1. 1 MODULE 10 : Assuring Reliable and Secure IT Services Matakuliah: J0422 / Manajemen E-Corporation Tahun: 2005 Versi: 1 / 2

2. 2 Learning Outcomes  In this chapter, we will study:  How to build high-availability facilities like Physical Security, Uninterruptible Electric Power, Climate Control and Fire Suppression, etc.  Responsible managers must build defenses against these threats to secure a company’s information- related assets—its data, infrastructure components, and reputation  Defense against hackers is difficult. The threats are varied, sophisticated and ever-evolving, and security is a matter of degree rather than absolutes.

3. 3 Outline Topic  Availability Math.  Securing Infrastructure against Malicious Threats.  Risk Management of Availability and Security.

4. 4 Content  The emergence of Web-based commerce has accelerated the expansion of a world-wide network capable of transmitting information reliably and securely across vast distances.  The inherent reliability of modern Internetworks is a legacy of U. S. Dept. of Defense research in the 1960s that led to technologies robust enough to withstand a military attack.  The key to this inherent reliability is redundancy.  Some components of a firm’s infrastructure are not inherently reliable.  The reliability of processing systems, for example, is a function of how they are designed and managed.  As with Internetworks, the key to reliable systems is redundancy.

5. 5 Assuring Reliable and Secure IT Services  Reliability through redundancy comes at a price. It means buying extra equipment (computers, switches, software, electric generators) to guard against failures. Every increment of additional redundancy makes outages less likely, but every increment increases expenses as well.  How much reliability to buy is a management decision highly contingent on numerous, mostly business, factors.  Some costs of failures are intangible and hard to quantify. It may be possible to estimate, for example, the direct revenues your company will lose if your Web-based retail site goes down for two hours in the middle of the day, but it is harder to gauge how many customers will never return. In addition, it is difficult to estimate the probabilities of such events.

6. 6 Assuring Reliable and Secure IT Services  Redundant systems are more complex than non redundant systems, and this complexity must be managed.  Businesses need policies that determine how to integrate redundant elements into a company’s overall infrastructure:  How backup systems and equipment will be brought online  How problems will be diagnosed and triaged  Who will be responsible for responding to incidents.  Managers also must guard against malicious threats to computing infrastructure. Malicious threats, similar to accidental failures in their potential cost and unintended ripple effect, are designed specifically to damage a company’s business.  Instigators of malicious threats, called hackers, range from pranksters to organized criminals and even international terrorists.  Increasingly, attacks are automated and systematic, carried out by wrecking routines loose on the Internet to probe for vulnerabilities and inflict damage.

7. 7 Availability Math  The reliability of computing infrastructure is often discussed in terms of the availability of a specific information technology (IT) service or system.  A system that is 98% available is on average up and ready to be used 98% of the time.  A business’s tolerance for outages varies by system and situation.  Downtime that occurs in large chunks of time might be more of a problem than the same total amount of downtime occurring in increments that never exceed three minutes in a single outage.  We can better appreciate how difficult it is to achieve high levels of reliability if we consider how rates of availability for components combine into overall system or service availability.  Most IT services are not delivered by a single component but by a number of components working together.

8. 8 Availability of Components in Series  Suppose you have five components connected in that together deliver an IT service. Assume that each component has an availability of of 98 percent, which means a half hour per day of downtime for each component on average. Computation of service availability is straightforward.  For the service to be up and running, all five components must be up and running.  At any given time the probability that a component is up and running is.98 (meaning 98% availability) so the probability that Component 1 and Component 2 and Component 3 and Component 4 and Component 5 are all up and running is.98 x.98 x.98 x.98 x.98 =.9  The overall service availability is 90% which means the service is unavailable 10% of the time or almost 2-1/2 hours a day.

9. 9 The Effect of Redundancy on Availability  Suppose you have five components connected in parallel involved in the provision of an IT service. the components are identical, and any one of them can perform the functions needed to support the service.  As in the earlier example, each individual component has an availability of 98% and each component experiences outages randomly. The computation for the overall availability of these parallel components is also straightforward.  The overall availability of these components combined in parallel therefore is 99.99999968, which is eight nines of availability.

10. 10 The Effect of Redundancy on Availability

11. 11  Data centers provide a concrete sense of the availability decisions faced by infrastructure managers.  Today’s state-of-the-art facilities offer the following features:  Uninterruptible Electric Power Delivery  Physical Security  Climate Control and Fire Suppression  Network Connectivity  Help Desk and Incident Response Procedures High Availability Facilities

12. 12 N + 1 and B + N Redundancy  Most modern data centers try to maintain an “N + 1” level of redundancy of mission-critical components.  N + 1 means that for each type of critical component there should be at least one unit standing by.  Some companies aspire to higher levels of infrastructure redundancy. “N + N” redundancy requires twice as many mission- critical components as are necessary to run a facility at any one time.  Not surprisingly, high levels of availability are costly.  Indeed management decisions about the design of IT infrastructures always involve trade-offs between availability and the expense of additional components.  The answer boils down to one word: money.

13. 13 N + 1 and B + N Redundancy

14. 14  The threat is growing.  Ninety-one percent of companies and agencies that responded to a 2001 survey conducted by the Computer Security Institute and the U. S. Federal Bureau of Investigation said they had detected security breaches in the last 12 months.  Who are the attackers?  Some are thrill seekers, people who like the challenge of defeating defenses or getting in where they are not supposed to be.  Even if they intend no damage, they are unknown elements interacting with the complexity of IT infrastructure in unpredictable ways which can precipitate accidents.  Other attackers have a specific dislike to a company and intend to do it harm.  All attacker represent serious threats.  Even a thrill seeker who gains access but does no damage can harm a company’s reputation if word of a breach gets out. Securing Infrastructure against Malicious Threats

15. 15 Securing Infrastructure against Malicious Threats

16. 16 Securing Infrastructure against Malicious Threats  Many hackers who penetrate a company’s defenses set up routes through which they can return, opening doors that they hope company managers will not notice.  Responsible managers must build defenses against these threats to secure a company’s information-related assets--its data, infrastructure components, and reputation.

17. 17 Classification of Threats  Threats can be divided into categories: » External » Intrusion » Viruses and Worms

18. 18 Defensive Measures  Defense against hackers is difficult. The threats are varied, sophisticated and ever-evolving, and security is a matter of degree rather than absolutes.  There is no master list against which a company can compare its defenses and, after checking everything, declare its infrastructure secure.

19. 19 Defensive Measures Security Policies  To defend computing resources against inappropriate use, a company must specify what is meant by “inappropriate.”  Security policies address questions such as the following:  What kinds of passwords are users allowed to create for use on company systems and how often should they change?  Who is allowed to have accounts on company systems?  What security features must be activated on a computer before it can connect to a company network?  What services are allowed to operate inside network?  What are users allowed to download?  How is the security policy enforced?

20. 20 Defensive Measures Firewalls  A firewall is a collection of hardware and software designed to prevent unauthorized access to a company’s internal computer resources. Authentication  Authentication describes the variety of techniques and software used to control who accesses elements of computing infrastructure. Encryption  Encryption renders the contents of electronic transmissions unreadable by anyone who might intercept them. Patching and Change Management  A Surprising number of attacks exploit weakness in systems for which “patches” already exist at the attack. Intrusion Detection and Network Monitoring  Intrusion detection and network monitoring work together to help network administrators recognize when their infrastructure is or has been under attack.  Network monitoring automatically filters out external attack traffic at the boundary of company networks.

21. 21 A Security Management Framework  The following principles of security management remain relevant:  Make Deliberate Security Decisions  Consider Security A Moving Target  Practice Disciplined Change Management  Educate Users  Deploy Multilevel Technical Measures, as Many as You can Afford

22. 22 Risk Management of Availability and Security  Companies cannot afford to address every threat to the availability and security of IT infrastructure with equal aggressiveness.  Management actions to mitigate risks must be prioritized with an eye to their costs and potential benefits. Managing Incidents Before They Occur  Pre-crisis practices the make incidents more manageable: Sound infrastructure design Disciplined execution of operating procedures Careful documentation Established crisis management procedures Rehearsing incident response

23. 23 Risk Management of Availability and Security Managing During an Incident  When faced with a crisis, some obstacles include:  Emotional responses, including confusion, denial, fear and panic  Wishful thinking and groupthink  Political maneuvering, diving for cover, and ducking responsibility  Leaping to conclusions and blindness to evidence that contradicts current beliefs

24. 24 Risk Management of Availability and Security Managing After an Incident  After an incident, infrastructure managers often need to rebuild parts of the infrastructure. Sometimes erasing and rebuilding everything from scratch is the only way to be sure the infrastructure is restored to its pre incident state.  Figuring out exactly what caused an incident is sometimes difficult, but it must be done regardless of the cost.

25. 25 Chapter Summary Executives can use the following questions to access their own preparedness for these 21st-century challenges:  How available do the systems in our application portfolio need to be? Are our infrastructure investments in availability aligned with requirements?  Are we taking security threats seriously enough? How secure is our current infrastructure? How do we assess information security on an ongoing basis? Have IT staff members received adequate training? How do we compare with information security best-in-class organizations?

26. 26 Chapter Summary  Do we have a solid security policy in place? Were business managers as well as IT managers involved in creating it? Do users know about it and understand it? Do they accept it? How is the policy enforced?  Do we have plans for responding to infrastructure incidents? Do we practice them on a regular basis? Are staff members trained in incident response? What are our plans and policies for communicating information about incidents to external parties such as customers, partners, the press, the public?