• Save
Networking Strategies
Upcoming SlideShare
Loading in...5
×

Like this? Share it with your network

Share

Networking Strategies

  • 3,409 views
Uploaded on

Network Design, Security Analysis, Risk Assessment, DR, and BCP

Network Design, Security Analysis, Risk Assessment, DR, and BCP

More in: Technology , Business
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
  • Hi Jim , wonderful and optimal persentation , would you be able to forward this presentation to kishore.tech@yahoo.com.au , thanks
    Are you sure you want to
    Your message goes here
  • Very informative and thorough presentation. Is there a chance to forward via e-mail? hani.mousa@pepsico.com
    Thanks
    Hani Mousa
    Enterprise Architect
    Are you sure you want to
    Your message goes here
  • hi will u pplzplz plz plz plz forword me this presentation plz plz........ krishna.jadhav@digicall.in
    Are you sure you want to
    Your message goes here
  • hi can u plz fwd me this presentation...its superb ...... sidvin_shetty_1986@yahoo.com
    Are you sure you want to
    Your message goes here
No Downloads

Views

Total Views
3,409
On Slideshare
3,374
From Embeds
35
Number of Embeds
3

Actions

Shares
Downloads
0
Comments
4
Likes
6

Embeds 35

http://www.slideshare.net 29
http://www.brijj.com 4
http://wildfire.gigya.com 2

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Copyright James B. Maginnis 2000-2005 1 Organizational Kinetics Copyright 2003 - 2009 Network Design, Security Analysis, Risk Assessment, DR, and BCP Presentation By Jim Maginnis
  • 2. Copyright James B. Maginnis 2000-2005 2 Today, There are >1 Billion Internet Users! 600 Gartner 500 400 eMarketer 300 200 Nielsen/NetRati ngs 100 Computer 0 Industry Internet Users Worldwide Almanac ( CIA) 2001 (in millions) Source: Projections vs. Reality, January 2002: www.emarketer.com
  • 3. Copyright James B. Maginnis 2000-2005 3 Agenda • Technologies for PANs, LANs, MANs, WANs • IT Architecture and Network Design considerations • Outsourcing Decisions • Security Issues and Risk Assessments • Fault Tolerance Planning • Disaster Recover Planning • Business Continuity Planning • Management Responsibilities
  • 4. Copyright James B. Maginnis 2000-2005 4 Analog Signals • Sound Waves ~ Electrical Waves in a Wire • Analog Signal Electrical Wave • Sound Wave Characteristics frequency (hertz) – Frequency (Hz) = cycles per second amplitude (volts) – Spectrum • 100 – 6,000 Hz • 300 – 3,000 Hz Time (sec) – Bandwidth = diff – Amplitude (dB) 1 cycle – Phase (alignment)
  • 5. Copyright James B. Maginnis 2000-2005 5 Analog Communications Technology • Amplitude Modulation (AM), Frequency Modulation (FM), Phase Modulation (PM)
  • 6. Copyright James B. Maginnis 2000-2005 6 Digital Signaling • Represented by square waves or pulses • Bit loss rather than attenuation loss amplitude (volts) 1 cycle time (sec) frequency (hertz) = cycles per second
  • 7. Copyright James B. Maginnis 2000-2005 7 Broadband, Baseband, and Narrowband • Broadband means telecommunications in which a wide band of frequencies is available to transmit multiplexed information – DSL and Cable (with bandwidth expectations) • Usually analog with modem and/or multiplexer • At least 256,000 bps – Jupiter Communications • Over 6 MHz – IBM Dictionary of Computing • Baseband means one digital channel – Ethernet (―BASE‖) / Token Ring (―single band‖) • Narrow means just voice (500 to 64 kbps) – Mobile, Radio, Paging services (―dual-band‖)
  • 8. Copyright James B. Maginnis 2000-2005 8 Connection Data Rates / Speed / Bandwidth Technology Max Data Rate Medium Technology Max Data Rate Medium GSM 9.6 to 14.4 Kbps RF USB 1.0 12 Mbps TP POTS 56 Kbps TP DS3/T-3 44.736 Mbps Coax GPRS 56 to 114 Kbps RF OC-1/DC-1 51.84 Mbps Fiber/Coax BRI ISDN 64-128 Kbps TP 802.11g 54-108 Mbps RF EDGsmE 384 Kbps RF Fast E-net 100 Mbps TP, Fiber Satellite 400 Kbps RF FDDI 100 Mbps Fiber Frame Relay Normal 56 Kbps TP/Coax OC-3/SDH 155.52 Mbps Fiber Bluetooth 1 Mbps RF IEEE 1394 400 Mbps TP DS1/T-1 1.544 Mbps Various ATM 155 / 622 Mbps TP / Fiber UMTS/.16.20 1-3/2-155 Mbps RF OC-12/STM-4 622.08 Mbps Fiber T-1C 3.152 Mbps Various SSA or SCSI 80 Mbytes/sec TP, Fiber Token Ring 4 to 16 Mbps Various Gigabit E-net 1 / 10 Gbps TP, Fiber DSL D:½ to 8 Mbps TP Fiber Channel 1 Gbps Fiber Cable D:½ to 52 Mbps Coax OC-768 40 Gbps Fiber Ethernet 10 Mbps Various DWDM 1 Petabit, 1015 Fiber
  • 9. Copyright James B. Maginnis 2000-2005 Advantages of Segmenting – Internetworking 9 • Reduces the number of users per segment – Increase effective bandwidth and security • Switch VLANs work at wire speed • Using Bridges to segment – Each segment in a different collision domain – Same broadcast domain for non-routed protocols • Using Routers (layer-3) to segment – Reduced broadcast messages – Improved manageability • Multiple active paths • Flow and congestion control, explicit packet controls – 30% slower connectivity than a bridge
  • 10. Copyright James B. Maginnis 2000-2005 1 0 Switches, Routers, Bridges, and Gateways • LinkSys G-kit: $183.00 • 3Com NJ200 4-port, SNMP QoS, VLAN, 1.4‖ Switch • Modular Systems start with a chassis (Cisco 6509 sold $1 billion in 1999) • Forum Phone ―Bridge‖ • Gateways (e.g. Mail) – A traffic controller from one network or service to another – Often a proxy server for security and caching
  • 11. Copyright James B. Maginnis 2000-2005 Processors – Firewalls 1 1 • A ―real‖ firewall supports ―stateful packet inspection‖ with the ability to open packets to ensure that the ones coming from the Internet were responses to ones that went out. – SOHOware NBG800 Router/Firewall for $70 – 3COM OfficeConnect Secure Gateway for $250, NetScreen, WatchGuard, SonicWALL, SnapGear, and Cisco processors also support IPsec VPNs • Strongest firewall is Secure Computing’s SideWinder with a hardened OS, and can be purchased separately, on servers from Dell, or embedded in 3COM Ethernet cards
  • 12. Copyright James B. Maginnis 2000-2005 Devices From The OSI Model’s Perspective 1 2 • SSL, S/MIME, PGP, and SET • NOS API • VoIP • Router/Firewall • IPsec • Bridge/Switch • Hubs/Modems
  • 13. Copyright James B. Maginnis 2000-2005 1 3 What is a Virtual Private Network Connection? • A VPN (virtual private network) uses a public infrastructure (Internet) to provide remote offices or users access to an organization's network using ―tunneling‖ rather than using more expensive private or leased lines. • IPsec (Internet Protocol Security) provides two choices of security service: – Authentication Header (AH), which essentially allows authentication of the sender of data – Encapsulating Security Payload (ESP), which supports both authentication of the sender and encryption of data as well.
  • 14. Copyright James B. Maginnis 2000-2005 1 4 Network Design Process • Consider Cost, Functionality, Manageability, Scalability, Adaptability, and Effectiveness • WAN vs. LAN and Upfront vs. Support Costs – Labor as much as 43% of TCO – Support normally 80% of TCO – Training, Downtime, DRP/Recovery – Client/Server, N-tier, Distributed – HP Openview – Cisco Netsys – Modeling tools
  • 15. Copyright James B. Maginnis 2000-2005 1 5 Information Architecture Plan • Especially critical in today’s multi-vendor, distributed environment • Common vision on mandatory standards and key information & communication interfaces • Derive IT Architecture from department’s strategic and business requirements • A long term process based on as many IT and business staff as practicable with continuous review and update
  • 16. Copyright James B. Maginnis 2000-2005 1 6 What is an Enterprise IT Architecture? • IT Architecture “A blueprint to guide how IT elements Components should work – Business flows together” and relationships – Application development – Data descriptions – Network / Telecom – Operating System(s) – Security and privacy – Risk factors – Migration Plan
  • 17. Copyright James B. Maginnis 2000-2005 1 7 IAP Models, Protocols, and Standards • Reference Model (e.g. OSI) – a generic framework – logical breakdown of an activity • Protocol (e.g TCP/IP) – details of how to accomplish specific task – required to implement models • Standard (e.g. IEEE 802.3) – what a reference model and its protocol become when approved by an important standard-setting group (de jure standard), or are adopted by the marketplace ( de facto standard). Standards are, in essence, the blueprint for the Information Architecture
  • 18. Copyright James B. Maginnis 2000-2005 1 8 Who Sets Standards? • Federal government: – by law can establish regulatory standards – National Institute for Standards and Technology • National standards bodies – ANSI, IEEE, or ISO • International standards bodies – ISO (International Organization for Standardization) – International Telecommunication Union (CCITT) • Other vendor groups, professional associations, trade associations, etc – IEEE, VESA, ATM Alliance, SQL group, IETF
  • 19. Copyright James B. Maginnis 2000-2005 1 9 Standards Openness Continuum Closed • proprietary and closed (unpublished) – Intel chip, MS Windows – IBM mainframe • proprietary but licensed (for fee) – postscript • proprietary but published (free or token fee) – IBM’s original ISA bus – SUN’s NFS (network file system) – Intel’s PCI (peripheral component interconnect) • non-proprietary consortia or similar – VESA bus – ATM (asynchronous transfer mode) protocol – DVD Open • „official‟ de jure (open) standards products (published) – Ethernet, ISDN, DSL
  • 20. Copyright James B. Maginnis 2000-2005 ―Well-Formed‖ Risk Statement 2 0 Asset Threat Vulnerability Mitigation What are you What are you How could the What is currently trying to protect? afraid of threat occur? reducing the happening? risk? Impact Probability What is the impact to the How likely is the threat given business? the controls? Well-Formed Risk Statement
  • 21. Copyright James B. Maginnis 2000-2005 2 1 Defining Roles / Responsibilities Executive Determine Sponsor acceptable risk “What's important?” Information Assess risks Define security Measure security Security Group requirements solutions “Prioritize risks” IT Group Design and build Operate and “Best control solution” security solutions support security solutions
  • 22. Copyright James B. Maginnis 2000-2005 2 2 Security Risk Management Process 4 Measuring 1 Assessing Program Risk Effectiveness 3 Implementing Controls 2 Conducting Decision Support
  • 23. Copyright James B. Maginnis 2000-2005 2 3 Internet Enabled Technology Architectures Policies and Standards Network Management Software Management Firewalls Passwords Encryption Content Software Authoring Security and Data Tools Tools Infrastructure TCP/IP Hypermedia Servers Browsers Network Databases
  • 24. Copyright James B. Maginnis 2000-2005 2 4 Requirement Sets for Two Design Options Bare “Cadillac” Bones Win- Implementation Win- UNIX UNIX dows Environments dows Off Off In Out Con- In Out Con- the the House Source sult House Source sult shelf shelf Sources
  • 25. Copyright James B. Maginnis 2000-2005 2 5 Architecture - Internal vs. External sourcing • Costs and Knowledge base – Investment in hardware, software and facilities – Applications and database technologies • Reliability, (DRP and BCP) – Redundancy (no single point of failure) • Components, systems, multiple sites • Entire project or just portion (computer room) • Pull campus network lines or pay carrier • SSL, certificates, dynamic passwords – SecureID, CryptoCard, Safeword
  • 26. Copyright James B. Maginnis 2000-2005 2 6 Comparison Criteria • Feasibility and Cost/Benefit • Available Resources: What can you do? • Development Time • Developmental and Operational Costs • Efficiency and Ease of Use • Compatibility • Security • Emotional: What do you want to do? • ―Evaluation_Tools‖…http://mime1.marc.gate ch.edu/mm_tools/evaluation.html
  • 27. Copyright James B. Maginnis 2000-2005 2 7 Different Sources of Software Components Source of When to Go to This Internal Staffing Application Type Organization Requirements Producers Software? for Software Hardware Generally For system software and Varies Manufacturers not utilities Packaged Yes When supported Some IS and user Software task is generic staff to define Producers requirements and evaluate packages Custom Software Yes When task requires Internal staff may Producers custom support and be needed, system depending on can’t be built internally application In-House Yes When resources and Internal staff Developers staff are available and necessary though system must be built staff size may vary from scratch
  • 28. Copyright James B. Maginnis 2000-2005 Applications – Voice Over IP 2 8 • Transmit voice over • Motivations IP data networks – Very cost effective – Voice Signal – Multimedia • Digitized communication • Compressed – Integrated voice and • Converted to IP packets data network and transmitted over IP network • Challenges – Signaling Protocols – Quality of voice • Set-up and tear down the – Interoperability calls – Security • Locate users – Integration with PSTN • Negotiate capabilities – Scalability • Waiting for IPv6
  • 29. Copyright James B. Maginnis 2000-2005 Applications – New IPv6 Functionality 2 9 • 128-bit Addressing – Then every IP address with a microphone and speaker will be a phone and vice versa, every camera will also be searchable in real time • More Secure – Phone bill vs. credit card • Quality of Service (QoS) Queuing – Critical for CIT Voice and Video • Multicast Services – The ability to send real time information to multiple locations – Pay-per-View and per-Play • Improved Mobile Support – No wires for a billion devices remotely monitored
  • 30. Copyright James B. Maginnis 2000-2005 Applications – Voice over ISDN and ATM 3 0 • Point-to-point ISDN and ATM networks are the solution today • 128kbps ISDN Video Conferencing works better than sharing a 1.54Mbps T1 • ATM (asynchronous transfer mode) use 53- byte cell units in a multiplexed dedicated- connection switching environment • ATM is the current most common solution for internetworking a campus or WAN backbone with real-time analog and data requirements
  • 31. Copyright James B. Maginnis 2000-2005 3 1 5 Top Ways To Lower Costs & Raise Uptime • Converge multiple WAN/MAN backbones • Improve Quality of Service (QoS) • Support Voice Over IP (VOIP) • Cheap & easy IPsec VPNs to remote users • Improve network management control • All with different security issues
  • 32. Copyright James B. Maginnis 2000-2005 3 2 Network Management Goals • Monitor network, backup, and vendor health • Automatic restoration options • Dedicated 7 x 24 hour local support w/DRP • Demonstrate business continuity plans • Dynamic reconfigurations • Bandwidth-on-demand (BoD) pools alternative to temporary peeking or DRP • Renewal of insurance policies • Meeting industry rules
  • 33. Copyright James B. Maginnis 2000-2005 3 3 Need To Consider Current Environments • Platform alternatives – Host or mainframe – Mid-tier (UNIX) platforms – Mid-tier (Windows NT) – Client/Server – Three-tier web-based – Peer to Peer – Distributed • Hardware and software standards • Support resources’ ability to deploy solutions
  • 34. Copyright James B. Maginnis 2000-2005 3 4 Metropolitan Area Nets (MANs) • Metropolitan backbones • SONET rings – solving the vulnerabilities of last mile • 25 Mbps Microwave • Single mode fiber, 10-Gigabit Ethernet will go 40 kilometers this year ($24 billion). Expected to capture 30% of high speed Internet market by ’05. (Gartner) • More ASPs, MSPs, SSPs – Trust / Security
  • 35. Copyright James B. Maginnis 2000-2005 3 5 Trends in Telecommunications and Voice • Convergent system for V&D requirements • Open access with large bandwidth changes • Starbucks began with 2,000 802.11 routers • Virtual Private Networks for Global Model • Rainbow consortium of Microsoft, IBM, Intel, AT&T Wireless, and Verizon to create a single nationwide Wi-Fi company / network • In the meantime, Cable will be the big winner for Internet, TV, movies, and phone services – Satellite’s 25% share of TV will hold – DOCSIS 1.1 supports tiered services
  • 36. Copyright James B. Maginnis 2000-2005 3 6 Trends in Telecommunications and Voice • Need to get all this new stuff to work together = increase in central network management software • Need to get it to work harder (60% idle) – Reselling excess capacity – Return to MIS Data Center focus • Increasing security (esp. governmental and biotechnologies) and ethical concerns • Thinner margins and continued bankruptcies • New SPAM laws and New Taxes!
  • 37. Copyright James B. Maginnis 2000-2005 EDI – B2B Legacy Communications 3 7 High Support Needs = Security Issues Buyer Supplier RFP Response to RFP Purchase Order P.O. Acknowledgement Purchase Order Change P.O. Change Acknowledgement Functional Acknowledgement (for each Transaction ) RFP = Request for Proposal P.O. = Purchasing Order
  • 38. Copyright James B. Maginnis 2000-2005 3 8 The Role of Extranets (was called internets) Adds everyone else‟s security problems Access Issues eBusiness No Firewalls Insecure VPNs Viruses Wireless Access
  • 39. Copyright James B. Maginnis 2000-2005 3 9 Internet Applications = More Security Issues Businesses are rapidly installing intranets, extranets, and enterprise information portals throughout their organizations in order to enhance communication and collaboration, and to publish and share business information easily and at lower cost. E-mail (S/MIME) Telnet (SSH) Popular Uses of the File E-Commerce (SSL) Internet Transfer Protocol (PGP) Internet Relay Search Engines Chat (VPN) (Anonimizer)
  • 40. Copyright James B. Maginnis 2000-2005 4 0 Groupware for Enterprise Collaboration Enterprise Collaboration Groupware Database Systems (ECS) support for Access communication, coordination Enterprise Security and collaboration among the Collaboration Concerns members of business teams and workgroups. Often set up with full access Electronic Electronic Collaborative Work Communications Conferencing Management Tools Tools Tools •E-Mail •Data Conferencing •Calendaring •Voice Mail, IP Phone •Voice Conferencing •Task and Project Mgt •Web Publishing •Videoconferencing •Workflow Systems •Faxing •Discussion Forums •Knowledge Mgt •Electronic Meetings •Document Sharing
  • 41. Copyright James B. Maginnis 2000-2005 4 1 Electronic Conferencing = Access Issues • Data Conferencing – E.g.. MS-Netmeeting • Voice Conferencing • Videoconferencing – Real time need point to point connections • Discussion Forums • P-T-P Chat (IRC) • Electronic Meetings
  • 42. Copyright James B. Maginnis 2000-2005 4 2 Communications and Collaboration Tools • Electronic Mail • Voice Mail • Faxing • Web Publishing • Calendaring/Scheduling • Task/Project Management • Workflow Systems • Knowledge Management More Access Worries!
  • 43. Copyright James B. Maginnis 2000-2005 Applications – Internal and Off The Shelf 4 3 • Web Pages – Static vs. dynamic • Database – Storage • Legacy MIS systems Access control is a never-ending security effort!
  • 44. Copyright James B. Maginnis 2000-2005 Applications – Buffer Overflow Prevention 4 4 #include <stdio.h> void main(void){ char buffer[50]; // gets( buffer ); fgets( buffer, 49, stdin ); buffer[49] = 0; printf("Input: %sn", buffer); } When using gets(), indeterminate behavior may result from excessive input length. Thus, fgets() should be favored over gets().
  • 45. Copyright James B. Maginnis 2000-2005 4 5 Security Must Be Integrated With SDLC • All security considerations should be documented in the standard SDLC docs • Develop Needs Statement – Access and other Controls – Audit and Integrity Review • All test plans will include testing security, internal controls, and audit trail features and take place in a secure area • The CSO will work with the component sponsor to build and sign off on a Security Requirements Workplan and Validation Plan
  • 46. Copyright James B. Maginnis 2000-2005 4 6 Security - Overview Accessibility to authorized, but not others – Permanent - not alterable (can't edit, delete) – Reliable - (changes detectable)
  • 47. Copyright James B. Maginnis 2000-2005 Security – Firewalls 4 7 Stateful Inspection Checking inside packets One firewall is not enough! A DMZ (demilitarized zone) is a small network inserted between a company's private network and the outside networks to prevent external users from getting direct access to sensitive company data.
  • 48. Copyright James B. Maginnis 2000-2005 4 8 Processors Internet Web Browsers • Modems Router Switch • Multiplexers Firewall • Internetwork Processors Load Balancer SSL Acceleration – Repeaters Switch Appli- – Hubs cation and – Switches Web Servers – Bridges Switch – Routers Firewall LAN Backbone Switch – Gateways V.92 New and Modem Legacy Data • Firewalls Bank Resources
  • 49. Copyright James B. Maginnis 2000-2005 Security – Threats / Responses / Newsletters 4 9 • Hacking, viruses, theft, patches, shredding • Web related, DOS, spoofing, firewalls • CERT Coordination Center – At Carnegie-Mellon (www.us-cert.org) • SANS Institute – For-profit with free services (www.sans.org) • National Infrastructure Protection Center – Now Homeland Security (www.dhs.gov) • Microsoft (www.microsoft.com/security) • Trend Micro Anti-virus Software – Now Japanese owned (www.trendmicro.com)
  • 50. Copyright James B. Maginnis 2000-2005 5 0 Passive vs. Active Threats CERT received 53,000 reports of active attacks in 2001 Eavesdropping / traffic Packets intended to disrupt analysis for attack or service, to gain access, or info “black markets” modify information.
  • 51. Copyright James B. Maginnis 2000-2005 5 1 Model for Network Security
  • 52. Copyright James B. Maginnis 2000-2005 NAT Router ―Firewall‖ Web Service Example 5 2 Web Host Internet 130.27.8.35 To 24.88.48.47:20 To 130.27.8.35:80 from 130.27.8.35:80 from 24.88.48.47:20 Router 24.88.48.47 with NAT that Masquerades To 192.168.0.20:x To 130.27.8.35:80 from 130.27.8.35:80 from 192.168.0.20:x Host Web Client Host Host 192.168.0.10 192.168.0.20 192.168.0.30 192.168.0.40 Web Server FTP Server port 80 port 23
  • 53. Copyright James B. Maginnis 2000-2005 5 3 PGP (Pretty Good Privacy) Encryption • See www.pgpi.com and www.pgp.com Mostly used for encrypting FTP files and e-mail; is international banking standard
  • 54. Copyright James B. Maginnis 2000-2005 5 4 Example PGP Encrypted eMail To: “John Doe" <johndoe@hotmail.com> From: Jim Maginnis <jimmaginnis@email.uophx.edu> Subject: EBUS400: PGP Endeavor... Cc: Bcc: X-Attachments: -----BEGIN PGP MESSAGE----- Version: PGPfreeware 6.5.2 for non-commercial use <http://www.pgp.com> qANQR1DBwU4D6cjDU+QAxCwQB/9IZFOIuDSIIQbwa28SQ63DDioFb4bH4bmKfopX cvdDVQ1X53fSJzyLt12RslfQToje8YxRNidYMNg1zDTT7CR9q7LRFoAwBFVtQhWJ jFNXn1+aE8oePReMi6vS0DXSSDfgDuUb1R+c8htHoeik6Oebe9R90J3d51yyCojV /5Io5nlM7T11PDaWqsjLr2ttrSySzARt5fAJ9l1mOH+hSl1YebRjZPaxWw+bsYuqN a0GYr2UdwgE1u5HQuhZ+bOIbSliShfKiNuDGHe6VJrchROHnC9Po2JWAOD7wMFq6 STZ/MPGzViaCUaaWPLSKleiURUh4Ly5/LaNYkaumO9vh+241FPqtZKqRVmHRg6dY Ro9edu01qTiXJj25cXHxeNMdA1txLxR3ontbExow+ML5kxs= =68Hd -----END PGP MESSAGE-----
  • 55. Copyright James B. Maginnis 2000-2005 PGP: Things to be aware of… 5 5 • Does not encode mail headers – Subject can give away useful information – To and From provides traffic analysis information as well as usernames • PGP uses original file name and modification date • Certificates often verify that the sender is ―John Smith‖ but not which ―John Smith.‖ So, PGP allows pictures in certificates.
  • 56. Copyright James B. Maginnis 2000-2005 5 6 Kerberos For Authentication (Radius Server also for centralized passwords)
  • 57. Copyright James B. Maginnis 2000-2005 5 7 Kerberos Issues • Kerberos transfers username/passwords in open text from Masters to Slaves • Cryptographers worry that it might be breakable through reversing Ksession • V4 only uses 4 bytes for IP address, so does not support Novel, Appletalk, IPv6 • V5 allows easier spoofing and delegation but greatly improves ticket renewal and allows for public key cryptography
  • 58. Copyright James B. Maginnis 2000-2005 5 8 Breaking DES • DES released March 17th, 1975 • Electronic Frontier Foundation concerned with wide use and exaggerated government claims of being unbreakable while attempting to bully companies into only using DES method • In 1997, RSA offered $10,000 to break; was claimed 5 months later using the Internet • Everyone now uses Triple-DES • NIST has chosen the Rijndael encryption algorithm to supplant DES starting in 2003
  • 59. Copyright James B. Maginnis 2000-2005 5 9 Breaking RFID (40-48 bit key / 24-bit packets) • Small, wireless Radio-Frequency ID (RFID) Digital Signature Transponder (DST) consisting of a small encapsulated passive microchip and antenna coil. – Vehicular Immobilizers (automobile keys w/rolling codes) – Electronic Payment (ExxonMobil SpeedPass ) • Future use by Wal-mart and others of an EPC (Electronic Product Code) wireless barcode and may soon be available for as little as 5 cents/unit. • EPC tags lack sufficient circuitry to implement even symmetric-key cryptographic primitives, don’t use 128-bit keys, and key case/slots are not shielded
  • 60. Copyright James B. Maginnis 2000-2005 6 0 Private and Public-Key Use
  • 61. Copyright James B. Maginnis 2000-2005 6 1 Future Encryption Keys Secret value is added by both parties to message before the ―hash‖ function is used to get the Message Integrity Check.
  • 62. Copyright James B. Maginnis 2000-2005 6 2 Global Scanning Activities http://www.incidents.org/
  • 63. Copyright James B. Maginnis 2000-2005 6 3 Examples of Weak Passwords • Default or empty passwords • Same as the username • The word ―password‖ • Short words, 1 to 3 characters long • Words in an electronic dictionary (60,000) • User’s hobbies, family names, birthday, etc. => most likely last or maiden name • Phone number, social security number, street address, license plate number, etc.
  • 64. Copyright James B. Maginnis 2000-2005 6 4 Password Gathering • Look under keyboard, telephone etc. • Look in the Rolodex under ―X‖ and ―Z‖ • Call up pretending to from ―micro-support‖ or a senior merger manager and ask for it • ―Snoop‖ a network for plaintext passwords. • Tap a phone line with special modem • Forward the phone line remotely and fake login request (and pass to legitimate login) • Use a ―Trojan Horse‖ program to record key stokes (e.g.: http://www.winwhatwhere.com/)
  • 65. Copyright James B. Maginnis 2000-2005 6 5 Viruses, Worms, and Trojan Horses • Virus - code that copies itself into other programs • Bacteria - replicates until fills disks or CPU cycles • Worm - uses email / file undocumented features • Payload - harmful things it does after it has spread • Trojan Horse - looks good, but does bad things • Logic Bomb - malicious code activates on an event • Trap Door (Back Door) - undocumented entry point. Needs Host Program Independent Trapdoors Logic Trojan Viruses Bacteria Worms Bombs Horses
  • 66. Copyright James B. Maginnis 2000-2005 6 6 Types of Viruses • Boot Sector Virus - infects the boot sector of a disk, activating on boot up (1st MS-DOS viruses) • Memory-resident Virus - lodges in main memory as part of the residual OS • Parasitic Virus - attaches itself to executable files as part of their code. Runs when program runs • Stealth Virus - explicitly designed to hide from Virus Scanning programs • Polymorphic Virus - mutates with every new host to prevent signature detection • KEEP PATCHES & DEFINITIONS UP TO DATE
  • 67. Copyright James B. Maginnis 2000-2005 6 7 Honey Pots, Tar Pits, and Sink Holes • A Honey pot is a trap to detect and deflect attacks with a ―dangle‖ computer or data – Such as 9/11 ―no plane at the Pentagon‖ hoax • Tar Pits are a section of a honey pot or DMZ designed to slow down TCP based attacks • Sink Holes are the network equivalent with BGP routers to assist analyzing attacks – Monitor attack noise, scans, and use of dark IPs – Ready to advertise routes and accept traffic to minimize risk while investigating incident
  • 68. Copyright James B. Maginnis 2000-2005 6 8 What To Monitor In A Sink Hole • Scan ―Dark‖ unused IP space • Scan for infections of Worms and Bots • Look for backscatter from attacks & garbage traffic on networks (RFC-1918 leaks) • Expand dedicated Sink Hole router with a variety of tools to pull DOS/DDOS attack – Arbor Network’s Peakflow checks scan rates • 2 Router IP addresses: 1 for management and 1 for Anycast DNS caches to share load
  • 69. Copyright James B. Maginnis 2000-2005 6 9 More Sink Hole Notes • SQL Slammer Worm doubled infections every 8.5 sec to spread 100x than Code Red – at peak, was scanning 55 million hosts / second • Sink holes have proven their value, with worm mitigation (after containment) • Need to work at various security levels • No IGB on Sinkhole; Sinkhole is a RRc • Must not loop traffic back out management interface (remotely controlled: VNC / Telnet)
  • 70. Copyright James B. Maginnis 2000-2005 7 0 The Good, Bad, and Ugly Packets • The Good - legitimate communications • The Bad - poorly configured equipment • The Ugly - intended to do damage – Speed is too high (storming) – Host is violating port-usage policy – UDP packet contains no data – No data transfer, too many ports or IP destinations – Offset + Length > 65,608 bytes for Fragments – Responses without requests, responses have different data from requests
  • 71. Copyright James B. Maginnis 2000-2005 7 1 So Many Packets, And So Little Time • A 50% loaded 100base-t Ethernet carries about 20,000 pps, or 1.2 million per minute • Detecting the Ugly is difficult because they are such a small fraction of the total, and the Bad often set off false alarms. Among the techniques that are being used are: – Single packet signatures • illegal flags, long fragments – Timing based techniques • DOS Floods / automated Telnet – AI programs that train or learn characteristics – Flow-based statistical schemes
  • 72. Copyright James B. Maginnis 2000-2005 True Examples of ―Bad‖ and ―Ugly‖ 7 2 • A T1 Internet is completely jammed for 45 minutes from 120 hosts downloading 1.2 MB of files from an CAI FTP server. • One week-end before Napster was reportedly going out of business, two hosts jam the T1 connection by downloading Gigabytes of data from peer-to-peer servers. • A host appears to be repeatedly scanning the network for servers on a half-dozen different port numbers. • A rapid rate of short fragmented packets brings down a top-ten site for half a day.
  • 73. Copyright James B. Maginnis 2000-2005 7 3 Some Techniques to Determine The Ugly 1. Data Flow follows IP Rules, transfers data: Good unless - Ugly - Speed is too high Ugly - Host is violating port-usage policy Ugly - UDP packet contains no data 2. Host is receiving rejects (TCP or ICMP) Bad - Web Server or client ending persistent connections, such as Napster Ugly - From, or to, too many ports or IP destinations
  • 74. Copyright James B. Maginnis 2000-2005 7 4 Examples of The Ugly (continued) 3. Host is sending packets, but no replies: Bad - Web load-balancer is bypassed for down-stream traffic Ugly - No data transfer, too many ports or IP destinations 4. Fragmented IP packets. Bad unless: Ugly - very short and/or speed is too high Ugly - Offset + Length > 65,608 bytes
  • 75. Copyright James B. Maginnis 2000-2005 7 5 Examples of The Ugly (continued) 5. Pings and Ping Responses Good - if balanced and reasonable Ugly - Responses without requests, responses have different data from requests (covert channel) Only a few new types of legitimate network activity appear each year. It’s much easier to characterize the new legitimate network protocols, than it is to keep up with the hacker community’s latest creations.
  • 76. Copyright James B. Maginnis 2000-2005 7 6 Examples of The Ugly (continued) • Packets that violate Internet Protocols in ways that have been found to cause computers, firewalls, or intrusion detection systems (IDS) to crash or operate improperly. – Teardrop Attack - IP Fragments that overlap. – Ping of Death - IP Fragmented Datagram with Offset plus Length > 65,507 – (one method - # ping -l 65510 192.168.4.5 ) • Short packets, perhaps belonging to A above, that arrive at such a high rate that they cause damage. – Rapid TCP ―SYN‖ packets, or Isolated Fragments - tie up computer memory.
  • 77. Copyright James B. Maginnis 2000-2005 7 7 Examples of The Ugly (continued) • Packets going to various hosts and ports that are being used to map the network - looking for vulnerable hosts. – TCP ―SYN-FIN‖ or other improper TCP Flag combinations – UDP Packets with zero data bytes – TCPs that cause TCP ―Reject‖, or UDPs that causes ICMP ―Host Unavailable‖ • Hardest to detect, packets that would belong to "The Good" except that the two hosts should not be talking to each other, at least not on that service or port number. – Detection - Compare to database of allowed Server ports.
  • 78. Copyright James B. Maginnis 2000-2005 7 8 Microsoft Break-in Example • Employee created file on PC at home and caught 2-month old virus • Employee e-mailed virus to self at work • Was not caught by a Mail Gateway • Workstation also did not have patches nor definition files up to date • Payload was an open tunnel to a Ukrainian • Who downloaded all development source (e.g. Windows XP); was not caught = no IDS
  • 79. Copyright James B. Maginnis 2000-2005 7 9 Anomaly-based Intrusion Detection High statistical variation in most measurable network behavior parameters results in high false-alarm rate
  • 80. Copyright James B. Maginnis 2000-2005 8 0 Distributed Host-based IDS Highly recommended for critical servers Modules must be installed and configured on hosts.
  • 81. Copyright James B. Maginnis 2000-2005 8 1 Signature-based IDS Data Packets are compared to a growing library of known attack signatures. These include port numbers or sequence numbers that are fixed in the exploit application, and sequences of characters that appear in the data stream.
  • 82. Copyright James B. Maginnis 2000-2005 Six ―Signatures‖ from the Snort Database 8 2 • alert tcp $EXTERNAL_NET any -> $HOME_NET 7070 (msg: "IDS411 - RealAudio-DoS"; flags: AP; content: "|fff4 fffd 06|";) • alert udp $EXTERNAL_NET any -> $HOME_NET any (msg: "IDS362 - MISC - Shellcode X86 NOPS-UDP"; content: "|90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90|";) • alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"IDS359 - OVERFLOW-NOOP-HP-TCP2";flags:PA; content:"|0b39 0280 0b39 0280 0b39 0280 0b39 0280|";) • alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"IDS345 - OVERFLOW-NOOP-Sparc-TCP";flags:PA; content:"|13c0 1ca6 13c0 1ca6 13c0 1ca6 13c0 1ca6|";) • alert udp $EXTERNAL_NET any -> $HOME_NET any (msg:"IDS355 - OVERFLOW-NOOP-Sparc-UDP2"; content:"|a61c c013 a61c c013 a61c c013 a61c c013|";) • alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg: "IDS291 - MISC - Shellcode x86 stealth NOP"; content: "|eb 02 eb 02 eb 02|";)
  • 83. Copyright James B. Maginnis 2000-2005 8 3 Signature-based IDS May Miss New Attacks Back Orifice Land Attack Attacks with Names Win Nuke Attacks without Names (not analyzed yet) IP Blob Trino Alarm on Activities in these areas.
  • 84. Copyright James B. Maginnis 2000-2005 8 4 Flow-based IDS Technology An approach that recognizes normal traffic can detect new types of intrusions Attacks with Names Back Orifice Attacks without Names Land Attack (not analyzed yet) FTP Web Win Nuke Normal Network Activities IP Blob Alarm on Activities Trino in this areas. NetBIOS Email
  • 85. Copyright James B. Maginnis 2000-2005 8 5 Flow-based Statistical Analysis A “Flow” is the stream of packets from one host to another related to the same service (e.g., Web, email, telnet, …). Data in packet Flow- Flow- Statistics Statistics headers is used to build up Counters Counters counts (leads to high Number of Packets speed). Number of Total Bytes After the flow is over, Number of Data Bytes counters are analyzed and a Start Time of Flow value is derived for the Stop Time of Flow probability that the flow was crafted, perhaps for probing Duration of Flow the network for Flag-Bit True-False Combo vulnerabilities or for denial Fragmentation Bits of service. ICMP Packet Responses to UDP Packets Counters
  • 86. Copyright James B. Maginnis 2000-2005 8 6 IDS Types Should be Combined Host- Can detect misuse of OS access Based and file permissions. Signature Can detect attacks embedded in -Based network data - if signature is known Anomaly On host or network: can detect new -Based types, but high false alarm rate Flow- Can detect new types of attacks by Based network activity. Should be used with Host- and/or Signature-Based
  • 87. Copyright James B. Maginnis 2000-2005 8 7 The Stages of a Network Intrusion 1. Scan the network to: Flow-based "CI" and/or signature-based • locate which IP addresses are in use, • what operating system is in use, • what TCP or UDP ports are ―open‖ (being listened to by Servers). Signature-based 2. Run ―Exploit‖ scripts against open ports 3. Gain access to ―suid‖ Shell (―root‖ privileges) Host-based 4. Download from Hacker Web site special versions of systems files that will let Cracker have free access in the future without CPU or disk usage being noticed by auditing programs. Signature-based "Port-Locking", Host-based 5. Use IRC (Internet Relay Chat) to invite others to the feast. Signature-based "Port-Locking", Host-based
  • 88. Copyright James B. Maginnis 2000-2005 8 Web Server Browser 8 One Solution: Segment Application Application Layer Bridge-Router-Firewall Layer (HTTP) can drop packets (HTTP) Port 80 Port 31337 Transport based on Transport Layer source or destination, Layer (TCP,UDP) IP address, and/or port (TCP,UDP) Segment No. Segment No. Network Network Layer (IP) Layer (IP) IP Address Network Network IP Address 130.207.22.5 Layer Layer 24.88.15.22 E'net Data Token Ring Token Ring E'net Data Link Layer Link Layer Data Link Layer Data-Link Layer Ethernet Token Ring Token Ring E'net Phys. Phys. Layer Layer Phys. Layer Phys. Layer
  • 89. Copyright James B. Maginnis 2000-2005 8 9 Simple Network Man. Protocol v1, v2, and v3 • SNMPv2 makes use of TCP for ―reliable, connection-oriented‖ server. SNMPv1 is ―connectionless‖ since it utilized UDP (rather than TCP) as the transport layer protocol. • Addressed by version 2: – Lack of support for distributed management – Functional deficiencies (since v2 can use TCP/IP and Novel IPX) • Addressed by version 3: – V1 used a community name as a password
  • 90. Copyright James B. Maginnis 2000-2005 9 0 Security - Authentication • Authentication – process to ensure both the message’s content and sender’s identity have been verified by an authorized source and content was not altered. • Digital Certificate – contains digital identity information including; name, public key, operational period, and serial number. • Certificate Authority – authorized issuer of digital certificates
  • 91. Copyright James B. Maginnis 2000-2005 9 1 X.509 Authentication Service (e.g. Verisign) • An International Telecommunications Union (ITU) recommendation (versus ―standard‖) for allowing computer host or users to securely identify themselves over a network. • An X.509 certificate purchased from a ―Certificate Authority‖ (trusted third party) allows a merchant to give you his public key in a way that your Browser can generate a session key for a transaction, and securely send that to the merchant for use during the transaction (padlock icon on screen closes to indicate transmissions are encrypted).
  • 92. Copyright James B. Maginnis 2000-2005 9 2 X.509 Authentication Service (continued) • Once a session key is established, no one can ―high jack‖ the session (after your enter your credit card information, an intruder can not change the order and delivery address). • User only needs a Browser that can encrypt/decrypt with the appropriate algorithm, and generate session keys. • Merchant’s Certificate is available to the public, only the secret key must be protected. Certificates can be cancelled if secret key is compromised.
  • 93. Copyright James B. Maginnis 2000-2005 9 3 VISA SET Steps in a Transaction 1. Customer opens account with card company or bank that supports SET 2. Bank issues X.509 certificate to Customer with RSA Public-Private Keys 3. Merchant has two certificates, one for signing messages and one for key exchange ---- 4. Customer places an order 5. The Merchant sends the customer a copy of his certificate 6. The Customer sends Order Information (OI), and Payment Information (PI) encrypted so the Merchant can not read it --- 7. Merchant requests payment by sending PI to the ―Payment Gateway‖ (who can decrypt it) and verifies Customer’s credit is good 8. Merchant confirms the order to the Customer 9. Merchant ships goods to Customer 10. Merchant sends request for payment to the Payment Gateway which handles transfer of funds
  • 94. Copyright James B. Maginnis 2000-2005 9 4 Why Is SET Not Happening? (but PayPal is) But, Merchant must pay Issuer gets greatest benefit
  • 95. Copyright James B. Maginnis 2000-2005 9 5 Covert Channels • Sending data in a way that network watchers (sniffer, IDS, ..) will not be aware that data is being transmitted. • For IP Networks: – Data hidden in the IP header – Data hidden in ICMP Echo Request and Response Packets – Data tunneled through an SSH connection – ―Port 80‖ Tunneling, (or DNS port 53 tunneling) – In image files.
  • 96. Copyright James B. Maginnis 2000-2005 9 6 Packet Header Hiding: Normal Packet 20-64 bytes 20-64 bytes 0-65,488 bytes IP Header TCP Header DATA Dear Friend, I am having a good time at the beach. TCP Source Port TCP Destination Port IP Source Address IP Destination Address
  • 97. Copyright James B. Maginnis 2000-2005 9 7 NOTE: Long IP Packets Are Fragmented 20-64 bytes 20-64 bytes 0-65,488 bytes IP Header TCP Header DATA Dear Friend, watching the waves I am having a good roll in. time at the beach. TCP Source Port The TCP TCP Destination Port Header IP Source Address IP Source Address is not IP Destination Address IP Destination Address IP Ident = x IP Ident = x repeated More Fragments = True. More Fragments = False.
  • 98. Copyright James B. Maginnis 2000-2005 9 8 Other Convert Channel Tools • SSH (SCP, FTP Tunneling, Telnet Tunneling, X-Windows Tunneling, ...) - can be set to operate on any port (<1024 usually requires root privilege). • Loki (ICMP Echo R/R, UDP 53) • NT - Back Orifice (BO2K) plugin BOSOCK32 • Reverse WWW Shell Server - looks like a HTTP client (browser). App headers mimic HTTP GET and response commands.
  • 99. Copyright James B. Maginnis 2000-2005 9 9 Steganography The hiding of a secret message within an ordinary message so that no one suspects it exists. Ideally, anyone scanning the data will fail to know it contains encrypted data. see http://www.jjtc.com/Steganography
  • 100. Copyright James B. Maginnis 2000-2005 1 0 0 Detecting Covert Channels • A network IDS will detect a ―Ping Unbalance‖ - more Ping Responses than Requests • Block all ICMP packets at firewall • Signature-based IDS will detect known rogue programs • Port 53 Tunneling - Block inbound and outbound TCP/UDP-53 packets at firewall except to/from known internal DNS servers • Port 80 Tunneling - look for long-lasting flows to outside server, excess client-to- server data flow
  • 101. Copyright James B. Maginnis 2000-2005 1 0 1 Detecting Covert Channels (continued) • Port-profile violation • Steganography - If Zombie, look for Port- profile violation, or known hacker-site server. • Monitor for new and unknown processes • Check for new or unknown ports and devices • Know and understand all ―suid root‖ or administrator programs • If you don’t need an account - delete it! • Check System logs
  • 102. Copyright James B. Maginnis 2000-2005 1 0 2 Middleware Security Policies and Software • No Read Up (Simple Security Property): - a subject can only read an object of less or equal security level • No write down (*-Property): - a subject can only write to an object of greater or equal security level (can not lower the security classification of information by writing to an object with a lower security level). You can contribute information to a higher security level report, but can not read the report • Reference Monitor: - a way to enforce the two rules above (security middleware)
  • 103. Copyright James B. Maginnis 2000-2005 Alice’s program has a Trojan Horse inside 1 0 3
  • 104. Copyright James B. Maginnis 2000-2005 Running Alice’s Program Reads Secret file 1 0 4
  • 105. Copyright James B. Maginnis 2000-2005 1 0 5 Reference Monitor Controls Access
  • 106. Copyright James B. Maginnis 2000-2005 1 0 6 Will Not Allow Secret Information Out
  • 107. Copyright James B. Maginnis 2000-2005 1 0 7 www.trustedsystems.com
  • 108. Copyright James B. Maginnis 2000-2005 1 0 8 Other Utilities to Scan for Security Holes • Saint and Satan run exploits – Saint - http://www.wwdsi.com/saint/ – Satan - http://www.fish.com/satan/ • www.ethereal.com protocol analyzer • www.nessus.org/intro.html scanner • naughty.monkey.org/~dugsong/dsniff/ • www.tripwire.com (has academic version) • Public snmpwalk or Bay Networks nman • Only download source format with a PGP (or GPG) certificate that you can check • www.iss.net makes popular commercial IDS
  • 109. Copyright James B. Maginnis 2000-2005 1 0 9 Some MS-Windows Considerations • Standard install NOT Secure! Use few local Accounts (only Administrator and Guest) • Many undocumented and unchecked system variables and functions • SMB challenge-response and compatibility system problems, especially ports 135-139 • All powerful Administrator account, and completely open EVERYONE account • Uses more secure microkernel technologies and networking Redirectors • Trusted Domain architectures similar to NIS, but has not yet seen the same security
  • 110. Copyright James B. Maginnis 2000-2005 1 1 0 Some UNIX Considerations • Berkley ―r‖ commands not a good idea, routinely delete all .rhost files • Issues with SUID utilities and anonymous • SunRPC, NFS, YP, NIS designed with few security mechanisms - naïve client / server assumptions allows spoofing opportunities • Open /etc/password file, use shadow file • More mature OS = fewer system calls with unchecked parameters and ACL (Access Control Lists) now similar to NT • All modern Unix’s enforce resource limits so that programs can not over inflate its priority
  • 111. Copyright James B. Maginnis 2000-2005 1 1 1 Network Tunnels • Modems • VPNs – Virtual Private Networks • Wireless Hubs – biggest threat today!
  • 112. Copyright James B. Maginnis 2000-2005 1 Anyone can convert their cube or office Ethernet jack into a 1 2 Wireless Hub (and add a public entry point into the Network) “30 percent of all enterprises risk security breaches because they've deployed 802.11b wireless local area networks without proper security.” - Gartner Inc. Linksys Wireless D-Link Wireless SMC Wireless Cable/DSL Router Router/Print Cable/DSL $119 Server & Card $129 Router $115
  • 113. Copyright James B. Maginnis 2000-2005 A vs. G ―fixed‖ Wireless 802.11 Technologies 1 1 3 • Up to 11Mbps (4- • Up to 54Mbps 5Mbps common) • Very inexpensive • Only 10% premium and simple, conflicts for five times the with cordless bandwidth phones / microwave ovens, 100 – 300 ft range, penetrates • 100-150 ft most walls • Growing public • Compatible with access (2,000 802.11a Starbucks in 2003)
  • 114. Copyright James B. Maginnis 2000-2005 1 1 4 Freeware WEP Cracking Tools • Of 120 wireless systems located by the Atlanta Journal, only 32 had activated the included encryption protection and no hardware used ―real‖ random numbers • Adam Stubblefield was the first to implement, but AirSnort and WEPCrack are the first made publicly available • AirSnort only needs approximately 5-10 million encrypted packets to guess the encryption password in under a second (http://airsnort.sourceforge.net)
  • 115. Copyright James B. Maginnis 2000-2005 1 1 5 WPA vs. WEP (vs. 802.1x) on WAP • Wireless Access Point (WAP) is the bridge • Weak WEP is the standard way to encrypt • WPA adds Temporal Key Integrity Protocol (TKIP); password MUST not be simple ones • 802.1x is only about port access, usually using a username/password challenge, thus, should be used with WEP (or WPA) • MAC filtering and SSID hiding don’t help • Most networks unsecured (see USA Today article and another about FBI presentation)
  • 116. Copyright James B. Maginnis 2000-2005 1 1 6 Network Stumbler Displays 802.11 Networks ―Wardriving‖ web site maintains data base of all user uploads
  • 117. Copyright James B. Maginnis 2000-2005 1 1 7 AiroPeek Maps Out Users WEP uses the RC4 encryption algorithm (with 40 or 80 bit key), which is weak and inappropriate (assumes packets arrive in order) to save CPU
  • 118. Copyright James B. Maginnis 2000-2005 1 1 8 AiroPeek Maps Out Users (continued) Data sniffed off the air from non-WEP session with AiroPeek.
  • 119. Copyright James B. Maginnis 2000-2005 1 1 9 WEP Problems • One start-up, AirDefense, has catalogued – 100 types of denial-of-service attacks jamming the airwaves with noise to shut down wireless LANs – 27 attacks to take over wireless LAN stations – 490 probes to scan wireless LANs for weaknesses – 190 ways to spoof media access control (MAC) addresses and SSIDs to assume another’s identity • Wireless LANs are a billion-dollar a year business and growing fast, but NIST has recommended against the govt. using them
  • 120. Copyright James B. Maginnis 2000-2005 1 2 0 Wireless Defense Best Efforts • Enable highest encryption available (up to 256-bit), and upgrade firmware often • Use WPA with a strong key, change often • Change the default Admin password • Turn off router with $5 lamp timer at night • Often recommended but easy to bypass: – Using MAC address filtering, also very cumbersome for large corp. environments – Changing the default SSID, re-changing periodically, and turning off broadcasts
  • 121. Copyright James B. Maginnis 2000-2005 1 2 1 WEP Defense Efforts (continued) • Purchase only 802.11 Hubs and PC Cards that have flash memory and can be field upgraded for new standards • Treat wireless subnets like attachments to the Web, isolated by Firewalls and Intrusion Detection Systems (IDS) • Move the transmitter inside buildings and away from windows (most common) • Use higher level security protocols
  • 122. Copyright James B. Maginnis 2000-2005 1 Process Defense => Add Higher Process 2 2 Level Secure Protocols Application Application SSL SSL Router Transport Transport Buffers Packets that Layer Layer need to be forwarded (TCP,UDP) (TCP,UDP) (based on IP address). Network Network Layer (IP) Layer (IP) Network Network IPsec Layer Layer IPsec 802.11 802.11 Ethernet Ethernet Link Layer Link Layer Data Link Layer Data-Link Layer WEP WEP Ethernet Ethernet 802.11 802.11 Phys. Layer Phys. Layer Phys. Layer Phys. Layer
  • 123. Copyright James B. Maginnis 2000-2005 Privacy – Cookies, Will You Allow Them? 1 2 3 • Piece of information that allows a Web site to record one’s comings and goings – Session and Permanent • Cookies are Bad – Advertising / Receiving and transmitting of data (unknown and unencrypted) – Europe is considering banning cookies • Cookies are Good – Passwords and login (encryption)
  • 124. Copyright James B. Maginnis 2000-2005 1 2 4 What is spamming? • Spamming (from Monty Python reference) – “the practice of indiscriminate distribution of messages (for example junk mail) without permission of the receiver and without consideration for the messages’ appropriateness” • Spamming’s negative impacts – Spam has comprised 30% of all mail sent on America Online • slowing the Internet in general • shutting ISPs down completely
  • 125. Copyright James B. Maginnis 2000-2005 1 2 5 Controlling Spamming • Disable the relay feature on SMTP (mail) servers so mail cannot be bounced off the server • Tell users not to validate their addresses by answering spam requests for replies if they want to be taken off mailing lists. Delete spam and forget it— it’s a fact of life and not worth wasting time over • Software packages, e.g. www.getlost.com and www.junkbusters.com
  • 126. Copyright James B. Maginnis 2000-2005 10-Minute Break… 1 2 6 Question: What do you get what you cross an instructor with a spud? Answer: A Facili-Tator
  • 127. Copyright James B. Maginnis 2000-2005 1 2 7 Encryption Policy • The 128-BIT Encryption Debate – Export 128-bit encryption is 3X10 to the 26th power times more difficult to decipher than the preceding legally exportable technology. Secure e-commerce Government‟s legal requirements For the past 20 years Recent legislation there was a limitation allows 128 bit in on exported specific circumstances encryption devices of thus paving the way for 56 bit codes the Compaq permit
  • 128. Copyright James B. Maginnis 2000-2005 Privacy – Legislation Examples 1 2 8 • Electronic Theft (NET) Act – Imposed criminal liability for individuals who reproduce or distribute copies of copyrighted work • Digital Copyright Clarification and Technology Education Act – Limits the scope of digital copyright infringement by allowing distance learning exemptions • Online Copyright Liability Limitation Act – Seeks to protect Internet access providers from liability for direct and vicarious liability under specific circumstances where they have no control or knowledge of infringement
  • 129. Copyright James B. Maginnis 2000-2005 Clinton’s Intellectual Property Legacy 1 2 9 • Harassment of Phil Zimmerman (PGP) • Intelligence Auth Act (IAA) of 1996 – Expands Foreign Intl Surveillance Court (FISC), circumventing 1st, 4th, 5th, and 6th amendments • Economic Espionage Act (EEA) of 1996 – Replaces most state and federal copyright laws – Violates several international treaties • Digital Millennium Copyright Act of 1998 – Makes anti-copying technology illegal – forbids even some copying of public domain information – Threatens free speech and the right of fair use
  • 130. Copyright James B. Maginnis 2000-2005 1 3 0 Now, The PATRIOT Act • “Provide Appropriate Tools Required to Intercept and Obstruct Terrorism” • Anti-Terrorism Act (ATA), formerly known as the Mobilization Against Terrorism Act (MATA), was co-sponsored by Jon Kyl • Stewart Baker (employed by NSA to block unbreakable cryptography), "Don't look for a dramatic increase in <new wiretaps>, because the Bureau was performing such surveillance years before the bill passed, without Congress' explicit approval." • Also frees the CIA to recruit unsavory infiltrators (other terrorists) without restraint
  • 131. Copyright James B. Maginnis 2000-2005 1 3 1 Copyright Protection Techniques • Digital Watermarks – Embedding of invisible marks – Can be represented by bits in digital content – Hidden in the source data, becoming inseparable from such data • Digital Signatures – Used to authenticate the identity of the sender of a message or the signer of a document (not to be confused with a digital certificate) – Electronic Signatures in Global and National Commerce Act (referred as the e-signature bill)
  • 132. Copyright James B. Maginnis 2000-2005 1 3 2 Electronic Contracts and Licenses • Shrink-wrap agreements (or box top licenses) – The user is bound to the license by opening the package – This has been a point of contention for some time – The court felt that more information would provide more benefit to the consumer given the limited space available on the exterior of the package • Click-wrap contracts – The software vendor offers to sell or license the use of the software according to the terms accompanying the software – The buyer agrees to be bound by the terms based on certain conduct
  • 133. Copyright James B. Maginnis 2000-2005 1 3 3 Biometrics Controls • Photo of face (―Snooper‖ Bowl) • Fingerprints (Laptops) • Hand geometry • Blood vessel pattern in the retina of eye • Voice Recognition • Signature • Keystroke dynamics All can be easily beaten!
  • 134. Copyright James B. Maginnis 2000-2005 1 3 4 Security Summary • Segment and use ―real‖ firewalls with DMZ • Remove databases from Internet • Control VPN nodes and Fill wireless holes • Keep IE and application patches and viral definitions up to date (Update Expert) • Improve network management (ManageX) • Build Security Policy and Awareness • Get involved in software development • Check system / network logs and alerts
  • 135. Copyright James B. Maginnis 2000-2005 1 3 5 Security Summary (continued) • Encrypt with 3DES or Rijndael • Setup Kerberos, Radius, Directory Services, and Window’s roaming profiles • Verify good passwords • Use host, signature, anomaly, and flow IDS • Consider Monitor Middleware • Regularly scan for security holes • Don’t use default installation for Windows • Review legal issues
  • 136. Copyright James B. Maginnis 2000-2005 1 3 6 Other Security Policy Items • Use individual customer digital certificates over SSL for all client data access • Internet access only with hardware token • Enforce utilizing ―strong‖ passwords and every person having own account • Strict limitation of Java applet functionality • Applications not in root or nobody accounts • Track Inventory and licenses (TrackIT) • Use WebTrends Security Analyzer
  • 137. Copyright James B. Maginnis 2000-2005 Number one security issue still remains… 1 3 7 Use cross or dot (not strip) shredder with good document destruction procedures • Targeted attack will mostly likely come through your trash – Everything there is in the ―public domain‖ – All your ―secrets‖ are out in the open
  • 138. Copyright James B. Maginnis 2000-2005 1 3 8 Risk Assessment and Management • Part of the New Economy is a willingness to take more risks - many companies, however, work in a ―risk denial‖ mode: estimating and planning as if all variables are known • Get inputs from Software Development Plans, QA Plans, and/or Technology Plans • Identify and Prioritize exposed uncertainties and risk factors – Identify Risk Indicators (e.g. discussed security issues or technology and project experience) – Decide on avoidance, transfer, or acceptance
  • 139. Copyright James B. Maginnis 2000-2005 1 3 9 Risk Assessment Planning (continued) • Recommend mitigation strategies for minimizing the top 10 risks => ―Actions taken to reduce or eliminate the detrimental impact of certain events.‖ – Build Prototypes and do tests modeling the workload – Management tools, regular reviews, change control – A project being late is an effect, not a risk • Don’t forget alternatives and backup plans (do nothing is always one approach) • Each with varying risk approaches – Decisions to Build or Buy Solutions (Can you imagine this effort/product for sale?) – Outsourcing and Technology Insurance can share the risks of doing business
  • 140. Copyright James B. Maginnis 2000-2005 1 4 0 Information Gathering Methods • Tools and methods to obtain information about a subject (including the existing systems) aka Fact Finding – Interviews – Questionnaires or surveys – Workshops, Brainstorming, Storyboarding – Reviewing Documentation – Observation – Measuring – Prototyping and proofs of concept
  • 141. Copyright James B. Maginnis 2000-2005 1 4 1 Systems Analysis Means a Holistic Approach Actively Organizational learning to Technology better use the best people, Productivity practices, & technology to Key positively People Process Areas of influence Systems productivity. Analysis Present Functional System Requirements
  • 142. Copyright James B. Maginnis 2000-2005 1 4 2 The Big Picture
  • 143. Copyright James B. Maginnis 2000-2005 1 4 3 The Risk Management Mindset Identification Mitigation 2. “Java 2. Mitigation by Project skills not Project avoidance: Use Finish high Finish Visual Basic enough.” (or by transfer: Out source Risk 2 Risk 2 Risk 1 Risk 1 1. mitigation by conquest: 1. “May not be Avoid / Delay, Demonstrate image super- possible to Transfer, imposition (or superimpose by delay or by images Project Accept, or Project tolerance) adequately.” Start Tolerate Start Adapted from Software Engineering: An Object-Oriented Perspective by Eric J. Braude (Wiley 2001), with permission.
  • 144. Copyright James B. Maginnis 2000-2005 1 4 4 Investigation Includes Feasibility Analysis Economic Organizational Feasibility Feasibility Can we afford it? Is it a good fit? Technical Operational Feasibility Feasibility Does the Will it be accepted? capability exist?
  • 145. Copyright James B. Maginnis 2000-2005 Accounting – Do benefits outweigh costs? 1 4 5 • Payback Analysis: how long will it take (usually in years) to pay back • Return on Investment (ROI): compares the lifetime profitability of alternative solutions • Net Present Value: determines the profitability in terms of today’s dollar values. This will require an estimated inflation and discount rate (for industry/company) • Currency conversion in business context allows tracking in management’s language
  • 146. Copyright James B. Maginnis 2000-2005 1 4 6 Who is responsible for What? • Chairman of the Board => To protect and insure for continuity of the corporation • President => To protect and insure for profitability of the corporation • Managers => To maintain information as a strategic asset of the corporation • IS Security Manager => To insure written security policies are developed, implemented and followed • Users => Ultimate responsibility for accidental or intentional destruction or disclosure
  • 147. Copyright James B. Maginnis 2000-2005 1 4 7 Security Policies • ―Guidelines‖ if management support is weak • Less effective if not applied consistently • Assures proper implementation of controls • Guides product selection and development • Demonstrates management support • Avoids liability and protects trade secrets • Helps adapt to dynamic communications • Coordinates the activities of groups – Only software approved by IT, Passwords will never be hard coded or written down, Users must sign Responsibility/Liability documents
  • 148. Copyright James B. Maginnis 2000-2005 1 4 8 Physical Security • Access to every office, computer room, and work area must be restricted by need • And, by an appropriate method: guard or receptionist, key lock, card lock, etc. • Use of physical firewalls and fire doors for physical access security • All multi-user or communication equipment must be locked and cable kept in conduit • Use of ID Badges • Workers must never allow admittance to someone not identified
  • 149. Copyright James B. Maginnis 2000-2005 1 4 9 Physical Security (continued) • Propped open doors require a guard • Sign-out sheets and bar code stickers for tracking all equipment • Fire Resistance materials, self-closing openings, fire extinguishing for secure areas • Example physical security systems inspector guide:http://www.oa.doe.gov/guidedocs/000 9pssig/0009pssig.html
  • 150. Copyright James B. Maginnis 2000-2005 1 5 0 Other Physical Security Issues • Limited access to letter head, Check Stock, employee lists, and other forms • No Smoking, Eating, and Drinking in the Computer Room, not be an access site • Access to Software Installation Media • Three or more officers, or five or more employees, must not take the same airplane • Decide areas where electronic monitoring of workers will and will not be used • ―Clean Desk‖ Policy and Storage of Laptops • Positioning and moving computer screens away from windows and close blinds
  • 151. Copyright James B. Maginnis 2000-2005 1 5 1 Other Physical Security Issues (continued) • Sensitive data not stored on local drives • Approved methods for the storage and destruction of discarded hardcopies • Can disk drives be returned to manufacturers under maintenance? • White boards must be erased after meetings • No signs indicating computer room location • Location of facilities will be in-town and away from natural and man-made hazards • Background checks or escorts for anyone being granted physical access
  • 152. Copyright James B. Maginnis 2000-2005 1 5 2 Awareness Raising Methods • Change the log-on banner or log-in screen • New Employee packet with security policy • Ticket warnings reflecting policy violations • Conduct audits and vulnerability demos • Adopt an Annual Information Security Day • Add security questions to reviews • Purchase Security CBT and log when run • Regular emails concerning current security issues, virus warnings, etc • Post Security Policy on company Intranet • Survey middle and upper managers
  • 153. Copyright James B. Maginnis 2000-2005 1 5 3 Tiger Team Best Practices (without panic) • Protection, Detections, and Reaction (PDR) • Computer Incident Response Team (CIRT) includes both technicians and management • Clear procedures for activating the team – Different incidents may require different people • What can be done while they’re on their way? – Do Install Plans have back out plans (capacity is a security issue)? – Automated shutdown for containment subnetting – Heighten automatic monitoring • Determine nature and scope of incident – Intrusion-logs, check modifications, monitor network / systems, coordinate with remote sites
  • 154. Copyright James B. Maginnis 2000-2005 1 5 4 Tiger Team Best Practices (continued) • Produce, Approve, and Implement an Emergency Response Plan – E.G. backup systems, undo modifications found, and rebuild secure network • Increase security perimeter defenses, monitoring, and awareness • Non-technical issues: Public image, legal actions, customer relations, and reporting • Attack and penetration assessments – Identify Achilles heels and potential costs – Assess Risk Level of each system/subnet – Setup Automated and Manual scanning
  • 155. Copyright James B. Maginnis 2000-2005 1 5 5 Vulnerability Report should include: • Tracking Information • Identification of the affected products, vendors, and partners • Initial impact assessment • Description of recommended test environment • Technical description • Possible exploitation details • Initial work-around, if possible • Contact information
  • 156. Copyright James B. Maginnis 2000-2005 1 5 6 Response Team Performance Delay Metrics a. From discovery to verification b. From verification to reporting c. From reporting to acknowledgement d. From reporting to patch release e. From reporting to advisory release f. Total = (a+b) + max (d, e)
  • 157. Copyright James B. Maginnis 2000-2005 1 5 7 Issues to Settle by Launch • Process to be used • Security goals • Manner of tracking security goals • How team will make decisions • What to do if security goals not attained – fallback positions • What to do if plan not approved – fallback positions • Define team roles • Assign team roles
  • 158. Copyright James B. Maginnis 2000-2005 1 5 8 Distributed versus Centralized Systems A distributed system is one in which the DATA, PROCESS, and INTERFACE components of an information system are distributed to multiple locations in a computer network. Accordingly, the processing workload is distributed across the network. In centralized systems, a central, multi-user computer hosts all the DATA, PROCESS, and INTERFACE components of an information system. Users interact with the system via terminals (or terminal emulators).
  • 159. Copyright James B. Maginnis 2000-2005 1 5 9 Flavors of Distributed Computing
  • 160. Copyright James B. Maginnis 2000-2005 Client/Server Architecture – The Clients 1 6 0 A client/server system is a solution in which the presentation, presentation logic, application logic, data manipulation, and data layers are distributed between client PCs and one or more servers. A thin client is a A fat client is a personal personal computer that computer or workstation does not have to be very that is typically more powerful (or expensive) powerful (and expensive) in terms of processor in terms of processor speed and memory speed, memory, and because it only presents storage capacity. Most the user interface. PCs are fat clients.
  • 161. Copyright James B. Maginnis 2000-2005 1 6 1 Multi-Tier Architecture = Better Security/Perf • A database server hosts one or more shared databases and executes all data manipulation. • A transaction server hosts services that ultimately ensure that all database updates for a single transaction succeed or fail as a whole. • An application server hosts the application or business logic and services for an IT system. • A messaging or groupware server hosts services for e-mail, calendaring, etc. • A web server hosts Internet or intranet web sites and services, communicating through thin-client interfaces such as web browsers.
  • 162. Copyright James B. Maginnis 2000-2005 1 6 2 On-Line Transaction Processing (OLTP) • File, Database, Record, Field … Then … • What is Transaction Processing? • Audit Trails, Backup and Recovery • Data entry validation • Interactive, Real-time, and Batch • Applications – Inventory Control – Payroll – General Ledger – Financial, Marketing, Manufacturing, HR, ERP
  • 163. Copyright James B. Maginnis 2000-2005 1 6 3 Fault-tolerant Design Describes a system or component designed so that, in the event that a component fails, a backup component or procedure can immediately take its place with no loss of service. At the hardware level, fault tolerance is achieved by duplexing each hardware component. Disks are mirrored. Multiple processors are ―lock-stepped‖ together and their outputs are compared for correctness. When an anomaly occurs - faulty component is determined and taken out of service, but the machine continues to function as normal.
  • 164. Copyright James B. Maginnis 2000-2005 FT Design = ―Redundancy Management‖ 1 6 4 • Fault Tolerance is not passive failover – Communications predictability / reliability – QoS characteristics – Active shared-state maintenance – Failure detection and recovery – Scalability, capacity, and redundancy • Failover options include automatic backup, standby servers, and MS Clustering – Can be complex to install, configure, maintain – Failovers problematic: Win2000 cluster-aware applications can take 10-30 minutes – Users can experience downtime and lost data (mission to the moon example)
  • 165. Copyright James B. Maginnis 2000-2005 1 6 5 Terms and an Example • Qualitative and quantitative terms (Fail-safe, Fail-op, NSPOF, MTBF, MTTR, ―pilot error‖) • Large distributed meta-computing systems might be able to replace supercomputer capabilities. TCP/IP was designed as a best- effort service so as the number of machines increases on a network, failures will become more common. Lazy active replication is a dynamic technique where objects are replicated only after a failure occurs, carefully ensuring consistency via scalable recovery mechanisms, multiple copies, and causal recovery message logging protocols.
  • 166. Copyright James B. Maginnis 2000-2005 1 6 6 Reconfigurable Hardware • Field-Programmable Gate Arrays (FPGAs), have become a key component in various hardware systems, such as communication networking and storage systems. • Contemporary reconfigurable hardware using alternative use of device resources to replace faulty parts opens new opportunities in designing dependable systems with fine- grained hardware dependability that should be more cost-effective than traditional fault- tolerant systems. • Factory robots (just like employees) need to be trainable to be cost effective investments
  • 167. Copyright James B. Maginnis 2000-2005 1 6 7 Reconfigurable Software • Chip yields went from .4% to 4% (10x) in the early 70’s with redundant pathways • Move from reusable subroutines to reusable hardware – and code into tool libraries • Dependable reconfigurable hardware requires three layers of support: – Concurrent Error Detection (CED) to guarantee output and detect errors – Transient error recovery to overcome failure from temporary disturbances – Permanent fault recovery, with fault location and reconfiguration strategies
  • 168. Copyright James B. Maginnis 2000-2005 Some Available Products… 1 6 8 • System tolerance products include Tandem Guardian, Windows Data Center, Stratus, and Marathon (from HP, Compaq, Dell, IBM) for local and split sites. • Chameleon is a Software Implemented Fault Tolerance (SIFT) middleware capable of providing adaptive COTS (components- off-the-shelf) fault tolerance able to adapt to changing runtime / application requirements to improve reliability for distributed applications using error detection techniques developed at the University of Illinois.
  • 169. Copyright James B. Maginnis 2000-2005 Some Available Products… 1 6 9 Distributed File Transfer (DFT) is a reliable file transfer system that established multiple FTP sessions with multiple FTP sites transferring different segments of a file simultaneously. It automatically switches to other servers is any server becomes overloaded or unavailable. A Load Distributing Server (LDS) in DFT collects server information and distributes the load among multiple servers. DFT was developed by Xin Fang at the University of Manitoba.
  • 170. Copyright James B. Maginnis 2000-2005 1 7 0 E.G. Customer Private Line Management Chicago Normal Operation IXC Office Seattl Denver e IXC IXC Office Office Remote Sites Primary Data Center Atlanta Tampa IXC IXC Office Office Back-Up Data Center
  • 171. Copyright James B. Maginnis 2000-2005 1 7 1 Customer Private Line Management Chicago B-o-D restore during IXC site failure Office Seattl Denver e IXC IXC Office Office Remote Sites Primary Data Center B-o-D Atlanta Tampa IXC IXC Office Office Back-Up Data Center
  • 172. Copyright James B. Maginnis 2000-2005 1 7 2 Customer Private Line Management Chicago B-o-D restore during IXC geographic area failure Office Seattl Denver e IXC IXC Office Office Remote B-o-D Sites Primary Data Center Atlanta Tampa IXC IXC Office Office Back-Up Data Center
  • 173. Copyright James B. Maginnis 2000-2005 1 7 3 Most WAN Problems in The Last Mile • Access Diversity – is defined as circuits separated by 25 to 100 (or more) feet – AT&T was down for 22 hours (multiple vendors) – No single points of failure • SONET Access Rings • T1.5 – automatically switches upon failure • Move or redirect to Alternate Site Local Channels Your Business Local Exchange Carrier
  • 174. Copyright James B. Maginnis 2000-2005 1 7 4 Other Redundancy Concerns • Power – 45% of computer data lose – Average of 4 power events/day • Computer Hardware and Software • Internal Cabling • Phone Numbers and Access Methods – Fire, Police, Company Tiger Team Members
  • 175. Copyright James B. Maginnis 2000-2005 1 7 5 Network Diagnostic Tools • Loopback or ―Echo Media‖ Testing • Breakout Box • Cable locator • Cable Tester • Network Sniffers • Protocol Analyzer • Don’t forget wireless networks • MicroTest (Phoenix) / Fluke
  • 176. Copyright James B. Maginnis 2000-2005 1 7 6 Review Fault Tolerance And Design Issues • Fault Avoidance, Removal, and Tolerance • Systems vs. components fault tree analysis) • System vs. error detection vs. error recovery specifications (must be well defined) • Detectors vs. Correctors (―fault floor‖ must be understood for permissible degradation) • Instantaneous failover vs. shared loading • Static vs. adaptive and dynamic and Manual vs. automatic (―hot‖ vs. ―cold‖ spare) • Pair-wise vs. Voting
  • 177. Copyright James B. Maginnis 2000-2005 1 7 7 Fault Tolerance Plan • Examine all of these fault tolerance strategies and then strive to design an appropriate fault tolerant system. • Some solutions are cheaper or easier to implement, each with varying paybacks. • It is important that you formalize a procedure to evaluate and prioritize your options and suggest a metric to quantify the priority of each problem and mitigating solution. • Make specific resource and schedule recommendations.
  • 178. Copyright James B. Maginnis 2000-2005 1 7 8 Business Continuity / Disaster Recovery Plans Disaster Recovery: Immediate and temporary restoration of computing and network operations after a natural or manmade disaster within defined timeframes Business Continuity: Ability to maintain the constant availability of processes and information across the enterprise above “fault floor”
  • 179. Copyright James B. Maginnis 2000-2005 1 7 9 Supporting Entire Business Architecture
  • 180. Copyright James B. Maginnis 2000-2005 1 8 0 Why Plan For a Disaster? • 92% of companies having a disaster but no plan (>35%) go out of business within 5 years. • 8% of companies having a disaster with a BCR plan go out of business within 5 years. • 65% of companies with a major disaster and so down for over one week, never reopen.
  • 181. Copyright James B. Maginnis 2000-2005 1 8 1 InternetWeek.com Disaster Recovery Survey
  • 182. Copyright James B. Maginnis 2000-2005 1 8 2 Operations Disruption Causes (Hardware, Power, Hurricanes, Floods) FIRE/EXPLOSION - 6% BOMB - 4% ENVIRONMENTAL- 2% MISC - 4% DATA CTR MOVE - 1% SOFTWARE - 2% POWER - 19% CIVIL UNREST- 1% TELECOMM- 3% FLOOD - 14% HARDWARE - 24% HURRICANE - 15% LIGHTNING - .5% TORNADO - .5% EARTHQUAKE - 4% Source: Gartner Group and Comdisco
  • 183. Copyright James B. Maginnis 2000-2005 1 8 3
  • 184. Copyright James B. Maginnis 2000-2005 1 8 4 Disaster Recovery & Business Resumption • Disaster Preparedness – Evacuation procedures – Employee contact • Business Resumption – Relocation/office space – Telecommunications – Furnishings/equipment – Document Preservation – Staffing (moving existing and hiring new) • Computer System Recovery – Computer equipment and data restoration
  • 185. Copyright James B. Maginnis 2000-2005 1 8 5 What is Your Cost of Downtime? Productivity Revenue • Number of • Direct loss employees impacted • Compensatory payments X hours out X • Lost future revenue burdened hourly rate • Billing losses • Investment losses Damaged Reputation Financial Performance • Customers • Revenue recognition • Suppliers • Cash flow • Financial markets • Lost discounts (A/P) • Banks • Payment guarantees • Business partners Know your • Credit rating • ... • Stock price downtime costs per Other Expenses hour, day, & week … Temporary employees, equipment rental, overtime costs, extra shipping costs, travel expenses...
  • 186. Copyright James B. Maginnis 2000-2005 1 8 6 Average Hourly Cost of Downtime • Package Shipping Service $28,250 • 900 Number Services $54,000 • Airline Reservation Centers $89,500 • Catalog Sales Centers $90,000 • Pay Per View Events $150,000 • Home Shopping Channels $139,000 • Credit Card Authorization $2,600,000 • Brokerage Operations $6,450,000 • Plus, Intangible Costs of Downtime
  • 187. Copyright James B. Maginnis 2000-2005 1 8 7 Federal Legal Requirements • 1977 Foreign Corrupt Practices Act/protection of stockholders • Management can be held criminally liable • Federal Financial Institutions Examination Council (FFIEC) • FCPA SAS30 Audit Standards • Defense Investigative Service • Legal and Regulatory sanctions, civil suits • HIPAA, Gramm-Leach-Bliley Act, Other pending legislation • International laws: EU Data Directives
  • 188. Copyright James B. Maginnis 2000-2005 1 8 8 Determine Apps, Objectives, and Procedures Business Continuity/Resumption Business needs to: Plan  Define BCRP actions • Critical Functions  Verify associated critical • Key Business Resources system applications • Risks & Exposures • Inter-dependencies Critical Applications • • Recovery Time Objectives • User Alternate Procedures • Recovery Capacity I/S needs to: • Recovery Time  Engage clients to Commitments develop DCRP options • Communication Links based on costs • Data Back-ups and Restore  Deploy I/T DRP capability I/T Disaster Recovery Plan
  • 189. Copyright James B. Maginnis 2000-2005 Before Sept 11, Normally Planned for… 1 8 9 BC Scenarios at Least 80% Mostly and Completely Covered Power outage Single server or host failure Operational error (software change requiring rollback, human error) Application failure Software virus 0 20 40 60 80 100 Percent of Respondents Completely Covered Mostly Covered
  • 190. Copyright James B. Maginnis 2000-2005 1 9 0 Least Expected Scenarios Occurred Sept 11th BC Scenarios at Least 50% Not Covered or Only Partially Covered Major loss of life (entire department, executive team) Physical attack (e.g., war, acts of terrorism) Complete loss of physical assets and workspace Transportation infrastructure delays/unavailability Complete loss of telecommunications 0% 20% 40% 60% 80% 100% Percent of Respondents Completely Mostly Partially Not Covered
  • 191. Copyright James B. Maginnis 2000-2005 1 9 1 Top DR/BCP Changes After Sept 11 • Emphasizing business continuity rather than disaster recovery • More testing and exercising of all plans • Review and validation of existing plans • Increased awareness, buy-in, support, and involvement from senior management • Rethinking the assumptions and scenarios upon which plans are based • Migrated from Physical to IT-based planning
  • 192. Copyright James B. Maginnis 2000-2005 1 9 2 Disaster Recovery Methods • Hot site – Fully configured and populated computer facility – May have numerous hot sites in one building – Full network connectivity – May have rooms for business resumption • Cold site/shell site – Computer room with electricity, connectivity, and air conditioning, but no computer equipment • Mobile recovery – Computer room on wheels – Can be used for office staff as well – Slow delivery but low price
  • 193. Copyright James B. Maginnis 2000-2005 1 9 3 Applying High Availability (or Fault-Tolerance) Assumes mirroring or shadowing plus Hot Standby or a complete application environment Load-Balanced Database and/or file and/or object replication Mirroring Log/journal transfer (continuous or periodic) Shadowing net $$$+ Cost Database and/or file host $$$+ and/or object backup Electronic disk $$$$+ appl. $+ Elec. Journaling Standard Vaulting Recovery net $ net $-$$+ net $$$+ host $$+ host $$+ host $ net $ disk $ disk $$$$+ disk $$$$+ tape $ tape $ Disaster Recovery Emergency Response 72 48 24 12 hrs. Minutes hours hours hours Disaster Recovery Times
  • 194. Copyright James B. Maginnis 2000-2005 1 9 4 Data Replication for Availability Host-based Database Database Clusters Clusters Disk-based Replication Methods Examples Disk-to-Disk mirroring EMC SRDF, Compaq DRM, IBM PPRC and XRC, HDS HARC and HRC Log-based DBMS Quest Shareplex, Oracle Standby replication Database, ENET RRDF, SQL Server 2000 Server-based block or file Legato Octopus, NSI Doubletake, replication Veritas SRVM Application-based Typically implemented with replication message-queuing middleware
  • 195. Copyright James B. Maginnis 2000-2005 1 9 5 Key Recovery Requirements • Recovery Time Objective (RTO) – Timeframe technology needs to be restored • Data Recovery Objective (DRO) – How much lost data can be tolerated – Or, how old restored data can be • Advanced Recovery Issues – Recovery of systems within 24 hours – Utilizes advanced technologies, such as • Redundant processing • Journaling • Electronic vaulting
  • 196. Copyright James B. Maginnis 2000-2005 1 9 6 Two Key Recovery Parameters (DRO/RTO) High level look at a recovery effort with two key timings Lost Data Move to Restore Technology Capability Resume Alternate Return Vital Records Notifications Business Site Home Restore Communications (If necessary) Restore Business Functions Data Synchronization Data Recovery Objective Recovery Time Objective
  • 197. Copyright James B. Maginnis 2000-2005 1 9 7 Average Time to Recover Transactions Declaration Data Transit System IPL & Database Transaction Not Captured Retrieval Restore Network Restore Recreation Traditional Recovery - *Tapes to alternate site Data Staging - *Ability to Commence Restoration Immediately Standby Op. Sys. - *Ability to Commence IPL Immediately Electronic Vaulting - *Simplified Logistics Transaction Protection - Automated Remote Journaling (includes limited Electronic Vaulting) Data Shadowing - *Eliminates Data Recovery Exposures (includes Transaction Protection) Hot Standby - *Rapid Recovery Capability (includes Data Shadowing) -24 -12 0 12 24 36 48 60 72 84 Hours of Lost Transactions (DRO) Hours Required to Resume Business (RTO)
  • 198. Copyright James B. Maginnis 2000-2005 1 9 8 Example SLA Recovery Classifications DR Time to Acceptable Typical Classif Recover Loss of Implementation ication (RTO) Data (RPO) AAA < 4 hours 1 hour max Database Replication and Network Mirroring AA 4 – 12 hours 4 hours Standby Database and Tape Shipment A 12 – 24 hours 24 hours Restore from Offsite Backup B 24 – 72 hours 24 hours Restore from Offsite Backup
  • 199. Copyright James B. Maginnis 2000-2005 1 9 9 Where Are You At? Ready Not ready • Have a plan • Have a plan – documented – where is it? – accessible – somewhere – current (+) – obsolete • Access to DWG’s • No or in bldg. • Access to people info. • No • Emergency contacts • Yellow pages • Contingency facilities • No identified • IT ready & tested • IT has this part (?)
  • 200. Copyright James B. Maginnis 2000-2005 2 0 0 BC/DR Readiness Questions • Do you know what your critical files are? – Are critical files recoverable? • Do you know where you would go if you lost the data center and/or network in your building? – How would you get equipment, supplies, and communications?
  • 201. Copyright James B. Maginnis 2000-2005 2 0 1 Detailed Configuration Documentation • Weak Link in Disaster Recovery Chain • Detailed reports support: – IT Audits and Security Assessments – Industry reporting requirement standards – Improved disaster recovery efforts – Increases the effectiveness of restoration staff resources – Contributes to a more RAPID IT infrastructure restoration Bases are NOT covered with backup tapes! Before you dump in the data, you need to reconfigure the backup IT infrastructure to support the application requirements!
  • 202. Copyright James B. Maginnis 2000-2005 2 0 2 Digitizing Business Documents What is document digitization?  The conversion of paper documents to digital files TIFF (1,192KB) PDF (1,443KB) DJVU (28KB)
  • 203. Copyright James B. Maginnis 2000-2005 2 0 The Case for Digital Storage 3 • 600 boxes = 1,200,000 pages • 600 boxes stacked 5‟ high fills 10‟ x 12‟ room • Lost file takes 150 hours • 600 boxes = 50 CD-ROMs • 1 Juke box, or • 30 gigabytes = 1 drive • 1 “Pizza box” • Lost file takes 22 seconds
  • 204. Copyright James B. Maginnis 2000-2005 2 0 4 The Business Recovery Process
  • 205. Copyright James B. Maginnis 2000-2005 2 0 5 Four Basic Stages of Planning and Execution Business Impact Analysis Recovery Plan Develop- ment Recovery Plan Testing Recovery Plan Mainten- ance
  • 206. Copyright James B. Maginnis 2000-2005 2 0 6 Business Impact Analysis • Why – Understand recovery requirements – Understand potential dollar losses, customer service impact, and legal ramifications – To be able to develop most cost effective business continuity strategy • How – Develop survey – Interview one business area Business – Modify survey (if necessary) Impact Analysis – Interview entire organization
  • 207. Copyright James B. Maginnis 2000-2005 2 0 7 Business Impact Analysis • Vulnerability Assessment – Security assessment – Project scope and framework – Failure points, obligations, and mission critical business processes – Recommendations and implementation of recovery planning systems • Detailed Definition of Requirements – Assumptions and objectives Business – Recovery needs profile Impact – Policy statement Analysis – Recovery planning awareness program
  • 208. Copyright James B. Maginnis 2000-2005 2 0 8 Business Impact Analysis • Profile required resources – Identify RTOs and DROs – Physical location, technology (HW, network, data), voice, and staff – Quantify dollar loss potential – Determine legal ramifications – Determine impact on Customer Service • Evaluate recovery strategy Business alternatives Impact • Develop cost/benefit analysis Analysis
  • 209. Copyright James B. Maginnis 2000-2005 2 0 9 Recovery Strategy Report • High-level results – Executive summary – Scope of engagement – Mission and Methodology – Objective of analysis – Results of analysis – Recommendations Business • Distribute to divisional executives Impact and project sponsors Analysis
  • 210. Copyright James B. Maginnis 2000-2005 2 1 0 Quantify Technology Outage Cost • Quantify by department (no double counting) • Measure – Loss of sales revenue – Legal fines, sanctions, and penalties – Loss of investment revenue – Other expenses • T&E to travel to alternate site • Additional equipment • Additional services • Validate with upper management Business • Measure against recovery time Impact objectives Analysis
  • 211. Copyright James B. Maginnis 2000-2005 2 1 1 Recovery Plan Development • Task-oriented plan for each department: – Focus on prevention and recovery – Recovery Standards – Facilities and Staff – Supporting technology and network – Equipment and Supplies – Procedures – Contingency planning Recovery – Prototype Business Resumption Plan Plan • Schedule of deliverables Develop- ment • Resource Requirements
  • 212. Copyright James B. Maginnis 2000-2005 2 1 2 Testing and Maintenance • Conduct disaster scenario walk- through and simplify • Test goals, strategies, Recovery procedures, and coordination Plan Testing • Conduct testing • Change management Recovery • Long-term maintenance program Plan Mainten- • Implementation and Test Report ance
  • 213. Copyright James B. Maginnis 2000-2005 2 1 3 Getting Started • Conduct simulated disaster walk- through • Identify how quickly recovery is needed • Identify lost data tolerance • Plan where IT would go if building is lost • Plan where to get equipment, supplies, and communications • Let key management know need for a technology recovery plan
  • 214. Copyright James B. Maginnis 2000-2005 2 1 4 Test For Success • Test Considerations • Development of – Test schedule Testing Plans – Test procedures – Objectives for test – Test results and – Test type documentation – Test participants • Types of Tests – Test duration – Checklist testing – Test steps – Structured walk–through testing – Personnel – Simulation testing responsibilities – Full–interruption testing – Anticipated results
  • 215. Copyright James B. Maginnis 2000-2005 2 1 5 Most Common Shortfall Is Lack Of Testing Testing Frequency Disaster Recovery Business Recovery Contingency Plans Business Resumption Crisis Management 0% 20% 40% 60% 80% 100% Percent of respondents Not tested Desk review or less than annually Partially tested annually Fully tested annually Fully tested 2 times a year
  • 216. Copyright James B. Maginnis 2000-2005 2 1 6 31% outsource their data center recovery Outsourced Data Center Recovery Services Used Percent of Respondents 40 30 20 10 0 Hot Site Hot Site Cold Site Quick Ship Mobile None of with data Recovery these replication Unit
  • 217. Copyright James B. Maginnis 2000-2005 2 1 7 46% use in-house data centers for recovery Distance From Primary DC to Closest In-house Recovery Center Number of Respondents 45 40 35 30 25 20 15 10 5 0 0-5 miles/ 5-20 miles/ 20-50 miles/ 50-100 miles/ > 100 miles/ 0-8 km 8-32 km 32-80 km 80-160 km > 160 km
  • 218. Copyright James B. Maginnis 2000-2005 2 1 8 North American Business Continuity Market Full-Service Providers • Comdisco Recovery Services and Web Availability Services • IBM Business Continuity Recovery Services and Outsourcing Services • SunGard Recovery Services and E-Sourcing Business Continuity and Internet Services • Professional services • Peripherals • Planning software • Networks • Hot/warm/cold standby • Work area • Mobile/static facilities • Specialized ancillary services • Mainframe/midrange/desktop such as check processing and • Quick ship data recovery What’s new — Full-service Web-hosting with BC ―designed in,‖ multisite infrastructures for continuous availability, Web site and network ―throttling‖ for performance
  • 219. Copyright James B. Maginnis 2000-2005 2 1 9 The Bottom Line • Goal is to Get Back in Business – Perform business impact analysis – Determine recovery requirements – Design recovery strategy – Implement recovery strategy – Document recovery plans – Test recovery plans – Acquire recovery facility
  • 220. Copyright James B. Maginnis 2000-2005 2 2 0 What Is the Cost of Recovery? • Because of the 1993 World Trade Center bombing, many WTC companies began extensive disaster-recovery planning. • On September 11, the NYBOT exchange facilities were crushed under the weight of the falling South Tower after the terrorist attacks. • "We could have switched over the same day,‖ said Pat Gambaro, executive vice president of operations.
  • 221. Copyright James B. Maginnis 2000-2005 2 2 1 What Is the Cost of Recovery? (continued) • NYBOT has been routinely mirroring its trading data to the company's ―hot site‖ facility in Queens for about eight years. • Data operations, however, were relocated to a Comdisco "cold site" in Philadelphia and was back on-line in four days. • The cost of operating the empty, redundant facility: $250,000 per year.
  • 222. Copyright James B. Maginnis 2000-2005 2 2 2 BCP Investment Average Just Over 1% What is the Total Revenue of Your Company Spent on Business Continuity/Disaster Recovery More than 5% Betw een 1% - 2% Less than 1/2% 0.00% 20.00% 40.00% 60.00% 80.00% The Disaster Recovery Journal survey (July 1999)
  • 223. Copyright James B. Maginnis 2000-2005 2 2 3 BCP Reviewed Normally Every Year How Often Are Your Business Continuity Plans Reviewed? More than 2 Years Every 2 Years Every Year 0.00% 20.00% 40.00% 60.00% 80.00% 100.00% The Disaster Recovery Journal survey (July 1999)
  • 224. Copyright James B. Maginnis 2000-2005 2 2 4 Security Is Not A Technology Problem • The most common development project, for example, is an accounts receivables program. Thus, there is likely hundreds of such projects under development right now. • Most of them are failing – not because of AR technologies but lacking social/team skills. • Management is likewise not about the technology of planning, organizing, and controlling but about the social aligning, motivating, and inspiring for synergy.
  • 225. Copyright James B. Maginnis 2000-2005 2 2 5 Common Principles of Change • Establish a sense of urgency • Values more vital than making money; when taken care of, profits will follow • Add business language: caring, trust… • Create a guiding coalition • Active listening becomes fundamental • Broadening of stakeholder attitudes • Develop a vision and strategy • Existing business functions realigned
  • 226. Copyright James B. Maginnis 2000-2005 2 2 Goal-driven vs. Purpose-driven Programs 6 • Goal-Driven • Purpose-Driven – To-do list of short- – To-be list of long- term tactics term principles – Success defined by – Success defined by achieving goals staying on the path – Afterwards, program – Never ending effort is finished for improvements Which is better? Why?
  • 227. Copyright James B. Maginnis 2000-2005 2 2 7 Management Considerations • Understand management’s justification for a disaster recovery / resumption plan • Discuss acceptable outage for critical business areas and optimal BCP strategy with management • Build Steering and IS&T Committees: understand who can impede success • Keep meetings under 45 minutes • Get an consensus on the scope, objectives, and statement of work (SOW)
  • 228. Copyright James B. Maginnis 2000-2005 2 2 8 Modularity of Mature Markets • Companies can independently produce components with standard interfaces that fit into a complex functioning products • With less research & fewer new markets, modularity naturally becomes the norm • With the close of the end-to-end company, (e.g. Raytheon outsources HR and IT) standard interfaces are needed between production, accounting, sales, delivery. • Who is in charge of these interfaces?
  • 229. Copyright James B. Maginnis 2000-2005 2 2 9 Discussion Questions • What are common viruses and payloads? • What would the Web be like if there were no limit to bandwidth? What are security issues? • How are your existing systems designed for fault-tolerance and how are they managed? • What are the Pros and Cons of outsourcing? • Smaller – Faster – Easier – Cheaper – More Reliable => How are your companies making good use (and not) of newest technologies? • What are the security threats of these techs?
  • 230. Copyright James B. Maginnis 2000-2005 2 3 0 Ten Most Prevalent In-the-Wild Malware (January 27, 2003 to February 2, 2003) • WORM_KLEZ.H • JS_EXCEPTION.GEN • JS_NOCLOSE.B • WORM_BUGBEAR.A • WORM_NETSPREE.A • WORM_SOBIG.A • WORM_YAHA.K • WORM_OPASERV.I • JS_SEEKER.E1 • WORM_OPASERV.A
  • 231. Copyright James B. Maginnis 2000-2005 Resources – DR and BC Planning 2 3 1 • Disaster Recovery Journal http://www.drj.com/ • Risk Management Bulletin http://www.rmbulletin.com/ • Business Continuity Resource Portal http://www.availability.com/ • Emergency Information Infrastructure Partnership http://www.eiip.org/ • FEMA Emergency Management Guide http://www.fema.gov/nwz99/9901.htm
  • 232. Copyright James B. Maginnis 2000-2005 Resources – Security and IT Arch. Guides 2 3 2 • http://www.netiq.com/offers/securityebook/R eadeBook.asp • http://psyber.letifer.org/downloads/archives/c at_security.shtml • http://searchsecurity.techtarget.com/sDefiniti on/0%2C%2Csid14_gci813585%2C00.html • http://www.cio.noaa.gov/hpcc/docita/files/ita_ process_paper.htm • http://www.cio.noaa.gov/hpcc/docita/files/ac mm_rev1_06272002.pdf
  • 233. Copyright James B. Maginnis 2000-2005 2 3 3 Questions and Answers