The Binomial Bookstore

PLANNING FOR SURVIVABLE NETWORKS:
ENSURING BUSINESS CONTINUITY
by Annlee A. Hines

Companies are finally learning that a network disaster recovery plan is mandatory in these
times, and they must be prepared to make difficult choices about network security.

In the information-packed pages of this book, Annlee Hines shares her unique and diverse
work experience. She explains that the first thing you need, whatever your business may be,
is reliable information and an idea of what you need to protect, as well as what you are
protecting it from. She then dives into a discussion of how much you can expect to spend
depending on what kind of security your network requires. She also delves into addressing
the variables that determine why your needs will not necessarily be the needs of your closest
competitor.

Most importantly, Hines writes this valuable material realizing that you already know how to
do your job—it’s just that you now have to reconsider just how vulnerable the information
nervous system of your company really is.

From major terrorist attacks to natural disasters to hackers, Annlee Hines explores how to
defend your network and reviews such topics as:

- Probes, viruses, worms, and Trojan horses
- The most common vulnerabilities networks face
- Understanding and justifying costs
- Lessons to be learned from successful defense strategies
- Preparing for the worst and the requirements of network survival
- Remedies, cyber recovery, and restoration

- - - - - - - -

EXCERPT FROM THE FOREWORD

“It's true that the events of September 11, 2001 crystallized my thoughts about network
survivability, but the thoughts go back much further than that. I became very interested in
terrorism while serving in the USAF in Europe, where it was a very real threat, especially to
those of us in an American uniform. That interest had been somewhat dormant, but it never
really went away. I stayed aware of the threats and how they were evolving; where once
terrorists struck only where they could melt away into the populace to live and strike another
day, they no longer care about that. This is a watershed, for it changes the nature of the
threat: Delivery need no longer be safe for the deliverer. That turns previously untouchable
locations into targets.

“Since I left the service, I have become a network engineer after owning two businesses, and
the bottom-line responsibility I held there changed the way I thought about business; it has
also affected how I look at network operations. The network exists only because it brings
value to its business. But if it brings value, that value must continue or the business itself
may suffer such a degradation of its financial condition that it is in danger of failing. That
statement was not always true, but it has become true in the past two decades. Almost
unnoticed, networks have indeed become integral to the operations of all major businesses,
all around the world.

“What is more, we do operate in a global economy, with costs held to their barest minimum
in the face of competition from other companies, some of whom operate in other countries,
where cost structures are different. If the network is a major factor in your firm's
competitiveness, whether from a perspective of increasing productivity or a perspective of
minimizing the cost of timely information transfer, its continuity is critical to business
continuity.

“The networking community was as mutually supportive as ever during and after the terrorist
attacks of September 11. The NANOG (North American Network Operators Group) mailing
list was flooded with advisories of where the outages were, who was able to get around them,
offers of available bandwidth and even temporary colocation, if needed. There were also dire
thoughts concerning how much worse the situation would have been had a couple of other
locations been hit as well.

“Many of the first responders who died lost their lives due to communications failures-they did
not notify the command center of their presence or location, but rushed in to help because
lives were at stake right now. When the command center decided to evacuate because senior
officials knew the buildings could not stand much longer, radio coverage was so spotty that
some who lost their lives did so because they simply never got the word to get out. The
communication network that day was inadequate to the task.

“After the collapse of the World Trade Center, much of the information dissemination was
made via email and Internet; those hubs were the ones referred to on NANOG in the what-if
discussions. Networks have always been about communications-moving the information from
where it is already known to where it needs to be known to add value. "Rejoice! For victory is
ours," gasped Phaedippides with his dying breath after running from the battlefield at
Marathon to Athens. His message had value because Athens expected to lose the battle,
and the city fathers were preparing to surrender when they saw the Persian fleet approach.

“On a more business-centric note, the time to buy, said Lord Rothschild, is when the blood is
running in the streets. He used his superior communications to cause that to happen, after
the Battle of Waterloo, and he made a financial killing in the London markets his better
information had manipulated.

“Your network is the nervous system of your business-the connector between its brains and
direction and the actual execution of business decisions. If the nervous system is damaged
or disrupted, bad decisions may ensue (from bad information), or good decisions may be
ordered but never executed. Either way, it might be your company's blood that is running in
the streets.

“Business continuity implies that the organization continues to operate as a business; for
this, the nervous system must continue to be there. It may not be there in all its ordinary
glory, but the essential services it provides must continue to be present. Getting those
defined and finding ways to ensure their continuity are the subjects of this book.

“The threats to continued network operation range from the dramatic (major terrorist attack)
through the more common, but still not frequent (natural disasters), to the threat attacking
you every day (hackers). The tools that protect you from the first two are quite similar; there
is also considerable overlap with the tools to protect you from the third. As with anything in
either networking or business in general, you are going to have to make compromises. If you
learn from the principles addressed here, rather than blindly answering the lists of questions
presented, you will be prepared to make the hard choices on a knowledgeable basis. They
won't be any more pleasant, but the consequences are less likely to be an unpleasant
surprise.”

- - - - - - - - -

EXCERPT: “In Defense of Paranoia”

“What are you afraid of concerning your network? What should you be afraid of? Those are
not necessarily congruent sets. September 11, 2001, made us all aware of terrorism and of
the threat of airplanes being used as bombs to destroy buildings.

“How often has that actually happened? Once. Horrific as it was, involving four separate
aircraft, as an event it has happened only once. Some businesses located in the World Trade
Center will not survive; they simply lost too much. Others continued to operate with hardly a
noticeable ripple to their customers. Most muddled through somewhere in between. It is not
fair to say that our military headquarters was unaffected, for it surely was. Military information
systems, though, were robust enough to avoid serious disruption to any of the command and
control functions-the networks delivered, with a little help from the human elements. We will
examine a few exemplary stories from the attack on the WTC (civilian networks are more
directly comparable for our purposes); in these cases, the companies' networks were
prepared, some better than others, and they continued to deliver the business for their
companies. There are other examples, not as positive, that we will examine, as well. We do
well to remember Santayana: "Those who cannot remember the past are condemned to
repeat it."

“Far more common than terror attacks are natural disasters. Hurricane Andrew, a Category 5
storm, devastated the southern end of Florida, and some areas have simply never recovered.
A few years later, Hurricane Hugo, a Category 4 storm, swept through the Carolinas and
wreaked substantial destruction there. California has suffered two major earthquakes in the
past 13 years: Loma Prieta, in 1989, and Northridge, in 1994. As in all other major natural
disasters, basic utilities were disrupted, in some areas for a surprisingly long time. The
Kobe-Osaka earthquake in Japan in 1995 was even stronger (damage estimates reached 2
percent of the area's Gross Domestic Product). Devastating tornadoes strike cities in the
United States every year. Mount St. Helens' eruption in 1980 devastated a large area of
Washington, not with a lava flow, but with pyroclastic flows and lahars; they were far from the
first such flows and lahars in the Pacific Northwest's history. The same is true of Mount
Pinatubo in the Republic of the Philippines; the eruption in 1991 caused massive destruction
in the surrounding area.

“Should you be more concerned about natural disasters than unnatural ones-those caused by
your fellow man? Yes and no. Some unnatural disasters are not deliberate; they occur
because humans are sometimes sloppy or lazy in their work, and sometimes they are
ignorant of the consequences of a particular action. Urban floods are not always an act of
nature; sometimes they are the intersection of digging equipment and a major water main (or
even, as in Chicago, the underground side of a river).

“Fortunately, your preparations to deal with natural disasters form a good foundation for
preparation to deal with a terrorist attack. In both cases, you are preparing to lose the use of
a major networking location for an indeterminate period of time. You are concerned about
saving your people first-equipment is far easier to replace, and arrangements can be made
quickly for new desktops and servers, new routers and switches. Arrangements for a new
operating location may prove more difficult; that will depend on the magnitude of the disaster
and the condition of the local real estate market at the time. Your planning can mitigate even
that.

“Natural disasters are your first priority; with a security twist, that planning will ensure
network continuity, right?

“Wrong.

“Wrong, wrong, wrong.”

- - - - - - - - -

CONTENTS

Foreword
1 - Introduction
2 - Network Threats
3 - Tactics of Mistake
4 - Murphy's Revenge
5 - "CQD ... MGY"
6 - The Best-Laid Plans
7 - Unnatural Disasters (Intentional)
8 - Unnatural Disasters (Unintentional)
9 - Preparing for Disaster
10 - Returning From the Wilderness
11 - The Business Case
12 - Conclusion
Appendix A - References
Appendix B - Questions to Ask Yourself
Appendix C - Continuity Planning Steps
Appendix D - Post-Mortem Questions
Appendix E - Time Value of Money
Appendix F - Glossary
Index
List of Figures
List of Tables
List of Sidebars

- - - - - - - -

ABOUT THE AUTHOR

ANNLEE A. HINES is a systems engineer for Nortel Networks (Data Networks Engineering).
Prior to Nortel, Hines was an engineer in the U.S. Air Force working with command, control,
communications, and intelligence systems. She has also worked for a defense contractor,
owned two small businesses, and taught economics and political science at a community
college. Hines has written three white papers for publication by CertificationZone.com on
network management, switched WAN technologies, and an introduction to telephony.

- - - - - - - -
2002, 336 pages. Order #DR702.
- - - - - - - -

The Binomial Bookstore

Telecommunications, Networks

Rothstein Associates Inc.