Hardware/Software Deployment Strategies. Introduction to Information System Components. Chapter 1 Part 4 of 4 CA M S Mehta, FCA

Similar documents
Our Cloud Offers You a Brighter Future

SWAP EXECUTION FACILITY OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

by New Media Solutions 37 Walnut Street Wellesley, MA p f Avitage IT Infrastructure Security Document

DESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

Industrial Security for Process Automation

Created By: 2009 Windows Server Security Best Practices Committee. Revised By: 2014 Windows Server Security Best Practices Committee

Company Co. Inc. LLC. LAN Domain Network Security Best Practices. An integrated approach to securing Company Co. Inc.

Security Controls for the Autodesk 360 Managed Services

Storage Guardian Remote Backup Restore and Archive Services

TECHNICAL AND ORGANIZATIONAL DATA SECURITY MEASURES

Firewalls. Securing Networks. Chapter 3 Part 1 of 4 CA M S Mehta, FCA

Host Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1

Autodesk PLM 360 Security Whitepaper

Course: Information Security Management in e-governance. Day 1. Session 5: Securing Data and Operating systems

SITECATALYST SECURITY

GE Measurement & Control. Cyber Security for NEI 08-09

Name: Position held: Company Name: Is your organisation ISO27001 accredited:

Blackboard Collaborate Web Conferencing Hosted Environment Technical Infrastructure and Security

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

ICANWK406A Install, configure and test network security

The evolution of data connectivity

UNIFIED MEETING 5 SECURITY WHITEPAPER INFO@INTERCALL.COM INTERCALL.COM

Overcoming Security Challenges to Virtualize Internet-facing Applications

Fully Managed Secure Data Sharing (a cloud service)

M.Sc. IT Semester III VIRTUALIZATION QUESTION BANK Unit 1 1. What is virtualization? Explain the five stage virtualization process. 2.

Security Controls What Works. Southside Virginia Community College: Security Awareness

System Security. Your data security is always our top priority

Secure, Scalable and Reliable Cloud Analytics from FusionOps

IT - General Controls Questionnaire

Systems Software. Introduction to Information System Components. Chapter 1 Part 2 of 4 CA M S Mehta, FCA

System Security Plan University of Texas Health Science Center School of Public Health

Network Router Monitoring & Management Services

Making the leap to the cloud: IS my data private and secure?

Altus UC Security Overview

Las Vegas Datacenter Overview. Product Overview and Data Sheet. Created on 6/18/2014 3:49:00 PM

Information Technology Security Procedures

OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

CONTENTS. Security Policy

IP Telephony Management

At a Glance. Key Benefits. Data sheet. A la carte User Module. Administration. Integrations. Enterprise SaaS

What the student will need:

BKDconnect Security Overview

Guidelines for Website Security and Security Counter Measures for e-e Governance Project

Network Security Guidelines. e-governance

Security from a customer s perspective. Halogen s approach to security

Information Security Risk Assessment Checklist. A High-Level Tool to Assist USG Institutions with Risk Analysis

SERVICE SCHEDULE PUBLIC CLOUD SERVICES

Frankfurt Data Centre Overview

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

Securely Architecting the Internal Cloud. Rob Randell, CISSP Senior Security and Compliance Specialist VMware, Inc.

Tk20 Network Infrastructure

Developing Network Security Strategies

Solutions as a Service N.Konstantinidis Technical Director - MNG

Automating Infrastructure A connectivity perspective for BICSI SEA meeting, November 2011

Application-Centric WLAN. Rob Mellencamp

Powering the Cloud Desktop: OS33 Data Centers

Cloud Management. Overview. Cloud Managed Networks

How To Secure Your System From Cyber Attacks

ADM:49 DPS POLICY MANUAL Page 1 of 5

Fundamentals of a Windows Server Infrastructure MOC 10967

A Systems Approach to HVAC Contractor Security

IT Networking and Security

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

State of Texas. TEX-AN Next Generation. NNI Plan

CompTIA Cloud+ 9318; 5 Days, Instructor-led

SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

G/On. Basic Best Practice Reference Guide Version 6. For Public Use. Make Connectivity Easy

Client Security Risk Assessment Questionnaire

CompTIA Cloud+ Course Content. Length: 5 Days. Who Should Attend:

Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0

Information security controls. Briefing for clients on Experian information security controls

Avaya TM G700 Media Gateway Security. White Paper

Woodcock-Johnson and Woodcock-Muñoz Language Survey Revised Normative Update Technical and Data Security Overview

Perceptive Software Platform Services

Avaya G700 Media Gateway Security - Issue 1.0

UMHLABUYALINGANA MUNICIPALITY IT PERFORMANCE AND CAPACITY MANAGEMENT POLICY

Building A Secure Microsoft Exchange Continuity Appliance

Workflow Templates Library

Information Disclosure Guidelines for Safety and Reliability of ASP / SaaS

Page 1 of 5

Data Center Security 100% UPTIME PUZZLE. Page 1

Features Security. File Versioning. Intuitive User Interface. Fast and efficient Backups

nwstor Storage Security Solution 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4.

Security Best Practice

Managed Hosting is a managed service provided by MN.IT. It is structured to help customers meet:

Famly ApS: Overview of Security Processes

Our Hosting Infrastructure. An introduction to our Platform, Data Centres and Data Security.

Managed Hosting Evaluating Blackboard Managed Hosting Vs. Self Hosting

Cyber Security for NERC CIP Version 5 Compliance

Information Technology General Controls Review (ITGC) Audit Program Prepared by:

Securing the Service Desk in the Cloud

Exhibit to Data Center Services Service Component Provider Master Services Agreement

CLOUD FRAMEWORK & SECURITY OVERVIEW

Call: Disaster Recovery/Business Continuity (DR/BC) Services From VirtuousIT

BM482E Introduction to Computer Security

SonicWALL PCI 1.1 Implementation Guide

Transcription:

Hardware/Software Deployment Strategies Introduction to Information System Components Chapter 1 Part 4 of 4 CA M S Mehta, FCA 1

Hardware/Software Deployment Strategies Learning Objectives Task Statements 1.1 Identify deployment of different components of IT and their functions: Computer Hardware, Operating system software, database management software, application software 1.2 Recognise the configuration of hardware, operating system software, database management software and application software. Knowledge Statements 1.1 Information Technology components of Information Systems Infrastructure and related processes in the context of practical deployment in enterprises. 1.3 Configuration management of hardware, system software, database management software and application software. 2

Hardware/Software Deployment Strategies Topics Covered Different Deployment Strategies - Centralised/distributed IT Components of a Data Centre in Centralised CBS environment Configuration Management Hardening of Systems Auditing IS Infrastructure 3

Deployment Of IS Infrastructure Business Goals Business Processes IT Services IT Infrastructure Deployment of IT Infrastructure would be directed by business Strategy and involves Acquiring Hardware and Software and its Installation, Configuration, Running, Testing and Customisations. 4

What are Different Deployment Strategies? 5

Centralised Deployment Strategies Decisions taken at the most senior or central level. There is a Central data base. Applications are deployed on single Hardware Software Platform. Servers are the central level. Single middleware required at central level. All user communication directed to the central point. OS Patches etc. can be deployed from central point. 6

Centralised Deployment Strategies Centralisation might be appropriate for System critical for organisation s functioning The system used by many departments Data is drawn from several different sources There are particular technical issues like network design. 7

Centralised Deployment Strategy Sharing resources BENEFITS Data used across organisation in one place, Easier to undertake organisation-wide activities. Exchange of hardware, software and staff Full replication for higher availability Achievement of economies of scale Central policy enforcements patch management Better security 8

Centralised Deployment Strategies DISADVANTAGES Single point of failure Inflexibility to cope with local changes Increased dependence and vulnerability 9

Decentralised Deployment Strategies Databases are distributed to Decentralised Centres Applications are deployed on different Platform. Middleware required at each step. No single point of failure. Policy Administration at decentralised level 10

Decentralised Deployment Strategies Decentralisation might be appropriate for The system relevant only to one department. Processing requirements are subject to frequent changes. Where Data is drawn: From existing centrally-managed database, or From a proposed locally-managed database 11

Decentralised Deployment Strategy BENEFITS Greater fit between systems and local needs Higher usage of computerised systems Faster system development No single point of Failure Reduced CAPEX 12

Decentralised Deployment Strategies DISADVANTAGES Barriers to sharing data Barriers to sharing other resources Latency Local Replication requirements No Central control over patches, version 13

What are Information Technology Components In a CBS Data Centre? 14

IT Components in a CBS Data Centre Bank s data centre or an IPF (Information Processing Facility) Used to house computer systems and associated components To cater to its information processing needs Has storage, security and communication links. Equipped with: redundant or backup power supplies, redundant data communication connections, environmental controls, and security devices 15

IT Components in a CBS Data Centre IT components depend upon: Bank s corporate objectives, Planned service types, Risk management and control mechanism Compliance/Regulatory requirements 16

Core Banking Solution Factors affecting selection of IT Components The type of services the solution offers, Response time for customer transactions, Availability requirements of services, Layers of security implemented, and Processes for building customer confidence. Applications requiring interface to CBS may be hosted at the Data Centre. DR & Near Site To meet additional availability requirements 17

The IT Components Application Solutions and Services Hardware & OS Components Network and Security Components EMS Components Environmental Components 18

Application Solutions & Services Components Applications that are normally deployed in data centre of a bank CBS including Internet Banking RTGS NEFT Integrated Risk Management solution Integrated Treasury Solution Anti-Money Laundering System Asset Liability Management Solution Mobile Banking Automated Data Flow & MIS Data Archival System New Pension Scheme Govt Business OLTAS 19

Application Solutions & Services Components Contd.. Web Servers Customer Call Centre Customer Relationship Management Human Resources Management Email System Data Warehouse Biometric Authentication of branch Users in CBS Second factor Authentication (for Internet Banking Users) Cheque Truncation System and MICR Clearing System Financial Inclusion 20

Application Solutions Components Applications not part of CBS requiring an Interface with CBS could be housed in the same data centre or elsewhere. 21

Application Solutions & Services Components WAN interfaced with external networks to facilitate Applications ATM Switch Reserve Bank of India s MPLS network and NPCI SWIFT Master/VISA/American Expresses Exchanges National Clearing Cell and Cheque truncation system Utility service network like telephone companies Government Tax Departments Other Govt. agencies like CBEC, DGFT 22

Hardware & OS Components Servers/Server Farms Core Banking Servers-HA (High Availability) mode Database Servers- HA Mode Web Servers, Email, Anti-virus servers Application Servers for other applications 23

Hardware Components (Contd.) Servers have redundant power supply Virtualisation of some servers is implemented by banks to achieve: Scalability Reliability High availability for servers 24

Some other Hardware Components Storage Tape Library For storage of Data For backups 25

Network & Security Components Network design has two distinct zones One caters to the Private Segment (Core Banking Zone) The other the Public Segment (Internet Zone). Each zone has different sub-nets through VLANs 26

Network & Security Components Devices installed Core Routers Core Switches ISDN Routers Top of Rack Ethernet Switches Encryption Devices ACS Server Firewalls Internet Routers Intrusion Detection & Protection Systems Two Factor Authentication Security Solutions for email, and web. End-Point Security solutions 27

Network & Security Components A generic DC/DR Architecture 28

Enterprise Management System Components EMS Acts as an interface for the Network Operations Centre (NOC) Used to monitor Servers Network and security components 29

Enterprise Management System Components (contd.) Set of hardware and software solution(s) for: Application Monitoring Server Monitoring Network Monitoring Patch Management Asset Management SLA Management Change Management Interface to Helpdesk Module 30

Enterprise Management System Components 31

Environmental Components Racks- to house all servers and network equipments. Power ducts, cables, LAN (structured cabling) usually running below false floor. Smoke Detection and Fire Suppression Systems Motion Sensors Biometric and proximity card readers 32

Environmental Components (contd.) Video Camera Surveillance and Security Breach Alarm systems UPS power conditioning devices Power and Optic Fibre cables Redundant air conditioning equipment Humidity control equipment Diesel storage for power back-up. 33

Steps in Configuration Management of IS Components 34

Configuration Management-IS Components Identification of all significant components of IT Infrastructure Recording the details of these components in the Configuration Management Database Recording relationships between these components 35

Configuration Management-IS Components Configuration Identification Configuration Control Configuration Status Reporting Configuration Audit 36

Configuration Identification Process of Identifying the Configuration Items (CI) Items (HW/SW) which are under CM Configuration of components of these Items Configuration, version of these Items Software ( Name, Version, Licence, Configuration, Related Documentation, etc.) Hardware (Type, CPU, Memory etc.) 37

Configuration Control Managing Items throughout their life cycle Helps Know Items which are Controlled Process of controlling changes Version Control Who controls these changes Ensures approved version of Items used. 38

Configuration Status Reporting Recording and Reporting of all changes in IS Components Status of proposed changes What changes were made and at what time Effect of those changes on different components 39

Configuration Audit Verifying the correctness of the IS Components and their Configuration Status Reporting All Items correctly identified All changes correctly registered, approved, tracked and implemented Measures effectiveness of Configuration Management 40

How To Harden Systems? 41

System Hardening Process of securely configuring computer systems to eliminate as many security risks as possible. This may involve Applying patches Disabling unnecessary services Closing open network ports Setting up IDS, firewalls etc. 42

Hardening OS Latest Patches, service packs and hotfixes installed Enable automatic notification of patch availability Set minimum password length and complexity Configure event Log Settings Privileged Administrator root Accounts controlled Disable the guest account 43

Hardening OS.. Contd. Disable or uninstall unused services Use the Internet Connection Firewall Configure file system permissions Configure registry permissions Install and enable Security Suite Encryption of Drives used for Laptops 44

Hardening OS Contd. Configure a screen-saver to lock the console's screen automatically Set a BIOS/firmware password to prevent alterations in system start-up settings Configure the device boot order to prevent unauthorized booting from alternate media Use Vulnerability Assessment tools like Microsoft Baseline Security Analyser or Bastille Linux 45

Risks and Controls in Deployment of IS Infrastructure 46

Risks in deployment of IS Infrastructure Improper design Disruption of services- Security Breaches- Poor response times- 47

Controls in deployment of IS Infrastructure Proper site selection Disruption preparedness Proper NOC for network monitoring and control Security solutions Tested applications EMS and monitoring 48

Auditing IS infrastructure 49

Auditing IS Infrastructure Audit all Hardware and software to assess Hardware list with configurations available Check whether hardware in accordance with computational requirements Environmental controls for Hardware Effective hardware maintenance to reduce downtime Operating system has been hardened Proper Access Controls operational for Operating Systems Backup systems hardware, software, data sets for disaster readiness 50

References http://www.nsa.gov/ia/mitigation_guidance/security_conf iguration_guides/operating_systems.shtml http://www.configurationkit.com/index.htm http://www.sans.org/critical-security-controls 51

Hardware/Software Deployment We have learnt about Strategies Different Deployment Strategies - Centralised/distributed IT Components of a Data Centre in Centralised CBS environment Configuration Management Hardening of Systems Auditing IS Infrastructure 52

Hardware/Software Deployment Strategies Thank You 53

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information