Extreme Exploits: Advanced Defenses Against Hardcore Hacks (Hacking Exposed)
| | ||
| | ||
| | ||
"Our network can't be down! We lose money each minute that our systems are unavailable!" We hear quotes like this from CIOs, CFOs, CSOs, and many other C-level executives in organizations. Therefore, we ask questions like the following:
-
Do you have a spare border router on a shelf somewhere?
-
Do you have spare interface cards for the router (Ethernet, serial, etc.)?
-
Do you have redundant firewalls (or at least a spare firewall)?
-
Do you have a spare Ethernet switch to replace the failed switch that interconnects your border router, firewall, and DMZ LANs?
You would be shocked how many times the answer to most of those questions is "no." The network can never be down, but many organizations have little, if any, redundancy and no hardware sparing plan. You may have a solid security policy, access control lists, strong authentication mechanisms, and redundant routing, but if you have a critical hardware failure and no spare equipment, you may be down for hours or days while you await replacement hardware. There goes reliability!
Consider the simple network in Figure 4-4, consisting of two Internet gateways to the same ISP, a single firewall, a single interconnect switch, and no sparing or redundancy plan, to see the impacts to reliable connectivity.
Note the gray-shaded circles in Figure 4-4; they represent single points of failure that can cause partial or complete outage of Internet connectivity. If one border router fails, you still have a backup path through the other router, assuming you run Virtual Router Redundancy Protocol (VRRP), Hot-Standby Router Protocol (HSRP), or some other vendor-specific protocol between the firewall and the border routers. However, if the ISP's routing fails, or the firewall fails, or the interconnect switch fails, you will lose all connectivity to the Internet. Assuming you have no spares , reliability is gone!
You should take inventory of all network elements and determine an appropriate level of equipment spares to keep on hand. This decision is different for each organization and depends on:
-
Budget Extra equipment can be costly, and clustered/redundant network elements can be more costly.
-
Expected Mean Time Between Failures (MTBF) Hardware vendors can supply you with details of how long they expect a device to remain operational before experiencing some type of failure. This will impact what you hold in spares, and the quantity.
-
Business Requirements How long can you afford to have Internet gateways out of operation? For instance, you must determine the financial impact of having 24- hour overnight replacement from your vendor vs. immediate replacement from your spare inventory.
Analyze your network infrastructure and determine where the single points of failure lie, then develop a sparing or redundancy plan to mitigate risk of downtime.
| Note | It is not always economically feasible to eliminate every single point of failure in a network. In fact, single points of failure are not always obvious. For example, you may have circuits from two different ISPs, but find that both circuits are actually part of the same physical cable plant entering your building. In any case, with a combination of "hot spares" (redundant network equipment) and "cold spares" (spare network equipment inventory), you can greatly reduce the risk of single points of failure. |
| | ||
| | ||
| | ||