When Technology Falters: The CareGroup Network Outage John D. Halamka MD CIO, CareGroup CIO, Harvard Medical School.

Slides:



Advertisements
Similar presentations
Ethernet Switch Features Important to EtherNet/IP
Advertisements

Introducing Campus Networks
Deploying GMP Applications Scott Fry, Director of Professional Services.
Firewall Query Engine and Firewall Comparison Engine Mohamed Gouda Alex X. Liu Computer Science Department The University of Texas at Austin.
Module 5 - Switches CCNA 3 version 3.0 Cabrillo College.
Multi-Layer Switching Layers 1, 2, and 3. Cisco Hierarchical Model Access Layer –Workgroup –Access layer aggregation and L3/L4 services Distribution Layer.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 5: Inter-VLAN Routing Routing & Switching.
IS Network and Telecommunications Risks
1 13-Jun-15 S Ward Abingdon and Witney College LAN design CCNA Exploration Semester 3 Chapter 1.
Ch.6 - Switches CCNA 3 version 3.0.
This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
1 Secure Your Business PATCH MANAGEMENT STRATEGY.
Institute of Technology, Sligo Dept of Computing Semester 3, version Semester 3 Chapter 3 VLANs.
DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.
Stephen S. Yau CSE , Fall Security Strategies.
(part 3).  Switches, also known as switching hubs, have become an increasingly important part of our networking today, because when working with hubs,
© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—5-1 Implementing a Highly Available Network Understanding High Availability.
LOGO Local Area Network (LAN) Layer 2 Switching and Virtual LANs (VLANs) Local Area Network (LAN) Layer 2 Switching and Virtual LANs (VLANs) Chapter 6.
1 © 2006 Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Using the Cisco Technical Support & Documentation Website for LAN Issues.
Chapter 14 Managerial issues in networking. Overview Network design Network management – Hardware – Software Technology standards Role of government and.
Polycom Conference Firewall Solutions. 2 The use of Video Conferencing Is Rapidly Growing More and More people are adopting IP conferencing Audio and.
SharePoint Farm On Azure IAAS Prepared By : Prakhar Rastogi Premier Field engineer Microsoft India.
Networking Components Christopher Biles LTEC Assignment 3.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.
Describe How Software and Network Security Can Keep Systems and Data Secure P3. M2 and D1 Unit 7.
Current Job Components Information Technology Department Network Systems Administration Telecommunications Database Design and Administration.
© 2011 Cisco and/or its affiliates. All rights reserved. 1 High Performance Network Analysis Enterprise Operate Practice Cisco Services Andrew Wojtkowiak.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
1/28/2010 Network Plus Network Device Review. Physical Layer Devices Repeater –Repeats all signals or bits from one port to the other –Can be used extend.
Module 2: Installing and Maintaining ISA Server. Overview Installing ISA Server 2004 Choosing ISA Server Clients Installing and Configuring Firewall Clients.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Identifying Application Impacts on Network Design Designing and Supporting.
LAN Switching and Wireless – Chapter 1
1 LAN design- Chapter 1 CCNA Exploration Semester 3 Modified by Profs. Ward and Cappellino.
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod9_L8 1 Network Security 2 Module 7 – Secure Network Architecture and Management.
LAN Switching and Wireless – Chapter 1 Vilina Hutter, Instructor
Hierarchical Network Design – a Review 1 RD-CSY3021.
LOGO Local Area Network (LAN) Layer 2 Switching and Virtual LANs (VLANs) Local Area Network (LAN) Layer 2 Switching and Virtual LANs (VLANs) Chapter 6.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 1: Introduction to Scaling Networks Scaling Networks.
©2015 EarthLink. All rights reserved. Network Diagnostics Professional Services.
Module 11: Designing Security for Network Perimeters.
Lesson 19-E-Commerce Security Needs. Overview Understand e-commerce services. Understand the importance of availability. Implement client-side security.
Chapter 3 - VLANs. VLANs Logical grouping of devices or users Configuration done at switch via software Not standardized – proprietary software from vendor.
5/18/2006 Department of Technology Services Security Architecture.
Security fundamentals Topic 10 Securing the network perimeter.
Rob Davidson, Partner Technology Specialist Microsoft Management Servers: Using management to stay secure.
Network Components By Kagan Strayer. Network Components This presentation will cover various network components and their functions. The components that.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Switching in an Enterprise Network Introducing Routing and Switching in the.
Slammer Worm By : Varsha Gupta.P 08QR1A1216.
Access Network Devices Remotely— Even if the Network is Down— with Out-of-Band Management.
© 2002, Cisco Systems, Inc. All rights reserved..
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Creating the Network Design Designing and Supporting Computer Networks – Chapter.
Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.
© 2003, Cisco Systems, Inc. All rights reserved. 2-1 Campus Network Design.
City of Hyattsville City Council IT Briefing October 19, 2015 dataprise.com | #ITinRealLife.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 VLANs.
Security fundamentals
Chapter 7. Identifying Assets and Activities to Be Protected
© 2002, Cisco Systems, Inc. All rights reserved.
Working at a Small-to-Medium Business or ISP – Chapter 8
Planning and Troubleshooting Routing and Switching
Chapter 5: Inter-VLAN Routing
2018 Real CompTIA N Exam Questions Killtest
Audit Plan Michelangelo Collura, Folake Stella Alabede, Felice Walden, Matthew Zimmerman.
Module 5 - Switches CCNA 3 version 3.0.
IS4680 Security Auditing for Compliance
Chapter 3 VLANs Chaffee County Academy
Global One Communications
Presentation transcript:

When Technology Falters: The CareGroup Network Outage John D. Halamka MD CIO, CareGroup CIO, Harvard Medical School

Agenda  In depth overview of the Network Outage  Key Lessons  The Sequel – SQL Slammer  Questions and Answers

CareGroup Network as Built

Timeline  November 13, :45pm –Napster-like internal attack –Change begins, redundant links cut –Callisma and Cisco on site  November 14, 2002 –Spanning tree issues –WAN issues –CAP declared at 4:00pm

Core Switch Utilization

Timeline  November 15, 2002 –PACS Rebuild –Research/Cardiology rebuild –Reboot of core and distribution layer  November 16, 2002 –VLAN mismatch –Redundant Core built as contingency

Core Switch Utilization

Root Cause Analysis  CareGroup Network grew organically by Merger and Acquisition into a massive bridged switched network which was not within Spanning Tree spec  Equipment was not life cycle managed  Router/switch configuration was not in accordance with best practices i.e. multicast dense mode

Spanning Tree Problems  When TAC was first able to access and assess the network, we found the Layer 2 structure of the network to be unstable and out of specification with 802.1d standards. The management vlan (vlan 1) had in some locations 10 Layer 2 hops from root.  The conservative default values for the Spanning Tree Protocol (STP) impose a maximum network diameter of seven. This means that two distinct bridges in the network should not be more than seven hops away from one to the other.

Key Lessons  Partner with your network vendor –Encourage external audits of your network –Engage advanced engineering services –Avoid senior management blind spots

Key Lessons  Avoid flat topology bridged switched networks. Best Practice CareGroup Network One VLAN per Subnet per VLANs span many physical switches physical switches Limited or no bridging Extensive use of bridging Layer 2 switching limited to Layer 2 switching access layerextended across core

Key Lessons  Re-evaluate the enterprise architecture of your network –Routed core –Switched distribution and access layers –Robust Firewall

Key Lessons  Life Cycle Manage your network –Eliminate Legacy Protocols –Recognize the value of new feature sets –Hardware must keep up with the demands of a changing organization – video over IP, IP telephony, bioinformatics, image management

Key Lessons  Implement appropriate monitoring and diagnostic tools to maintain the health and hygiene of your network –Concord –NATKit –CiscoWorks –OpenView

Key Lessons  Have a robust downtime plan –Out of band diagnostics –Dial up modems and computers in key clinical areas –Overview of CareGroup Disaster Recovery plan

Service Objectives

Protection Features

Protection features

Protection Techniques Cost versus Benefit

Protection Techniques by Vulnerability

Key Lessons  Implement Strict Change Control –Standards, configurations, devices, protocols, links, processes, procedures, or services –Prior review and approval of all network infrastructure changes –Multi-discipline membership –Changes classed as substantial, moderate, or minimal impact

Key Lessons  Implement Strict Change Control (cont) –Substantial changes require Cisco AES review –Changes scheduled 2am – 5am weekends –Changes require baseline, testing, and recovery plans –As-Built documentation to include overall, physical and logical diagrams –NCCB recommends expense allocation

The Sequel – SQL Slammer  Released at 12:30am on January 25  Infected East Coast at 12:40am  Microsoft SQLServer 2000 was patched, however Microsoft did not issue any patches or security warnings on Microsoft Data Engine 2000 (MSDE), which is included with numerous desktop products

Spread of the Worm

Exact effect on CareGroup  MSDE and non-IS maintained databases infected  Network saturated by worm activity  Shut off links to Research areas  Blocked all traffic from the public internet  Network traffic levels returned to normal

Cleanup  Restart of servers and desktops that were disrupted by the outage  Once all areas research areas had cleaned desktops, we restored port 1433 connectivity

Further Lessons learned  VPN as a security risk  Implement a scanning program to analyze research desktop and server vulnerabilities  Ensure you have modern network equipment that afford you the tools to control intra-VLAN traffic

Conclusions  Lifecycle manage your network just as you would your desktop  Ensure senior management understands the value of the network as a strategic asset  Build great downtime procedures including out of band connectivity just in case the technology falters

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.