Scribd Logo
Upload

Welcome to Scribd!

  • Chapter 6

    Uploaded by

    Kanza Rehman
    23 views16 pages
    nice

    Copyright

    © © All Rights Reserved

    Available Formats

    PPT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    nice

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    23 views16 pages

    Chapter 6

    Uploaded by

    Kanza Rehman
    nice

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 16

    Assuring Reliable and Secure IT

    Services
    Chapter 6

    Availability Math
    Availability of components in series

    Five Components in Series (each 98% Available)

    Component 1

    Component 2

    Component 3

    Component 4

    Component 5

    98%
    availability

    98%
    availability

    98%
    availability

    98%
    availability

    98%
    availability

    .98 x .98 x .98 x .98 x .98 = service availability of 90%

    Source: Applegate, Lynda M., Robert D. Austin, and F. Warren McFarlan, Corporate Information Strategy and Management. Burr Ridge, IL: McGraw-Hill/Irwin, 2002.

    Combining Components in Series Decreases Overall Availability


    100%
    90%
    80%

    Availability

    70%
    60%
    50%
    40%
    30%
    20%
    10%
    0%

    Number of Components In Series (each 98% available)


    Source: Applegate, Lynda M., Robert D. Austin, and F. Warren McFarlan, Corporate Information Strategy and Management. Burr Ridge, IL: McGraw-Hill/Irwin, 2002.
    Chapter 6 Figure 6-2

    Five Components in Parallel (each 98% Available)

    Source: Applegate, Lynda M., Robert D. Austin, and F. Warren McFarlan, Corporate Information Strategy and Management. Burr Ridge, IL:
    McGraw-Hill/Irwin, 2002.

    Redundancy Increases Overall Availability


    100.0%

    Availability

    99.5%

    99.0%

    98.5%

    98.0%
    1

    10

    Number of Components In Parallel (each 98% available)


    Source: Applegate, Lynda M., Robert D. Austin, and F. Warren McFarlan, Corporate Information Strategy and Management. Burr Ridge, IL: McGraw-Hill/Irwin, 2002.
    Chapter 6 Figure 6-4

    High-availability Facilities

    Uninterruptible electric power delivery


    Physical security
    Climate control and fire suppression
    Network connectivity
    Help desk and incident response procedures

    A Representative E-Commerce Infrastructure


    Policy
    Server 1

    Policy
    Server 2

    Application
    Server 1

    Application
    Server 2

    Internet

    Firewall 1
    Router

    Switch
    Firewall 2

    Web Server
    1

    Web Server
    2

    Database
    Server

    Disk Array
    Source: Applegate, Lynda M., Robert D. Austin, and F. Warren McFarlan, Corporate Information Strategy and Management. Burr Ridge, IL: McGraw-Hill/Irwin, 2002.
    Chapter 6 Figure 6-5

    Classification of Threats
    External attacks
    Intrusion
    Viruses and worms

    Normal and DoS Handshakes


    Normal Handshake
    SYN: Users PC says hello
    Web
    Users PC

    ACK-SYN: Server says Do you want to talk

    Website
    Server

    ACK: Users PC says Yes, lets talk

    DoS Handshake
    SYN: Users PC says hello repeatedly
    Web
    Users PC

    ACK-SYN: Server says Do you want to talk repeatedly

    Website
    Server

    No Response: Users PC waits for server to timeout


    Source: Austin, Robert D. "The iPremier Company, The (A), (B), and (C): Denial of Service Attack." Harvard Business School Teaching Note 602-033.

    Chapter 6 Figure 6-6

    A Distributed Denial of Service Attack


    Attacker 1

    Attack Leader
    Attacker 2
    Attacker 3
    Attacker 4
    Attacker 5
    Attacker 6
    Attacker 7

    Website
    Server

    Attacker 8
    Attack Leader facilitates SYN floods from multiple sources.

    Source: Austin, Robert D. "The iPremier Company, The (A), (B), and (C): Denial of Service Attack." Harvard Business School Teaching Note 602-033.

    Chapter 6 Figure 6-7

    Spoofing
    Information Packets
    Sender
    Address

    Destination
    Address

    Attacker

    Target

    Address: 12345

    Address: 54321

    Normal
    12345

    54321

    Target server correctly interprets sender address

    Spoofing
    Target server incorrectly interprets sender address
    90817

    54321

    Source: Austin, Robert D. "The iPremier Company, The (A), (B), and (C): Denial of Service Attack." Harvard Business School Teaching Note 602-033.

    Chapter 6 Figure 6-8

    Defensive Measures

    Security policies
    Firewalls
    Authentication
    Encryption
    Patching and change management
    Intrusion detection and network monitoring

    A Security Management
    Framework

    Make deliberate security decisions.


    Consider security a moving target.
    Practice disciplined change management.
    Educate users.
    Deploy multilevel technical measures, as
    many as you can afford.

    Managing Infrastructure Risks:


    Consequences and Probabilities

    HIGH

    High Consequence
    Low Probability

    High Consequence
    High Probability

    CRITICAL
    Consequences

    THREATS
    PRIORITIZE
    THREATS

    Low Consequence
    Low Probability
    LOW

    Low Consequence
    High Probability

    MINOR
    THREATS

    0
    Source:

    Applegate, Lynda M., Robert D. Austin, and F. Warren McFarlan


    McGraw - Hill/Irwin, 2002.

    Probability
    ,

    Corporate Information Strategy and Management

    1
    . Burr Ridge, IL:
    Chapter 6 Figure 6

    Incident Management and


    Disaster Recovery
    Managing incidents before they occur.

    Sound infrastructure design


    Disciplined execution of operating procedures
    Careful documentation
    Established crisis management procedures
    Rehearsing incident response

    Managing during an incident.


    Managing after an incident.

    You might also like