Matakuliah
Tahun
Versi
: J0422 / Manajemen E-Corporation
: 2005
:1/2
MODULE 10 :
Assuring Reliable and Secure IT Services
1
Learning Outcomes
 In this chapter, we will study:
 How to build high-availability facilities like Physical
Security, Uninterruptible Electric Power, Climate
Control and Fire Suppression, etc.
 Responsible managers must build defenses against
these threats to secure a company’s informationrelated assets—its data, infrastructure components,
and reputation
 Defense against hackers is difficult. The threats are
varied, sophisticated and ever-evolving, and security is
a matter of degree rather than absolutes.
2
Outline Topic
Availability Math.
Securing Infrastructure against Malicious
Threats.
Risk Management of Availability and
Security.
3
Content
 The emergence of Web-based commerce has accelerated the expansion
of a world-wide network capable of transmitting information reliably and
securely across vast distances.
 The inherent reliability of modern Internetworks is a legacy of U. S. Dept.
of Defense research in the 1960s that led to technologies robust enough to
withstand a military attack.
 The key to this inherent reliability is redundancy.
 Some components of a firm’s infrastructure are not inherently reliable.
 The reliability of processing systems, for example, is a function of how they
are designed and managed.
 As with Internetworks, the key to reliable systems is redundancy.
4
Assuring Reliable and Secure IT Services
 Reliability through redundancy comes at a price. It means buying
extra equipment (computers, switches, software, electric generators)
to guard against failures. Every increment of additional redundancy
makes outages less likely, but every increment increases expenses
as well.
 How much reliability to buy is a management decision highly
contingent on numerous, mostly business, factors.
 Some costs of failures are intangible and hard to quantify. It may be
possible to estimate, for example, the direct revenues your company
will lose if your Web-based retail site goes down for two hours in the
middle of the day, but it is harder to gauge how many customers will
never return. In addition, it is difficult to estimate the probabilities of
such events.
5
Assuring Reliable and Secure IT Services
 Redundant systems are more complex than non redundant systems, and
this complexity must be managed.
 Businesses need policies that determine how to integrate redundant
elements into a company’s overall infrastructure:
 How backup systems and equipment will be brought online
 How problems will be diagnosed and triaged
 Who will be responsible for responding to incidents.
 Managers also must guard against malicious threats to computing
infrastructure. Malicious threats, similar to accidental failures in their
potential cost and unintended ripple effect, are designed specifically to
damage a company’s business.
 Instigators of malicious threats, called hackers, range from pranksters to
organized criminals and even international terrorists.
 Increasingly, attacks are automated and systematic, carried out by wrecking 6
routines loose on the Internet to probe for vulnerabilities and inflict damage.
Availability Math
 The reliability of computing infrastructure is often discussed in
terms of the availability of a specific information technology (IT)
service or system.
 A system that is 98% available is on average up and ready to be
used 98% of the time.
 A business’s tolerance for outages varies by system and situation.
 Downtime that occurs in large chunks of time might be more of a
problem than the same total amount of downtime occurring in
increments that never exceed three minutes in a single outage.
 We can better appreciate how difficult it is to achieve high levels of
reliability if we consider how rates of availability for components
combine into overall system or service availability.
 Most IT services are not delivered by a single component but by a
number of components working together.
7
Availability of Components in Series
 Suppose you have five components connected in that together deliver
an IT service. Assume that each component has an availability of of
98 percent, which means a half hour per day of downtime for each
component on average. Computation of service availability is
straightforward .
 For the service to be up and running, all five components must be up
and running.
 At any given time the probability that a component is up and running
is .98 (meaning 98% availability) so the probability that Component 1
and Component 2 and Component 3 and Component 4 and
Component 5 are all up and running is .98 x .98 x .98 x .98 x .98 = .9
 The overall service availability is 90% which means the service is
unavailable 10% of the time or almost 2-1/2 hours a day.
8
The Effect of Redundancy on Availability
 Suppose you have five components connected in parallel involved in
the provision of an IT service. the components are identical, and
any one of them can perform the functions needed to support the
service.
 As in the earlier example, each individual component has an
availability of 98% and each component experiences outages
randomly. The computation for the overall availability of these
parallel components is also straightforward.
 The overall availability of these components combined in parallel
therefore is 99.99999968, which is eight nines of availability.
9
The Effect of Redundancy on Availability
Redundancy Increases Overall Availability
100.0%
Availability
99.5%
99.0%
98.5%
98.0%
1
2
3
4
5
6
7
8
9
10
Number of Components In Parallel (each 98% available)
Source: Applegate, Lynda M., Robert D. Austin, and F. Warren McFarlan, Corporate Information Strategy and Management. Burr Ridge, IL: McGraw-Hill/Irwin, 2002.
Chapter 6 Figure 6-4
10
High Availability Facilities
 Data centers provide a concrete sense of the availability decisions
faced by infrastructure managers.
 Today’s state-of-the-art facilities offer the following features:
 Uninterruptible Electric Power Delivery
 Physical Security
 Climate Control and Fire Suppression
 Network Connectivity
 Help Desk and Incident Response Procedures
11
N + 1 and B + N Redundancy
 Most modern data centers try to maintain an “N + 1” level of
redundancy of mission-critical components.
 N + 1 means that for each type of critical component there should be
at least one unit standing by.
 Some companies aspire to higher levels of infrastructure
redundancy. “N + N” redundancy requires twice as many missioncritical components as are necessary to run a facility at any one
time.
 Not surprisingly, high levels of availability are costly.
 Indeed management decisions about the design of IT infrastructures
always involve trade-offs between availability and the expense of
additional components.
 The answer boils down to one word: money.
12
N + 1 and B + N Redundancy
A Representative E-Commerce Infrastructure
Policy
Server 1
Policy
Server 2
Application
Server 1
Application
Server 2
Internet
Firewall 1
Router
Switch
Firewall 2
Web Server
1
Web Server
2
Database
Server
Disk Array
Source: Applegate, Lynda M., Robert D. Austin, and F. Warren McFarlan, Corporate Information Strategy and Management. Burr Ridge, IL: McGraw-Hill/Irwin, 2002.
Chapter 6 Figure 6-5
13
Securing Infrastructure against Malicious Threats
 The threat is growing.
 Ninety-one percent of companies and agencies that
responded to a 2001 survey conducted by the Computer
Security Institute and the U. S. Federal Bureau of
Investigation said they had detected security breaches in
the last 12 months.
 Who are the attackers?
 Some are thrill seekers, people who like the challenge of defeating
defenses or getting in where they are not supposed to be.
 Even if they intend no damage, they are unknown elements
interacting with the complexity of IT infrastructure in unpredictable
ways which can precipitate accidents.
 Other attackers have a specific dislike to a company and intend to
do it harm.
 All attacker represent serious threats.
 Even a thrill seeker who gains access but does no damage can
harm a company’s reputation if word of a breach gets out.
14
Securing Infrastructure against Malicious Threats
A Distributed Denial of Service Attack
Attacker 1
Attack Leader
Attacker 2
Attacker 3
Attacker 4
Attacker 5
Attacker 6
Attacker 7
Website
Server
Attacker 8
Attack Leader facilitates SYN floods from multiple sources.
Source: Austin, Robert D. "The iPremier Company, The (A), (B), and (C): Denial of Service Attack." Harvard Business School Teaching Note 602-033.
15
Chapter 6 Figure 6-7
Securing Infrastructure against Malicious Threats
 Many hackers who penetrate a company’s defenses set
up routes through which they can return, opening doors
that they hope company managers will not notice.
 Responsible managers must build defenses against
these threats to secure a company’s information-related
assets--its
data, infrastructure components, and reputation.
16
Classification of Threats
Threats can be divided into categories:
» External
» Intrusion
» Viruses and Worms
17
Defensive Measures
 Defense against hackers is difficult. The threats are varied,
sophisticated and ever-evolving, and security is a matter of degree
rather than absolutes.
 There is no master list against which a company can compare its
defenses and, after checking everything, declare its infrastructure
secure.
18
Defensive Measures
Security Policies
 To defend computing resources against inappropriate use, a
company must specify what is meant by “inappropriate.”
 Security policies address questions such as the following:
 What kinds of passwords are users allowed to create for use on
company systems and how often should they change?
 Who is allowed to have accounts on company systems?
 What security features must be activated on a computer before it
can connect to a company network?
 What services are allowed to operate inside network?
 What are users allowed to download?
 How is the security policy enforced?
19
Defensive Measures
Firewalls

A firewall is a collection of hardware and software designed to prevent unauthorized access to a
company’s internal computer resources.
Authentication

Authentication describes the variety of techniques and software used to control who accesses
elements of computing infrastructure.
Encryption

Encryption renders the contents of electronic transmissions unreadable by anyone who might
intercept them.
Patching and Change Management

A Surprising number of attacks exploit weakness in systems for which “patches” already exist at
the attack.
Intrusion Detection and Network Monitoring

Intrusion detection and network monitoring work together to help network administrators recognize
when their infrastructure is or has been under attack.

Network monitoring automatically filters out external attack traffic at the boundary of company
networks.
20
A Security Management Framework
 The following principles of security management remain
relevant:
 Make Deliberate Security Decisions




Consider Security A Moving Target
Practice Disciplined Change Management
Educate Users
Deploy Multilevel Technical Measures, as Many as You can
Afford
21
Risk Management of Availability and Security
 Companies cannot afford to address every threat to the availability and
security of IT infrastructure with equal aggressiveness.
 Management actions to mitigate risks must be prioritized with an eye to their
costs and potential benefits.
Managing Incidents Before They Occur
 Pre-crisis practices the make incidents more manageable:
•
•
•
•
•
Sound infrastructure design
Disciplined execution of operating procedures
Careful documentation
Established crisis management procedures
Rehearsing incident response
22
Risk Management of Availability and Security
Managing During an Incident

When faced with a crisis, some obstacles include:
 Emotional responses, including confusion, denial, fear and panic
 Wishful thinking and groupthink
 Political maneuvering, diving for cover, and ducking responsibility
 Leaping to conclusions and blindness to evidence that contradicts
current beliefs
23
Risk Management of Availability and Security
Managing After an Incident
 After an incident, infrastructure managers often need to rebuild parts
of the infrastructure. Sometimes erasing and rebuilding everything
from scratch is the only way to be sure the infrastructure is
restored to its pre incident state.
 Figuring out exactly what caused an incident is sometimes difficult,
but it must be done regardless of the cost.
24
Chapter Summary
Executives can use the following questions to access their
own preparedness for these 21st-century challenges:
 How available do the systems in our application portfolio need to
be?
Are our infrastructure investments in availability aligned with
requirements?
 Are we taking security threats seriously enough?
How secure is our current infrastructure?
How do we assess information security on an ongoing basis?
Have IT staff members received adequate training?
How do we compare with information security best-in-class
organizations?
25
Chapter Summary
 Do we have a solid security policy in place?
Were business managers as well as IT managers involved in
creating it?
Do users know about it and understand it?
Do they accept it?
How is the policy enforced?
 Do we have plans for responding to infrastructure incidents?
Do we practice them on a regular basis?
Are staff members trained in incident response?
What are our plans and policies for communicating information about
incidents to external parties such as customers, partners, the press,
the public?
26