Name That Domain: Amazon Web Service Outage Slows Down Internet

Name That Domain: Amazon Web Service Outage Slows Down Internet 864 486 CyberVista now N2K
This post is part of a series in which we pull security stories right from the headlines and discuss their relevance to the eight domains of the CISSP® exam.

Amazon Web Service Outage Slows Down Internet

Playback Issues

Some of our students enrolled in our CISSP training program couldn’t access their short, on-demand videos on Tuesday evening (for about 30 minutes). The videos were experiencing playback issues because Brightcove, the content service provider in our Learning Management System, is directly linked to Amazon S3, Amazon’s web-based storage system, which suffered a prolonged outage on Tuesday.
Our LMS wasn’t the only site experiencing issues. Reports of service disruptions were widespread. Amazon S3 is utilized by more than 145,000 websites and 120,000 domains. The outage located in the AWS region US-East-1 (one of many global locations)   affected Airbnb, Pinterest, MailChimp, and even the U.S. Security and Exchange Commission, according to WSJ.

Cloud Services: Domain 3, Security Engineering

For those of our CISSP candidates who could access their videos, they learned about cloud services in Domain 3, Security Engineering. In this domain, cloud computing is defined as processing and storage that is performed on a networked connection. Cloud computing is designed to remove a lot of complexity and management effort from end-users and businesses. Amazon’s Web Service deploys a Community Cloud model, in which multiple organizations share exclusive use of cloud services. Amazon handles the maintenance responsibilities.

Security and Availability Implications

One of the benefits of cloud services is real-time access to services and resources. So when Amazon’s Web Service went out of commission, a single point of failure exposed Amazon’s lack of redundancy and resiliency. Amazon S3’s failure is speculated to be either human or software error. Either way, there a few technical solutions that services like Amazon S3 can utilize to ensure fault tolerance and redundancy.

Domain 4, Communications & Network Security: Network Topologies to Ensure Redundancies

One solution to ensure redundancy is to design your network in a way that avoids single points of failure. Careful construction of network topologies, which are essentially geometric layouts of linked devices, can mitigate the damage caused by an outage. In Domain 4, CISSPs learn about common network topologies.
Consider the following network topology, Star, which is the most commonly deployed topology.
Star patternAll nodes in this network are connected to a central device, that may be a hub, switch, or router. This central connection device represents a single point of failure. If it goes down, so do all the nodes connected to it.
Another deployment that suffers from the same deficiencies is the Ring topology, pictured below.
closed-loopThis closed loop topology relies on each neighbor node in the set-up to transmit data through the devices. This means if one node in the ring goes down, the entire ring fails.
There is a network topology that can avoid these single point of failure issues. In a Mesh topology, pictured below, each node is connected to each other, which means each node has the ability to forward data on behalf of other nodes. In this topology, “self-healing” is possible, meaning nodes have the ability to re-route data around a single node that has gone down. While this topology is extremely expensive to set-up, it provides a high level of redundancy and fault tolerance.
mesh networkA mesh network may be costly, but for organizations that value the availability of their information above all else (think e-commerce site), then it would well be worth the cost of cables required to set up this structure.
In fact, mesh topologies are a common solution against Denial of Service Attacks. Since there is no single node or server that handles all traffic, there is not a single point of failure that can be overwhelmed with unwanted traffic.

The Expanding Cloud

As customers and service provides migrate to the cloud, related topics are becoming more prevalent on certification exams. In fact, an expanding certification is the Certified Cloud Security Professional (CCSP) which focuses on the security of cloud services. CCSP is a great cert to compliment a CISSP, upon which the principles of cloud computing, redundancy, and resiliency are built. As a CISSP (or even as you train to take the exam), you will have the technical knowledge to understand the complexities behind the headlines. Stay tuned for the next installment of “Name that Domain.”