Chapter 61 Β· Flashcards

Infrastructure Considerations Flashcards

Click any card to reveal its definition.

0 / 10 flipped
Availability β€” The Security Nuance
Tap to reveal
Availability is one of the CIA triad pillars: systems must be accessible when authorized users need them. The security nuance: availability must be paired with access control β€” systems should be available to authorized users only. A system accessible to everyone (including attackers) is not a security success; a system offline to legitimate users (due to DDoS) is an availability attack. Availability is expressed as an uptime percentage: 99.999% ("five nines") = ~5 minutes maximum downtime per year. Organizations invest in monitoring, redundant systems, and failover mechanisms to maximize uptime β€” while ensuring access is restricted.
MTTR β€” Mean Time to Repair
Tap to reveal
The primary resilience metric: the average time from when a failure is detected to when the system is fully restored to operational status. Lower MTTR = better resilience = less downtime. Factors that drive MTTR: (1) Root cause identification time; (2) Hardware replacement / software patch availability; (3) Redundant system readiness. Related metrics: MTTF (Mean Time to Failure) = how long before the next failure; MTBF (Mean Time Between Failures) = system reliability. Formula: MTBF = MTTF + MTTR. A high MTBF + low MTTR = highly resilient system. MTTR is reduced through pre-positioned spares, pre-built images, documented runbooks, and trained response teams.
Scalability and Elasticity
Tap to reveal
Scalability: the ability to increase or decrease capacity to match changing demand. A scalable system can handle 1,000 or 50,000 users without redesign. Elasticity: the cloud-specific capability for automatic, real-time scaling β€” expanding and contracting multiple times per day in direct response to demand, without manual intervention. Why not always provision for peak? Because idle capacity costs money β€” elasticity matches cost to actual usage. Security requirement: security monitoring must scale with the infrastructure. Auto-scaling that provisions new compute instances without deploying SIEM agents and endpoint monitoring creates unmonitored attack surfaces.
Responsiveness
Tap to reveal
The time between a user submitting a request and receiving a complete response. Critical for interactive applications β€” humans are sensitive to delays above ~100–200ms. Responsiveness is a composite of all components in the request path: network latency + application processing + database query time + caching. The weakest link determines overall responsiveness β€” a fast web server with a slow database query still delivers a slow response. Security appliances (WAF, IPS) that inspect every request add processing latency that degrades responsiveness. End-to-end measurement is required; optimizing one fast component while a bottleneck exists elsewhere has no user-visible benefit.
Ease of Deployment and Orchestration
Tap to reveal
Modern applications have many components (web server, database, caching, load balancer, firewall, monitoring agents) β€” deploying them manually is complex and error-prone. Orchestration defines the entire deployment as code (Terraform, CloudFormation, Ansible) that provisions all components in the correct order, with the correct configuration, automatically and repeatably. Security benefit: manual deployment steps that are forgotten (firewall rules, monitoring agents, certificates) become vulnerabilities. Orchestrated deployments execute the same configuration every time β€” security settings are peer-reviewed, version-controlled, and identical across development, staging, and production. Deployment decisions must be addressed during the engineering phase, not improvised at deployment time.
Risk Transference β€” Cybersecurity Insurance
Tap to reveal
Risk transference shifts the financial consequences of a risk to a third party β€” accepting that the risk may occur, but ensuring financial impact is partially absorbed by someone else. Cybersecurity insurance covers: business interruption losses, incident response costs, ransom payments (in some policies), legal defense and settlements, and breach notification costs. Grown significantly with the rise of ransomware. Critical distinction: insurance is not a security control β€” it does not prevent incidents or reduce their probability. It only transfers financial consequences. It complements security controls; it does not replace them. Insurers now require minimum security controls (MFA, EDR, backups) before issuing policies.
Ease of Recovery
Tap to reveal
The speed and simplicity of restoring systems after an incident β€” a design criterion that must be planned before failures occur. The classic comparison: reloading from original installation media (~90 minutes per system) vs. deploying from a pre-built corporate image (~15 minutes per system). For 50 systems: 75 hours vs. 12.5 hours β€” a significant operational cost difference. Recovery procedures must be designed during the engineering phase, not improvised during a crisis. Ease of recovery directly determines the financial and operational impact of any incident: time offline = money lost. Modern approaches: corporate images, cloud snapshots, containerized restarts (seconds).
Patch Management
Tap to reveal
The organized process of identifying, testing, and deploying software updates to fix security vulnerabilities and bugs. The first task after deploying a new system: check and apply all patches released since the installation media was created. Standard cycle: vendor releases patch β†’ evaluate severity β†’ test in non-production β†’ deploy to production. Microsoft releases patches on the second Tuesday of each month ("Patch Tuesday"). Test before production β€” a patch that breaks a critical application is itself an availability incident. Speed vs. thoroughness tradeoff: critical zero-day vulnerabilities require accelerated emergency patching where the risk of delay exceeds the risk of abbreviated testing.
Inability to Patch
Tap to reveal
Some systems cannot be updated through standard patch management: embedded systems (HVAC controllers, time clocks, badge panels), FDA-regulated medical devices, legacy industrial equipment, and end-of-support software. These systems have known vulnerabilities that will never be fixed. Compensating controls applied at the network boundary (not the device): (1) Network isolation on a dedicated VLAN β€” the vulnerability cannot be exploited if there is no network path; (2) Firewall permitting only required traffic; (3) Physical access control; (4) Network-level monitoring for exploitation attempts. The long-term solution is device replacement; compensating controls are the interim mitigation.
Power Infrastructure β€” UPS and Generator
Tap to reveal
Power is the invisible foundation of all IT infrastructure β€” without it, availability = 0%. Two backup power layers work together: UPS (Uninterruptible Power Supply): battery-backed device that provides immediate power when utility power fails β€” bridges the gap from outage to generator start (seconds to minutes). Also conditions power quality. Generator: diesel or natural gas backup power for extended outages β€” fuel-dependent duration. Together: UPS provides instant power β†’ generator starts (10–30 seconds) β†’ generator takes over β†’ UPS recharges. Without UPS, servers lose power during the generator start window. Data centers also use dual utility feeds for redundancy at the source.