Disaster Recovery, business continuity, and organizational policies

Business continuity plan (BCP)-is created to outline the order in which business functions are restored first. Business impact assessment (BIA)- can be conducted to identify the most critical functions for an organization. Cold site-has the basic environmental controls necessary to operate but has few of the computing components necessary for processing. Delta backup-only the portions of files that have been changed will be stored. Differential backup- only the files and software that have changed since last full backup. Disaster recovery plan (DRP)- defines the data and resources necessary and the steps required to restore critical organizational processes. Service level agreement (SLA)- is a contractual agreement between entities describing specified levels of service that the servicing entity agrees to guarantee. Warm site- partially configured, usually having peripherals and software but perhaps not the more expensive main processing computer. Fault tolerance- the uninterrupted access to data and services by mirroring of data and systems. Full backup- all file and software. High availability- the ability to maintain availability of data and operational processing despite a disrupting event. Hot site- is a fully configured environment that is similar to the normal operating environment and that can be operational immediately or within a few hours. Incident response policy- outlines how the organization will prepare for security incidents and respond to them when they occur. (preparation, detection, containment and eradication, recovery, follow-up) Incremental backup- variation on a differential backup, with the difference being that instead of copying all files that have changed since last full backup, the incremental backs up only files that have changed since the last full or incremental back up occurred.

Infrastructure Security
Coaxial cable Firewall-can be hardware, software, or a combination whose purpose is to enforce a set of network security policies across network connections. Modem- short for modulator/demodulator, converting analog signals to digital and vice versa. Network acces control- security methodology of managing endpoints on a case-by-case basis as they connect. Network Attached Storage (NAS)- network device for storage Network interface card (NIC)- is a card with a connector port for a particular type of network connection, either Ethernet or Token Ring. Private branch exchange (PBX)- an extension of the public telephone network into a business. Router- a network traffic management device used to connect different network segments together. Server- the computers in a network that host applications and data for everyone to share. Switch- forms the basis for connections in most Ethernet-based LANs. Wireless access point (WAP)- point of entry from a wireless device to a wired network. Workstation- machine that sits on the desktop and does everything the computer duh

Physical Security
Access tokens- defined as something you have physical object that identifies specific access rights BIOS passwords- password protection of BIOS (boot order, etc..) Bootdisk- any media used to boot a computer into an operating system that is not the native OS on the hard drive. Drive imaging- the prods of copying the entire contents of a hard drive to a single file on a different media. False negative- occurs when the system denies access to someone who is actually authorized False positive- occurs when a biometric is scanned and allows access to someone who is not authorized.

 Layered access- multiple physical perimeters LiveCD- contains a bootable version of an operating system, typically a linux variant Mantrap- two doors closely spaced that require user to card through one and the other in sequence. Multiple-factor Authentication- the combination of two or more type of authentication Smart cards- card that contains integrated circuits capable of generating and storing cryptographic keys. USB devices-

Types of Attacks and Malicious software

Birthday attack- type of brute-force attack that gets its name from the birthday paradox (which states that in a group of at least 23 people the chance that two individuals will have the same birthday is greater than 50%) Botnet- a network of machines controlled by a malicious user. Each of these controlled machines is a zombie. Denial-of-service (DoS) attack- an attack designed to prevent a system or service from functioning normally. Distributed denial of-service (DDoS) attack- a DoS attack employing multiple attacking systems Drive-by download attack- automated download of material (malware) whether user clicks it or not Ping sweep- sending pings to target machines to see if they respond and thus are reachable Port scan- checking for open ports Sniffing- examining all the network traffic that passes their nic Spear phishing- when an attacker includes information that should be known only to the entity that they are impersonating. Spoofing making data look like it has come from a different source Spyware- software that spies on users recording and reporting on their activities SYN flood- tcp 3 way handshake, SYN sent with fake IP and SYN/ACK stuck waiting for ACK that will never come until it times out but its getting flooded with these and thus DoS

Wireless Security
IEEE 802.1X- wireless protocol established by IEEE Service set identifier (SSID)- phrase based mechanism that helps ensure that you are connecting to the correct AP. Wired Equivalent Privacy (WEP)- crappy wireless protection Wireless Transport Layer Security (WTLS)- security for mobile devices using WAP

Computer forensics
Best evidence rule- original evidence better than a copy Competent evidence- it must be legally qualified and reliable Demonstrative evidence- used to aid the jury and can be in the form of a model, experiment, chart etc to prove that an event occurred Direct evidence- oral testimony that proves a specific fact, knowledge of the fact is obtained with the 5 senses with no inferences or presumptions Documentary evidence- evidence in the form of business records, printouts, manuals, etc.. Evidence- documents, verbal statements and material objects that are admissible in a court of law Computer Forensics- the preservation, identification, documentation, and interpretation of computers. Free Space- cluster that holds the fragment of the original file marked as usable when needed by OS. Hearsay Rule- second hand evidence not based on personal knowledge Real Evidence- associative or physical evidence, tangible object that prove or disprove a fact Relevant Evidence- it must be material to the case or have a bearing on the matter at hand. Slack Space- space left over in a cluster (clusters allocated by OS full space not used thus slack space) Sufficient Evidence- it must be convincing or measure up without question Chain of Custody- pg 601 chpt 23