Upload
jeffry-spencer
View
223
Download
2
Embed Size (px)
Citation preview
Information Systems Security
Operations Security
Domain #9
Operations Security Objectives
Operations Responsibility & Personnel Configuration Management Media Access Protection System Recovery Facsimile Security Vulnerability and Penetration Testing Attack Types
Computer Operations
Fixing Hardware and software issues Media Libraries Controlling Remote Access Contingency Planning Incident Handling Licensing Issues Input Controls Backup and Recovery
Threats to Operations
Disclosure Destruction Loss of system and network capabilities Corruption and Modification Theft Espionage Hackers/Crackers Malicious Code
Issues
Backup Maintenance Change workstation/location
– Used to improve security
Need to Know Required Least Privilege Principle Enforced Due Care Due Diligence
– U.S. Federal Sentencing Guidelines of 1991 Up to 290M for non-performance
Security Control Types
Directive control– Used to guide the security implementation
Preventive control– Can deter or mitigate undesirable actions
Detective control– Verifies whether a control has been successful
Corrective control– Used to reverse the effects of an unwanted
activity
Examples
Directive – policies, standards, laws Preventive – firewalls, authentication,
access controls, antivirus software Detective – audit trails, logs, CCTV, CRC Corrective – incident handling, fire
extingiuishers
Vulnerability Testing
Things to agree upon– Goals of the assessment– Written agreement from management– Explaining testing ramifications– Understand results are just a ‘snapshot’
Steps in Testing
Reconnaissance– Obtain info either passively or actively
Sniffing, eavesdropping, ARIN, Whois, etc.
Scanning– ID systems that are running and active services
Ping sweeps and port scans
Gaining Access– Exploiting vulnerabilities to gain access
Buffer overflow, brute force
More Steps
Maintaining Access– Uploading software to ensure reentry
Trojan Horse, backdoor
Covering Tracks– Hide one’s malicious activities
Delete system and application logs
Honeypots
Usually placed in DMZ– Should not be connected to internal network
Sacrificial lamb system Goal is that hackers will attack this system
instead of production system Leaves many ports open and services
running to be more ‘enticing’
Sensitive Media Handling
Marking Handling Storing Destruction Declassification
Continuity of Operations
Fault Tolerance– Software– Hardware
Data Protection– RAID 0, 1, 5, 10
Redundant Communications– Phone, Broadband, Wireless, Satellite
Redundant Power Supplies
Auditing
Auditing Basics– Logs, monitors, and triggers
Accountability, Compliance Audit trails Sampling and clipping levels External auditors
Monitoring Tools
Warning banners Keystroke monitoring Traffic analysis CCTV
More Terms
Ethical Hacking War dialing Radiation monitoring Dumpster diving Social engineering
Physical Security
Facility Location and construction Electrical Issues Perimeter Protection Physical Intrusion Detection Fire Prevention
Threats
Physical Damage Theft of Assets Interruption of Service Disclosure of Proprietary Information Natural Disaster Vandalism Terrorism
Administration Controls
Facility construction Site management Personnel controls Emergency procedures Awareness training
Technical Controls
Access controls Alarms CCTV/Monitors HVAC Power Supplies Fire detection and suppression