What does infrastructure mean in technology?

III.A. Components of Information Management

The components of information management include the technology infrastructure (physical infrastructure and architectures), policies and management processes, and services required for meeting the business needs of the organization.

Process Evolution Exercise

The ITI group decided on the following approach:

Identify an appropriate approach to describing the procedures. (Capture)

Interview the service personnel and develop descriptions of the procedures currently in use. Iterate with the service personnel until there is agreement that the descriptions are accurate. (Elicit)

Consult with service personnel to explore and get approval for changes that implementation of the support indicates would be valuable or necessary. (Analyze)

Use the descriptions to define verification tests, conduct the tests and then iterate back to activity 2 as test results indicate is necessary. (Analyze)

2.1.3 The next IT infrastructure

In technology, infrastructure is of the highest importance—it is the medium used to connect all the parts to form a whole. The Internet has rapidly created a massive gateway and infrastructure for information of every type and has quickly grown to become an integral part of the global economy. We have used the Internet to break down communications barriers that, a decade ago, seemed impossible to overcome. We have used the Internet to share information, to share ideas, and to bring the people of the world a step closer.

Corporations have invested billions of dollars in new technologies—primarily applications—expecting dramatic investment returns. Many of these projects, although looking great on paper, never made it into production: The users simply cannot use them. Sometimes this happens when the network is too slow or the operating system is too old. Occasionally the databases are not compatible, or perhaps the old driver does not work on a new system. Applications built decades apart often require significant modification to work with the systems of today, and these modifications are expensive. Enterprise application integration is a whole field of its own. Building systems that work together is an occasional afterthought, rather than a steadfast requirement.

Whereas the dictionary definition of infrastructure refers to foundations, facilities, and services, the information technology definition of infrastructure often refers to gigahertz, gigabytes, and those mysterious “dark fibers.” We often assume technology will just “plug in,” whereas in reality very few organizations build IT infrastructures that truly operate that way. For some organizations, infrastructure is a component of each application. For others, it is simply a map of the network. Very few perceive the importance of building coherent infrastructure. In January 2002, as the post-Y2K economy soured, even Harvard University closed its Information Infrastructure Project because of an “unanticipated financial shortfall” after two decades of work. This trend, however, cannot continue. Although some may argue that the Internet provides the ultimate infrastructure for connectivity of IT systems, the Internet does not address the massive costs of supporting applications and services provided inside organizations. (See Figure 2.1)

Our work, however, is far from complete. The Internet would never have grown so rapidly popular were it not for its foundation of mature but flexible standards and processes. Without both the significant past investment and subsequent architectural and procedural compromises that institutions and governments made to develop the Transmission Control Protocol/Internet Protocol (TCP/IP) communications language, the Internet would have never grown to become the revolutionary force it is today. In fact, without TCP/IP there would be no Internet—no Web sites, no chat rooms, no EBay, and very likely no AOL (America Online).

Summary

Understanding information technology infrastructure is the basis for a successful integrated security system design. The reader should carefully read and understand this chapter in order to succeed as a designer.

The TCP/IP suite of protocols is the basis for information technology networked systems. This chapter provides a detailed description of how TCP/IP works. The designer will not achieve success without a comprehensive understanding of TCP/IP.

TCP/IP operates on levels 3 and 4 of the OSI networking model. Data is encapsulated from the application program through the seven layers down to the network wire, sent across the network, and then decapsulated back up the seven layers to the application on the other end.

TCP protocol is able to fix bad communications. Other protocols in the TCP/IP family include UDP and RTP, which do not fix bad communications but are better suited for streaming data, such as video and audio.

TCP/IP is also an addressing scheme. Each network connected device is assigned a TCP/IP address that identifies its location on the network. Addresses can be assigned automatically or manually.

Common wiring schemes include Ethernet and fiber optic cables. Ethernet is available on Cat5, Cat5E, and Cat6 cable at speeds of 10, 100, and 1000 Mbps or 10Base-T, 100Base-T, or 1000Base-T (gigabit Ethernet). Fiber optic runs can be on either single-mode or multimode fiber. Single-mode fiber can carry more data farther. Multimode cable and transducers are less expensive. Gigabit switches are often available with fiber connectors to link switches together over long distances, and RJ-45 connectors are used for short runs of Ethernet cables to local devices.

Edge devices include IP video cameras, IP intercoms, and codecs. Network infrastructure and wiring is connected using hubs, switches, routers, and firewalls. Hubs are rarely used today because they simply connect wires together and do nothing to handle network contention. Switches handle the connection of local devices. Routers control where network communications can go. Firewalls exclude unauthorized devices from gaining access to the network. Intrusion detection systems monitor the network firewall to detect any attempt to intrude into the network.

Integrated security system network computers include servers and workstations. Servers can include directory service servers (Windows directory service), Internet information services, domain name service, and other network management services. Other services may include archiving, application program service, ftp, http, e-mail, and broadcast services. Workstations provide the interface between users and the network. Printers and mass storage systems round out the network attached devices. Mass storage systems include NAS and SANs.

Network architecture includes simple networks, LANs, and WANs. Advanced network architecture includes backhaul networks, subnets, and VLANs. Network connection types include peer-to-peer and client/server configurations. Systems can be monitored remotely and safely using browser (http) or VPNs. Digital cameras can link directly to the network, whereas analog video cameras require a codec interface.

Typical video compression schemes include MJPEG, MPEG-2, and MPEG-4. MJPEG is a stream of individual images strung together to show movement, whereas MPEG schemes display a single image and then update subsequent frames only with the changes in the image.

Workstation types include security monitoring centers, guard or lobby desk workstations, administrative workstations, photo ID workstations, and access verification workstations.

Integrated security systems can interface to many other types of systems, including process control networks, BASs, elevators, PABXs, VoIP systems, fire alarm systems, public address systems, parking control systems, and vending systems.

Multicast protocol is sometimes used in digital video systems, but it is fraught with many nuances requiring special skills and knowledge. I recommend a thorough understanding before implementing multicast protocol.

Practices

Cyberterrorism entails leveraging ICT infrastructure in order to create real-life damage or critical disruption with the goal of promoting the attackers' underlying political, religious or social issue. Terrorists may force their intentions into the digital space in order to advance their agendas. Typical practices of cyberterrorists may include:

Denial of Service (Dos) attacks and Distributed Denial of Service attacks (DDos)

Web defacement which may include negative or derogatory comments against the government, political parties or other religious organizations

Misinformation campaigns

Theft or corruption of critical data-unauthorized access to sensitive information with the goal of accessing, stealing or destroying data

Exploitation of system vulnerabilities (to cause unavailability, loss of service, misrepresentation)

Virus attacks which cause system failover, unavailability or disruption of services

1.26.4.1 Outdoor Positioning Technologies

Depending on the information technology infrastructures, popular outdoor positioning technologies include global navigation satellite system (GNSS), cellular networks, and wireless networks.

GNSS: It provides the location (latitude/longitude) and time information in all weather conditions, anywhere on or near the Earth surface where there is an unobstructed line of sight to at least four or more global positioning satellites. Well-known GNSS infrastructures include Global Positioning System (GPS), the United States NAVSTAR GPS and the Russian GLONASS, the Chinese BeiDou Navigation Satellite System, and the European Union’s Galileo system. The most popular GNSS deployed on mobile devices on the current market share is the GPS. Many positioning techniques have been developed based on high-accuracy GPS chips, differential GPS, and assisted-GPS (Misra and Enge, 2006).

Cellular networks: Nowadays cellular network is one of the most important communication infrastructure among people and has almost a worldwide coverage. When a mobile call is made, the mobile phone signal is linked to the nearest cellphone tower or the base station with particular geographic coordinates. The location of the cellular tower can be used as an estimation of a mobile phone user when he or she makes a phone call communication. The spatial divisions of such cellular networks are divided into cells (regions) based on the Voronoi diagram in which for each cell tower location (as a center) there is a corresponding region consisting of all points closer to that center than to any others. That is, all phone calls within a given Voronoi polygon are closer to the corresponding cell tower than to any other cell towers. Generally, urban core areas have a higher density of mobile cells where the average distance between mobile base stations is approximately one kilometer; the value of average separation depends on the size of the study area (Gao et al., 2013).

Wi-Fi: The Institute of Electrical and Electronics Engineers (IEEE, 2007) documents the standard use of Wi-Fi technology to enable wireless-network connections in five distinct frequency ranges: 2.4, 3.6, 4.9, 5, and 5.9 GHz bands. The widely use of Wi-Fi access points for Internet connection in hotels, business buildings, coffee shops, and many other fixed places makes Wi-Fi become an attractive technology for the positioning purpose. All of those Wi-Fi routers deployed in fixed places repeatedly broadcast wireless signals to the surrounding area. These signals typically travel several hundred meters in all directions such that they can form wireless signal surfaces; and one device could receive distinctive signals at different locations on the surface for localization. The accuracy of localization is then dependent on the separation distance among adjacent Wi-Fi reference points (RPs) and the transmission range of these RPs (Bulusu et al., 2000).

Zandbergen (2009) systematically compare three dominant positioning technologies: assisted-GPS, Wi-Fi, and cellular positioning. Their pros and cons are discussed in terms of coverage, accuracy, and reliability. It reports that assisted-GPS obtains an average median error of 8 m outdoors while Wi-Fi positioning only gets 74 m of that and cellular positioning has about 600 m median error in average and is least accurate. However, high-resolution GPS or assisted-GPS positioning chipsets do not work well in indoor environments due to limited satellite visibility; and thus a number of indoor positioning technologies and systems have been designed and developed to increase the indoor positioning accuracy.

Tangible IT resources

The tangible IT resources compromise the physical IT infrastructure component (information systems hardware and ERP software, see Figure 12.1). The IT infrastructure is a candidate for outsourcing. Information systems hardware has been a mature and commodity market for decades; the physical infrastructure can be duplicated fairly easy, and consequently physical IT infrastructure services will hardly serve as a source of competitive advantage (Mata et al., 1995). The ERP software market is different since it consists of only a few mature ERP software Service Providers. Integration is a key issue here. Non-integrated IT infrastructures limit Service Recipient's business choices (Keen, 1991). Integrating IT infrastructures requires considerable time and effort of the Service Recipient (Weill and Broadbent, 1998) and is a key capability of the Service Provider.

16.3.5 Technology Infrastructure

Clearly, the way that the technology infrastructure is set up and maintained greatly affects your reporting and analysis capabilities. Sometimes there may be systems to which you cannot gain access for security reasons, or you will be using external service providers such that data need first to be transferred to you before they can be analyzed. Increasingly, distributed technology infrastructures, multiple Web servers, and complex application architectures all contribute to making accurate analysis much harder. For example, if you have multiple Web servers for a single site (to provide increased capacity and redundancy), then the log files for a unique user's visit may be split across several servers with time stamps that are fractionally out of synch. It is very unlikely that choice of technology infrastructure is going to be dictated by reporting and analysis needs, but it is worth bearing in mind, and improvements can often be made to an existing setup to aid analysis.

3. Acquire and Maintain Technology Infrastructure

This section as it pertains to COBIT as it deals with the acquisition and maintenance of systems related to your IT infrastructure. Depending on what processes you identified to implement from the previous domains, this could have the impact on your open source tools selection.

13.3.2 Building an Information Technology Infrastructure to Support Compliance

To attain these goals, the information technology infrastructure must underpin the data-retention system. Taking e-mail as an example, the information technology infrastructure must allow messages to be captured and retained at a point in the system where no alteration to the original message can subsequently take place (i.e., recipients can't be added, deleted, or modified; nor can content be changed). Once captured, the storage system must ensure the integrity of the message and that no changes can be made to it (with the exception of incorrect information, which must be capable of being corrected). For every message captured and processed by the retention system, as much metadata as possible must be logged (e.g., timestamping, information regarding where the message was logged, and so forth). Access to the storage system must be restricted so that only authorized users can view or access retained content. It's common practice to isolate these storage systems from the rest of the information technology infrastructure through elevated security systems, additional firewalls, and so forth. Furthermore, sufficient measures must be in place to ensure that retained information is suitably protected from a disaster, and wide area data replication of the storage system comes into play here.

To ensure nonrepudiation, messages must be digitally signed by the originator. Any measures, such as two-factor authentication, biometric authentication, and so forth, that can be taken to authenticate the user and indicate that only he or she could have sent the message adds evidentiary weight. And suitable encryption techniques at the retention system's application level should ensure that messages are not tampered with during their retention. In most cases, the need for a Public Key Infrastructure (PKI) infrastructure in both that originator's and that recipient's environment is critical. Distributed, scalable, archiving solutions, such as HP's RISS (www.hp.com/go/ilm), Symantec's Enterprise Vault (www.symantec.com), and Quest's Archive Manager compliance products (www.quest.com), meet many of these requirements.

Protecting the entire environment, but especially the retention system, from malicious code (i.e., viruses) is essential. If the security of the system can be compromised by malicious software, the evidentiary weight of the information it contains is reduced. Furthermore, unsolicited commercial e-mail (i.e., SPAM) should be minimized using appropriate antispam solutions to reduce the volumes of objects that need to be processed by the retention system.