In this video you will learn about backup sites such as hot, cold & warm sites. You will also learn about deception & disruption practices such as honeypots, honeynets, fake telemetry, & DNS sinkholes.
Site Resiliency
Site resiliency is the ability of a server, network, storage system or an entire data center to recover quickly & continue operating even when there has been an equipment failure, power outage or other disruption. Site resiliency is often achieved through the use of redundant components, systems, & facilities. When one element fails or experiences a disruption, the redundant element takes over seamlessly and continues to provide computing services to the user base.[1] Three components of data resiliency that you need to learn about for the CompTIA Security+ SY0-601 certification exam are the following:
Honeypot/Honeynet
Honeypots are a type of deception technology that allows network & system administrators to understand attacker behavior patterns. Security teams can use honeypots to investigate cybersecurity breaches to collect intel on how cybercriminals operate. They also reduce the risk of false positives, when compared to traditional cybersecurity measures, because they are unlikely to attract legitimate activity. A honeynet is a decoy network that contains one or more honeypots. It looks like a real network and contains multiple systems but is hosted on one or only a few servers, each representing one environment. For example, a Windows honeypot machine, a Mac honeypot machine and a Linux honeypot machine. A “honeywall” monitors the traffic going in and out of the network and directs it to the honeypot instances. There, vulnerabilities can be injected into the honeynet to make it easy for an attacker to access the trap.[2]
Fake Telemetry
Telemetry is a term for technologies that accommodate collecting information in the form of measurements or statistical data, and forward it to IT systems in a remote location. This term can be used in reference to many different types of systems, such as wireless systems using radio, ultrasonic or infrared technologies, or some types of systems operating over telephone or computer networks.[3] Some organizations deploy fake telemetry as decoys and breadcrumbs in order to lure & trick attackers. Similarly, attackers have compromised systems that also generate fake telemetry and reporting data to fool security monitoring systems, analysts in a security operations center (SOC), & evade other security controls that may be in place.[4]
DNS Sinkhole
A DNS sinkhole is simply a DNS server that gives users false domain names. It is also known as a “sinkhole server”, an “Internet sinkhole”, or a “blackhole DNS”. Legit DNS servers are set up to point users to the correct IP address every time they type a specific domain name into their browsers in hopes of visiting a particular website. DNS sinkholes disrupt the intended flow of Internet traffic from a domain name to its correct IP address. As a result, anyone who accesses one gets sent to a different IP address. DNS sinkholes can be both good and bad. Cyber attackers can use them to point users to their specially crafted malicious sites via DNS-based attacks like DNS hijacking. But law enforcement agents and cybersecurity experts also use DNS sinkholes to point the would-be victims of cyber attacks to web properties that are safe to access instead.[5]
References