Assuring Reliable and Secure IT Services

Chapter 6

Availability Math

• Availability of components in series

C h a p t e r 6 F i g u r e 6 - 1

F i v e C o m p o n e n t s i n S e r i e s ( e a c h 9 8 % A v a i l a b l e )

C o m p o n e n t 1

9 8 %a v a i l a b i l i t y

C o m p o n e n t 2

9 8 %a v a i l a b i l i t y

C o m p o n e n t 3

9 8 %a v a i l a b i l i t y

C o m p o n e n t 4

9 8 %a v a i l a b i l i t y

C o m p o n e n t 5

9 8 %a v a i l a b i l i t y

. 9 8 x . 9 8 x . 9 8 x . 9 8 x . 9 8 = s e r v i c e a v a i l a b i l i t y o f 9 0 %

S o u r c e : A p p l e g a t e , L y n d a M . , R o b e r t D . A u s t i n , a n d F . W a r r e n M c F a r l a n , C o r p o r a t e I n f o r m a t i o n S t r a t e g y a n d M a n a g e m e n t . B u r r R i d g e , I L : M c G r a w - H i l l / I r w i n , 2 0 0 2 .

Chapter 6 Figure 6-2

Combining Components in Series Decreases Overall Availability

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%

Number of Components In Series (each 98% available)

Av

ail

ab

ilit

y

Source: Applegate, Lynda M., Robert D. Austin, and F. Warren McFarlan, Corporate Information Strategy and Management. Burr Ridge, IL: McGraw-Hill/Irwin, 2002.

Five Components in Parallel (each 98% Available)

Chapter 6 Figure 6-3

Source: Applegate, Lynda M., Robert D. Austin, and F. Warren McFarlan, Corporate Information Strategy and Management. Burr Ridge, IL: McGraw-Hill/Irwin, 2002.

Chapter 6 Figure 6-4

Redundancy Increases Overall Availability

98.0%

98.5%

99.0%

99.5%

100.0%

1 2 3 4 5 6 7 8 9 10

Number of Components In Parallel (each 98% available)

Av

ail

ab

ilit

y

Source: Applegate, Lynda M., Robert D. Austin, and F. Warren McFarlan, Corporate Information Strategy and Management. Burr Ridge, IL: McGraw-Hill/Irwin, 2002.

High-availability Facilities

• Uninterruptible electric power delivery

• Physical security

• Climate control and fire suppression

• Network connectivity

• Help desk and incident response procedures

Chapter 6 Figure 6-5

A Representative E-Commerce Infrastructure

Router

Firewall 1

Firewall 2

Switch

Web Server1

Web Server2

DatabaseServer

Disk Array

PolicyServer 1

PolicyServer 2

ApplicationServer 1

ApplicationServer 2

Internet

Source: Applegate, Lynda M., Robert D. Austin, and F. Warren McFarlan, Corporate Information Strategy and Management . Burr Ridge, IL: McGraw-Hill/Irwin, 2002.

Classification of Threats

• External attacks

• Intrusion

• Viruses and worms

Chapter 6 Figure 6-6

Normal and DoS Handshakes

WebUser’s PC

WebsiteServer

WebsiteServer

WebUser’s PC

SYN: User’s PC says “hello”

ACK-SYN: Server says “Do you want to talk”

ACK: User’s PC says “Yes, let’s talk”

Normal Handshake

DoS Handshake

SYN: User’s PC says “hello” repeatedly

ACK-SYN: Server says “Do you want to talk” repeatedly

No Response: User’s PC waits for server to “timeout”

Source: Austin, Robert D. "The iPremier Company, The (A), (B), and (C): Denial of Service Attack." Harvard Business School Teaching Note 602-033.

Chapter 6 Figure 6-7

A Distributed Denial of Service Attack

Source: Austin, Robert D. "The iPremier Company, The (A), (B), and (C): Denial of Service Attack." Harvard Business School Teaching Note 602-033.

W ebsiteServer

Attacker 1

Attacker 3

Attacker 2

Attacker 5

Attacker 4

Attacker 6

Attacker 7

Attacker 8

Attack Leader

Attack Leader facilitates SYN floods from multiple sources.

Chapter 6 Figure 6-8

“Spoofing”

Source: Austin, Robert D. "The iPremier Company, The (A), (B), and (C): Denial of Service Attack." Harvard Business School Teaching Note 602-033.

A ttacker

A ddress: 12345

T arget

A ddress: 54321

Inform ation Packets

N orm al

“Spoofing”

90817 54321

5432112345

SenderA ddress

D estinationA ddress

Target server correctly interprets sender address

Target server incorrectly interprets sender address

Defensive Measures

• Security policies

• Firewalls

• Authentication

• Encryption

• Patching and change management

• Intrusion detection and network monitoring

A Security Management Framework

• Make deliberate security decisions.

• Consider security a moving target.

• Practice disciplined change management.

• Educate users.

• Deploy multilevel technical measures, as many as you can afford.

Managing Infrastructure Risks: Consequences and Probabilities

Chapter 6 Figure 6- 9

Source: Applegate, Lynda M., Robert D. Austin, and F. Warren McFarlan, Corporate Information Strategy and Management . Burr Ridge, IL:

McGraw -Hill/Irwin, 2002.

HIGH

High Consequence

Low Probability

High Consequence

High Probability

CRITICAL

THREATS

LOW

Low Consequence

Low Probability

MINOR

THREATS

Low Consequence

High Probability

Co

nse

qu

en

ces

PRIORITIZE THREATS

0 Probability 1

Incident Management and Disaster Recovery

• Managing incidents before they occur.– Sound infrastructure design– Disciplined execution of operating procedures– Careful documentation– Established crisis management procedures– Rehearsing incident response

• Managing during an incident.• Managing after an incident.