Date post: | 03-Feb-2015 |
Category: |
Technology |
Upload: | 7wounders |
View: | 1,740 times |
Download: | 0 times |
11
Operations Security
22
Operations SecurityOperations Security
General security principles Operations Security Identify historical and real-time security events Capture subsequent actions Identify the key elements involved The Controls Alert appropriate authorities Take appropriate corrective or recovery actions
33
Operations SecurityOperations Security
The process of safeguarding information assets while the data is resident in the computer, storage media in transit through communication links, or otherwise associated with the data processing environment
Identifies the controls over hardware, media, and the operators and administrators with access privileges to these resources
44
General Security PrinciplesGeneral Security Principles
AccountabilityAuthorization
Logging
Separation of duties
Least privilege
Risk reduction
Layered defense
Redundancy
55
The Security GoalsThe Security Goals
Operations management Problem management Service level management Performance and capacity management Change management Configuration management Software control and distribution Availability and continuity management Security management
66
The ControlsThe Controls
Directive Controls (Administrative controls) Intended to advise employees of the behavior
expected of them during their interfaces with or use of the organization’s information systems
Preventive ControlsPhysical, administrative, and technical measures
intended to preclude actions violating policy or increasing risk to system resources
Detective ControlsThe use of practices, processes, and tools that
identify and possibly react to security violations
77
The Controls Cont…The Controls Cont…
Corrective Controls Involve physical, administrative, and technical
measures designed to react to detection of an incident in order to reduce or eliminate the opportunity for the unwanted event to recur
Recovery ControlsTo restore the system or operation to a normal
operating state
88
Hardware Controls
Include the physical protection of the equipment. Surge Protectors, UPS Configuration and maintenance logs Problem Tracking
99
Software ControlsSoftware Controls OS Controls Restrict and Monitor
Changing computer system privileges or controlsChanging protective features or parameters affecting another
userAllocating resourcesHalting the computing systemControlling the allocation and sharing of system and data
resources (e.g., memory, file space, CPU cycles, etc.) Enforce the conditions of software licenses and respect
software copyright requirements All acquired software from any source — vendors, partners,
freeware, etc. — must be examined for malicious code Check software for backdoors and trapdoors
1010
Operational controlsOperational controls
Either in a data center or a network environment, establish, document, and enforce operating procedures for all equipment and software
Recovery actionsSystem rebootEmergency system restartSystem cold start
Types of recoveryManual recoveryAutomated recoveryAutomated recovery without undue lossFunction recovery
1111
Data and Media ControlsData and Media Controls
Backup Electronic Vaulting
Backup data is sent electronically to the selected recovery or backup storage location
Remote JournalingThe same logging procedure used for a database
management system to create the on-site journal is used to create a second journal at the off-site storage location
Database Shadowing The system creates updates to the production system,
journals them, and sends them to the alternate computer
1212
Data and Media Controls Cont…Data and Media Controls Cont…
Direct Access Storage Devices (DASDs) Fault Tolerance Network Data mirroring Redundant Arrays of Independent Disks (RAID)
Failure Resistant Disk Systems (FRDSs) – protect against data loss due to disk failure and its enhancement
Failure Tolerant Disk Systems (FTDSs) - protect against loss of data access due to failure of any single component
Disaster Tolerant Disk Systems (DTDSs) - consist of two or more independent zones, either of which provides access to stored data
1313
RAID LevelsRAID Levels
Level 0 -- Striped Disk Array without Fault Tolerance Level 1 -- Mirroring and DuplexingLevel 2 -- Error-Correcting Coding Level 3 -- Bit-Interleaved Parity Level 4 -- Dedicated Parity Drive Level 5 -- Block Interleaved Distributed Parity Level 6 -- Independent Data Disks with Double Parity Level 10 – A Stripe of Mirrors
1414
Data and Media Controls Cont…Data and Media Controls Cont… Store all media securely Encrypt sensitive data Track and control all media Label media Secure all data Train users Establish and train staff in media transport and transmittal
procedures Use a media library/librarian Disposal controls Object reuse controls Access controls Data classification controls
1515
Telecommunications Equipment
Monitor for errors, inconsistencies, etc Penetration tests should be conducted to ensure
that communications controls All communications equipment (e.g., bridges,
routers, switches, etc.) should be located in secured facilities
Passwords and other sensitive information being communicated electronically should be encrypted
1616
Support Systems ControlsSupport Systems Controls
Maintain an environmentally sound data centerAppropriate temperature Humidity levelsAir quality
Procedures for the installation, monitoring, and maintenance of environmental support equipment
1717
Physical Areas Controls
Minimize exposure to threats, such as fire, water, corrosive agents, smoke, and other potential hazards, from adjacent areas, explosion or shock, and unobserved unauthorized access
Guest or visitor log Ensure appropriate accountability for an equipment
in and out
1818
Personnel Controls
Hiring process, Background Checks Supervision of initial job training, ongoing training,
and security awareness training Least Privilege Separation of duty Mandatory Vacation Programmers should not be allowed to have
ongoing direct access to computers running production systems
Audit Trails Vendor service personnel should be escorted
1919
Change Control Management
A change is requested by completion of a change request form
A change request form is analyzed for validity The ways the change could be implemented are analyzed The costs associated with the changes are analyzed The analysis and change recommendations are recorded The change request is given to the change control board for
final decision Accepted changes are made and recorded The change implementation is submitted to quality control for
approval
2020
The ProblemsThe Problems
Powerful system utilities Powerful system commands
Superzapping - system utility or application that bypasses all access controls and audit/logging functions to make updates to code or data
Direct control over hardware and software Direct control over all files Direct control over printers and output queues Powerful Input/Output commands Direct access to servers Initial program load from console
2121
The Problems Cont…The Problems Cont…
Initial program load - IPL from tape Control over job schedule and execution Control over all storage media Bypass label processing Re-labeling resources Resetting date/time, passwords Control of access ports/lines Erroneous transactions (fraud)
Altering proper transactions Adding improper transactions
Denial of service/Delays in operation Personal use, Disclosure Audit trail/log corruption/modification
2222
Protected ResourcesProtected Resources
Password files Application program libraries Source code Vendor software
Operating SystemLibrariesUtilitiesDirectoriesAddress Tables
Proprietary packages Communications HW/SW Main storage Disk & tape storage
2323
Protected Resources Cont…Protected Resources Cont…
Processing equipment Stand-alone computers and Printers Sensitive/Critical data
Files Programs
System utilities System logs/audit trails
Violation reports
Backup files Sensitive forms Printouts People
2424
The ControlThe Control Accountability
– Personnel reviews - Background checks– Password management
• Personal
• System
• Maintenance– Trap door - system or application password included
for ease of vendor maintenance
– Logging of all activities• Protected/duplicated log
2525
The Controls Cont…The Controls Cont… Accountability
– Problem reporting and change procedures• Reports, tracks, resolves problems affecting service
– Reduce failures– Prevent recurrence– Reduce impact
• Types - Performance/availability– Hardware/software– Environment– Procedures/Operations– Network– Safety/security
2626
The Controls Cont…The Controls Cont… Least Privilege
– Granular access control over system commands– Individual access permissions– Hardware/Software elements & procedures to enable
authorized access and prevent unauthorized access– Periodic review of access needed/granted
Separation of Duties– All changes require approval– Operational staff should not code or approve changes
• Operating system OR Applications OR Job controls
– Operational staff should not perform security duties• Security administration• Network administration• Application administration
2727
Separation of Duties - OperatorSeparation of Duties - Operator
Installing system software Start up/Shut down Backup/recovery Mounting disks/tapes Handling hardware Adding/removing users (?)
2828
Separation of Duties - SecuritySeparation of Duties - Security
User activities Setting clearances Setting passwords Setting other security characteristics Changing profiles
Setting file sensitivity labels Setting security characteristics of devices, communications
channels Reviewing audit data
2929
The ProblemsThe Problems
Physical access to the computer room and devices there– IS programmers– Cleaning/maintenance– Vendor support– Contract/Temp staff– Memory content modification– Microcode changes– Device shutdown
Shoulder surfing over Operator’s shoulder Physical access to printouts - rerouting Access to print queues Access to printers
3030
The ControlsThe Controls
Authentication & Least Privilege– Authorization for access to the facility– Closed shop - physical access controls limiting
access to authorized personnel– Operations security - controls over resources - HW,
media & operators with access– System high security - system and all peripherals are
protected at level of highest security classification of any information housed by the system
– Tempest - reception of electromagnetic emanations which can be analyzed to disclose sensitive or protected information
3131
Environmental ContaminationEnvironmental Contamination
Buildup of conductive particles, contaminants– Circuit boards, micro switches, sensors– Spontaneous combustion
• National Fire Protection - US computer room fire every 10 min
• 80% unknown causes (HW)
– Causes equipment failure• Mass storage devices• Pass through disk drive filters• Read/write errors, disk crashes
– Government/contractor installations• Max 100K parts per million in cubic foot of air• Data center particulates <= 0.5 microns (19.69 microinches)
3232
The Controls Cont…The Controls Cont…
Software Asset Management– Operating/Backup software inventory– Backups
• Generations
• Off-site
• Environmental control
• Controlled & authorized access to backups
– COTS Computer Off-the-Shelf Products– Maintenance accounts/passwords
3333
The Controls Cont…The Controls Cont…
Trusted recovery procedures– Ensure security not breached during system crash
and recovery– Requires backup– Reboot (Crash or power failure)– Recover file systems (Missing resource)– Restore files and databases (Inconsistent database)– Check security files (System compromise)
3434
Trusted System OperationsTrusted System Operations
Trusted computer base - HW/FW/SW protected by appropriate mechanisms at appropriate level of sensitivity/security to enforce security policy
Trusted facility management - supports separate operator and administrator roles (B2)
Clearly identify security admin functions Definition - Integrity
– formal declaration or certification of a product
3535
Configuration ManagementConfiguration Management Controlling modifications to system HW/FW/
SW/Documentation Ensure integrity and limiting non-approved changes Baseline controls
– policies– standards– procedures– responsibilities– requirements– impact assessments– software level maintenance
3636
Configuration Management Cont…Configuration Management Cont…
Organized and consistent plan covering– description of physical/media controls
– electronic transfer of software
– communications software/protocols
– encryption methods/devices
– security features/limitations of software
– hardware requirements/settings/protocols
– system responsibilities/authorities
– security roles/responsibilities
– user needs (sensitivity, functionality)
– audit information and process
– risk assessment results
3737
Vulnerabilities SummaryVulnerabilities Summary
Improper access to system utilities Improper access to information Improper update of information Improper destruction of information Improper change to job schedule Improper access to printed materials Physical access to the computer room Physical access to printouts Access to print queues Denial of service Inability to recover from failures Fraud
3838
The Real WorldThe Real World Operations Controls
– Organizations understaffed, wear too many hats– Separation of duties seldom complete– A single password is used by all operators– System commands are unrestricted on the console
• OR are granted to all operations staff
– Commands are not logged• OR logs are not reviewed
– Emergency procedures and approvals poorly defined– Operations personnel may support system software
• OR perform security functions
3939
The Real World Cont…The Real World Cont… Operations Controls
– Most of IS and many users have access to facility– Printouts are laid out for pickup without oversight– Print queues are openly available to on-line users– Only some platforms are backed up– Backups are often stored on site
• In computer room
• OR In an office
– No restrictions are placed on access to backups– Communications closets open
4040
Media ControlsMedia Controls
Tapes, disks, diskettes, cards, paper, optical Volume labels required
– Human/machine readable– Date created, created by– Date to destroy/retention period– Volume/file name, version– Classification
Audit trail Separation of responsibility - librarian Backup procedures
4141
DefinitionsDefinitions Acceptance
– Verification that performance & security requirements have been met
Accreditation– Formal acceptance of security adequacy, authorization for operation and
acceptance of existing risk (QC)
Certification– Formal testing of security safeguards
Operational assurance– Verification that a system is operating according to its security requirements
• Design & Development reviews• Formal modeling• Security architecture• ISO 9000 quality techniques
Assurance– Degree of confidence that the implemented security measures work as
intended
4242
?