A well-known social media platform suffered from service disruption for several hours resulted from misconfiguration of Border Gateway Protocol (BGP) routing that leads to DNS malfunction. Which of the following is the best countermeasure to prevent this incident? (Wentz QOTD)
A. Implement diverse routing
B. Shorten convergence time for BGP
C. Deploy slave DNS servers to alternative sites in the same autonomous system
D. Enforce two-person control over configuration change
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is D. Enforce two-person control over configuration change.
Wentz’s book, The Effective CISSP: Security and Risk Management, helps CISSP and CISM aspirants build a solid conceptual security model. It is a tutorial for information security and a supplement to the official study guides for the CISSP and CISM exams and an informative reference for security professionals.
To enforce two-person control over configuration change may avoid the incident if the configuration is double-checked by the other engineer. It’s a preventive control.
Social media services rely on DNS, which requires the reliable interconnection and correct routing of networks enabled by BGP. The incident is caused by misconfiguration of Border Gateway Protocol (BGP) routing. It implies the circuit functions normally, so diverse routing won’t help.
To shorten convergence time for BGP and deploy slave DNS servers to alternative sites in the same autonomous system may mitigate the impact of misconfiguration, but they can not prevent it from happening.
Diverse routing enforces the reliable interconnection of networks using multiple data exchanges, while alternative routing connects to the same data change during two different cables. Both diverse routing and alternative enhance availability.
- What is alternative and diverse routing?
- Alternate route
- Alternative Routing vs Diverse Routing
- ISACA Glossary
某知名社交媒體平台因邊界網關協議 (BGP) 路由配置錯誤導致 DNS 故障而遭受服務中斷數小時。 以下哪項是防止此事件的最佳對策？ (Wentz QOTD)
A. 實現多樣化路由 (diverse routing)
B. 縮短BGP收斂時間 (convergence time)
C. 將從屬 DNS 服務器部署到同一自治系統中的備用站點
D. 對配置更改實施兩人控制 (two-person control)