Security+: How Resiliency and Automation Strategies Reduce Risk
Architecture and design are critical components in reducing security risks. Risk can be reduced through resiliency — the ability to maintain acceptable service levels when essential systems or processes are disrupted — and through automation strategies.
As part of the CompTIA Security+ exam’s Architecture and Design module, candidates need to understand how automation can reduce risk, improve service quality as well as reduce human error and the dependency on manual tasks. This exam section covers concepts and strategies such as scripting and using templates and images nonpersistent environments elasticity, redundancy, fault tolerance, scalability, and high availability.
Automation and Scripting
Automation is a fast-growing trend in the security industry. Removing the human component from the information systems infrastructure allows to both increase efficiency and reduce security risks. Automation greatly improves the ability of an organization to detect as well as respond to security threats. It also decreases the burden of information systems teams by taking away some of the mundane tasks, freeing them up to focus more on strategic initiatives.
One example of automation is server deployment and monitoring, which helps reduce the amount of tedious, manual tasks involved. In the past, system administrators created servers through manual configuration and then had to monitor and troubleshoot problems physically. Scripting can be used in various scenarios to automate the server builds, which also provides elasticity — if you have an increased load and need an additional server, you run the same script again.
Templates and Images
You can build and deploy standardized system builds with templates and images, which allows for rapid deployments. Scripts typically start with a master image, also known as golden or parent image, which is a copy of the reference system (such as the operating system and the enterprise-wide components and settings).
Master images can be applied to both physical environments (e.g., hard disks and servers) and virtual ones (e.g., a virtual machine or virtual desktop). For example, you can use a master image to set up a new environment, like a laptop, exactly the way it’s needed, and save time as well as ensure consistency and better security.
Templates are preconfigured master copies of virtual machines (VM) that can be used for multiple VM deployments. They preserve the VM configurations, which are assigned for specific purposes and which can be based on the organization’s parameters or on industry standards. By using templates when provisioning new environments, you’re reducing risks while also ensuring consistency.
Nonpersistence refers to systems that are not permanent and can change. Nonpersistence helps reduce reliance on specific system components, so in the event of failure, the architecture can still work around that failure.
Techniques used to enforce nonpersistence include:
- Snapshots: A copy of the system at a point in time — either in a virtual or physical environment — that you can use in a recovery process
- Revert to a known state: If something goes wrong, you can recover the system to the last good point, before a major change was made
- Rollback to the known configuration: Both servers and desktops can be rolled back, restoring the system to a previous point in time while leaving the files intact
- Live boot media: You can boot a system from a bootable flash drive or DVD if the system was configured to boot from the specific media (one example is when you need to provide a secure environment in an unsecured location)
Scalability and Elasticity
Scalability and elasticity are related but are different concepts. Scalability refers to the system’s ability to accommodate larger resource automatically. It’s the system’s capacity to adapt to an increased workload (the amount of processing or work the system is given) and expand by adding resources without negatively impacting performance. The system allocates the new resources incrementally.
Scalability can be vertical, scaling up within the system by making the existing machine or system more powerful; or it can be horizontal, which means scaling out by adding more nodes or systems. Scalability is one of the key benefits of cloud computing and allows an organization to meet its expected demands.
Elasticity is the ability to reduce or expand resources dynamically as the loads change. It’s different from scalability because you can automatically and quickly scale both in and out. In virtualized or cloud environments, this can save organizations money on infrastructure build-outs because they can purchase resources on demand and for short periods of time, as needs dictate. Elasticity can also help an organization meet unexpected needs.
Redundancy and Fault Tolerance
To improve reliability, redundancy can be used in the event of a malfunction to compensate for the failure. Either duplicating critical components and functions can achieve hardware redundancy or allowing a failover, which means automatically either switching to other systems or reconstructing the existing system.
Fault-tolerant systems can continue to operate when critical components fail. Fault tolerance is achieved by creating redundant components and subsystems, such as disk storage. The redundant hardware can be either passive, meaning on standby until the failure takes place, or active, meaning it’s operating in parallel with the main system.
A common strategy for fault tolerance is RAID, which is an acronym for redundant array of inexpensive disks. RAID takes several disk drives (hard drives) and organizes them into one logical unit. There are different types, or levels, of RAID, with each configuration providing a different type of redundancy. For example, level 1 RAID achieves fault tolerance — it mirrors data to a second disk, providing a hundred percent redundancy.
Redundancy helps mitigate the risks of a single point of failure — the failure of the whole system due to one component. A single point of failure can be devastating to a business because it can take down an entire operation. The goal of redundancy is to prevent major disruptions and ensure the system’s availability.
There are several other ways to achieve redundancy that are covered on the CompTIA Security+ test, including distributive allocation, also known as load balancing. It’s important to remember that creating redundancies doesn’t eliminate the need for backups and other risk mitigation strategies.