1
00:00:02,000 --> 00:00:06,330
Welcome to a course on dealing with attacks or how to reduce losses

2
00:00:09,680 --> 00:00:15,890
the topic is important as in the majority of cases I've encountered a company's security policies that

3
00:00:15,890 --> 00:00:17,970
relate to recovering from attacks.

4
00:00:18,170 --> 00:00:25,360
If there's any policy at all look more or less like in the picture below as you probably suspect this

5
00:00:25,360 --> 00:00:27,670
is not a recommended security procedure.

6
00:00:29,800 --> 00:00:35,170
This topic is relevant because the first question an I.T. staffer or any other specialists responsible

7
00:00:35,170 --> 00:00:40,980
for computer security will be asked should not be a variation of how could this have happened.

8
00:00:45,010 --> 00:00:51,340
We know from the previous modules that attacks are simply a matter of time a better question is what

9
00:00:51,340 --> 00:00:54,690
resources have been or could have been accessed by attackers.

10
00:00:57,010 --> 00:01:01,510
You can also ask about the data that has been read or modified in about the duration of time that the

11
00:01:01,510 --> 00:01:06,050
attackers spent in the system.

12
00:01:06,120 --> 00:01:11,130
If a person whose task is to care for a system security can answer these questions it's a sign that

13
00:01:11,130 --> 00:01:13,200
they are in fact to blame for the attack.

14
00:01:16,510 --> 00:01:21,310
Past experience shows that the policies that deal with recovery procedures after an attack is detected

15
00:01:21,760 --> 00:01:24,680
should be designed by the most experienced member of the team

16
00:01:27,240 --> 00:01:33,610
policy testing on the other hand should be carried out by the least experienced employees attacks are

17
00:01:33,610 --> 00:01:34,150
not launched.

18
00:01:34,150 --> 00:01:38,580
Only one the most skillful I.T. staff member is around.

19
00:01:38,590 --> 00:01:42,120
Usually it's the other way around.

20
00:01:42,140 --> 00:01:46,800
Any person who is currently at work must be able to carry out intentional counter actions.

21
00:01:48,320 --> 00:01:53,330
It's a lot easier to deal with attacks if there's a security policy available that has been proved and

22
00:01:53,330 --> 00:01:54,310
is effective.

23
00:01:56,490 --> 00:02:00,960
Let's start with the methods for ensuring that the services provided by a computer system wouldn't have

24
00:02:00,960 --> 00:02:02,930
to be automatically shut down.

25
00:02:09,510 --> 00:02:16,020
Any small failure or attack can't result in the service down time.

26
00:02:16,050 --> 00:02:21,730
Let's first take a look at the state law services for example web servers and reports servers

27
00:02:25,090 --> 00:02:26,810
with these services.

28
00:02:26,920 --> 00:02:30,580
It's irrelevant which copy of a given service user is connecting to

29
00:02:36,230 --> 00:02:39,290
balancing where bloat is essential in this situation.

30
00:02:41,100 --> 00:02:45,960
We should implement a solution that will redirect user queries to different servers in an invisible

31
00:02:45,960 --> 00:02:47,430
and transparent manner.

32
00:02:49,580 --> 00:02:58,130
The services that provide a specific service need to be duplicated so there's more than one server.

33
00:02:58,310 --> 00:03:04,280
If that's the case a failure shut down or other unexpected event that will occur and one server won't

34
00:03:04,280 --> 00:03:07,570
change the availability of service from a user standpoint.

35
00:03:09,760 --> 00:03:16,890
It will probably affect the performance of a service while there'd be some steps to be taken.

36
00:03:16,910 --> 00:03:18,710
The computer system will still be up

37
00:03:22,530 --> 00:03:27,450
and additional benefit for this solution is relieving the performance of the entire service.

38
00:03:29,100 --> 00:03:34,380
Redirecting every second query to a different server helps not only decrease the potential system failure

39
00:03:34,380 --> 00:03:39,020
frequency and improve the security but also to lower service load

40
00:03:43,970 --> 00:03:45,290
in this solution.

41
00:03:45,320 --> 00:03:51,960
Each server that provides a service stores its own data backup copy its own website backup or its own

42
00:03:51,960 --> 00:03:53,710
reports backup and so on.

43
00:03:56,240 --> 00:04:01,400
This means that while recovering data after attacks or while mitigating the effects of attacks will

44
00:04:01,400 --> 00:04:06,790
need to synchronize the data data volumes are often high.

45
00:04:06,950 --> 00:04:12,080
So there is a necessity for allowing for a sufficient period of time for the secret ization to complete

46
00:04:16,260 --> 00:04:17,300
thanks to this solution.

47
00:04:17,310 --> 00:04:22,610
However we'll have a system backup prepared in case there's a need for restoring it on a different node

48
00:04:27,490 --> 00:04:33,060
and alternative solution for load balancing is deploying fell over cluster's.

49
00:04:33,150 --> 00:04:39,050
This is a standard approach that is implemented in the operating system level.

50
00:04:39,060 --> 00:04:44,070
The solution involves creating a virtual computer made up from more than one node.

51
00:04:44,070 --> 00:04:45,720
A node is a physical computer

52
00:04:48,250 --> 00:04:53,450
nodes are basically classified as passive very active.

53
00:04:53,650 --> 00:04:58,350
The respective names represent the role the node has and the fail over cluster architecture.

54
00:05:00,860 --> 00:05:05,860
An active node is a no to what users connect and which also receives all queries from users.

55
00:05:07,610 --> 00:05:10,880
A passive node is a node that doesn't manage queries.

56
00:05:13,070 --> 00:05:17,650
Fell over cluster's don't enhance the performance or availability of the entire solution.