Security Operations

2

Domain Objectives

• Protection and Control of Data Processing Resources

• Media Management

• Backups and Recovery

• Change Control

• Privileged Entity Control

• Categories of Controls

3

Operations Security Focus Areas

•Remote Storage

•Backups•Tape

Library

•Hardware•Software•Media•Peopleware

•Auditors•Support Staff•Vendors•Security •Programmers•Operators•Engineers•Administrator

s

4

Information Security TRIAD

Availability

ConfidentialityIntegrity

Information Security

5

Domain Agenda

• Resource Protection

• Continuity of Operations

• Change Control Management

• Privileged Entity Control

6

Facility Support Systems

As discussed within the Physical Security domain, the support systems in a centralized or decentralized Operations center must be protected.

7

Facility Support Systems

• Fire Protection

• HVAC

• Electric Power

8

Facility Support Systems

• Water

• Communications

9

Risk of Physical Access to Equipment

• Reduce risk or impact of threats resulting from unauthorized physical access

10

Media Management

• Another objective of Operations Security is to protect storage media

11

Object Reuse

• The reassignment of a storage medium that previously contained one or more objects

• To be securely reassigned, no residual data can be available to the new subject through standard system mechanisms

•Disclosure

•Contamination

12

Clearing of Magnetic Media

• Overwriting

• Degausser

• Physical Destruction

13

Destroying

Media Management Practices

Declassifying

StoringHandling

Labeling

Marking

SensitiveMedia

Controls

14

Misuse Prevention

Threats Countermeasures

Personal Use

Theft of Media

Fraud

Sniffers

Acceptable use policy, workstation controls, content filtering, email filteringAppropriate media controlsBalancing of input/output reports, separation of duties, verification of informationEncryption

15

Records Management

• Records Management Program Development

•Guidelines

• Records Retention

16

Domain Agenda

• Resource Protection

• Continuity of Operations

• Change Control Management

• Privileged Entity Control

17

Software & Data Backup

• Operation controls must ensure adequate backups of:

• Data• Operating Systems• Applications

• Transactions• Configurations• Reports

18

RAID - Redundant Array of Independent Disks

• Backup of Data stored on Disk Drives

•Hardware-based

•Software-based

• Use of a Hot Spare

19

• Stripes data evenly across two or more disks with no parity information for redundancy to increase system performance

RAID Level 0

A7

A2A1A3A5 A6

A4

A8

RAID 0

20

RAID Level 1

• Creates an exact copy (or mirror) of a set of data on two or more disks

21

RAID Level 2

• Stripes data at the bit level using a Hamming Code for error correction

• Requires 39 disks!

22

RAID Level 3

• Uses byte-level striping with a dedicated parity disk

Parity Drive

Stripe 4A

Stripe 1BStripe 1AStripe 2AStripe 3A Stripe 3B

Stripe 2B

Stripe 4B

RAID 3 P(1A, 1B)

P(3A, 3B)P(2A, 2B)

P(4A, 4B)

Disk A Disk B

23

RAID Level 4

• Uses block-level striping with a dedicated parity disk

•Similar to RAID 3 except that it stripes at the block, rather than the byte level

24

RAID Level 5

• Uses block-level striping with parity data distributed across all member disks

Stripe 4A

Stripe 1BStripe 1AP(2B, 2C)Stripe 3A P(3A, 3C)

Stripe 2B

Stripe 4B

RAID 5 P(1A, 1B)

Stripe 3CStripe 2C

P(4A, 4B)

Disk A Disk B Disk C

25

RAID Level 6

• RAID 6 extends RAID 5 by adding an additional parity block, thus it uses block-level striping with two parity blocks distributed across all member disks

• Like RAID 5, the parity is distributed in stripes with the parity blocks in a different place in each stripe

26

RAID Level 0+1

• Used for both mirroring and striping data among disks

• A hard drive failure in one array can be recovered from the other array

A7

A2A1A3A5 A6

A4

A8

RAID 0

A7

A2A1A3A5 A6

A4

A8

RAID 0

RAID 0+1

RAID 1

27

A8

A2A2A4A6 A6

A4

A8

RAID 1

A7

A1A1A3A5 A5

A3

A7

RAID 1

RAID 10RAID 0

RAID Level 10

• Also known as RAID 1+0

• Very high reliability combined with performance

28

Redundant Array of Independent Tapes (RAIT)

• Level 1 RAIT

•Using tapes rather than disk

•Real-time mirroring

29

Hot Spares

• An unused backup array disk that is part of the array group

•Hot spares remain in standby mode

•Types of Hot Spares

• Global Hot Spare

• Dedicated Hot Spare

30

Other Backup Types

• File Image

• Data Mirroring

• Electronic Vaulting

• Remote Journaling

• Database Shadowing

• Redundant Servers/Standby Services

31

Fault Tolerance

• Usually refers to Hardware failure

•The system recognizes a failure has occurred

•Automatically takes corrective action

32

System Recovery - Trusted Recovery

• Correct implementation

• Ensure that failures and discontinuities of operation don't compromise a system's secure operation

33

Types of Trusted Recovery

System RebootSystem Reboot

Emergency System Restart

Emergency System Restart

System Cold StartSystem Cold Start

34

Fail Secure

To fail in a way that will cause no harm, or a minimal amount of harm, to other devices or danger to personnel, but doesn’t cause the system to be insecure.

35

Operational Incident Handling

• First line of Defense

• Logging, Tracking and Analysis of Incidents

• Escalation and Notification

36

Incident Response Team

• Benefits

•Learning to respond efficiently to an incident

• Priorities

37

System Failure Power Failure - UPS

Denial of Service

Contingency Plans

IntrusionTampering

Business Continuity

Plans

Detailed Recovery

Procedures

38

Specific Operational Contingency Preparations

• System Failure

• Denial of Service

• Tampering or Intrusions

• Production Delays

• I/O Errors

39

Domain Agenda

• Resource Protection

• Continuity of Operations

• Change Control Management

• Privileged Entity Control

40

Change Control Management

• Integrated with Business and IT Initiatives

•Sets out change control process and ownership of changes

•Ensures that all changes are reviewed for potential security impact

41

Change Control Committee

• Objectives

• Ensure all changes are

• Properly tested

• Authorized

• Scheduled

• Communicated

• Documented

42

Change Control Procedures

ImpactAssessme

nt

Approval Build/Test

Implement

Monitor

Request

43

Configuration Management

• The control of changes made to:

•Hardware

•Software

•Firmware

•Documentation

•Test fixtures and test documentation conducted throughout the system lifecycle

44

Hardware Inventory and Configuration

• Hardware Inventory - An overview of the hardware installed on any automated system

• Hardware Configuration Chart - Details the configuration of the system

45

Protection of Operational Files

• Library Maintenance

•Backups

•Source Code

•Object Code

•Configuration files

• Librarian

46

Documentation

•Requirements

• Format

• Copies

47

Patch Management

•Identification of Patches

•Patch Testing

•Rollout

• Deployment challenges

48

Domain Agenda

• Resource Protection

• Continuity of Operations

• Change Control Management

• Privileged Entity Control

49

Operator Privileges

• Operates and monitors mainframe and mid-range computers and peripheral equipment, such as printers, tape and disk drives

50

Administrator Privileges

• Responsible for running technically advanced information systems which includes the setup and maintenance of computers and networks

• Systems Administrators

• Network Administrators

51

Security Administrator Privileges

• Security administration including:

•Policy

• Development

• Implementation

• Maintenance and compliance

•Vulnerability Assessments

•Incident Response

52

Control Over Privileged Entities

• Review of access rights

• Supervision

• Monitoring

53

Domain Summary

• Operations Security dealt with

•Resource protection

•Continuity of Operations

•Change Control Management

•Privileged Entity Control

“SecurityTranscends

Technology”