ensuring business continuity annlee hines - buch.de business continuity ... plan to survive 8 ......
TRANSCRIPT
-
Wiley Publishing, Inc.
Annlee Hines
Planning for SurvivableNetworks:
Ensuring Business Continuity
0123284X FM.F 6/28/02 9:36 AM Page iii
c1jpeg.jpg
-
0123284X FM.F 6/28/02 9:36 AM Page ii
-
Planning for Survivable Networks:
Ensuring Business Continuity
0123284X FM.F 6/28/02 9:36 AM Page i
-
0123284X FM.F 6/28/02 9:36 AM Page ii
-
Wiley Publishing, Inc.
Annlee Hines
Planning for SurvivableNetworks:
Ensuring Business Continuity
0123284X FM.F 6/28/02 9:36 AM Page iii
-
Publisher: Robert IpsenEditor: Carol A. LongDevelopmental Editor: Adaobi ObiManaging Editor: Micheline FrederickText Design & Composition: Wiley Composition Services
Designations used by companies to distinguish their products are often claimed as trade-marks. In all instances where Wiley Publishing, Inc., is aware of a claim, the productnames appear in initial capital or ALL CAPITAL LETTERS. Readers, however, should con-tact the appropriate companies for more complete information regarding trademarks andregistration.
This book is printed on acid-free paper.
Copyright 2002 by Annlee Hines. All rights reserved.
Published by Wiley Publishing, Inc., Indianapolis, IndianaPublished simultaneously in Canada
No part of this publication may be reproduced, stored in a retrieval system, or transmittedin any form or by any means, electronic, mechanical, photocopying, recording, scanning, orotherwise, except as permitted under Section 107 or 108 of the 1976 United States CopyrightAct, without either the prior written permission of the Publisher, or authorization throughpayment of the appropriate per-copy fee to the Copyright Clearance Center, Inc., 222 Rose-wood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 750-4470. Requests to the Pub-lisher for permission should be addressed to the Legal Department, Wiley Publishing, Inc.,10475 Crosspointe Blvd., Indianapolis, IN 46256, (317) 572-3447, fax (317) 572-4447, E-mail:[email protected].
Limit of Liability/Disclaimer of Warranty: While the publisher and author have used theirbest efforts in preparing this book, they make no representations or warranties with respectto the accuracy or completeness of the contents of this book and specifically disclaim anyimplied warranties of merchantability or fitness for a particular purpose. No warranty maybe created or extended by sales representatives or written sales materials. The advice andstrategies contained herein may not be suitable for your situation. You should consult witha professional where appropriate. Neither the publisher nor author shall be liable for anyloss of profit or any other commercial damages, including but not limited to special, inci-dental, consequential, or other damages.
For general information on our other products and services please contact our CustomerCare Department within the United States at (800) 762-2974, outside the United States at(317) 572-3993 or fax (317) 572-4002.
Wiley also publishes its books in a variety of electronic formats. Some content that appearsin print may not be available in electronic books.
Library of Congress Cataloging-in-Publication Data:
ISBN: 0-471-23284-X
Printed in the United States of America
10 9 8 7 6 5 4 3 2 1
23284X FM.F 6/28/02 4:42 PM Page iv
-
For Eric and Aylyffe
sine qua non
0123284X FM.F 6/28/02 9:36 AM Page v
-
0123284X FM.F 6/28/02 9:36 AM Page vi
-
Foreword xiii
Chapter 1 Introduction 1Network Continuity 2Define Survival 3In Defense of Paranoia 4By the Numbers 5Borrow from Einstein 6Think the Unthinkable 8Plan to Survive 8Choice versus Chance 10
Chapter 2 Network Threats 11Kinds of Attacks 12
Immature Hands 13Voyeurs 14Testers 18
Deliberate Attackers 19Mature Hands 26
Industrial Espionage 27Fraud/Theft 29Record Alteration 31Extortion 33
Externalities 33
Chapter 3 Tactics of Mistake 35TCP/IP 36Probes 43Viruses 45
Contents
vii
0123284X FM.F 6/28/02 9:36 AM Page vii
-
Worms 46Trojan Horses 48Denial of Service/Distributed DoS 49Sample Attack 51
Means 55Opportunity 56
Chapter 4 Murphys Revenge 57System Is Not a Dirty Word 57
Complexity 58Interaction 58Emergent Properties 59Bugs 59
Where Opportunity Knocks 60Top General Vulnerabilities 61
#1: Default Installations 61#2: Accounts with Weak/No Passwords 62#3: Nonexistent or Incomplete Backups 63#4: Large Numbers of Open Ports 63#5: Not Filtering for Correct Ingress/Egress Addresses 64#6: Nonexistent or Incomplete Logging 64#7: Vulnerable CGI Programs 65
Top Windows Vulnerabilities 65#1: Unicode Vulnerability 66#2: ISAPI Extension Buffer Overflows 66#3: IIS RDS Exploit 66#4: NETBIOSUnprotected Windows Networking Shares 66#5: Information Leakage via Null Session Connections 67#6: LM Hash 67
Top UNIX Vulnerabilities 68#1: Buffer Overflows in RPC Services 68#2: Sendmail Vulnerabilities 68#3: BIND Weaknesses 68#4: r Commands 69#5: LPD 69#6: sadmind and mountd 69#7: Default SNMP Strings 70
Common Threads 70Design Your Way Out of Trouble 72
Topology 72Physical Topologies 72Logical Topologies 73
Defense in Depth 75The Price of Defense 78
Olive-Drab Networks 80Benefits 80Costs 81
viii Contents
0123284X FM.F 6/28/02 9:36 AM Page viii
-
Converged Networks 82The Catch 84
Operator Error 85
Chapter 5 CQD ... MGY 87A Classic Disaster 88Lessons from Failure 90
A Trophy Property 90Warning Noted . . . 92Train the Way You Will Fight 92What Did You Say? 93A Scarcity of Heroes 94
Lessons from Success 94Organization 95Training 96Attitude 97A Plan 98
What Are You Planning For? 99Adequate Warning 99
Not Just Hurricanes 102Major Storm Effects 103
Modest Warning 105No Real Warning at All 107
Its a Scary World, Isnt It? 113
Chapter 6 The Best-Laid Plans 115Three Main Points 115
Operational Continuity 116Twenty Questions 117A Few More Questions 122
Getting the People Out 124Off-Site 124On-Site 125
Network Assets 126Example: Data Services 129
Lessons Actually Learned 135Topology 136Facilities 136Configuration Control 136The Right Tools for the Job 137
Lessons Potentially Learned 138Kudos 138
Extending the Example 139
Chapter 7 Unnatural Disasters (Intentional) 143Physical Attacks 146
Bombs 147Electromagnetic Pulse 147
Contents ix
0123284X FM.F 6/28/02 9:36 AM Page ix
-
Sabotage 148CBR Attacks 149
World Trade Center Examples 153Successes 154
NYBOT 154The Wall Street Journal 156Lehman Brothers 158
Lost Access 159Less Than Successes 162
The Local Loop 162New York City OEM 164The U.S. Secret Service 165
Cyber-Attacks 166Cyber-Kidnapping 166Extortion 167Easier Targets 167
Combined Attacks 168
Chapter 8 Unnatural Disasters (Unintentional) 171Unfortunate Opportunities 171
Reportable Outages: Theyre Everywhere 172Route Diversity in Reality 175Fire 175Required Evacuations 178
Unfortunate Planning 178Yours 178Theirs 181
Unfortunate Implementation 186Equipment 1, Plan 0 186Solving the Wrong Problem 188
Candidates 188
Chapter 9 Preparing for Disaster 191Define Survival 191
What Must Roll Downhill 192Survival Requirements 194
Network Continuity Requirements 195Threat Analysis 202
Physical Threats 202Cyber-Threats 204
Operational Analysis 206Survival Planning 207
Fixes 207Remedies 210Procedures 211
x Contents
0123284X FM.F 6/28/02 9:36 AM Page x
-
Survivability Today 213Dont Get Too Close 214Talk Is Cheap 215Data Currency 217
Trade-offs 218
Chapter 10 Returning from the Wilderness 219Cyber-Recovery 220
Operational Procedures 220Forensic Procedures 221
Physical Recovery 226Immediate Operations 226Sustained Operations 227
Restoration 228Undress Rehearsal 231
Exercise Scenario 1: Cyber-Problems 234Exercise Scenario 2: Physical Problems 235
Evolution 236
Chapter 11 The Business Case 243Understanding Costs 244
Fixed and Variable Costs 244Direct Costs versus Indirect Costs 245Explicit and Implicit Costs 247Valid Comparisons 247
Understanding Revenues 249Expected Values 250Presenting Your Case 252CDG Example 255
Alternatives Considered 256Disaster Summary 256Alternatives Summary 259Risks Not Mitigated 260
Finally 262
Chapter 12 Conclusion 263Necessity 264
Basic Defenses You Must Implement 265The Deck Is Stacked Against You 266
Catastrophes Happen 267Your Recovery 268Trade-offs 270
Systemic Behavior 270Standardization versus Resiliency 272Pay Me Now or Pay Me Later 273
Contents xi
0123284X FM.F 6/28/02 9:36 AM Page xi
-
Appendix A References 275
Appendix B Questions to Ask Yourself 281
Appendix C Continuity Planning Steps 285
Appendix D Post-Mortem Questions 289
Appendix E Time Value of Money 291
Appendix F Glossary 293
Index 299
xii Contents
0123284X FM.F 6/28/02 9:36 AM Page xii
-
Its true that the events of September 11, 2001 crystallized my thoughtsabout network survivability, but the thoughts go back much further thanthat. I became very interested in terrorism while serving in the USAF inEurope, where it was a very real threat, especially to those of us in anAmerican uniform. That interest had been somewhat dormant, but it neverreally went away. I stayed aware of the threats and how they were evolv-ing; where once terrorists struck only where they could melt away into thepopulace to live and strike another day, they no longer care about that. Thisis a watershed, for it changes the nature of the threat: Delivery need nolonger be safe for the deliverer. That turns previously untouchable loca-tions into targets.
Since I left the service, I have become a network engineer after owningtwo businesses, and the bottom-line responsibility I held there changed theway I thought about business; it has also affected how I look at networkoperations. The network exists only because it brings value to its business.But if it brings value, that value must continue or the business itself maysuffer such a degradation of its financial condition that it is in danger offailing. That statement was not always true, but it has become true in thepast two decades. Almost unnoticed, networks have indeed become inte-gral to the operations of all major businesses, all around the world.
What is more, we do operate in a global economy, with costs held to theirbarest minimum in the face of competition from other companies, some ofwhom operate in other countries, where cost structures are different. If thenetwork is a major factor in your firms competitiveness, whether from a
Foreword
xiii
It is a mistake to try to look too far ahead. The chain of destiny can only be grasped one link at a time.
Winston Churchill
0123284X FM.F 6/28/02 9:36 AM Page xiii