🎯 Fault Tolerance vs. System Resiliency

March 9, 2022

🎯 #CISSP Tips

🎯 Fault Tolerance vs. System Resiliency

🎤 Words have some intrinsic meanings, and based on its genesis (etymology) it inherits certain story/context. Interestingly, at times while language evolves and is conditioned across different cultures, meanings of words also travels in the invisible cosmos of human consciousness, making it a subject of change over times.

📚 CISSP demands the visualisation of definitions in certain context. Take the example of MTTF. MTTF is a rough indication of End-Of-Life of a system. However in CISSP-verse this is taken in the context of “backup tapes” indicating “the number of times a tape can be reused before removing it from the service”. This context confirms the EOL definition, but is more specific. Moreover you get the mental picture in your mind to stick this term with a magnetic tape.

🍀🌻🌴 This is crucial to know the “context” if we wish to pass the exam. Context for the definitions helps you to have a story in mind which keeps the definition alive. If you lose the story, you lose the definition. Think of the definition as a “fish” and the story as a nice “aquarium”. You lose the aquarium, you lose the fish. Think again, what mental picture you get when someone speaks BCP, DRP, IRP etc. If you do not get a picture, your definitions is bound to get forgotten over time.

🦠 ✈️ Past few years were all news with COVID and travel restrictions. Coming back to the topic with some relevant example. If you get COVID virus exposed to you and your fitness is intact, it means you have COVID tolerant immunity. However, if you get ill and got recovered, we can say that you have COVID resilient health. Similarly, a twin-engine aeroplane is a fault tolerant system, in a way if one engine fails, other engine will take over. This makes the aeroplane a crash resilient transport in the context of engine failure. You will realise with these examples that system resiliency is dependent on its component’s fault tolerance. I can safely say that resiliency is a function of tolerance.

Resiliency = f (tolerance)

🧮 This makes tolerance an independent variable, without it resiliency will not be possible. This interdependence is something I came up with and you can comment if you feel some example of tolerance free resiliency.

🪐 In CISSP-verse, talking about disks-mirroring is a fault tolerance feature, which will give rise to system resiliency for data availability. You may also think of dual power supply as a power fault tolerant mechanism which will give rise to system resiliency to power outages. I hope this make sense. You can provide feedback if you feel otherwise.

🧎‍♂️Thinking on the same line, a quote just took shape in my mind: You are resilient to self destruction if you have high tolerance to anger. Think and be cool while preparing CISSP. Happy Learning.

#cissptraining

CVE-2021-44228 – Log4Shell/Log4J

March 5, 2022

🪢 There has always been this tug-of-war between what is “comfortable” vs. what is “healthy”, since ages, and has been more of discussion with technology proliferation in our day to day affairs.

👨🏻‍💻 Software developers, while documenting and logging an application’s physiology, tend to be creative and use “variables” in making the program’s footprint more meaningful.

🤗 This is exciting, I mean how helpful it is to read and refer software logs if it contains useful runtime informations. In simple terms, knowing current directory, resource utilisations etc. while writing a piece of information in software logs bears enormous intelligence.

🎯 Personally I am a fan of using this methodology. I am not a software developer, but used this technique in automating alerts for link latency, resource utilisation using SolarWinds NPM. Back in year 2007-2008 I learned SolarWinds from Rajiv Bahl. I was mesmerised by the innovative approaches he used in using MS Visual Basics in demonstrating resiliency in key network components, animated presentations for packet flow, and most importantly harnessing the power of SolarWinds’s SQL database (in using key tables) in forming SLA reports. I took this inspiration and learning to level next in automating link latency alerts. So the boring latency, flap, jitter alerts were replaced with formally drafted email alerts starting with “Dear Team, I am ROUTERXXX…” and having a body of message embedding key values of troubleshooting importance, being called using SQL queries.

🧞‍♂️ This was magic. When I did this alert automation for call centre links and an automated SMS/Email when latency exceeds 170ms from Sydney to Mumbai; was highly appreciated by service management team. We were more proactive, excellent customer satisfaction, and I secured an “innovation Award” for that quarter.

🧐 When I look back, I see myself so charged with innovation and undermining security challenges it brings home. With CISSP, my lens changed so my frame of reference and I started to think these past memories from a totally new frame of reference. I don’t see it was bad from a security standpoint, but this Log4J, kind of rekindled my past life of using variables and bringing automation-driven intelligence to logging.

📚 The details are already documented here: [https://www.cygenta.co.uk/post/log4shell-in-simple-terms], and I will encourage people to read this excellent piece for a quick understanding.

🧪🔬 Using variables gives great power and ease. It make us use information in more intelligent way saving huge time and effort, but this ease comes at the cost of misusing these variable driven intelligence mechanism.

Log4J/Log4Shell is a classical example of this paradox we are faced with. Some enjoy ease and innovations, other enjoy exploitation and evil; and some stands guarding the castle. This is IT and every one enjoys what they love the most.

#security #log4j #log4jvulnerability #cissp #ccsp #solarwinds #grc #technology

CCSP Final Notes – Before Passing the Exam

February 16, 2022

🧎‍♂️All praise 😇 to Almighty Allah for giving me the strength to get ✅ CISSP and ✅ CCSP both within a span of 2 months 🎯. The Journey was too exciting, intense and anxiety filled.

📗 Sharing here the final notes for CCSP from Ben Malisow’s book 📚 and question practices takeout. I will try to populate this blog with more useful informations iA.

🎪 Following is my #CCSP experience,

🎯 When i passed #CISSP on 30th Dec, i felt this to be a miracle. I was not sure 🤨 about how prepared i was, but i was kind of sure that i have exhausted all my energy 🏋️‍♀️ in keeping nimble conceptual butterflies 🦋 within my reach 🏃🏻‍♂️.

☪️ Experiences like these where we feel a calling getting fulfilled in some mysterious ways reminds me of following ayah of the guiding book i follow,

“… And He found you lost and guided [you],”

– Holy Quran, Chapter 93 Verse 7.

🎯 For CCSP I followed Sybex 2nd edition CCSP book by Ben Malisow. The book is excellent in the way it flows with the content. It took me a week or 10 days to finish the book in early January [I love reading and it helped me,]. While I was almost finishing the book I read a bit of CCSP CBK by Gordon. However, I do not wanted myself to climb the uphill again and redo all my notes, I kept this book aside.

🎯 For questions, I referred the official ISC2 app based practice on my phone. It is convenient, in malls, in parks, anywhere we can refer quick questions and refresh dormant topics.

🍀 Interestingly, for CISSP I referred a lot of videos and online materials (and it was a great help from Luke AhmedPrabh Nair Your Cybersecurity Instructor / CISO and countless Infosec champions online), but for CCSP, I followed the old school obscure path of trusting a text book, doing questions and exercise and hoping to score well.

🔬🧪 The key secret in both the exams is how you form a solid story in your mind to keep concepts alive till your exams day, without getting overly frustrated. To master this secret we need a calm attitude, serially processing one topic at a time with all enthusiasm, creativity, and hard work. Friends, family and extended meaningful social media connections always help.

🌦Somewhere in between I got interested in Azure (courtesy Ranga Karanamin28minutes i passed AZ-900), and preparing for Azure helped me in getting some mental Visuals of how the cloud looks like from inside. However, I will not suggest that this is a must for the exam. It depends on individual’s taste and strength.

👍 Best of luck to all my digital family members in hitting the journey and I hope we all will inspire each others with their success stories.

🌈 My CCSP notes are revised here: https://lnkd.in/gJEJC9jn

🚴‍♀️ For me it was fun, 🎡 joyride, 3 months, 3 certifications ✅

😇 JazakAllah Khair,
📚 Happy Learning,

ccsp-fact-sheet-v1.0Download