Embed Size (px)
Citation preview
Operations Security
Muhammad Wajahat Rajab
Question…
Operations Security seeks to primarily protect against which of the following?
A. Object reuse
B. Facility disaster
C. Compromising emanations
D. Asset threats
Question…
Operations Security seeks to primarily protect against which of the following?
A. Object reuse
B. Facility disaster
C. Compromising emanations
D. Asset threats
Punch Line
• Primarily concerned with the protection and control of information processing assets
Overview
Domain Introduction
• Mixture of all the domains…
• Core goal of Operations Security?– Availability
• Are others important? – Surely, they are!
• The domain is divided into following sections:– Privileged Entity Controls
– Resource Protection
– Continuity of Operations
– Change Control Management
Points to ponder
• What is the state of being free from danger or injury?
• What are the opposite terms for the following?
– Availability
– Integrity
– Confidentiality
Privileged Entity Controls
Introduction
• Privileged Entity Controls are the mechanisms that give privileged access to…
– Hardware
– Software
– Data
• Where do the controls that permit privileged functions usually reside?
Privileged Entity Controls
• Account Management
• System Accounts
• System Operators
• Ordinary Users
• System Administrators
• Security Administrators
Account Management
• Involves life-cycle process for every account in a system
• Primarily four types of accounts…
– Root
– Service
– Privileged user
– Ordinary user
• Accounts not needed should be disabled or deleted!
Account Management (2)
• Efficient management requires assignment of individual accounts into groups or roles
– What is a group account?
• Group management involves assigning a user account to one or multiple groups
– Each group is given a set of permissions to access objects within a system!
System Accounts
• Dedicated accounts to provide a variety of system services using autonomous processes
– Services are background processes that run in their own security context
– DBMS contain number of these accounts
System Operators
• Work in data center environments where mainframe systems are used
– Given elevated privileges• Which can lead to circumvention of security policy!
• Use of these privileges should be monitored through audit log
• Responsibilities assigned to operators include…
– Implementing the initial program load
– Monitoring execution of the system
– Volume mounting
System Operators (2)
– Controlling job flow
– Bypass label processing
– Renaming and relabeling resources
– Reassignment of ports
Ordinary Users
• Given restrictive system privileges!
• Allowed access that require minimum privileges to run
• Work in client/server architecture environment
• Should not be allowed to monitor system execution
• Should not be allowed to reassign ports
• Should not be allowed the re-labeling of the resources
System Administrators
• Manage system operations and maintenance
• Ensure system is functioning properly for system users
• Privileges assigned to trained and authorized individuals
• Privileges to affect critical operations such as setting…
– Time, Boot sequence, System logs and Passwords
Security Administrators
• Oversee the security operations of a system
• Security operations include:
– Account management
– Assignment of file sensitive labels
– System security settings
– Audit data review
– Provide a check and balance of the power assigned to System Administrators• Through auditing and reviewing the activities
Security Administrator Functions
• File Sensitivity Labels
• Clearances
• System Security Characteristics
• Passwords
• Audit Data Analysis and Management
File Sensitivity Labels
• Implemented to control access to information
• Allow privileges or deny access to a file
• Prevent data from being written to an area on the system with a lower sensitivity
Clearances• Assigned according to trustworthiness and the level of
access needed for sensitive information
• Ensure proper level of clearance has been assigned prior to providing access
System Security Characteristics
• Define the security settings of systems and applications…
– Network devices
– Database Management Systems
• Improper configuration can impact the proper operation of the system or network!
Passwords
• Password distribution is an important function
• Trusted distribution channels needed to avoid a compromise
• Types of passwords?
Audit Data Analysis and Management
• Auditing information can be obtained from
– Servers, Workstations, Databases, Firewalls, etc…
• Tools used must detect unauthorized activity or attacks
• Auditing mechanism must support organizational policy
• Auditing can affect the system availability…
– Consume CPU time, Network bandwidth, Storage Space!
• Keep in mind the log retaining issues
– Regulations
Question…
What setup should an administrator use for regularly testing the strength of user passwords?
A. A networked workstation so that the live password database can easily be accessed by the cracking program.
B. A networked workstation so the password database can easily be copied locally and processed by the cracking program.
C. A standalone workstation on which the password database is copied and processed by the cracking program.
D. A password-cracking program is unethical; therefore it should not be used.
Question…
What setup should an administrator use for regularly testing the strength of user passwords?
A. A networked workstation so that the live password database can easily be accessed by the cracking program.
B. A networked workstation so the password database can easily be copied locally and processed by the cracking program.
C. A standalone workstation on which the password database is copied and processed by the cracking program.
D. A password-cracking program is unethical; therefore it should not be used.
Resource Protection
Introduction
• Resource protection includes…
– Facilities
– Hardware
– Software
– Documentation
– Threats to Operations
– Control Methods
– Data and Media Control
– Disposal Control
Facilities
• Use systems and controls to sustain the IT operation environment
– Fire detection and suppression systems
– HVAC
– Water and sewage systems
– Reliable power supply and distribution system
– Power line conditioners
– Telecommunication systems
– Access control and intrusion detection systems
Hardware
• Appropriate physical security needed to ensure CIA…
– Concept of least privilege
– Restricted access
– Escorting a visitor
– Protecting workstations
– Protecting the printing devices
– Authorized access to firewalls
– Limited access to… • Routers, Switches etc
– Periodic inspection of network cables
Hardware (2)
– Use of strong encryption in wireless communication• WPA over WEP
Software
• Preventing copyright infringements
• Preventing illegal duplication and distribution of software– Periodic inventory scans
• Software escrow– Need?
• Proper SDLC procedures
• Proper testing and version control– Separation of duties
• Protecting the Operating System passwords
• Protecting the Audit Logs
Documentation
• Ensuring the protection of documentation related to…
– Network design
– Vulnerabilities
– Proprietary methods• Proprietary information Trade secrets
– Source code
• All important documentation should be controlled and catalogued!
Threats to Operations
• Disclosure of sensitive information– Confidentiality
• Corruption/modification of processes– Integrity
• Theft / Removal of resources– Confidentiality, Integrity, Availability
• Destruction of resources– Availability
• Interruption of resources– Availability
Control Methods
• Input / Output Control
• Equipment Control
• Support System Control
• Personnel Control
• Antivirus Management
Input / Output Control
• Input…
– Time-stamping, Authentication, Logging
– Audit trails• Record of data entered into the system
• Record of the data edited
• Output…
– Release sensitive data after signing it
– Empty report should contain "No Output"
– Information storage area must be protected
Equipment Control
• Regular monitoring, maintenance
• Penetration test should be conducted
• Use encryption for data communication
• Remote maintenance should be restricted
• Third party maintenance should be supervised
• Data center should have minimal exposure from environmental threats
• Restricted access to secure room where operational components are located– Keep log of equipment moving in and out of restricted
room!
Personnel Control
• Security awareness training
• Background checks and screening
• Separation of duties
• Job rotation
• Accountability through logging and monitoring
– Need to know basis
– The principle of least privilege
• Mandatory vacation!
Antivirus Management
• Continuous monitored updates
• Automatic scheduled scanning
– Issues?
• Antivirus software must be present
in...
– Email servers
– File servers
– Workstations
Data and Media Control
• Data
– Backup data
– Encrypt sensitive data
• Media
– Use a media library/librarian
– Marking
– Logging
– Integrity verification
– Physical Access Protection
– Transmittal
– Disposition
Disposal Control
• Initiates at the end of life cycle of a system
• Ensure that regulations do not require to keep specific data for a period of time
• Prevent dumpster diving
• Properly erasing data from media
– Degaussing
– Zeroization
– Physical destruction
Degaussing
• Data is stored on magnetic media by the representation of the polarization of the atoms
• Degaussing changes this polarization (magnetic alignment) by using a type of large magnet to bring it back to its original flux
Zeroization
• Purging (Overwriting) existing data with '1s' and '0s‘…
– Single pass - Data area is overwritten once with '1' or '0'
– DoD Method - The data area is overwritten with '0s' then '1s' and then once with pseudo random data
– NSA erasure algorithm - Data is overwritten seven times with '0' pattern then with '1' and so on…
– Gutmann Method - The data is overwritten 35 times!
Physical Destruction
• Best method for papers and read only media
– There are highly specialized recovery programs to recover data after disk wiping
Question
What is the main issue with media reuse?
A. Degaussing
B. Data remanence
C. Media destruction
D. Purging
Question
What is the main issue with media reuse?
A. Degaussing
B. Data remanence
C. Media destruction
D. Purging
Continuity of Operations
Introduction
• Backup Types
• Backup Methods
• Hardware
• Communications
• Facilities
• Operational Controls
• Problem Management
Backup Types
• Full Backup
• Incremental Backup
• Differential Backup
Full Backup
• All files are backed up
• Fastest restoration process
• Takes the longest to perform backup
Incremental Backup
• Backs up files that have changed since last backup
• Backups can be performed quickly
• Restoration takes longer
Differential Backup
• Backs up files that have changed since last full backup
• For restoration, full backup is restored and then differential backup is restored
Backup Methods
• Hierarchical Storage Management
• Disk Mirroring
• Disk Duplexing
• RAID
• Storage Area Network
Hierarchical Storage Management
• Uses hard disk and optical or tape jukebox technology to offer continuous online backup functionality
• Files are moved along a hierarchy of storage devices to less expensive form storage based on rules tied to the frequency of data access
• Transparent to users
Disk Mirroring
• Exact same data is written to two or more hard disks
• Uses one disk controller
– Controller is the single point of failure
Disk Duplexing
• Exact same data is written to two or more hard disks
• Backup device has more than one disk controller
RAID
• Level 0
– Striping• No fault tolerance
– High performance
• Level 1
– Mirroring
• Level 2
– Data strip over all drives at the bit level
– Parity = Yes
– Requires 39 disks (Not Practical)
RAID (2)
• Level 3
– Byte level parity
– All parity data is on one disk
• Level 4
– Block level parity
• Level 5
– Parity = Yes
– Parity over all disks!
Byte level
Storage Area Network
• Several distinct storage systems that connected together to create a backup network
• High speed sub-network of shared storage devices
• Transparent to user
Hardware
• Redundant and backup components
– Hot spares / Cold spares
• Multiple power supplies
• Fail over devices
– Router, Firewalls etc
• Standby services
Communications
• Redundant communication links
– Multiple lines between distributed resources
• Backup communication links include...
– Local Phone company
– Long distance carriers
– Competitive telecommunication carriers
– Broadband through telephone lines
– Broadband over cable modems
– Wireless metropolitan area networks
– Satellite links
Facilities
• Continuous well regulated power
– Redundant feeds, Power line regulators
– Back up power sources• UPS, Generators
• Proper humidity and temperature level
– 40% to 60%
– 70° to 74° F
• Physical Security
– Access controls, Intrusion detection systems, Guards etc.
• Well documented contingency plans
Operational Controls
• Development and enforcement of SOPs
– System start up
– Error conditions and how to handle them?
– System shutdown
– Restoring the system from backup media
• Boot up sequence (C:, A:, D:) should not be available to reconfigure
• Writing activities to system logs should not be bypassed
Operational Controls (2)
• Output should not be able to be rerouted
• Fail secure (Fail closed)
• Fail safe (Fail open)
• Recovery action…
– Warm reboot (Controlled, Automatic)
– Emergency system restart (Uncontrolled, Automatic)
– System cold start (Uncontrolled, Manual)
Problem Management
• Problem = Unknown cause of one or more incidents
• Known error = Successfully diagnosed problem
– For which a solution or work around has been identified!
• Problem tracking and reporting
• Advantages:
– Lowering impact
– Reducing failures
– Preventing from reoccurring
Problem Management (2)
• Problems to be investigated…
– Any incident different from standard procedures
– Unexplainable, Randomly occurring process
– Any processing anomalies
• Examples…
– System component failure
– Power failure
– Telecommunication failure
Problem Management (3)
• Examples
– Tampering
– Production delay
– Input / Output errors
– Spam
– Phishing
– Malware
– Spyware
– Denial of service
Change Control Management
Introduction
• Change Control Management
– Change Control Process
– Configuration Management
– Contingency Planning
– Intrusion Response
– Operations Management
Change Control Management
• Authorizes changes to production systems, including system and application software
• Changes to production system include...
– Implementation of new applications
– Modifications of existing applications
– Removing old applications
– Upgrading or patching system software
Change Control Process
• Request
• Impact assessment
• Approval/Disapproval
• Build
– Test
• Notification
• Implementation
• Monitoring
• Documentation
Configuration Management
• Performed after a change has been approved through a change control process
• Ensures that the changes to production systems are done properly
• Ensures that changes do not take place unintentionally or unknowingly
• Documentation and maintenance of documents pertaining to system and software changes
Contingency Planning
• Allows production environment to continue to operate after disruption
• Coordinates backups and recovery plans
• Identifies mission critical functions and systems that support them
• Identifies critical interdependencies
• Generates formal written recovery procedures
• Promotes proper training as well as testing of plans
Intrusion Response
• Audit trail monitoring
• Auditing event include…
– Monitoring and identifying system resource use
– Monitoring and analyzing network traffic and connections
– Monitoring and identifying user account and file access
– Scanning for malicious code
– Verifying file and data integrity
– Probing for system and network vulnerabilities
Operations Management
• Operation Management include reviewing…
– Implementation of vendor patches
– Operating logs
– Inventory
– Change control practices
– Incident reporting in Problem Management
– System/Audit logs
– Audits/Security reviews
Thank you…
• Any Questions…
Question 1
Critical data is?
A. Subject to classification by regulatory bodies or legislation
B. Data of high integrity
C. Always protected at the highest level
D. Instrumental for business operations
Question 1
Critical data is?
A. Subject to classification by regulatory bodies or legislation
B. Data of high integrity
C. Always protected at the highest level
D. Instrumental for business operations
Question 2
When an organization is determining which data is
sensitive, it must consider all of the following EXCEPT:
A. Expectations of customers
B. Legislation or regulations
C. Quantity of data
D. Age of the data
Question 2
When an organization is determining which data is
sensitive, it must consider all of the following EXCEPT:
A. Expectations of customers
B. Legislation or regulations
C. Quantity of data
D. Age of the data
Question 3
All of the following are examples of Preventative Control
EXCEPT?
A. Intrusion detection systems
B. Human resources policies
C. Anti-virus software
D. Fences
Question 3
All of the following are examples of Preventative Control
EXCEPT?
A. Intrusion detection systems
B. Human resources policies
C. Anti-virus software
D. Fences
Question 4
To speed up RAID disk access, an organization can:
A. Use larger hard drives
B. Stripe the data across several drives
C. Mirror critical drives
D. Disallow some queries
Question 4
To speed up RAID disk access, an organization can:
A. Use larger hard drives
B. Stripe the data across several drives
C. Mirror critical drives
D. Disallow some queries
Question 5
A timely review of system access audit records is an
example of which type of security function?
A. Avoidance
B. Deterrence
C. Prevention
D. Detection
Question 5
A timely review of system access audit records is an
example of which type of security function?
A. Avoidance
B. Deterrence
C. Prevention
D. Detection
Question 6
Which of the following is not a technique used for
monitoring?
A. Penetration testing
B. Intrusion detection
C. Violation processing (using clipping levels)
D. Countermeasures testing
Question 6
Which of the following is not a technique used for
monitoring?
A. Penetration testing
B. Intrusion detection
C. Violation processing (using clipping levels)
D. Countermeasures testing
Thank you…
