Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lecture 11 Reliability and Security in IT infrastructure.

Published byNickolas Sparks Modified over 8 years ago

Similar presentations

Presentation on theme: "Lecture 11 Reliability and Security in IT infrastructure."— Presentation transcript:

1 Lecture 11 Reliability and Security in IT infrastructure

2 2 Announcements Business Analysis Proposal Today Feedback next week Optional business plan draft due Tuesday 15th

3 3 Reliability vs. Security What is the difference? What different scenarios need to be considered?

4 4 Reliability Basics Redundancy –Multiple paths through a network make the network robust to failing links Individual components are not so reliable –Buying backup equipment is possible, but sometimes expensive Redundancy can make more complex management challenges

5 5 Math of Availability Difference between 2% down in one business vs another –When might it go down? –Who is affected

6 6 Fig 6.1 Five Components in Series Total availability of components in series requires all components to be available

7 7 Fig 6.2 Combining components in series decreases overall availability exponentially Increased number of components increases the likelihood that one of them is out

8 8 Redundancy through parallel components All components have to fail in order for the link to fail

9 9 Fig 6.4 Redundancy increases overall availability

10 10 More general networks How do we calculate probability of failure in network? How do we recognize the critical vulnerabilities?

11 11 Calculating Reliability Combine parallel components first Reliability(parallel) = 1 – (failprob)^k Then combine series elements Reliability(series) = product of individual reliabilities

12 12 High Availability Facilities Redundant power supply Physical security Climate Control Fire suppression Network connectivity

13 13 N+1 vs. N+N redundancy N+1 means one backup per type N+N means one backup per component

14 14 Security

15 15 Fig 6.5 Typical E-commerce Infrastructure Most components have redundancy Why not all?

16 16 Security against malicious threats Multiple different types of threats

17 17 Fig 6.7 distributed Denial of service attack

18 18 Fig 6.8 Spoofing Packets look like they came from another source

19 19 Intrusion Attacker gains access to internal IT structure –Usernames/passwords –Hacking using sniffer software Once inside, intruder can –Steal information –Alter data –Delete data –Deface programs/websites Detecting what someone has actually done is difficult

20 20 Viruses and worms Malicious software programs that replicate and spread to other computers Large range of potential damage Usually, viruses require user execution, whereas worms move automatically Recent examples target vulnerabilities, trigger cascade of events

21 21 Internal security threats Employees responding to phishing Laptop loss Access to previous employees not blocked Missing patches Forwarded emails with hidden threats

22 22 Malware (Malicious Software) Adware –Spyware collecting cookie information of personal web habits Browser Hijacker –Altar browser settings, redirect homepage, tell you your computer is infected etc. Internet Dialer –Making calls to -900 numbers on a dialup connection Keylogger –Monitor keystrokes Rootkit –Install malicious code, disable security features etc.

23 23 Questions, Break Presentation

24 24 Defensive Measures Access and security policies –Who can read what? –Who can have an account? –Who is allowed to change what? –How is policy enforced? Firewalls –Collection of hardware, software to prevent unauthorized access o internal computer resources –Act like a security gate to check legitimate employees trying to use network –Filtering vs. relaying

25 25 Defensive Measures Authentication –Various levels (host, network etc.) –Any granularity possible (files, directories etc.) –Strong authentication requires complex passwords, often changing –Digital certificates –Biometric data Encryption –Uses a key to decode and decode message –Public/private combination –Only person with private key can decrypt

26 26 Defensive Measures Patching –Exploiting weaknesses in system is a primary strategy for attack –Knowing what has been patched is critical Intrusion detection and network monitoring –Automatically filtering out attacks is best –Logging and diagnostic systems help improve and detect what has actually happened

27 27 Security Management Framework Make Deliberate Security Decisions Consider Security a Moving Target Practice Disciplined Change Management Educate Users Deploy Multilevel Technical Measures, as many as can afford

28 28 Firewall deployment Should be part of solution – not whole Can become bottleneck if not managed well Rules should be carefully set up –Allow only traffic meeting criteria X (?) –Allow all traffic except that meeting criteria Y (?)

29 29 Spyware Protection: Ten Rules from IT security advisory Teach employees to be cautious when opening attachments, particularly those sent from unknown sources. Make sure employees understand the dangers of downloading and installing unauthorized programs from the Internet. Compile and enforce an enterprise-wide policy for network firewalls and proxies that will prevent unauthorized downloads from Web sites both known or suspected to harbor spyware. Provide users with passwords to access desktop computers, make sure they can only access systems with those passwords, and change them regularly. Make sure email spam protections are set to the highest possible levels. Make sure all browser security settings are set correctly, preferably at a minimum of “medium” Make sure all the latest browser and operating system patches are installed on all desktop and server systems. Make sure all security software installed is up-to-date and is using the latest version of the threat database. Don’t provide regular network users with administrator privileges that will allow them to download and install such things as device drivers. Install spyware scanning software at both the desktop and the Web gateway to provide a layered anti-spyware defense.

30 30 Virtual Private Networks Let distributed organizations and business partners communicate securely using public networks such as the Internet Traditionally, VPNs have employed Internet Protocol Security (IPsec). IPsec VPNs establish a protected tunnel between two fixed points – Eg. a corporate headquarters and a branch office Seamless solution from user perspective

31 31 Risk Management of Availability and Security Cannot afford to stop every possibility Expected loss is one measure (prob. x cost)

32 32 Incident Management (Recall last week’s case) Before –Sound infrastructure –Disciplined execution of operating procedures –Careful Documentation –Established Crisis Management procedures –Scenario testing During –Follow the plan! –Avoid emotional, over-optimistic or political influences After –Detect what has happened –Rebuild carefully –Document –Public Announcement Decisions

33 33 Security Improvement: CIO plan after failing an audit (Hengst article) Prioritize Assign Recovery Roles Require Status Reports Run Own Assessments Schedule Another Audit

34 34 Case this week: Ford and Dell Read both the Ford Case and the Dell reading

Download ppt "Lecture 11 Reliability and Security in IT infrastructure."

Similar presentations

Thank you to IT Training at Indiana University Computer Malware.

Thank you to IT Training at Indiana University Computer Malware.
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.

Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
1 MIS 2000 Class 22 System Security Update: Winter 2015.

1 MIS 2000 Class 22 System Security Update: Winter 2015.
Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.

Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
1 Telstra in Confidence Managing Security for our Mobile Technology.

1 Telstra in Confidence Managing Security for our Mobile Technology.
Information Security Policies and Standards

Information Security Policies and Standards
Chapter 12 Network Security.

Chapter 12 Network Security.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Lecture 11 Reliability and Security in IT infrastructure.

Lecture 11 Reliability and Security in IT infrastructure.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.

Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
Copyright © 2014 Pearson Education, Inc. 1 IS Security is a critical aspect of managing in the digital world Chapter 10 - Securing Information Systems.

Copyright © 2014 Pearson Education, Inc. 1 IS Security is a critical aspect of managing in the digital world Chapter 10 - Securing Information Systems.
Securing Information Systems

Securing Information Systems

Similar presentations

Ads by Google