How many.su domains are there?
Even though the Soviet Union itself was dissolved a mere 15 months later, the .su top-level domain remains in use today with over 100,000 .su domains as of July 2020. [update] . It is administered by the Russian Institute for Public Networks (RIPN, or RosNIIROS in Russian transcription).
When was the.RU domain created?
In 1994 the .ru domain was created, which is supposed to eventually replace the .su domain (domains for the republics other than Russia were created at different times in the mid-nineties). The domain was supposed to be withdrawn by ICANN, but it was kept at the request of the Russian government and Internet users.
Is the TLD domain still used?
Despite the dissolution of the Soviet Union and the superseding of the TLD by the new country TLDs of the republics that gained independence, it is still in use as of 2021. [update] .
Investigations
Information Security Practices
- Domain 7 covers some security practices that you should know about when preparing for the CISSP exam: 1. Need to Know. 2. Least privilege. 3. Separation of duties. 4. Dual Control : When two persons are required to execute a task. 5. Two-man rule, Two-person integrity : When the presence of two authorized persons is required for an action to be per...
Securely Provision Resources
- Asset inventory
Asset inventory should Include both physical and virtual assets. For each asset, the following should be identified: 1. Owner. 2. Value 3. Cost of maintenance. 4. Location. 5. Lifespan. 6. Security classification. 7. Dependencies. Automated tools can be used for asset inventory, like f… - Configuration management
Some important concepts related to configuration management that you should know about: 1. Configuration Item (CI) : Any item that needs to be managed. 2. Baseline Configuration (BC) : A reference configurations that systems can be compared to in order to ensure that they are confi…
Detective and Preventive Measures
- Third-party
The following services can be managed by an external third-party organization: 1. Threat intelligence. 2. Physical security. 3. Audit. 4. Network monitoring. When contracting a third-party organization, you should keep in mind the following considerations: 1. Strong contract language… - Sandboxing
There are two types of sandboxing environments: 1. Hardware : A hardware environment that mimics the production environment. Much smaller in size, and contains only the necessary machines. 2. Software : A software environment where running processes do not affect other pr…
Incident Management
- Incident management follows the following steps: 1. Detection 1.1. Using ogs, SIEM…. 1.2. People also can sense if an incident is happening. 1.3. Goal of first responder : Contain damage. 2. Response 2.1. Confirm the incident. 2.2. Triage based on impact (Low, moderate, high). 3. Mitigation 3.1. Isolate and contain the incident. 3.2. Mitigation ends with stability. 4. Reporting 4.…
Recovery Strategies
- Backup storage
There are three ways you can use to backup storage: 1. Full : Backup all data. 2. Differential : Backup only data that has changed from the last full back-up. 3. Incremental : Backup only data that has changed from the last full, differential or incremental backup. - Recovery site
Consider the proper distance for the alternate site : Not too close to be impacted by the disaster, and not too far for it to be inaccessible for employees. These are the most common types of recovery sites: 1. Hot : Contains all hardware, software, and data necessary for operation. The m…
Disaster Recovery Processes
- In order to know when to launch a disaster recovery response, the following points should be determined: 1. People authorized to initiate the response. 2. Criteria for initiating the response. 3. Information and decision streams. In addition, key personnel should be identified. 1. Responders: 1.1. Each response role should be assigned a specific person and also an alternate. They both s…
Disaster Recovery Plan Testing
- There are five types of DRP testing: 1. Read-through : The most basic. Each person has to go through the plan. Also called checklist. 2. Walk-through : Simulation of response activities at actual locations. Also called tabletop. 3. Simulation : Like for example a fire drill. 4. Parallel : Tests are conducted in parallel in an alternate site without impacting the operations. But it requires mo…
Personnel Safety
- Travel
The traveling employee should be aware of local risks, and local emergency contacts. The organization should consider the insurance coverage and Secure remote access. In addition, the employee may be in a different jurisdiction. It is therefore necessary to consider how this might i… - Duress
A duress code is a code word in case an employee is being threatened. The duress code should be changed regularly. It should also be easy to remember, and subtle as to not create suspicion. We have now gone through all items that are covered in the domain 7 of the CISSP. If you notice …