1.6 IT Concepts and Area of Concerns for the Risk Practitioner
Environmental Controls
Risk practitioner should consider following aspect of environmental controls:
Following are four types of power failure:
Following are four types of power failure:
Uninterruptible power supply (UPS) can help to support the organization from interruptions, which last from a few seconds to 30 minutes. Alternate power supply (such as power generator) medium is most effective when there is long term power unavailability.
Following are some of the best practices for maintenance of water and smoke detectors:
In the computer room, water detectors should be placed under raised floors and near drain holes.
Smoke detectors should be installed above and below the ceiling tiles throughout the facilities and below the raised computer room floor.
Location of the water and smoke detector should be highlighted for easy identification and access.
Responsibility to be assigned to a dedicated employee for remedial action in case of alarm. Standard operating procedure should be available.
Location of these devices is very important and should be placed in such a way to give early warning of a fire.
Power supply to these devices should be sufficient.
These devices should be tested at regular intervals.
Emergency evacuation plans should be posted throughout the facility.
Electrical wiring should be placed in fire-resistant panels and conduit. This conduit should ideally lie under the fire-resistant raised computer room floor.
Following are some of the fire suppression system:
Network Components
Cabling
Following types of cabling are used in networking
Twisted Pairs (shielded twisted pairs (STP) and unshielded twisted pairs (UTP))
Fiber-optics
Co-axial
Shielded Twisted Pair (STP)
Two insulated wires are twisted around each other, with current flowing through them in the opposite direction.
This reduces the opportunity for cross talk and allows for lower sensitivity for electromagnetic disturbances.
CAT7 cable is a shielded cable. that protects each pair of wires and the cable itself, thereby reducing noise and cross talk for ultra-high speed Ethernet.
Two insulated wires are twisted around each other, with current flowing through them in the opposite direction.
This reduces the opportunity for cross talk and allows for lower sensitivity for electromagnetic disturbances.
CAT7 cable is a shielded cable. that protects each pair of wires and the cable itself, thereby reducing noise and cross talk for ultra-high speed Ethernet.
Unshielded Twisted Pair (UTP)
For unshielded twisted pairs a disadvantage is that it is not immune to the effect of electromagnetic interface (EMI).
Unshielded twisted pairs should be away from potential interference such as fluorescent lights.
Parallel runs of cable over long distances should be avoided since the signals on one cable can interfere with signals on adjacent cables (i.e. cross talk).
The least expensive option used for many local area networks (LANs) is UTP cable with a grade of category 5e (CAT5e) or category 6 (CAT6).
However, cable should not exceed the approved length of the cable runs (100 meters for CAT5e, 55 meters for CAT6).
For unshielded twisted pairs a disadvantage is that it is not immune to the effect of electromagnetic interface (EMI).
Unshielded twisted pairs should be away from potential interference such as fluorescent lights.
Parallel runs of cable over long distances should be avoided since the signals on one cable can interfere with signals on adjacent cables (i.e. cross talk).
The least expensive option used for many local area networks (LANs) is UTP cable with a grade of category 5e (CAT5e) or category 6 (CAT6).
However, cable should not exceed the approved length of the cable runs (100 meters for CAT5e, 55 meters for CAT6).
Fiber Optics
Glass fibers are used to carry binary signals as flashes of light.
Fiber-optic systems have very low transmission loss.
Fiber-optics are not affected by electromagnetic interference (EMI).
Fiber-optic cables have proven to be more secure than the other media.
Fiber is a preferred choice for high volume and long distance calls.
Repeaters
Dictionary meaning of repeater is a person or thing that repeats something.
In telecommunications, a repeater is an electronic device that receives a signal and retransmits it. Repeaters are used to extend transmissions so that the signal can cover longer distances or be received on the other side of an obstruction.
Dictionary meaning of repeater is a person or thing that repeats something.
In telecommunications, a repeater is an electronic device that receives a signal and retransmits it. Repeaters are used to extend transmissions so that the signal can cover longer distances or be received on the other side of an obstruction.
They compensate for signals that are distorted due to a reduction of signal strength during transmission
Hub
Hub connects many devices together for exchange of data.
Hub broadcast message to all the connected devices.
Collisions occur commonly in setups using Hubs.
Hub cannot learn or store MAC addresses.
Hubs are classified as Layer 1 (Physical Layer) of OSI models.
Hub connects many devices together for exchange of data.
Hub broadcast message to all the connected devices.
Collisions occur commonly in setups using Hubs.
Hub cannot learn or store MAC addresses.
Hubs are classified as Layer 1 (Physical Layer) of OSI models.
Switches
Switch is a more advanced /intelligent version of a Hub.
Switch send message to only required device.
No collusion occurs in the full duplex switch.
Switch stores MAC addresses in a lookup table.
Switches operate at Layer 2 (Data Link Layer) of OSI model.
Switch is a more advanced /intelligent version of a Hub.
Switch send message to only required device.
No collusion occurs in the full duplex switch.
Switch stores MAC addresses in a lookup table.
Switches operate at Layer 2 (Data Link Layer) of OSI model.
Router
Routers are a more intelligent version of Switch.
Routers operate at the network layer.
By examining the IP address, the router can make intelligent decisions to direct the packet to its destination.
The network segments linked by a router, however, remain logically separate and can function as independent networks.
Routers can block broadcast information, block traffic to unknown addresses, and filter traffic based on network or host information.
Firewall
Firewall is a device to monitor and control the network traffic. It is generally placed between an organization's internal network and internet for protection of the system and infrastructure of the organization.
Following are types of firewall:
Packet Filtering Router
Simplest & earliest kind of firewall.
Allow or Deny action is done as per IP address and port number of source & destination of packets.
Works at Network Layer of OSI.
Simplest & earliest kind of firewall.
Allow or Deny action is done as per IP address and port number of source & destination of packets.
Works at Network Layer of OSI.
Stateful Inspection
A stateful Inspection firewall keeps track of destination of each packet that leaves the internal network.
It ensures that the incoming message is in response to the request that went out of the organization.
Works at Network Layer of OSI.
A stateful Inspection firewall keeps track of destination of each packet that leaves the internal network.
It ensures that the incoming message is in response to the request that went out of the organization.
Works at Network Layer of OSI.
Circuit Level
Works on the concept of bastion host and proxy server.
Same Proxy for all services.
Works at Session Layer of OSI.
Works on the concept of bastion host and proxy server.
Same Proxy for all services.
Works at Session Layer of OSI.
Application Level
Works on the concept of bastion host and proxy server.
Separate Proxy for each application.
Works at Application Layer of OSI.
Controls applications such as FTP and http.
Out of the above firewalls, application level firewall is the most secure type of firewall.
Works on the concept of bastion host and proxy server.
Separate Proxy for each application.
Works at Application Layer of OSI.
Controls applications such as FTP and http.
Out of the above firewalls, application level firewall is the most secure type of firewall.
Risk practitioners should conduct the review of firewall parameter settings to ensure that firewall rules are deployed as per security policy.
Proxy
A proxy is a middleman. Proxy stands between internal and external networks.
Proxy will not allow direct communication between two networks.
Proxy technology can work at different layers of OSI models. A proxy based firewall that works at a lower layer (session layer) is referred to as circuit-level proxy. A proxy based firewall that works at a higher layer (application layer) is called an application level proxy.
A proxy is a middleman. Proxy stands between internal and external networks.
Proxy will not allow direct communication between two networks.
Proxy technology can work at different layers of OSI models. A proxy based firewall that works at a lower layer (session layer) is referred to as circuit-level proxy. A proxy based firewall that works at a higher layer (application layer) is called an application level proxy.
Domain Name System
Domain name system (DNS) provides a simple cross-reference between domain name and related IP address.
For example, if the IP address for the particular website is 192.166.1.0 and the name of the website is www.criscstudy.blogspot.com.
User will type www.criscstudy.blogspot.com and DNS server will redirect to logical address i.e. 192.166.1.0
DNS can be used by hackers to gather the information about the organization for planning the attack.
Also, tools and techniques are available to send false DNS replies to misroute the traffic.
DNS replies are also used in amplification attacks to flood traffic to a particular system.
In pharming attack, malware changes domain name system (DNS) server settings and redirects users to malicious sites
Domain name system (DNS) provides a simple cross-reference between domain name and related IP address.
For example, if the IP address for the particular website is 192.166.1.0 and the name of the website is www.criscstudy.blogspot.com.
User will type www.criscstudy.blogspot.com and DNS server will redirect to logical address i.e. 192.166.1.0
DNS can be used by hackers to gather the information about the organization for planning the attack.
Also, tools and techniques are available to send false DNS replies to misroute the traffic.
DNS replies are also used in amplification attacks to flood traffic to a particular system.
In pharming attack, malware changes domain name system (DNS) server settings and redirects users to malicious sites
Demilitarized Zone
Demilitarized zone (DMZ) is the area which is accessible to the external network.
Objective of setting up a DMZ is to prevent the external traffic to have direct access to critical systems of the organization.
All the systems placed in DMZ should be hardened and all required functionality should be disabled.
Such systems are also referred to as bastion hosts.
The firewall ensures that traffic from the outside is routed into the DMZ.
Nothing valuable is kept in a DMZ because it is subject to attack and compromise from the attack.
Demilitarized zone (DMZ) is the area which is accessible to the external network.
Objective of setting up a DMZ is to prevent the external traffic to have direct access to critical systems of the organization.
All the systems placed in DMZ should be hardened and all required functionality should be disabled.
Such systems are also referred to as bastion hosts.
The firewall ensures that traffic from the outside is routed into the DMZ.
Nothing valuable is kept in a DMZ because it is subject to attack and compromise from the attack.
Virtual Private Network
A virtual private network (VPN) is used to extend a private network through use of the internet in a secured manner. It provides a platform for remote users to get connected to the organization's private network.
Prime objective of VPN technology is to enable remote users and branch offices to access applications and resources available in private networks of organization. A VPN is created by establishing a virtual point-to-point connection through the use of dedicated circuits or with tunneling protocols.
VPN technology, if properly configured, will reduce the risk associated with sensitive data travelling in an open public network.
Types of Network Topology
Key aspects from CRISC exam perspective
Video Tutorial - 1.6A - Demilitarized Zone
Video Tutorial - 1.6B - Virtual Private Network (VPN)
Flashcards - IT Concepts and Areas of Concern for the Risk Practitioner
Practice Questions - IT Concepts and Areas of Concern for the Risk Practitioner