Lesson 7: Resiliency and Site Security

Asset Management

Asset Tracking:

• CMDB (Configuration Management Database): Tracks IT assets and relationships
• MDM (Mobile Device Management): Manages/secures smartphones/tablets (remote wipe)
• Cloud Discovery: Identifies shadow IT (unauthorized SaaS/IaaS)

Data Protection & Backups

Backup Types:

• Full Backup: Complete copy, slow RTO, high storage
• Incremental: Only changes since last backup, fast RTO, less storage
• Differential: Changes since last full backup, moderate RTO

Recovery Speed:

• Incremental: Slowest (requires full + all incrementals)
• Differential: Moderate to fast (requires full + latest differential)
• Full/Image: Fast (restores entire system)

Advanced Data Protection:

• Snapshots: Point-in-time system state (Hyper-V, VMware)
• Replication: Real-time data sync to another site (SAN replication)
• Journaling: Recording changes before applying (filesystems/databases)
• Database Mirroring: High-availability feature for data reliability

Secure Data Destruction:

• DoD 5220.22M: 3-pass overwrite
• Degaussing: Magnetic wipe (HDDs/tapes)
• Shredding: Physical destruction (SSDs, old hardware)

Redundancy Strategies

Key Concepts:

• COOP (Continuity of Operations): Keep critical business functions running during/after disaster
• BCP (Business Continuity Planning): Ensure entire business can recover quickly
• Backups: Copy data for restoration after loss
• COOP Testing: Validate plan works (exercises, drills)
• Capacity Planning: Estimate future needs to prevent bottlenecks

People Risks:

• Cross-Training: Train others to cover key roles
• Remote Work Plans: Ability for offsite work continuity
• Alternative Reporting Structures: Backup management chains
• Changes in Workforce Capacity: Staff level adjustments
• Rapid Hiring: Fast scaling for urgent demands
• Layoffs: Reduced support, role gaps

High Availability & Fault Tolerance

Clustering Types:

• Active/Passive (A/P): One active node, others standby (database servers)
• Active/Active (A/A): All nodes handle load (web servers, load-balanced environments)
• Application Clustering: Applications share state between nodes

Comparison:

• A/P: Lower performance, simpler, moderate failover, less efficient
• A/A: Higher performance, complex, fast failover, efficient
• Application: Depends on app design

Site-Level Resiliency (Disaster Recovery Sites)

• Real-time Recovery: Instant (0ms), continuous synchronous replication, mission-critical systems
• Hot Site: Immediate (minutes), fully equipped and ready, minimal downtime
• Cloud: Fast (minutes), always live and mirrored, 0 RTO/RPO
• Warm Site: Few hours to 1 day, partially equipped, balanced option
• Cold Site: Long (days), empty facility with power/internet, cost-effective

Power Redundancy

• UPS (Uninterruptible Power Supply): Short-term battery backup (minutes to hours), instant activation
• Generator: Long-term power (days with fuel), 10-60 seconds to start
• Dual PSUs (Power Supply Units): Two independent power sources for redundancy

Deception Technologies

• Honeypot: Decoy system to attract attackers
• Honeynet: Network of honeypots simulating full environment
• Honeyfile: Decoy file to detect unauthorized access
• Honeytoken: Fake data (credentials, API keys) to alert on breach
• Fake Telemetry: Simulated activity data to mislead attackers

Testing Resiliency

• Tabletop Exercise: Discussion-based scenario walkthrough
• Failover Test: Simulate primary system failure
• Simulation: Controlled realistic test mimicking actual incidents
• Parallel Processing Test: Run backup systems parallel with primary
• Robust Documentation: Clear, up-to-date processes and recovery plans

Physical Security

Perimeter Security:

• Fencing: Physical barrier to restrict access and delay intruders
• Lighting: Enhance visibility, deter unauthorized access
• Bollards: Block vehicle access to sensitive areas

Access Control:

• Physical: Walls, doors, locks
• Electronic: CCTV, motion detectors, alarms
• Access Control Vestibule (Mantrap): Double-door entry to prevent piggybacking/tailgating
• Cable Locks: Secure laptops to fixed objects
• Access Badges: Cards with embedded chips for entry
• Biometrics: Fingerprints, facial recognition, retina scans

Monitoring & Alarms:

• CCTV: Continuous video surveillance
• PIR Sensors: Detect motion via infrared radiation
• Motion Recognition: Software identifies movement
• Object Detection: AI identifies specific items (weapons, bags)
• Drones/UAV: Aerial surveillance, live video, thermal imaging