Where is anti-virus software typically installed?
Chapter 9: Creating Fault Tolerance
Overview Security means more than just keeping hackers out of your computers. It really means keeping your data safe from loss of any kind, including accidental loss due to user error, bugs in software, and hardware failure. Systems that can tolerate hardware and software failure without losing data are said to be fault tolerant. The term is usually applied to systems that can remain functional when hardware or software errors occur, but the concept of fault tolerance can include data backup and archiving systems that keep redundant copies of information to ensure that the information isnt lost if the hardware it is stored upon fails. Fault tolerance theory is simple: Duplicate every component that could be subject to failure. From this simple theory springs very complex solutions, like backup systems that duplicate all the data stored in an enterprise, clustered servers that can take over for one another automatically, redundant disk arrays that can tolerate the failure of a disk in the pack without going offline, and network protocols that can automatically reroute traffic to an entirely different city in the event that an Internet circuit fails. Causes for Loss To correctly plan for fault tolerance, you should consider what types of loss are likely to occur. Different types of loss require different fault tolerance measures, and not all types of loss are likely to occur to all clients. fault tolerance The ability of a system to withstand failure and remain operational. At the end of each of these sections, there will be a tip box that lists the fault tolerance measures that can effectively mitigate these causes for loss. To create an effective fault tolerance policy, rank the following causes for loss in the order that you think they’re likely to occur in your system. Then list the effective remedy measures for those causes for loss in the same order, and implement those remedies in top-down order until you exhaust your budget. Note The solutions mentioned in this section are covered in the second half of this chapter.Parts
» The process of determining the identity of a user is called authentication.
» Using unpredictable sequence numbers secures sessions against hijacking.
» Biometric authentication includes the use of fingerprints, speech patterns, facial features,
» Connecting to executable content like ActiveX or Java controls that can exploit the
» Why doesnt a digital signature mean that an ActiveX control is secure?
» A security policy describes security rules for your computer systems and defends against
» The first step in establishing a security policy is to establish functional requirements,
» Automated security policies avoid the weakness of having to be enforced by humans.
» Users should not be required to change passwords often; rather, they should select
» Why is it important that every firewall on your network have the same security
» The most important border security measure is to control every crossing.
» Your effective border security is the lowest common denominator amongst the policies
» Theres no way to address computers directly since the public address connection has to use
» What common sense measure can you take to ensure the reliability and speed of a
» What encryption algorithm is specified for L2TP?
» The three fundamental methods implemented by VPNs are encapsulation, authentication,
» IKE enables cryptographic key exchange with encryption and authentication protocol
» Use the same or the fewest possible ISP for all VPN endpoints.
» The most common VPN protocol is IPSec with IKE.
» Are VPNs always the most secure way to provide remote access to secure
» VPN connections are potentially dangerous because the VPN endpoint could be exploited,
» Laptops are easy to steal and may contain all the information necessary to connect to the
» Laptops the most likely source of virus infection in a protected network because they are
» Using NAT devices or light firewall devices is the best way to protect home computers
» Encrypting documents stored on the laptop reduce the risk posed by lost information when
» Storing data on removable flash media in encrypted form that is not stored with the laptop
» No. Opening a single secure protocol to direct access is usually more secure than allowing
» Where do viruses come from? 2. Can data contain a virus?
» Do all viruses cause problems? 4. What is a worm?
» If you run NT kernel-based operating systems, do you still need anti-virus
» Where is anti-virus software typically installed?
» Hackers write viruses. Virus Protection
» No. Pure data can be corrupted by a virus, but only executable code can contain a virus.
» No. Only applications that allow you to write macros and which contain a scripting host
» Microsoft Outlook and Outlook Express are susceptible to e-mail viruses.
» Yes. NT kernel-based operating systems are only immune to executable viruses when run
» Why is RAID-0 not appropriate as a form of fault tolerance?
» What are the two common types of clustering?
» The hard disk is the most difficult component to replace in a computer.
» Deployment testing is the easiest way to avoid software bugs and compatibility problems.
» Strong border security, permissions security, and offline backup are the best ways to
» Tape backups are the most common form of fault tolerance.
» An incremental backup contains all the files changed since the last incremental backup,
» RAID-1 and RAID-0 are combined in RAID-10.
» Since you have to leave 1 disk for parity information, the storage available would be 5-1
» Yes. Share security works on FAT file system shares.
» What is the primary security mechanism in Unix? 6. Which component stores permissions?
» Which two commands are typically used to modify ownership and permissions on
» ATT essentially lost control of its development of Unix when they gave it away to
» File system permissions are the primary security mechanism in Unix.
» File inodes store permissions in Unix.
» The GID of the wheel or superuser group is 0.
» Read, Write, and Execute are the basic permissions that can be set in an inode.
» Nothing. Daemons are standard executables that run using SetUID permissions.
» What do IPChains and IPTables provide? 11. What functionality does FWTK provide?
» PAM provides a standardized method for services to authenticate users against a wide
» Yes, Samba passwords are encrypted by default in Windows, and encryption can be
» TCP Wrappers provides protection by replacing the service executable with a service that
» IPChains and IPTables provide TCPIP packet filtering.
» FWTK provides protocol level filtering and a proxy service.
» How do you configure Apache?
» What is taint? Web Server Security
» Microsoft Internet Information Services and Apache serve over 90 percent of the public
» The bugs in the operating system or web server software are the most threatening security
» Closed source and open source operating systems are about equally secure.
» Websites should only be deployed on dedicated web servers, because general purpose
» SSL encrypts web data flowing between the browser and the server.
» You can secure intranet servers by placing them inside a VPN and not making them
» The universal encrypted authentication mechanism is using SSL to secure basic
» Illegal spammers use open relays, relays that will relay mail from any host rather than just
» To close an open relay, require some form of authentication from those who want to send
Show more