Description
This is a presentation explaining about reliable and secure IT services discusses components, combining these components, redundancy, e commerce infrastructure, threats, service attack, spoofing, security management, disaster recovery
Availability Math
? Availability of components in series
Five Components in Series (each 98% Available)
Component 1 98% availability
Component 2 98% availability
Component 3 98% availability
Component 4 98% availability
Component 5 98% availability
.98 x .98 x .98 x .98 x .98 = service availability of 90%
Source: Applegate, Lynda M., Robert D. Austin, and F. Warren McFarlan, Corporate Information Strategy and Management. Burr Ridge, IL: McGraw-Hill/Irwin, 2002.
Combining Components in Series Decreases Overall Availability
100% 90% 80% 70%
Availability
60% 50% 40% 30% 20% 10% 0%
10
20
30
40
50
60
70
80
Number of Components In Series (each 98% available)
Source: Applegate, Lynda M., Robert D. Austin, and F. Warren McFarlan, Corporate Information Strategy and Management. Burr Ridge, IL: McGraw-Hill/Irwin, 2002.
Chapter 6 Figure 6-2
90
1
Five Components in Parallel (each 98% Available)
Source: Applegate, Lynda M., Robert D. Austin, and F. Warren McFarlan, Corporate Information Strategy and Management. Burr Ridge, IL: McGraw-Hill/Irwin, 2002.
Redundancy Increases Overall Availability
100.0%
99.5%
Availability
99.0%
98.5%
98.0% 1 2 3 4 5 6 7 8 9 10 Number of Components In Parallel (each 98% available)
Source: Applegate, Lynda M., Robert D. Austin, and F. Warren McFarlan, Corporate Information Strategy and Management. Burr Ridge, IL: McGraw-Hill/Irwin, 2002.
Chapter 6 Figure 6-4
High-availability Facilities
? Uninterruptible electric power delivery
? Physical security ? Climate control and fire suppression ? Network connectivity ? Help desk and incident response procedures
A Representative E-Commerce Infrastructure
Policy Server 1 Policy Server 2 Application Server 1 Application Server 2
Firewall 1 Router Firewall 2 Switch
Source: Applegate, Lynda M., Robert D. Austin, and F. Warren McFarlan, Corporate Information Strategy and Management. Burr Ridge, IL: McGraw-Hill/Irwin, 2002.
Chapter 6 Figure 6-5
Internet
Web Server 1
Web Server 2
Database Server
Disk Array
Classification of Threats
? External attacks
? Intrusion ? Viruses and worms
Normal and DoS Handshakes
Normal Handshake
SYN: User’s PC says “hello” Web User’s PC ACK-SYN: Server says “Do you want to talk” ACK: User’s PC says “Yes, let’s talk” Website Server
DoS Handshake
SYN: User’s PC says “hello” repeatedly Web User’s PC Website Server
ACK-SYN: Server says “Do you want to talk” repeatedly
No Response: User’s PC waits for server to “timeout”
Source: Austin, Robert D. "The iPremier Company, The (A), (B), and (C): Denial of Service Attack." Harvard Business School Teaching Note 602-033.
Chapter 6 Figure 6-6
A Distributed Denial of Service Attack
Attack Leader
Attacker 2 Attacker 3 Attacker 4 Attacker 5 Attacker 6 Attacker 1
Attacker 7 Attacker 8 Website Server Attack Leader facilitates SYN floods from multiple sources.
Source: Austin, Robert D. "The iPremier Company, The (A), (B), and (C): Denial of Service Attack." Harvard Business School Teaching Note 602-033.
Chapter 6 Figure 6-7
“Spoofing”
Information Packets
Sender Address Destination Address
Attacker Address: 12345 Normal 12345 54321
Target Address: 54321
Target server correctly interprets sender address
“Spoofing” Target server incorrectly interprets sender address 90817 54321
Source: Austin, Robert D. "The iPremier Company, The (A), (B), and (C): Denial of Service Attack." Harvard Business School Teaching Note 602-033.
Chapter 6 Figure 6-8
Defensive Measures
? Security policies
? Firewalls ? Authentication ? Encryption ? Patching and change management ? Intrusion detection and network monitoring
A Security Management Framework
? Make deliberate security decisions.
? Consider security a moving target. ? Practice disciplined change management. ? Educate users. ? Deploy multilevel technical measures, as many as you
can afford.
Managing Infrastructure Risks: Consequences and Probabilities
HIGH
High Consequence Low Probability
High Consequence High Probability
CRITICAL Consequences THREATS
PRIORITIZE THREATS
Low Consequence Low Probability LOW
Low Consequence High Probability
MINOR THREATS
0
Source:
Probability
,
1
. Burr Ridge, IL: Chapter 6 Figure 6
Applegate, Lynda M., Robert D. Austin, and F. Warren McFarlan McGraw - Hill/Irwin, 2002.
Corporate Information Strategy and Management
Incident Management and Disaster Recovery
? Managing incidents before they occur. ? Sound infrastructure design ? Disciplined execution of operating procedures ? Careful documentation ? Established crisis management procedures ? Rehearsing incident response ? Managing during an incident. ? Managing after an incident.
doc_654085044.ppt
This is a presentation explaining about reliable and secure IT services discusses components, combining these components, redundancy, e commerce infrastructure, threats, service attack, spoofing, security management, disaster recovery
Availability Math
? Availability of components in series
Five Components in Series (each 98% Available)
Component 1 98% availability
Component 2 98% availability
Component 3 98% availability
Component 4 98% availability
Component 5 98% availability
.98 x .98 x .98 x .98 x .98 = service availability of 90%
Source: Applegate, Lynda M., Robert D. Austin, and F. Warren McFarlan, Corporate Information Strategy and Management. Burr Ridge, IL: McGraw-Hill/Irwin, 2002.
Combining Components in Series Decreases Overall Availability
100% 90% 80% 70%
Availability
60% 50% 40% 30% 20% 10% 0%
10
20
30
40
50
60
70
80
Number of Components In Series (each 98% available)
Source: Applegate, Lynda M., Robert D. Austin, and F. Warren McFarlan, Corporate Information Strategy and Management. Burr Ridge, IL: McGraw-Hill/Irwin, 2002.
Chapter 6 Figure 6-2
90
1
Five Components in Parallel (each 98% Available)
Source: Applegate, Lynda M., Robert D. Austin, and F. Warren McFarlan, Corporate Information Strategy and Management. Burr Ridge, IL: McGraw-Hill/Irwin, 2002.
Redundancy Increases Overall Availability
100.0%
99.5%
Availability
99.0%
98.5%
98.0% 1 2 3 4 5 6 7 8 9 10 Number of Components In Parallel (each 98% available)
Source: Applegate, Lynda M., Robert D. Austin, and F. Warren McFarlan, Corporate Information Strategy and Management. Burr Ridge, IL: McGraw-Hill/Irwin, 2002.
Chapter 6 Figure 6-4
High-availability Facilities
? Uninterruptible electric power delivery
? Physical security ? Climate control and fire suppression ? Network connectivity ? Help desk and incident response procedures
A Representative E-Commerce Infrastructure
Policy Server 1 Policy Server 2 Application Server 1 Application Server 2
Firewall 1 Router Firewall 2 Switch
Source: Applegate, Lynda M., Robert D. Austin, and F. Warren McFarlan, Corporate Information Strategy and Management. Burr Ridge, IL: McGraw-Hill/Irwin, 2002.
Chapter 6 Figure 6-5
Internet
Web Server 1
Web Server 2
Database Server
Disk Array
Classification of Threats
? External attacks
? Intrusion ? Viruses and worms
Normal and DoS Handshakes
Normal Handshake
SYN: User’s PC says “hello” Web User’s PC ACK-SYN: Server says “Do you want to talk” ACK: User’s PC says “Yes, let’s talk” Website Server
DoS Handshake
SYN: User’s PC says “hello” repeatedly Web User’s PC Website Server
ACK-SYN: Server says “Do you want to talk” repeatedly
No Response: User’s PC waits for server to “timeout”
Source: Austin, Robert D. "The iPremier Company, The (A), (B), and (C): Denial of Service Attack." Harvard Business School Teaching Note 602-033.
Chapter 6 Figure 6-6
A Distributed Denial of Service Attack
Attack Leader
Attacker 2 Attacker 3 Attacker 4 Attacker 5 Attacker 6 Attacker 1
Attacker 7 Attacker 8 Website Server Attack Leader facilitates SYN floods from multiple sources.
Source: Austin, Robert D. "The iPremier Company, The (A), (B), and (C): Denial of Service Attack." Harvard Business School Teaching Note 602-033.
Chapter 6 Figure 6-7
“Spoofing”
Information Packets
Sender Address Destination Address
Attacker Address: 12345 Normal 12345 54321
Target Address: 54321
Target server correctly interprets sender address
“Spoofing” Target server incorrectly interprets sender address 90817 54321
Source: Austin, Robert D. "The iPremier Company, The (A), (B), and (C): Denial of Service Attack." Harvard Business School Teaching Note 602-033.
Chapter 6 Figure 6-8
Defensive Measures
? Security policies
? Firewalls ? Authentication ? Encryption ? Patching and change management ? Intrusion detection and network monitoring
A Security Management Framework
? Make deliberate security decisions.
? Consider security a moving target. ? Practice disciplined change management. ? Educate users. ? Deploy multilevel technical measures, as many as you
can afford.
Managing Infrastructure Risks: Consequences and Probabilities
HIGH
High Consequence Low Probability
High Consequence High Probability
CRITICAL Consequences THREATS
PRIORITIZE THREATS
Low Consequence Low Probability LOW
Low Consequence High Probability
MINOR THREATS
0
Source:
Probability
,
1
. Burr Ridge, IL: Chapter 6 Figure 6
Applegate, Lynda M., Robert D. Austin, and F. Warren McFarlan McGraw - Hill/Irwin, 2002.
Corporate Information Strategy and Management
Incident Management and Disaster Recovery
? Managing incidents before they occur. ? Sound infrastructure design ? Disciplined execution of operating procedures ? Careful documentation ? Established crisis management procedures ? Rehearsing incident response ? Managing during an incident. ? Managing after an incident.
doc_654085044.ppt