Скачать презентацию Are you Safe and Secure International Spectrum Conference Скачать презентацию Are you Safe and Secure International Spectrum Conference

cf8a37cc36797b929979af1d843757d6.ppt

  • Количество слайдов: 42

Are you Safe and Secure? International Spectrum Conference 2008 Are you Safe and Secure? International Spectrum Conference 2008

Are you Safe and Secure? Nick Kelly – Product Manager Mark Fuller – Support Are you Safe and Secure? Nick Kelly – Product Manager Mark Fuller – Support Manager

Introduction • • 3 What techniques can reduce the risk? How can Northgate and Introduction • • 3 What techniques can reduce the risk? How can Northgate and Reality Help? Have you looked at the risks that impact on your business from ► Security Breaches ► Unauthorized access to data ► Unauthorized update of data ► Loss of Service ► Hardware Failure ► Planned administration What is their effect?

Security Breach - Risks • • Media theft ► Scanning backup media • Break Security Breach - Risks • • Media theft ► Scanning backup media • Break into your Windows / Unix Systems ► Possible direct data access • 4 Hardware theft ► Bypassing Operating System Security ► Bypassing Application security ► Scanning file system Staff misuse of data ► Some staff need access to files, but not the content

Security Breach - Impact • Incident Cost ► ► • Management time Operational effort Security Breach - Impact • Incident Cost ► ► • Management time Operational effort Legal Compliance Issue ► Breach of Data Protection Act ► ► ► ► • Breach of Contract? Reputation ► ► 5 Fairly and lawfully processed Processed for limited purposes Adequate, relevant and not excessive Accurate and up to date Not kept for longer than is necessary Processed in line with your rights Secure Negative press attention … seen as a ‘blunder’ Are we a ‘safe pair of hands’?

Security Breach - Examples Cost $500, 000! ID theft concerns over Eden Project stolen Security Breach - Examples Cost $500, 000! ID theft concerns over Eden Project stolen laptop IT Pro UK – Fri, 15 Jun 2007 12: 45 . . . identity theft. The laptop was looked after by an employee of XXXXXX , a company the Cornish tourist attraction uses to handle its payroll. Chancellor admits HMRC lost 25 million people's data Alistair Darling says taxman lost disks containing the detailed child benefit information of 25 million individuals Cost potentially billions! (Compensation up to $600 per record, total 15 billion (UK) 6

Security Methods Database Access Security Firewall Network User Authentication Development User Operations User Database Security Methods Database Access Security Firewall Network User Authentication Development User Operations User Database Backups 7 Multi. Value Application User MV Platform Multi. Value Database Server Data Hacker Security

Database Security 8 Database Security 8

Database Security • Is your Database secure? ► Can you control access? ► ► Database Security • Is your Database secure? ► Can you control access? ► ► ► 9 By user, location, time or type of connection? Can you detect inappropriate access? Do you know who is accessing your database and when?

Database Security – Reducing the Risk • MV Account Based Security ► All users Database Security – Reducing the Risk • MV Account Based Security ► All users share the same user name and password Advantages ► Simple to Administer ► Disadvantages ► Can’t identify individuals ► Hard to Audit ► Difficult to tell if the security has been compromised ► Passwords are difficult to secure ► 10

Database Security – Reducing the Risk • User Based Security ► Each user has Database Security – Reducing the Risk • User Based Security ► Each user has unique user name and password Advantages ► Simple to Administer ► Can Identify the individuals ► Auditable ► Can change their passwords ► You should be able control how often, length and password history ► Disadvantages ► Identities can be conveyed to others or commandeered by others ► 11

Database Security – Reducing the Risk • Location Based Security ► Extends User based Database Security – Reducing the Risk • Location Based Security ► Extends User based security Limit individuals to pre-defined locations ► Individuals can have multiple security profiles ► Dependent on their location ► ► Disadvantages ► 12 Have to define acceptable locations

Database Security – Reducing the Risk • Time Based Security ► Extends User based Database Security – Reducing the Risk • Time Based Security ► Extends User based security ► Logins are restricted to defined time periods ► Advantages ► ► Disadvantages ► 13 Tighter control of User based security ► Pre-defines allowable login times per user Have to define acceptable time windows

Database Security – Reducing the Risk • Server Based Security (linked to user based Database Security – Reducing the Risk • Server Based Security (linked to user based security) ► Allows same user different access rights to different services (Telnet, Web, SQL) Advantages over User based security ► Server processes can have different security profile than associated user ► Disadvantages ► Have to define more access rights ► 14

Database Security – Using Reality • Reality is used in security critical systems ► Database Security – Using Reality • Reality is used in security critical systems ► Police, Government, Military ► Supports Account Security ► User Security ► Location based security ► Time Based ► Server Based ► 15

Data Security 16 Data Security 16

Data Security • Is your Data secure? ► Can you prevent un-authorized access to Data Security • Is your Data secure? ► Can you prevent un-authorized access to the information on your media? ► ► Can you control access to the data? ► 17 Disk & Tape You may want to give file access but not the ability to understand the data

Data Security – Reducing the Risk • Staff Vetting prior to data access ► Data Security – Reducing the Risk • Staff Vetting prior to data access ► Advantages ► ► Security by trust Disadvantages Costly & time consuming ► Not foolproof ► Intrusive ► 18

Data Security– Reducing the Risk • Encrypt any data leaving site ► Advantages ► Data Security– Reducing the Risk • Encrypt any data leaving site ► Advantages ► ► Disadvantages ► 19 Protects backups held off-site Managing the encryption keys

Data Security– Reducing the Risk • Data stored in an encrypted form ► Advantages Data Security– Reducing the Risk • Data stored in an encrypted form ► Advantages Protects data at source ► Transparent to the application ► ► Disadvantages Possible performance implications ► Need to manage the keys ► 20

Data Security– Using Reality’s Data Encryption at Rest • What is it ► Transparently Data Security– Using Reality’s Data Encryption at Rest • What is it ► Transparently encrypts the data written to your database and other media ► Access Management ► Secure Management of encryption keys Advantages ► Selectively limits access to sensitive data ► Reduced Security Boundary ► • 21 Defines who is allowed access to encrypted data

Data at Rest Encryption Demo – (contact us for details…) Data at Rest Encryption Demo – (contact us for details…)

Loss of Service 23 Loss of Service 23

Loss of Service - Impact • Incident Cost ► ► • Contractual SLA’s ► Loss of Service - Impact • Incident Cost ► ► • Contractual SLA’s ► • ► Negative press attention … Are we a ‘safe pair of hands’? Loss of business ► ► 24 Breach of Contract? Reputation ► • Management time Operational effort Companies that aren’t able to resume operations within 10 days of a disaster are not likely to survive’ (source: Strategic Research Institute, Jan 2002. ). ‘Problems with IT cost small and medium enterprises (SME’s) £ 100 billion in lost turnover each year according to the London Business School. Computer crashes are estimated to cause losses of £ 31 million each year. ’

Loss of Service - Causes • Loss of: ► Data ► Hardware ► Network Loss of Service - Causes • Loss of: ► Data ► Hardware ► Network infrastructure ► Site ► Staff! ► • 25 May lose key staff members Planned Admin ► Vendor Capabilities ► Software Reliability ► Support Services

Loss of Service Sometimes the worst does happen … Northgate HQ, Boundary Way, Hemel Loss of Service Sometimes the worst does happen … Northgate HQ, Boundary Way, Hemel Hempstead 6 am 11 December 2005 26

Loss of Service – Reducing the Risk • • • Business Continuity & Disaster Loss of Service – Reducing the Risk • • • Business Continuity & Disaster Recovery Planning Put a BCP & DR plan in place & above all test it! Some things to consider ► Emergency Management Team ► ► Business Recovery Actions ► ► the task of returning to "business as normal" Support Services ► 27 site protection, salvage, security and safety Longer Term Recovery Actions ► ► teams on site, contacts, numbers, alternate office locations Site Management ► ► the site's IT facilities, switchboard lines, DR arrangements for these Office Space Recovery ► ► site plan, departments, services delivered, key suppliers, tenants IT Recovery ► ► an ordered list of the actions to be taken by the EMT Site Details ► ► names, numbers, meeting venues, con. call numbers from HR, int/ext communications, finance, property & security

Loss of Service – Reducing the Risk • Resilient Hardware ► Duplicate key hardware Loss of Service – Reducing the Risk • Resilient Hardware ► Duplicate key hardware components Disk Mirroring ► Redundant power supplies, processors etc. ► Redundant Networks ► Hot Swappable Components ► ► Advantages Quick recovery ► Little Admin ► ► Disadvantages Can still cause the system to fail and need to be restored ► Only protects individual machines ► 28

Loss of Service – Reducing the Risk • Regular backups (Offsite!) ► Backup key Loss of Service – Reducing the Risk • Regular backups (Offsite!) ► Backup key data to removable media Tape, Disk ► Advantages You do have a copy of your data ► Can be kept offsite ► ► Disadvantages Media deteriorates over time ► Slow! ► Costly! ► Only protects individual machines ► 29

Loss of Service – Reducing the Risk ► Resilient File System ► ► ► Loss of Service – Reducing the Risk ► Resilient File System ► ► ► 30 Journaling file system, allows the file system and database to recover to the last completed transaction when the machine unrepentantly stops Advantages ► Recovery can be to last completed transaction ► Can be very quick to recover Disadvantages ► Additional load on system ► Relies on storage devices being intact

Loss of Service – Reducing the Risk ► Hot standby systems Second machine is Loss of Service – Reducing the Risk ► Hot standby systems Second machine is maintained as a near real-time copy of the live running system ► ► ► 31 Advantages ► No loss of service Disadvantages ► Normally ‘closely coupled’ – Requires real time data link ► Can still lose both systems ► Additional hardware costs

Loss of Service – Reducing the Risk ► Remote Hot Standby systems ► ► Loss of Service – Reducing the Risk ► Remote Hot Standby systems ► ► ► 32 A remotely hosted machine is maintained as a near real-time copy of the live running system Advantages ► Data copied off-site at the end of each transaction ► Off-site machine can be ready to run Disadvantages ► Dependant on external communications link ► Requires a communications link which can handle throughput of the system ► Can be costly – depending on options taken

Preventing Loss of Service – Reality Fast Backup and Recovery • Backup & Restore Preventing Loss of Service – Reality Fast Backup and Recovery • Backup & Restore your Database at near Media Speed ► Backup while the system is still in use ► In practice ‘near media speed’ is estimated to be up to 30 times faster than the current logical backup. ► Examples MOD ► from 4 days to 9 hours (500 GB) ► Wolseley ► from 2 hours to six minutes (50 GB) ► 34

Preventing Loss of Service – Reality Rapid Recovery File System • • • 35 Preventing Loss of Service – Reality Rapid Recovery File System • • • 35 Protects Database Across a System Failure Ensures File System Integrity ► Ensures All Operations Either Complete or Roll Back ► Providing Database and Log Disks Survive Reduces Time to Recover Operational System

Preventing Loss of Service -Reality Resilience Options Gateway Data Unprotected Failsafe Heartbeat Logging Transaction Preventing Loss of Service -Reality Resilience Options Gateway Data Unprotected Failsafe Heartbeat Logging Transaction Database Shadow Database Gateway Logs Data Secondary System Primary System Heart Beat Automatic Switch Manual Switch Failsafe Manual Switch Shadow Hardware Transaction Logging Hardware Data Restore Replay Log Hardware Data Restore Re-key from last restore Unprotected Replay Log Service Restoration Time 36

Preventing Loss of Service - Reality Automated DR • Maintains remote disaster recovery systems Preventing Loss of Service - Reality Automated DR • Maintains remote disaster recovery systems ► Further extends resilience options to support: Reality Environment Remote hot backup systems Remote ► Operation over slow or intermittent communication links standby ► Sourced from one or more machines system(s) ► Secured up to the last completed transaction ► Reality Environment Reality Failsafe Environment or Standalone System 37

Loss of Service – Planned Administration • Service availability can be effected by the Loss of Service – Planned Administration • Service availability can be effected by the need to perform ► File Sizing ► ► Regular Backups ► ► ► 38 Typically this is done while systems are offline ► Costly! Normally done while systems are offline ► Some sites running out of night to perform backup System Upgrades Software Upgrades

Preventing Loss of Service – Planned Administration – with Reality • File Sizing ► Preventing Loss of Service – Planned Administration – with Reality • File Sizing ► Auto File Sizing Automatically adjust file sizes, in real time as data grows, with minimal system overhead ► Never need to resize a file again! ► • • Backups ► Fast Backup and Recovery Software Upgrades ► Typical Reality upgrade takes no more than 20 minutes ► ► 39 Failsafe enables a phased upgrade to take place Backwards compatibility guaranteed

Loss of Service – Vendor Services • Northgate ► 24 x 7 x 365 Loss of Service – Vendor Services • Northgate ► 24 x 7 x 365 World wide support on Reality ► ► ► Rapid response times Operations in 46 countries Very Stable product Less than 30 faults ever outstanding world wide ► Reality sites who have not had a loss of service in over 20 years ► 40

Conclusion • Plan in advance ► Create Business Continuity & Disaster Recovery plans (NOW) Conclusion • Plan in advance ► Create Business Continuity & Disaster Recovery plans (NOW) • 41 Be aware of the Risks ► Security Breach ► Loss of Service ► Data, ► Hardware, ► Network infrastructure, ► Site, ► Staff!

Conclusion • Deploy techniques to mitigate those risks ► Security Methods Database Security ► Conclusion • Deploy techniques to mitigate those risks ► Security Methods Database Security ► Data Security ► ► Protect Your Service Resilient Hardware ► Regular backups ► Resilient File System ► Hot standby systems ► Remote Hot Standby systems ► • 42 Move to Reality ► Northgate and Reality have the tools to protect your business

Conclusion 43 Conclusion 43