Assuring Reliable and Secure IT Services Tsai Blake
<ul><li>Redundancy </li></ul><ul><li>Availability Math </li></ul><ul><li>High-Availability Facilities </li></ul><ul><li>Se...
Redundancy <ul><li>The key to reliable systems is redundancy </li></ul><ul><li>How much reliability to buy? </li></ul><ul>...
Availability Math The Availability of Components in Series
Availability Math The Effect of Redundancy on Availability
High-Availability Facilities <ul><li>Uninterruptible Electric Power Delivery ( UPS ) </li></ul><ul><li>Physical Security <...
A Representative  E-Commerce Infrastructure Redundant modules RAID Money
Securing Infrastructure against Malicious Threats <ul><li>Responsible managers must build defenses to secure a company’s i...
Who are the attackers? <ul><li>Some are thrill seekers with too much time on their hands. </li></ul><ul><li>People who lik...
Classification of Threats <ul><li>External Attacks </li></ul><ul><ul><li>“ denial of service” DoS Attack, which disable in...
DoS DoS DDoS Spoofing
Defensive Measures <ul><li>Security Policies </li></ul><ul><li>Firewalls </li></ul><ul><li>Authentication </li></ul><ul><l...
Security Policies <ul><li>What kids of passwords are users allowed to create for use on company systems, and how often sho...
A Security Management Framework <ul><li>Make Deliberate Security Decisions </li></ul><ul><li>Consider Security a Moving Ta...
Risk Management of Availability and Security Consequences Probability Low Consequence Low probability MiNOR THREATS High C...
Incident Management and Disaster Recovery <ul><li>Managing Incidents before The Occur </li></ul><ul><ul><li>Sound infrastr...
Upcoming SlideShare
Loading in …5
×

Assuring Reliable and Secure IT Services

2,779 views
2,599 views

Published on

Published in: Technology
2 Comments
5 Likes
Statistics
Notes
  • Hello,
    I would appreciate it greatly if you could allow me to use this presentation as a reference for my IT Security course at my university. My email address is mshahzadar@hotmail.com.

    Looking forward to a positive response.
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Sir,
    I badly need this presentation for my research project at my college. I will be grateful to you if you can allow me to access this presentation and download it for my reference. my email is anuj_pisces@yahoo.co.in
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
No Downloads
Views
Total views
2,779
On SlideShare
0
From Embeds
0
Number of Embeds
36
Actions
Shares
0
Downloads
0
Comments
2
Likes
5
Embeds 0
No embeds

No notes for slide

Assuring Reliable and Secure IT Services

  1. 1. Assuring Reliable and Secure IT Services Tsai Blake
  2. 2. <ul><li>Redundancy </li></ul><ul><li>Availability Math </li></ul><ul><li>High-Availability Facilities </li></ul><ul><li>Securing Infrastructure against Malicious Threats </li></ul><ul><li>Incident Management and Disaster Recovery </li></ul>
  3. 3. Redundancy <ul><li>The key to reliable systems is redundancy </li></ul><ul><li>How much reliability to buy? </li></ul><ul><ul><li>Some costs of failures are intangible and hard to quantify. It is difficult to estimate the probabilities of such failure. </li></ul></ul><ul><ul><li>Redundant systems are more complex than non-redundant systems, and this complexity must be managed. </li></ul></ul><ul><li>Technologies to assure 24*7operations get better all the time. </li></ul>
  4. 4. Availability Math The Availability of Components in Series
  5. 5. Availability Math The Effect of Redundancy on Availability
  6. 6. High-Availability Facilities <ul><li>Uninterruptible Electric Power Delivery ( UPS ) </li></ul><ul><li>Physical Security </li></ul><ul><li>Climate Control and Fire Suppression </li></ul><ul><li>Network Connectivity </li></ul><ul><li>Help Desk and Incident Response Procedures </li></ul><ul><li>N + 1 and N + N Redundancy ( Six Sigma 99.99966% ) </li></ul>
  7. 7. A Representative E-Commerce Infrastructure Redundant modules RAID Money
  8. 8. Securing Infrastructure against Malicious Threats <ul><li>Responsible managers must build defenses to secure a company’s information-related assets ─ its data, infrastructure components, and reputation ─ against this escalating threat. </li></ul><ul><li>Who are the attackers </li></ul><ul><li>Classification of Threats </li></ul><ul><li>Defensive Measures </li></ul><ul><li>A Security Management Framework </li></ul><ul><li>Risk Management of Availability and Security </li></ul>
  9. 9. Who are the attackers? <ul><li>Some are thrill seekers with too much time on their hands. </li></ul><ul><li>People who like the challenge of defeating defenses or getting in where they are not supposed to be. </li></ul><ul><li>Attackers have taken a specific dislike to a company and intend to do it harm. </li></ul><ul><li>Sinister type of attacker attempts to steal a company’s proprietary </li></ul>
  10. 10. Classification of Threats <ul><li>External Attacks </li></ul><ul><ul><li>“ denial of service” DoS Attack, which disable infrastructure devices by flooding them with an overwhelming number of messages. </li></ul></ul><ul><ul><li>“ Distributed Denial of Service” DDoS Attack. </li></ul></ul><ul><ul><li>“ Spoofing” </li></ul></ul><ul><ul><li>SYN-ACK, Handshake </li></ul></ul><ul><li>Intrusion </li></ul><ul><li>Viruses and Worms </li></ul>
  11. 11. DoS DoS DDoS Spoofing
  12. 12. Defensive Measures <ul><li>Security Policies </li></ul><ul><li>Firewalls </li></ul><ul><li>Authentication </li></ul><ul><li>Encryption </li></ul><ul><li>Patching and Change Management </li></ul><ul><li>Intrusion Detection and Network Monitoring </li></ul><ul><li>Digital Certificates </li></ul><ul><li>Public-Private Key Encryption and Digital Signatures </li></ul><ul><li>Virtual Private Networks </li></ul>
  13. 13. Security Policies <ul><li>What kids of passwords are users allowed to create for use on company systems, and how often should users change passwords? </li></ul><ul><li>Who is allowed to have accounts on company systems? </li></ul><ul><li>What security features must be activated on a computer before it can connect to a company network? </li></ul><ul><li>What services are allowed to operate inside a company’s network? </li></ul><ul><li>What are users allowed to download? </li></ul><ul><li>How is the security policy enforced? </li></ul>
  14. 14. A Security Management Framework <ul><li>Make Deliberate Security Decisions </li></ul><ul><li>Consider Security a Moving Target </li></ul><ul><li>Practice Disciplined Change Management </li></ul><ul><li>Educate Users </li></ul><ul><li>Deploy Multilevel Technical Measures, as Many as You can Afford </li></ul>
  15. 15. Risk Management of Availability and Security Consequences Probability Low Consequence Low probability MiNOR THREATS High Consequence Low Probability High Consequence High Probability PRIORITIZE THREATS CRITICAL THREATS Low Consequence High Probability HIGH LOW 0 1 Managing Infrastructure Risks : Consequences and Probabilities
  16. 16. Incident Management and Disaster Recovery <ul><li>Managing Incidents before The Occur </li></ul><ul><ul><li>Sound infrastructure design </li></ul></ul><ul><ul><li>Disciplined execution of operating procedures </li></ul></ul><ul><ul><li>Careful documentation </li></ul></ul><ul><ul><li>Established crisis management procedures </li></ul></ul><ul><li>Managing during an Incident </li></ul><ul><ul><li>Emotional responses, including confusion, and ducking responsibility </li></ul></ul><ul><ul><li>Wishful thinking and groupthink </li></ul></ul><ul><ul><li>Political maneuvering, diving for cover, and ducking responsibility </li></ul></ul><ul><ul><li>Leaping to conclusions and blindness to evidence that contradicts current beliefs </li></ul></ul><ul><li>Managing after an Incident </li></ul>

×