Information Systems Security

Operations Security

Domain #9

Operations Security Objectives

Operations Responsibility & Personnel Configuration Management Media Access Protection System Recovery Facsimile Security Vulnerability and Penetration Testing Attack Types

Computer Operations

Fixing Hardware and software issues Media Libraries Controlling Remote Access Contingency Planning Incident Handling Licensing Issues Input Controls Backup and Recovery

Threats to Operations

Disclosure Destruction Loss of system and network capabilities Corruption and Modification Theft Espionage Hackers/Crackers Malicious Code

Issues

Backup Maintenance Change workstation/location

– Used to improve security

Need to Know Required Least Privilege Principle Enforced Due Care Due Diligence

– U.S. Federal Sentencing Guidelines of 1991 Up to 290M for non-performance

Security Control Types

Directive control– Used to guide the security implementation

Preventive control– Can deter or mitigate undesirable actions

Detective control– Verifies whether a control has been successful

Corrective control– Used to reverse the effects of an unwanted

activity

Examples

Directive – policies, standards, laws Preventive – firewalls, authentication,

access controls, antivirus software Detective – audit trails, logs, CCTV, CRC Corrective – incident handling, fire

extingiuishers

Vulnerability Testing

Things to agree upon– Goals of the assessment– Written agreement from management– Explaining testing ramifications– Understand results are just a ‘snapshot’

Steps in Testing

Reconnaissance– Obtain info either passively or actively

Sniffing, eavesdropping, ARIN, Whois, etc.

Scanning– ID systems that are running and active services

Ping sweeps and port scans

Gaining Access– Exploiting vulnerabilities to gain access

Buffer overflow, brute force

More Steps

Maintaining Access– Uploading software to ensure reentry

Trojan Horse, backdoor

Covering Tracks– Hide one’s malicious activities

Delete system and application logs

Honeypots

Usually placed in DMZ– Should not be connected to internal network

Sacrificial lamb system Goal is that hackers will attack this system

instead of production system Leaves many ports open and services

running to be more ‘enticing’

Sensitive Media Handling

Marking Handling Storing Destruction Declassification

Continuity of Operations

Fault Tolerance– Software– Hardware

Data Protection– RAID 0, 1, 5, 10

Redundant Communications– Phone, Broadband, Wireless, Satellite

Redundant Power Supplies

Auditing

Auditing Basics– Logs, monitors, and triggers

Accountability, Compliance Audit trails Sampling and clipping levels External auditors

Monitoring Tools

Warning banners Keystroke monitoring Traffic analysis CCTV

More Terms

Ethical Hacking War dialing Radiation monitoring Dumpster diving Social engineering

Physical Security

Facility Location and construction Electrical Issues Perimeter Protection Physical Intrusion Detection Fire Prevention

Threats

Physical Damage Theft of Assets Interruption of Service Disclosure of Proprietary Information Natural Disaster Vandalism Terrorism

Administration Controls

Facility construction Site management Personnel controls Emergency procedures Awareness training

Technical Controls

Access controls Alarms CCTV/Monitors HVAC Power Supplies Fire detection and suppression