the EMS as we talked about earlier, you can have many diems on one host. You might be running 10 v EMS on that one computer,
but with backups you'll be copying all the V EMS and with Snapshot you'll be copying that specific VM and that point in time.
Well, this lesson we describe the access control, the Information Security network, security, have availability in recovery was just linger with library I t. And hope you guys learned a lot. Thank you