Friday, April 17, 2009

Third and final installment on How to Survive a Network Attack

It's been a crazy week here at OCLC. Lots of good stuff in the works. I have been joking that the whole company will exhale a collective sigh of relief when all the planned spring and summer upgrades/enhancements/releases finally go through.

I spent an extended holiday weekend last weekend in my hometown of Alva, Oklahoma visiting as many family members as possible. Where else do you find a baby calf, a rabbit, a dog, 2 kittens and an indeterminate amount of chickens in the same backyard? I love it!

I was recently reminded that I hadn't give you the final installment in the IAG occasional series on "How to Survive a Network Attack" for small and medium-sized libraries. If you have IT people who specialize in security, rock on. If not, maybe these tips will help. This is the third chunk.
Find the previous two chunks are here:
Reduce the likelihood of an attack.
Have visibility into the problem.

Determine what you’re up against.

In the middle of a problem, it can be easy to jump to conclusions that will lead you astray.

* Is there really an attack going on, or is there another cause, such as a misconfiguration, equipment failure or power outage?
* Is your network the target of an attack, or is it the source?
* Is your network the target of an attack directed specifically at your organization, or are you caught up in a larger issue?
* Is the apparent intent of the attack to cause a service interruption, or are interruptions the side effect of a different type of attack?

Be able to block.
* Choke points in your network: Identify in advance the most efficient places in your network to perform filtering. A good place to look is Access Control Lists on the router that connects your network to the Internet.
* Quality of Service (QoS) controls: Even better than being able to block is to be able to control the amount of resources devoted to different types of traffic. With QoS controls configured in your network, you may be able to throttle the bad traffic while ensuring that there are enough resources devoted to critical services.
* Maintain a relationship with your Internet Service Provider: By the time traffic reaches your network it may be too late, and it may be more than it can handle.

Above all, don’t panic.


My take is that there are people who make their living providing security for online services. And lucky for libraries, there are data streams that are much more prone to attacks, too. I know we all love our MARC XML (sent through RESTful queries, no doubt) but banks and health care providers deal with data that is every bit as sensitive (I would argue much more so) than library data.

So if we take some pro-active steps, we will probably survive a network attack just fine and even live to tell the tale.

No comments: