Lecture 11Business analysis paper feedbackReliability BasicsMath of AvailabilityFig 6.1 Five Components in SeriesFig 6.2 Combining components in series decreases overall availability exponentiallyRedundancy through parallel componentsFig 6.4 Redundancy increases overall availabilityMore general networksHigh Availability FacilitiesN+1 vs. N+N redundancyFig 6.5 Typical E-commerce InfrastructureReliability vs. SecuritySecurity against malicious threatsFig 6.7 distributed Denial of service attackFig 6.8 SpoofingIntrusionViruses and wormsDefensive MeasuresSlide 20Slide 21Security Management FrameworkRisk Management of Availability and SecurityIncident Management (Recall last week’s case)Case this week: Ford and DellLecture 11Reliability and Securityin IT infrastructure2Business analysis paper feedback•Interesting topics•Be specific in what questions you want to cover–You cannot do it all–Some resources will be harder to find•Be clear where information is coming from•Look for good references now3Reliability Basics•Redundancy–Multiple paths through a network make the network robust to failing links•Individual components are not so reliable–Buying backup equipment is possible, but sometimes expensive•Redundancy can make more complex management challenges4Math of Availability•Difference between 2% down in one business vs another–When might it go down?–Who is affected5Fig 6.1 Five Components in Series•Total availability of components in series requires all components to be available6Fig 6.2 Combining components in series decreases overall availability exponentially•Increased number of components increases the likelihood that one of them is out7Redundancy through parallel components•All components have to fail in order for the link to fail8Fig 6.4 Redundancy increases overall availability9More general networks•How do we calculate probability of failure in network?•How do we recognize the critical vulnerabilities?10High Availability Facilities•Redundant power supply•Physical security•Climate Control•Fire suppression•Network connectivity11N+1 vs. N+N redundancy•N+1 means one backup per type•N+N means one backup per component12Fig 6.5 Typical E-commerce Infrastructure•Most components have redundancy•Why not all?13Reliability vs. Security•What is the difference?•What different scenarios need to be considered?14Security against malicious threats•Multiple different types of threats15Fig 6.7 distributed Denial of service attack16Fig 6.8 Spoofing•Packets look like they came from another source17Intrusion•Attacker gains access to internal IT structure–Usernames/passwords–Hacking using sniffer software•Once inside, intruder can –Steal information–Alter data–Delete data–Deface programs/websites•Detecting what someone has actually done is difficult18Viruses and worms•Malicious software programs that replicate and spread to other computers•Large range of potential damage•Usually, viruses require user execution, whereas worms move automatically•Recent examples target vulnerabilities, trigger cascade of events19Defensive Measures•Access and security policies–Who can read what?–Who can have an account?–Who is allowed to change what?–How is policy enforced?•Firewalls–Collection of hardware, software to prevent unauthorized access o internal computer resources–Act like a security gate to check legitimate employees trying to use network–Filtering vs. relaying20Defensive Measures•Authentication–Various levels (host, network etc.)–Any granularity possible (files, directories etc.)–Strong authentication requires complex passwords, often changing–Digital certificates–Biometric data•Encryption–Uses a key to decode and decode message–Public/private combination–Only person with private key can decrypt21Defensive Measures•Patching–Exploiting weaknesses in system is a primary strategy for attack–Knowing what has been patched is critical•Intrusion detection and network monitoring–Automatically filtering out attacks is best–Logging and diagnostic systems help improve and detect what has actually happened22Security Management Framework•Make Deliberate Security Decisions•Consider Security a Moving Target•Practice Disciplined Change Management•Educate Users•Deploy Multilevel Technical Measures, as many as can afford23Risk Management of Availability and Security•Cannot afford to stop every possibility•Expected loss is one measure (prob. x cost)24Incident Management (Recall last week’s case)•Before–Sound infrastructure–Disciplined execution of operating procedures–Careful Documentation–Established Crisis Management procedures–Scenario testing•During–Follow the plan!–Avoid emotional, over-optimistic or political influences•After–Detect what has happened–Rebuild carefully–Document–Public Announcement Decisions25Case this week: Ford and Dell•Read both the Ford Case and the Dell
View Full Document
Unlocking...