Embed Size (px)
Citation preview
Assuring Reliable and Secure IT Services
Chapter 6
Key Learning Objectives
•Understand factors that drive IT availability and how to provision high-availability systems•Recognize sources of IT systems risk and how to secure IT systems•Recognize trade-offs involved in IT risk management and the inevitability of incidents•Understand management approaches to contain and recover from such incidents
• Redundancy: key to reliable systems– Internet robust enough to withstand
military attack• Exceptionally large number of potential
paths
– Buying extra equipment to guard against failures
–More complex, more difficult to manage
Agenda
• Availability math• High-availability facilities• Securing infrastructure against
malicious threats• Risk management of availability and
security• Incident management and disaster
recovery
Availability Math
• Reliability and availability– 98% available = running and ready to
be used 98 present of the time– Outage tolerance varies by system and
situation• Tasks• Planned or unplanned outage
– E.g. shut down for data backup
Availability of components in series
• Five Components in Series (Each 98 percent available)
Combining Components in Series Decreases Overall Availability
• 15 devices downtime exceed 25%
The effect of redundancy on availability
• Five identical components in parallel (each 98 percent available)
• 99.99999968% available eight nines of availability
High-availability facilities• Redundancy Increase Overall
Availability
• Uninterruptible electric power delivery– Two or more power cables for each
computer– Uninterruptible power supplies (UPSs)
• Physical security– Security guards, closed-circuit television
monitors (CCTVs), biometric access control systems…
– Building “hardened” against external explosions, earthquakes, and other disaster
• Climate control and fire suppression– Heating, ventilating, and air-conditioning (HVAC)
equipment – Smoke detecting, alarming and gas-based fire
suppression
• Network connectivity– 24x7network operation centre (NOC)– Three or more backbone providers
• Help desk and incident response procedures– Responding to unplanned incidents
• N+1 and N+N redundancy– For each type of critical component there should
be at least one unit standing by (N+1)– Twice as many mission-critical components as are
necessary (N+N)
A Representative E-Commerce Infrastructure
Securing infrastructure against malicious threats
• Spending less on information security than on coffee
• 2007 US 1/5 have been “targeted attack”
• Threat is evolving• Classification of
threats– External attacks– Intrusion– Viruses and worms
• Defensive measures– Security policies– Firewalls– Authentication– Encryption– Patching and change
management– Intrusion detection
and network monitoring
External attacks
• Actions against computer infrastructures that harm it or degrade its services without actually gaining access to it
• Denial of service (DoS) attacks– Customers standing in line interacting with the
cashier and deciding not to buy anything– Filter out flood traffic based on the IP address
• Won’t work on distributed denial of service (DDoS) or spoofing
– Patterns of attack can be very similar to legitimate e-commerce traffic
Denial of service (DoS) attacks
A Distributed Denial-of-Service Attack
“Spoofing”
Intrusion
• Gain access to a company’s internal IT infrastructure by a variety of methods– Social engineering
• Low-tech but highly effective techniques for getting people to freely divulge information– Telephone
– Sniffer software– Port scanned: probed for vulnerability to intrusion– Time bombs
• Figuring out what exactly intruders might have done is difficult– Not knowing the consequences high PR penalty
TJX companies
• https://www.youtube.com/watch?v=uLaiKWVI56I
• https://www.youtube.com/watch?v=GRNimxiRxQ4
Viruses and worms
• Malicious software programs that replicate, spreading themselves to other computers– Could be used to launch a DoS attack
• Stuxnet– Targeting Iran’s nuclear program– https://www.youtube.com/watch?
v=cf0jlzVCyOI– https://www.youtube.com/watch?v=v4C
Ac_zGtoY– https://www.youtube.com/watch?
v=IfcYVgRXWdY
Defensive measures
• Security A matter of degree rather than absolutes
• Security policies– Define what is
“inappropriate use”– Complexity of
password– Who can have
accounts– What are allowed to
download
• Firewalls– A collection of HW
and SW designed to prevent unauthorized access
Source: Glanceword.com
• Authentication– Control who accesses
elements of computing infrastructure
– Host authentication, network authentication, data authentication
– Strong authentication• Passwords expire
regularly
• Encryption
• Patching and change management– Patches (fixes)– Detecting a change in
size, or files should not exist• Keeping detailed records of
all files that are supposed to be on production computers
• Intrusion detection and network monitoring– Combination of hardware
probes and software diagnostic systems• E.g. honeypot
Source: http://searchsecurity.techtarget.com/feature/Honeypot-technology-How-honeypots-work-in-the-enterprise
A security management framework
• Make deliberate security decisions• Consider security a moving target• Practice disciplined change
management• Educate Users• Deploy multilevel technical
measures, as many as you can afford
Risk management of availability and security
• Prioritising involves computing the expected loss associated with incidents in these quadrants by multiplying the probability of an incident and its cost if it occurs
Incident management and disaster recovery
• Managing incidents before they occur– Sound infrastructure
design– Disciplined execution
of operating procedures
– Careful documentation– Established crisis
management procedures
– Rehearsing incident response
• Managing during an incident– Obstacles when
handling a crisis• Emotional responses• Wishful thinking and
groupthink• Political manoeuvring• Leaping to conclusion
– Public relations inhibition
• Managing after an incident
Summary
• How available do our systems need to be?
• Are we taking security threats seriously enough?
• Do we have a solid security policy in place
• Do we have plans for responding to infrastructure incidents?
• Do we practice risk management in availability and security decisions?
