8.1 - Business Continuity and Disaster Recovery

The goal of a business after a disaster is recovery. The steps required to minimize the effects of a disaster and disruption means that necessary actions are enacted to ensure that the resources, personnel, and business processes are able to resume operation in a timely manner. This differs from continuity planning, which provides procedures for dealing with long-term outages and disasters. The goal of a disaster recovery plan is to handle the disaster and its issues after the disaster occurs. Generally, the disaster recovery plan is information technology focused.

A disaster recovery plan (DRP) is used when in emergency mode. People are scrambling to bring critical systems back online. Business continuity plans (BCP) take a more broad approach to problems by: getting critical systems to other environments while repairs of the original facilities are under way.

7.5 - Internet Security

A common misconception that people tend to have is that the Web is the Internet, it is not. The Web actually runs on top of the Internet, it is the collection of servers that process websites. The Internet is the collection of physical devices and communication protocols that interact with these websites.

Web browsers understand protocols because they have the capability to process the various types of commands; however, they do not understand all of them. For those protocols or commands the user’s browser does not know how to process, the user can download and install plug-ins that integrates itself into the system or browser.

This is a quick and easy way to expand the functionality of the browser. However, this can cause serious security compromises, because the payload of the module can easily carry viruses and malicious software that users don't discover until it’s too late.

HTTP Secure (HTTPS) is the HTTP running over SSL. Secure Sockets Layer (SSL) uses a user's public key encryption and provides data encryption, server authentication, message integrity, and client authentication. Essentially, when clients access websites, the site site may have both secured and public portions. This HTTPS allows the user to access the secured portion via authentication, in some way.

7.4 - Link Encryption vs. End-to-End Encryption

Encryption is performed with different types of protection and communication levels. Two general types of encryption implemented are link encryption and end-to-end encryption. 

Link encryption, or online encryption, is provided by service providers and integrated into their network protocols. All of the information is encrypted, the packets must be decrypted at each point to the router to send the packet next. The router must decrypt the header portion of the packet, read the routing and address information within the header, and then re-encrypt it and send it on its way.

With end-to-end encryption, the packets do not need decryption and then encryption at each hop. This happens because the headers and trailers are unencrypted. Also, the devices between the beginning and the end destination read the necessary routing information and pass the packets on the way.

7.3 - Public Key Infrastructure

Public key infrastructure contains programs, data formats, procedures, communication protocols, security policies, and public key cryptography working together. The public key establishes trust within an environment.

This ISO framework uses public key cryptography it sets up authentication across various networks and the Internet. Public key cryptography is alternatively named as asymmetric algorithms.

We need e-mail clients, e-mail servers, and e-mail messages, which together build a type of infrastructure—an e-mail infrastructure. PKI is made up of many different parts: certificate authorities, registration authorities, certificates, keys, and users. The following sections explain these parts and how they all work together.

7.2 - Methods of Encryption

There are several parts to an encryption process; however, it should be noted that there are two main pieces: algorithms and keys. Algorithms used in computer systems are complex mathematical formulas enforce rules of how the plaintext will be turned into cipher-text. Keys are strings of bits that use these algorithms and add randomness for encryption.

To allow entities to communicate through encryption, these entities must use the same algorithm and the same key. With some encryption technologies, the receiver and the sender have the same key to use (symmetric), and in other encryption technologies, they must use different related keys for encryption and decryption (asymmetric, public and private keys).

Example of symmetric encryption.

7.1 - History of Cryptography

Cryptography is believed to originate in Egypt, around 2000 B.C. Hieroglyphics, at the time, were used to decorate tombs which told the life story of the deceased. This practice was to portray the story in a noble and ceremonial manner than to actually hide the messages themselves.

Over time, encryption evolved from being visual representations of storytelling and into applications used to obscure information from others.

For example, substitution cipher (replacement of characters with another characters), became a cryptographic method used. A method of this could be used to require the alphabet to be flipped so each letter in the original alphabet corresponds to a different letter in the flipped alphabet. This was encryption method was called atbash, which hid the true meaning of messages.

Example:

ABCDEFGHIJKLMNOPQRSTUVWXYZ
ZYXWVUTSRQPONMLKJIHGFEDCBA

“As an example, suppose we need to encrypt the message “Logical Security.” We take the first letter of this message, L, and shift up three locations within the alphabet. The encrypted version of this first letter is O, so we write that down. The next letter to be encrypted is O, which matches R when we shift three spaces. We continue this process for the whole message. Once the message is encrypted, a carrier takes the encrypted version to the destination, where the process is reversed.”
-CISSP Security Guide

Plaintext:
LOGICAL SECURITY

Ciphertext:
ORJLFDO VHFXULWB

Presently, this technique is rather too simplistic and ineffective; however, in the time of Julius Caesar, few people could read, so a high level of protection was provided. The Caesar cipher is an example of a monoalphabetic cipher. Once more people could read and reverse-engineer this type of encryption process, the cryptographers of that day increased the complexity by creating polyalphabetic ciphers.

6.5 - Networking Devices

There are several types of networking devices. These include LANs, MANs, and WANs that  provide intercommunication among computers and their networks. These different networking devices vary based on their capabilities and intelligence

• Repeaters
• These provide the most basic type of connectivity, by only repeating electrical signals between cable segments which enables it to extend a network at the physical layer. Additionally, repeaters are add-on devices that extend network connection over further distances. The device amplifies signals.
• Bridges
• Bridges are LAN devices that connect LAN segments at the data link layer. Repeaters forward all signals received. A bridge divides overburdened networks into smaller segments. This ensures efficient use of bandwidth and traffic control. Like a repeater, it then amplifies the electrical signal; however, it is more intelligent than a repeater and enables the administrator to filter frames for further control.
• Routers
• Routers operate at the network layer, they are devices that connect similar or different networks. They are devices with two or more interfaces and a routing table to receive and transmit packets to their destinations. Additionally, routers filter traffic based on access control lists (ACLs), and it fragments packets when necessary.
• Switches
• Switches combine the functions of repeaters and bridges. A switch amplifies electrical signals, like a repeater, and has the built-in circuitry and intelligence of a bridge.