I was talking to someone briefly the other day about the CIA triad and it got me to thinking. Most security books teach it and many security professionals will agree that it is foundational to Information Security. As you all know the 3 legs are Confidentiality, Integrity and Availability. We all work hard to ensure that our data stays confidential, that it's integrity is maintained and that it is available to authorized users when it is needed.
What I want to talk about is Availability. What does it involve and what are we doing to ensure that data truly is available. Availability can be affected by the following (and more that I'm sure I will miss).
- Denial of Service Attacks
- Hardware failure
- Improper device configuration
- Man-in-the-middle attacks
- Corruption of data
- Removal/deletion of data (intentional and unintentional)
- Route poisoning (ARP,DNS, etc)
- Software bugs
The best way to assure the availability of information is to have a plan and to test it.
- What is your plan to prevent MitM attacks, Route poisoning, DoS attacks? Do you test your systems to ensure that these types of attacks can be fended off? Do you have a plan to mitigate them? What about an incident response plan? Has it been tested and carefully thought through?
- What about data corruption or deletion? You have backups but are they any good? When was the last time you did a test restore? What happens if your tape drive goes bad? Can you restore on a different model if necessary?
- What steps are in place to ensure that devices are configured properly? Do you have procedures to ensure that they are configured and tested? Is the configuration backed up and documented in case of hardware failure? How quickly can you get the device back up and running or replaced? Say you lose a server with all your user files. You have a spare that you can restore to quickly, but what about ensuring that the users can connect to the new device. It likely has a different IP address and name than the original box. What are you procedures for uninstalling applications and patches that cause problems?