Security's Everyman

Security's Everyman

Friday, April 06, 2007

The best laid plans....

I was talking to someone briefly the other day about the CIA triad and it got me to thinking. Most security books teach it and many security professionals will agree that it is foundational to Information Security. As you all know the 3 legs are Confidentiality, Integrity and Availability. We all work hard to ensure that our data stays confidential, that it's integrity is maintained and that it is available to authorized users when it is needed.

What I want to talk about is Availability. What does it involve and what are we doing to ensure that data truly is available. Availability can be affected by the following (and more that I'm sure I will miss).

  • Denial of Service Attacks
  • Hardware failure
  • Improper device configuration
  • Man-in-the-middle attacks
  • Corruption of data
  • Removal/deletion of data (intentional and unintentional)
  • Route poisoning (ARP,DNS, etc)
  • Software bugs
These things affect Information Security yet are often looked at as either belonging to another group (Network, Servers, Firewall, etc) or not being a big deal. When this happens you are setting yourself up for failure.

The best way to assure the availability of information is to have a plan and to test it.
  • What is your plan to prevent MitM attacks, Route poisoning, DoS attacks? Do you test your systems to ensure that these types of attacks can be fended off? Do you have a plan to mitigate them? What about an incident response plan? Has it been tested and carefully thought through?
  • What about data corruption or deletion? You have backups but are they any good? When was the last time you did a test restore? What happens if your tape drive goes bad? Can you restore on a different model if necessary?
  • What steps are in place to ensure that devices are configured properly? Do you have procedures to ensure that they are configured and tested? Is the configuration backed up and documented in case of hardware failure? How quickly can you get the device back up and running or replaced? Say you lose a server with all your user files. You have a spare that you can restore to quickly, but what about ensuring that the users can connect to the new device. It likely has a different IP address and name than the original box. What are you procedures for uninstalling applications and patches that cause problems?
These are the types of things that can easily be over looked if you have not done your homework. You need to do a Risk Assessment and ensure that the basics are covered. You need to then put a plan in place and test, test, test. It's not always the most fun thing to do, but in the process you will learn a lot about yourself, your network, your coworker and your company. It might even keep you out of the unemployment line.

Creative Commons License
This work is licensed under a Creative Commons Attribution-NC-SA 3.0.