lecture 11 reliability and security in it infrastructure
Post on 21-Dec-2015
214 views
TRANSCRIPT
![Page 1: Lecture 11 Reliability and Security in IT infrastructure](https://reader030.vdocument.in/reader030/viewer/2022032522/56649d635503460f94a46572/html5/thumbnails/1.jpg)
Lecture 11
Reliability and Security
in IT infrastructure
![Page 2: Lecture 11 Reliability and Security in IT infrastructure](https://reader030.vdocument.in/reader030/viewer/2022032522/56649d635503460f94a46572/html5/thumbnails/2.jpg)
2
Business analysis paper feedback
• Interesting topics
• Be specific in what questions you want to cover– You cannot do it all– Some resources will be harder to find
• Be clear where information is coming from
• Look for good references now
![Page 3: Lecture 11 Reliability and Security in IT infrastructure](https://reader030.vdocument.in/reader030/viewer/2022032522/56649d635503460f94a46572/html5/thumbnails/3.jpg)
3
Reliability Basics
• Redundancy– Multiple paths through a network make the network
robust to failing links
• Individual components are not so reliable– Buying backup equipment is possible, but
sometimes expensive
• Redundancy can make more complex management challenges
![Page 4: Lecture 11 Reliability and Security in IT infrastructure](https://reader030.vdocument.in/reader030/viewer/2022032522/56649d635503460f94a46572/html5/thumbnails/4.jpg)
4
Math of Availability
• Difference between 2% down in one business vs another– When might it go down?– Who is affected
![Page 5: Lecture 11 Reliability and Security in IT infrastructure](https://reader030.vdocument.in/reader030/viewer/2022032522/56649d635503460f94a46572/html5/thumbnails/5.jpg)
5
Fig 6.1 Five Components in Series
• Total availability of components in series requires all components to be available
![Page 6: Lecture 11 Reliability and Security in IT infrastructure](https://reader030.vdocument.in/reader030/viewer/2022032522/56649d635503460f94a46572/html5/thumbnails/6.jpg)
6
Fig 6.2 Combining components in series decreases overall availability exponentially
• Increased number of components increases the likelihood that one of them is out
![Page 7: Lecture 11 Reliability and Security in IT infrastructure](https://reader030.vdocument.in/reader030/viewer/2022032522/56649d635503460f94a46572/html5/thumbnails/7.jpg)
7
Redundancy through parallel components
• All components have to fail in order for the link to fail
![Page 8: Lecture 11 Reliability and Security in IT infrastructure](https://reader030.vdocument.in/reader030/viewer/2022032522/56649d635503460f94a46572/html5/thumbnails/8.jpg)
8
Fig 6.4 Redundancy increases overall availability
![Page 9: Lecture 11 Reliability and Security in IT infrastructure](https://reader030.vdocument.in/reader030/viewer/2022032522/56649d635503460f94a46572/html5/thumbnails/9.jpg)
9
More general networks
• How do we calculate probability of failure in network?
• How do we recognize the critical vulnerabilities?
![Page 10: Lecture 11 Reliability and Security in IT infrastructure](https://reader030.vdocument.in/reader030/viewer/2022032522/56649d635503460f94a46572/html5/thumbnails/10.jpg)
10
High Availability Facilities
• Redundant power supply
• Physical security
• Climate Control
• Fire suppression
• Network connectivity
![Page 11: Lecture 11 Reliability and Security in IT infrastructure](https://reader030.vdocument.in/reader030/viewer/2022032522/56649d635503460f94a46572/html5/thumbnails/11.jpg)
11
N+1 vs. N+N redundancy
• N+1 means one backup per type
• N+N means one backup per component
![Page 12: Lecture 11 Reliability and Security in IT infrastructure](https://reader030.vdocument.in/reader030/viewer/2022032522/56649d635503460f94a46572/html5/thumbnails/12.jpg)
12
Fig 6.5 Typical E-commerce Infrastructure
• Most components have redundancy
• Why not all?
![Page 13: Lecture 11 Reliability and Security in IT infrastructure](https://reader030.vdocument.in/reader030/viewer/2022032522/56649d635503460f94a46572/html5/thumbnails/13.jpg)
13
Reliability vs. Security
• What is the difference?
• What different scenarios need to be considered?
![Page 14: Lecture 11 Reliability and Security in IT infrastructure](https://reader030.vdocument.in/reader030/viewer/2022032522/56649d635503460f94a46572/html5/thumbnails/14.jpg)
14
Security against malicious threats
• Multiple different types of threats
![Page 15: Lecture 11 Reliability and Security in IT infrastructure](https://reader030.vdocument.in/reader030/viewer/2022032522/56649d635503460f94a46572/html5/thumbnails/15.jpg)
15
Fig 6.7 distributed Denial of service attack
![Page 16: Lecture 11 Reliability and Security in IT infrastructure](https://reader030.vdocument.in/reader030/viewer/2022032522/56649d635503460f94a46572/html5/thumbnails/16.jpg)
16
Fig 6.8 Spoofing
• Packets look like they came from another source
![Page 17: Lecture 11 Reliability and Security in IT infrastructure](https://reader030.vdocument.in/reader030/viewer/2022032522/56649d635503460f94a46572/html5/thumbnails/17.jpg)
17
Intrusion
• Attacker gains access to internal IT structure– Usernames/passwords– Hacking using sniffer software
• Once inside, intruder can – Steal information– Alter data– Delete data– Deface programs/websites
• Detecting what someone has actually done is difficult
![Page 18: Lecture 11 Reliability and Security in IT infrastructure](https://reader030.vdocument.in/reader030/viewer/2022032522/56649d635503460f94a46572/html5/thumbnails/18.jpg)
18
Viruses and worms
• Malicious software programs that replicate and spread to other computers
• Large range of potential damage
• Usually, viruses require user execution, whereas worms move automatically
• Recent examples target vulnerabilities, trigger cascade of events
![Page 19: Lecture 11 Reliability and Security in IT infrastructure](https://reader030.vdocument.in/reader030/viewer/2022032522/56649d635503460f94a46572/html5/thumbnails/19.jpg)
19
Defensive Measures
• Access and security policies– Who can read what?– Who can have an account?– Who is allowed to change what?– How is policy enforced?
• Firewalls– Collection of hardware, software to prevent
unauthorized access o internal computer resources– Act like a security gate to check legitimate
employees trying to use network– Filtering vs. relaying
![Page 20: Lecture 11 Reliability and Security in IT infrastructure](https://reader030.vdocument.in/reader030/viewer/2022032522/56649d635503460f94a46572/html5/thumbnails/20.jpg)
20
Defensive Measures
• Authentication– Various levels (host, network etc.)– Any granularity possible (files, directories etc.)– Strong authentication requires complex passwords,
often changing– Digital certificates– Biometric data
• Encryption– Uses a key to decode and decode message– Public/private combination– Only person with private key can decrypt
![Page 21: Lecture 11 Reliability and Security in IT infrastructure](https://reader030.vdocument.in/reader030/viewer/2022032522/56649d635503460f94a46572/html5/thumbnails/21.jpg)
21
Defensive Measures
• Patching– Exploiting weaknesses in system is a primary
strategy for attack– Knowing what has been patched is critical
• Intrusion detection and network monitoring– Automatically filtering out attacks is best– Logging and diagnostic systems help improve and
detect what has actually happened
![Page 22: Lecture 11 Reliability and Security in IT infrastructure](https://reader030.vdocument.in/reader030/viewer/2022032522/56649d635503460f94a46572/html5/thumbnails/22.jpg)
22
Security Management Framework
• Make Deliberate Security Decisions
• Consider Security a Moving Target
• Practice Disciplined Change Management
• Educate Users
• Deploy Multilevel Technical Measures, as many as can afford
![Page 23: Lecture 11 Reliability and Security in IT infrastructure](https://reader030.vdocument.in/reader030/viewer/2022032522/56649d635503460f94a46572/html5/thumbnails/23.jpg)
23
Risk Management of Availability and Security
• Cannot afford to stop every possibility
• Expected loss is one measure (prob. x cost)
![Page 24: Lecture 11 Reliability and Security in IT infrastructure](https://reader030.vdocument.in/reader030/viewer/2022032522/56649d635503460f94a46572/html5/thumbnails/24.jpg)
24
Incident Management (Recall last week’s case)
• Before– Sound infrastructure– Disciplined execution of operating procedures– Careful Documentation– Established Crisis Management procedures– Scenario testing
• During– Follow the plan!– Avoid emotional, over-optimistic or political influences
• After– Detect what has happened– Rebuild carefully– Document– Public Announcement Decisions
![Page 25: Lecture 11 Reliability and Security in IT infrastructure](https://reader030.vdocument.in/reader030/viewer/2022032522/56649d635503460f94a46572/html5/thumbnails/25.jpg)
25
Case this week: Ford and Dell
• Read both the Ford Case and the Dell reading