Chapters 5 and 6
Download
Report
Transcript Chapters 5 and 6
IT Infrastructure
Chapters 5 & 6
INFO 410
Glenn Booker
Images are from the text author’s slides
1
INFO 410
Chapters 5-6
Five competitive forces
Before diving into the second module, we’ll
examine the five competitive forces that
shape strategy (case study 1-1)
–
–
The most obvious competitive force is your
competitors in the industry
–
2
Technology can influence or drive all of them
Our overall goal is to be profitable (yay capitalism!)
Most don’t look beyond that
INFO 410
Chapters 5-6
Five competitive forces
3
Customers can play you against your rivals,
lowering prices
Suppliers can limit your profits by charging
high prices
Threat of new rivals can increase capacity,
and increase the investment needed to play
Substitute products can steal customers
INFO 410
Chapters 5-6
The big picture
So we need to consider all five major forces
in a given industry to produce a good
strategy
A common approach is to position yourself
where forces are weakest
–
–
4
Paccar sells custom trucks to owner-operators
MP3s created a substitute for buying music CDs;
Apple filled the void with iTunes
INFO 410
Chapters 5-6
Tricks to win
5
Limit supplier power via standardized parts
Expand services so it’s harder for customers
to leave
Invest in products different from your rivals,
to avoid price wars
Invest in R&D to scare off new rivals
Make products very available, to offset subs
INFO 410
Chapters 5-6
Strength of forces drives profit
When competitive forces are all strong
(airlines, textiles) there is little profit
Conversely, weak competition leads to high
profits (soda, software, toiletries)
Profitability, measured by ROIC (return on
invested capital) is typically 10-20%
–
–
6
Airlines and mail order about 5%
Soda and software are over 35%
INFO 410
Chapters 5-6
Strength of forces drives profit
7
Short term profits are affected by many
things (weather, industry cycles) but long
term performance is dominated by these five
forces
The strongest competitive force(s)
determines how profitable an industry can be
Hence it/they are key factors in choosing the
best strategy
INFO 410
Chapters 5-6
Threat of new rivals
New players add capacity to produce
products, and pressure to lower prices
Especially if they are established firms in
other areas
–
–
–
8
Pepsi bottled water
Microsoft Web browsers
Apple music distribution
INFO 410
Chapters 5-6
Threat of new rivals
9
To avoid this threat, existing producers must
hold down prices, and/or invest in new
products to keep customers loyal (Starbucks)
Notice it’s the threat of rivals, not actual new
rivals, that limits profitability
Barriers to entry help keep out new
competition
INFO 410
Chapters 5-6
Barriers to entry
Supply-side economies of scale
–
–
Demand-side benefits of scale
–
–
–
10
It’s cheaper to make lots of stuff than a little
Every aspect of the value chain, even marketing
and research, benefit from large scale operations
Larger companies attract more customers
“No one ever got fired for buying IBM”
eBay has more auctions, so more people use it
INFO 410
Chapters 5-6
Barriers to entry
Customer switching costs
–
–
Capital requirements
–
–
11
Changing vendors may mean changing product
specs, retraining staff, adapting processes, etc.
ERP systems have huge switching costs!
Make it expensive to compete with you
Facility costs, provide credit to customers,
inventory costs, start-up costs, ads, R&D, etc.
INFO 410
Chapters 5-6
Barriers to entry
Incumbent advantages
–
–
–
Unequal access to distribution channels
–
12
Not just for politicians!
May have cost or quality advantages over rivals,
proprietary technology, best sources, best
locations, known brand identity
Counter by placing self away from rivals (Wal-Mart)
Limited shelf space, available distributors
INFO 410
Chapters 5-6
Barriers to entry
Government policies
–
–
13
Government can limit or forbid new entrants in an
industry (e.g. radio, liquor, taxi, airlines)
Government can also encourage new entrants –
subsidies, grants, 8(a) programs, etc.
Of course, new entrants in a field could
expect retaliation
INFO 410
Chapters 5-6
Barriers to entry - retaliation
Retaliation is likely, if incumbent players
–
–
–
14
Have squashed rivals before
Have lots of money
Can cut prices to drive you out of business
Or if industry growth is slow
INFO 410
Chapters 5-6
Power of suppliers
15
Key suppliers can simply charge more for
their products, reducing your profitability
This can include suppliers of labor!
Microsoft reduces profitability of PCs by OS
costs
INFO 410
Chapters 5-6
Power of suppliers
Suppliers are powerful if
–
–
They are more concentrated than the industry
they supply (1 Microsoft vs. many PC makers)
The supplier doesn’t depend on one industry for
revenue
–
There are high switching costs to another supplier
16
If you only have one customer, you have to take better
care of them!
Training, location, etc. could contribute
INFO 410
Chapters 5-6
Power of suppliers
Or if
–
–
–
17
Supplier offers unique products (or at least
different, such as drug products)
There is no substitute for the supplier (airline
pilots)
The supplier could enter the market themselves
(Shuttle selling barebones computers)
INFO 410
Chapters 5-6
Power of buyers
18
Customers (buyers) can force down prices,
demand better quality or service, reducing
your profitability through price reductions
Buyer power is similar for consumers and
B2B customers
Consumer needs may be harder to pin down
INFO 410
Chapters 5-6
Power of buyers
Buyers have power if
–
There are few of them, and/or they purchase in
large volume
–
–
–
19
The latter especially if the industry has high fixed costs
(telecom, chemicals, oil drilling)
Products are standardized (paper clips)
Switching costs are low
The buyers can integrate backward, and make
the product themselves (packaging for sodas)
INFO 410
Chapters 5-6
Power of buyers
Buyers are price sensitive if
–
–
–
–
20
The products are a major fraction of its budget
(mortgages)
Buyers earn little profit, or have little cash, or
otherwise need to cut purchasing costs
Buyer’s product quality is little affected by the
items bought (opposite of movie cameras)
Product has little effect on buyer’s other costs
INFO 410
Chapters 5-6
Power of buyers
Intermediate customers (distribution or
assembly channels) also gain power when
they influence customers’ buying decisions
–
–
21
Consumer electronics or jewelry retailers, or
agriculture equipment distributors
Producers may avoid this through direct channels
to consumers, or exclusive distribution channels
(sweeteners, DuPont Stainmaster, bike parts)
INFO 410
Chapters 5-6
Threat of substitutes
A substitute does the same function as a
product in a different manner
–
–
–
–
22
Videoconference instead of traveling
Email instead of snail mail
Software for travel agents, when people shop
online instead
Only have a cell phone instead of wired phones
INFO 410
Chapters 5-6
Threat of substitutes
Because substitutes may be very different
products, they’re easy to overlook
–
23
Used vs new products, or do-it-yourself vs.
purchased could also be factors
High threat of substitutes lowers profitability
Industries often need to distance themselves
from well known substitutes
INFO 410
Chapters 5-6
Threat of substitutes
Threat of substitutes is high if
–
–
24
There is good price-performance compared to the
industry product (Skype vs long distance calls,
Netflix vs YouTube)
Switching cost to substitute is low (generic drugs)
Hence need to monitor other industries for
new substitutes (e.g. plastic for car parts
instead of metal)
INFO 410
Chapters 5-6
Competitive rivalry
Rivalry among competitors in an industry is
very familiar
–
25
Sales, new products, ad campaigns, service
improvements
Rivalry limits profitability
Rivalry has dimensions of intensity and the
basis upon which it depends
INFO 410
Chapters 5-6
Competitive rivalry
Intensity of rivalry is high when
–
–
–
–
–
26
There are many competitors, or they are the
same size & power
Industry growth is slow, makes for fight over
market share
Exit barriers are high, hence stuck in industry
Rivals are striving for leadership
Rivals can’t read each others’ strategies well
INFO 410
Chapters 5-6
Competitive rivalry
Rivalry is worst for profits when it’s on the
basis of price alone
Price rivalry is common when
–
–
–
–
27
Products or services can’t be told apart
Fixed costs are high
Capacity need to grow in leaps to be efficient
Product is perishable! (produce, or hotel rooms)
INFO 410
Chapters 5-6
Competitive rivalry
Competitive rivalry can have other basis
–
–
28
Features, support, delivery speed, brand image
These are less likely to affect price, since they
help differentiate products
If you compete on the same basis as your
rivals, might be fighting over the same
customers; instead of winning new ones via
differentiation, a positive sum game
INFO 410
Chapters 5-6
Other factors
The five competitive forces are key to
developing a good strategy
But there are other factors to consider
–
–
–
–
29
Industry growth rate
Technology and innovation
Government
Complementary products and services
INFO 410
Chapters 5-6
Industry growth rate
Fast-growing industries often have little
rivalry, but gives suppliers a lot of power
Low barriers to entry will guarantee a lot of
competitors
–
30
PCs have been very low in profit for that reason
Substitutes might still exist
INFO 410
Chapters 5-6
Technology and innovation
31
Technology alone will rarely make an
industry attractive
New technology attracts a lot of interest,
and hence rivals
Low tech, price insensitive industries are
often the most profitable
INFO 410
Chapters 5-6
Government
Government involvement could be good or
bad
Look at how they affect the five forces
–
–
–
32
Patents create barriers to entry, for example
Unions often raise supplier power
Lenient bankruptcy rules favor excess capacity
and more rivalry
Consider different levels of government too
INFO 410
Chapters 5-6
Complementary products
33
Some product go well together, like hardware
and software!
Complements can affect demand for a
product; see how they affect the five forces
Can affect barriers to entry (app
development), threat of substitutes
(hydrogen cars, iTunes), rivalry (pro or con)
INFO 410
Chapters 5-6
Changes over time
Everything so far has been at one moment in
time; now consider how these factors can
change over time
New entries can arise from a patent expiring
–
–
34
Limited retail freezer space can limit new products
Large scale retailers create barriers for small
competitors
INFO 410
Chapters 5-6
Changes over time
35
Consolidation of appliance retailers have
limited the power of their suppliers
Travel agents have little power over their
commissions, due to online sales
Technology often shifts price/performance
(microwaves) or creates new substitutes
(flash drives instead of small hard drives)
INFO 410
Chapters 5-6
Changes over time
Rivalries often intensify over time, as industry
growth slows
Rivals become more alike as products
become similar, consumer taste settles down
–
36
Some areas avoid this, e.g. casino catering to
different populations
Mergers, acquisitions, and technology can
alter rivalries, create customer backlash
INFO 410
Chapters 5-6
Strategy implications
All of these forces and factors should play
into creating a good business strategy
–
–
–
37
Where do you stand relative to buyers, suppliers,
new entrants, rivals, and substitutes?
What changes in these forces can be anticipated?
Can you change the industry structure?
Your strategy should defend against the
strong forces, and exploit the weak ones
INFO 410
Chapters 5-6
Positioning the company
Also consider the entry and unpopular exit
options – is this a good time to enter or leave
a market? Or industry?
Are there changes in the industry of which
you can take advantage?
–
38
Often such changes can create prime
opportunities, if you can spot them
INFO 410
Chapters 5-6
Reshape industry structure
39
This can be done by redividing profitability;
changing the forces which affect the current
industry’s profitability
Find which forces are key limits on profits,
and do something to release them!
INFO 410
Chapters 5-6
Reshape industry structure
Or expand the profit pool; increase overall
demand for the products
–
–
–
–
40
Find new buyers
Make channels become more competitive
Coordinate with suppliers
Improve quality standards, etc.
INFO 410
Chapters 5-6
Play in the right sandbox
Make sure you have clear industry
boundaries
Sounds basic, but each industry typically
needs its own strategy
–
Huge mistakes can result otherwise!
–
41
Identify product or services scope, and
geographic scope of each industry
Miss major markets, product needs, etc.
INFO 410
Chapters 5-6
Competition and value
The five forces (and lesser factors) identify
how competition will affect a business
strategy
Key is not only to identify competitive threats,
but also possible opportunities
Also helps investors understand a business
–
42
Separate short term blips from structural changes
INFO 410
Chapters 5-6
The Business of IT
Understanding IT
infrastructure
43
INFO 410
Chapters 5-6
IT a key capability
44
IT is now a critical part of how businesses
realize their business models
This module is about how IT affects
management of a business, affects
availability and security, makes new
service models possible, and supports
project management
INFO 410
Chapters 5-6
IT infrastructure
Cheap computing and universal networks
have formed the foundation for levels of
information sharing and services never
possible before
The challenges its implementation introduces
can be huge, however
–
–
45
Reliability, interoperability with legacy systems
Reduced ability to differentiate from competition
INFO 410
Chapters 5-6
Infrastructure constraints
Dangers include basing your infrastructure
on a technology which dies
Business needs and technology decisions
need to be interwoven
–
46
That’s where IS people are critical interfaces!
So what drives technology changes?
INFO 410
Chapters 5-6
Moore’s “Law”
Gordon Moore (later cofounder of Intel)
noted in 1965 that computer chip prices
stayed about the same, but their speed
doubled every 18-24 months
–
The 60’s and 70’s saw centralized computer
architecture
–
47
Still true today!
Mainframes, punch cards, ttys, dumb terminals
INFO 410
Chapters 5-6
Computer evolution
The “computer on a chip” concept started
roughly in 1971 with the Intel 4004 CPU,
leading to the 8088, 286/386/486/Pentium,
PII, PIII, P4, etc.
With the introduction of PCs in 1981,
computing started to spread from the
mainframes throughout an organization
–
48
Spreadsheets, databases, CAD, programming
INFO 410
Chapters 5-6
Computer evolution
Then the baby computers started talking
to each other – the LAN was born
–
–
And the world saw the Internet explode in
the early 90’s
–
49
Led to the client/server architecture
Let the PCs do some of the work!
WANs, internetworking technologies, open
standards, and of course WWW
INFO 410
Chapters 5-6
Computer evolution
Robert Metcalfe’s Law: “The usefulness of a
network increases with the square of the
number of users connected to the network”
–
Network capacity grew even faster than
Moore’s Law, with cheap powerful CPUs and
easy TCP/IP networks
–
50
Metcalfe created Ethernet, founded 3Com
Led to changes in computing infrastructure
INFO 410
Chapters 5-6
Computer evolution
But these changes have been so fast that
many organizations are left with fragments
from different eras of technology
Internetworking infrastructure consists of
–
–
–
51
Network(s)
Computer HW and SW (“processing systems”)
Facilities
INFO 410
Chapters 5-6
Network elements
LANs, WANs
Routers, switches, … hubs??
Wireless access points
Network cards (wireless or not)
Firewalls
Cache, media, print, or other servers
–
52
If it performs a business function, it’s a processing
element; otherwise it’s a network element
INFO 410
Chapters 5-6
Network(s)
Includes links, network hardware, software,
policy management and monitoring
Key issues include
–
–
–
–
–
53
Selecting technologies and standards
Selecting and managing partners
Assuring reliability
Maintaining security
Interconnection among networks
INFO 410
Chapters 5-6
Processing system elements
54
Client devices and systems (PCs, cell
phones, cars, refrigerators, etc.)
Servers – general processing, transaction,
file, database, Web, and application servers
Enterprise servers (and legacy mainframes)
Middleware – often overlooked
Network management software
Business applications
INFO 410
Chapters 5-6
Processing systems
Includes most servers, clients, phones, and
software (custom code, SAP, Oracle, etc.)
Management issues include
–
–
–
–
–
55
What’s internally developed vs. outsourced
How to grow, deploy, & modify
Connecting to legacy systems
Problem management
Disaster recovery
INFO 410
Chapters 5-6
Facility elements
Facilities include
–
–
–
–
–
56
Buildings, physical spaces
Network conduits and links
Power
Environmental control systems (temp, humidity)
Security (physical and network)
INFO 410
Chapters 5-6
Facilities
Includes data centers, network ops centers,
data closets, managed services
Issues include
–
–
–
–
57
Manage internally vs. outsource
Choosing the right facilities model
Reliability, security
Energy efficiency & environmental impact
INFO 410
Chapters 5-6
Internetworking characteristics
Internetworking technologies differ from
some other info technologies in several ways
–
–
–
–
–
58
Based on open standards
Operate asynchronously (think datagram network)
Have inherent latency (delivery delays)
Are decentralized (no single point of failure)
Are scalable (lots of pathways help here)
INFO 410
Chapters 5-6
Business implications
On a fast network, all computers can act
essentially as one
–
–
–
Physical location is less important, changing
outsourcing, partnerships, industry structure
–
59
The network becomes a computer
Sequential events become nearly simultaneous
Huge paradigm shift
But increasing complexity, interactions, threats
INFO 410
Chapters 5-6
Real-time infrastructures
The mainframe era used batch computing,
often at the end of the day
Real-time (or nearly so) computing has
erased those expectations
Other benefits include
–
Better data, better decisions
60
Easier synchronization of data sources
INFO 410
Chapters 5-6
Real-time infrastructures
–
Better process visibility
–
Improved process efficiency
–
JIT inventory, faster cycle times, response to market
conditions
From ‘make and sell’ to ‘sense and respond’
61
Instant order status
Respond to actual demand, rather than forecasted
demand, e.g. Dell
Requires faster transaction and communication systems
INFO 410
Chapters 5-6
Not all good
The faster response time has produced new
threats
–
–
–
62
Wall St panic on 10/19/1987, due largely to
automated stock buying programs causing a
chain reaction
While value can be created faster, so can bad
side effects
Need high availability, fast disaster response, and
improved security
INFO 410
Chapters 5-6
New service delivery models
IT can be a service provided by outsourcing,
instead of being internally managed
–
–
–
–
–
63
Scarcity of IT people is partly driving this!
The industry is becoming more standardized, and
cost reduction pressure is strong
Where exactly is your Gmail???
Similar to shifts from answering machines to voice
mail, or power as a commodity
Need to manage IT providers and partners well!
INFO 410
Chapters 5-6
Managing legacy systems
Any infrastructure from an older organization
probably still has legacy components in it
–
–
–
64
Often obsolete, proprietary
Also includes legacy organizations, processes,
and cultures!
How do new technologies relate to the legacy
systems? Change the organization, processes,
and culture?
INFO 410
Chapters 5-6
Future of internetworking
The technologies we rely on have been
refined over the last 30-40 years
Markets want reliable, secure, high speed
connectivity
–
–
65
Changes to QoS (quality of service) possible on
the Internet are needed to help meet demand
Availability, authentication, security, bandwidth
guarantees, nonrepudiation are all highly desired
INFO 410
Chapters 5-6
Summary
66
Internetworking infrastructure includes not
only the physical hardware and software, but
the processes, organization, and culture that
use them
Technology changes are creating faster,
more flexible, interoperable global networks,
speeding creation of value at the cost of high
complexity, uncertainty, and new threats
INFO 410
Chapters 5-6
The Business of IT
Assuring reliable and
secure IT services
67
INFO 410
Chapters 5-6
Reliability of the Internet
The reliability of the Internet is based on its
many redundant paths among hosts
–
Most organizations don’t have the luxury of
that much redundancy!
–
68
Failures at one or more routers are unlikely to
stop a message from getting to its destination
Key tradeoff is the expense of redundancy, versus
the reliability it can bring
INFO 410
Chapters 5-6
How much can you afford?
Added complexity of redundant systems
adds new kinds of possible failures
So it boils down to asking: how much
reliability can you afford?
–
–
69
Kind of like ‘how fast do you want your car?’
How expensive is a 15-minute failure of your IT
infrastructure? 12 hours?
How does reliability differ from availability?
INFO 410
Chapters 5-6
Availability
70
No. of 9’s
Data Center
Availability
Down time /
year
2
Level 1
99%
87.6 hours
3
Level 1
99.9%
8.8 hours
4
Level 2
Level 3
99.99%
53 minutes
5
Level 4
99.999%
5.3 minutes
6
Level 4
99.9999%
31.5 seconds
INFO 410
Chapters 5-6
Timing
The number of failures and their duration
each is also important
–
Timing when failures occur also matters
–
71
Many very brief failures may have less impact
than one long one
3:00 am often not as bad as 10:00 am?
Planned system outages don’t ‘count’
INFO 410
Chapters 5-6
Calculating availability
For systems that all need to be running at
once (serial), multiply their individual
availabilities
–
–
–
72
System avail = P [component avail]
So a system of five serial components, each with
98% availability, will have a system availability of
System avail = 0.98*0.98*0.98*0.98*0.98 = 90.4%
Adding more components hurts overall availability
INFO 410
Chapters 5-6
Calculating availability
If components are in parallel (any of the
redundant components could perform the
function), then multiply the failure rates of the
components to get the system failure rate
–
73
Failure rate = 1 – Availability rate
So five components in parallel would have a
failure rate of (1 - 0.98)^5 = 3.2E-09 for an
availability of 1 - 3.2E-9 = 99.99999968%
INFO 410
Chapters 5-6
High availability facilities
A typical high availability data center should
have many features
–
Uninterruptible power supply
–
74
Major equipment should have multiple power supplies,
powered by separate circuits
A UPS is ready to take over if main power source fails
UPS might be a diesel generator for sustained outages
Physical security to restrict access to the
equipment
INFO 410
Chapters 5-6
High availability facilities
–
Extreme facilities might be protected from blast or
other attacks
–
–
Climate control and fire suppression
Network connectivity to two or more backbone
Internet providers
75
Weighing visitors, biometric identification, etc. could be
used
Might have redundant NOCs
INFO 410
Chapters 5-6
High availability facilities
–
–
Help desk incident response procedures
N+1 or N+N redundancy
–
See earlier availability chart for Level 1 to 4 Data
Center classifications
76
N+1 means at least one redundant system standing by;
typically good for up to 3 9’s of availability
N+N means double the number of systems normally
needed, needed for 4 or more 9’s of availability
A single component can have redundant features, even
if the entire component isn’t duplicated
INFO 410
Chapters 5-6
Malicious threats
It’s no secret that there are many threats to
network security, from casual bored hackers
to well organized spies and terrorists
Threats can be loosely grouped into three
categories
–
–
–
77
External attacks
Intrusion
Viruses and worms
INFO 410
Chapters 5-6
External attacks
External attacks hurt a site or degrade its
services, without getting access inside it
–
–
–
78
Denial of service attacks (DoS) typically flood web
servers with TCP SYN messages, until they crash
Distributed DoS (DDoS) attacks do the same
thing from many computers at once
IP spoofing might be used to mask the true
source of these attacks
INFO 410
Chapters 5-6
External attacks
79
DoS attacks are easy to do – script kiddies
And are hard to defend against
Slow DoS attacks can look like normal traffic
INFO 410
Chapters 5-6
Intrusion
Intrusion attacks gain access inside your
network
–
–
–
80
Guess or obtain user names and passwords
(maybe via packet sniffing, or clever social
engineering)
Back doors left by developers
Port scanning to look for open entries to servers
INFO 410
Chapters 5-6
Intrusion
Once inside the network, hackers might
–
–
–
–
81
Download, alter, or delete data (SSN, CC numbers)
Deface web sites
Posing as a user, send malicious messages
Leave software to perform DDoS later, or time
bombs to delete data
Proving what they did is often very hard
Can produce tough PR issues!
INFO 410
Chapters 5-6
Viruses and worms
Viruses and worms are self-replicating
programs
–
82
Viruses need help to spread, worms don’t
Both are often incorporated into other
attacks, e.g. set up a DDoS attack
INFO 410
Chapters 5-6
Defensive measures
Many types of defenses are often used
–
–
–
–
–
–
83
Security policies
Firewalls
Authentication
Encryption
Patching and change management
Intrusion detection and network monitoring
INFO 410
Chapters 5-6
Security policies
Security policies are needed to define
–
–
–
–
–
–
84
How passwords are managed
Who has accounts on the network?
What security is needed on network computers?
What services are running in the network?
What can users download?
How are these policies enforced?
INFO 410
Chapters 5-6
Firewalls
Firewalls can be hardware- and/or softwarebased methods to control network access
–
–
–
–
85
Can people access the network from outside?
Most firewalls filter packets to look for attacks,
illegal applications, IP spoofing, etc.
Can’t stop internal traffic, most viruses, or
bypassing the network (wireless, flash drives)
They also provide good traffic monitoring points
INFO 410
Chapters 5-6
Authentication
Authentication proves you are who you claim
to be – could be applied to hosts or users
–
–
86
Could be as basic as ‘user name and password’,
or involve certificate authorities, biometrics, etc.
How tough are passwords? Change them how
often? Can you reuse them?
After that, can control access to data,
network resources based on identity
INFO 410
Chapters 5-6
Encryption
Encryption provides confidentiality of data
–
–
Encryption can be symmetric or public key
–
Often both are used to provide authentication and
confidentiality
Digital signatures also prove authentication
–
87
Even if intercepted, can’t easily be read
Protect your keys!!!
Message digests provide integrity check
INFO 410
Chapters 5-6
Patching and change management
Known weaknesses in apps or OS’s can be
patched – if you USE the patches!
–
–
88
Keeping current is tedious
Patches might cause side effects in other apps
Change management needs to know what
patches are installed, what apps should be
running, and what files should be on
production systems
INFO 410
Chapters 5-6
Intrusion detection
89
Intrusion detection systems look at packet
contents to look for attack patterns; or look
for weird patterns of traffic behavior
Could also include hardware and software
monitoring to look for unusual configurations
(e.g. a NIC in promiscuous mode) or
suspicious behavior
INFO 410
Chapters 5-6
Security management framework
Security affects the design of a network, and
requires policies and procedures to keep it
safer
Some basic principles of good security
management include
–
–
90
Make security decisions; don’t ignore the issue!
Realize that security threats change and evolve;
don’t expect anything to be static
INFO 410
Chapters 5-6
Security management framework
–
–
Consistent change management is critical
Educate users what not to click on, how to keep
passwords secure, why procedures are in place
–
Use layered security
91
Great ignored procedures are worthless!
Consider host, network, and application levels of
security, and prioritize measures
INFO 410
Chapters 5-6
Risk management
Risk management for availability and security
is critical
Can’t avoid all risks, so need to estimate the
probability of risks occurring, and how severe
the impact (consequences) of each risk is
–
92
Obviously, low probability and low impact risks
are minor threats; and high probability and high
impact risks are critical ones to address
INFO 410
Chapters 5-6
Risk management
But the other combinations (low probability,
high impact, or high probability, low impact)
are harder to assess
–
Can define expected loss=probability*impact
–
–
93
E.g. we often pay for insurance against unlikely
but rare events, like severe illness or death
But intangible losses are hard to quantify
New technologies may add new risks (complexity,
instability)
INFO 410
Chapters 5-6
Incident management
All infrastructures experience incidents, so
it’s important to plan for them
–
94
What could be typical incidents affecting
availability and/or security?
Plan for actions to be taken before, during,
and after an incident
INFO 410
Chapters 5-6
Actions before an incident
95
Design the infrastructure for recoverability
and failure tolerance
Follow your own procedures, especially for
change management and data backup
Document procedures and configurations
carefully
INFO 410
Chapters 5-6
Actions before an incident
Have crisis management procedures
–
–
Practice incident response
–
–
96
How do you diagnose problems?
Who is available to help?
Do you have current contact information for key
people?
What outside resources are available to help?
INFO 410
Chapters 5-6
Actions during an incident
Beyond the apparent technical issues, there
are many other factors in a crisis
–
–
–
–
97
Emotional responses (confusion, denial, panic)
Wishful thinking
Political maneuvering, avoiding responsibility
Leaping to conclusions, ignoring unwanted
evidence
INFO 410
Chapters 5-6
Actions during an incident
Public relations issues can also be
overwhelming
–
–
98
Reluctant to admit how serious the problem is
(FEMA in NO?)
Major decisions are risky, and you have to make
confident decisions even if data is never complete
INFO 410
Chapters 5-6
Actions after an incident
After an incident, may have to rebuild part of
the infrastructure, or even everything
–
Processes might have to be changed to
accommodate the new infrastructure
Document lessons learned from this incident,
to help reliving it in the future!
–
99
This is why you had good CM!
What caused it? How can you prevent it?
INFO 410
Chapters 5-6
Actions after an incident
May also need to explain to customers and
other stakeholders what happened, and what
your actions have been
–
10
0
Again can be a PR issue to show your steps to
secure your infrastructure are sound and
thorough
INFO 410
Chapters 5-6
Summary
Availability for IT infrastructures
–
–
10
1
How to calculate availability with serial or parallel
components
Features needed for high availability facilities
Security threats and defenses
Security management framework
Risk and incident management
INFO 410
Chapters 5-6