Date post: | 11-Jan-2016 |
Category: |
Documents |
Upload: | bathsheba-horn |
View: | 234 times |
Download: | 0 times |
ISA 562 1
Topic 9: Operations Security
ISA 562Internet Security Theory & Practice
2
Objectives
Protection of information and data Categories of control Privileged Entity Controls
Introduction
Operation security identifies the controls over hardware, media, and the operators and administrators with access privileges to these resources
Although data centers existence today, the term operations security now refers to the central location of all IT Processing areas
3
Facility support systems
Support for some of the same in physical security Protection against fire
Fire Prevention, detection or suppression HVAC systems Electric power
Clean steady power Water
Protection against water problems and damages Communication Physical Access Risks
For unauthorized physical access4
Media control Media takes many forms: electronic or non-electronic
(verbal, written, etc) Electronic media stored on-site or off-site When media is recycled or retired, no residual data
should be available to the new subject Ways destroying and clearing data on magnetic
storage By completely overwriting the magnetic storage Destroying the media physically so it can no longer be used de-Gauss
Some of the best practices for media management are
Marking Labeling Declassifying and destroying etc
5
Misuse prevention Controls preventing technological misuse
Personal use Acceptable use policy Internet usage policy Workstation control
Content Filtering internally and externally Web filtering Email Flirting Messenger Filtering Content filtering
Media Theft Fraud Prevention and detection Using sniffers on clear text traffic
6
Data & information backup Records are managed through the whole
life cycle from the moment it is stored until it is destroyed
Continuity of operation ensures critical business operations continue after disaster or failure
Continuous backups and frequent testing needed for Data and reports Applications and Transactions Operating systems and Configurations
7
RAID
RAID stands for Redundant Array of Independent Disks
Raid is for Backup and performance, can be implemented by hardware or software
RAID levels RAID level 0
Data is distributed across drives (strips) Strips: (blocks, sectors, …)
High performance Data transfer capacity, I/O request rate
No support for redundancy
8
RAID (Continued) RAID level 1
Duplicate all data strips on a second drive Access either drive (whichever is free), high
performance for reads - Must update both drives on a write
Recovery is simple Duplication increases cost considerably
RAID Level 2 Redundancy with error correction codes such as
Hamming Code with multiple bits per word Single access involves all drives Requires 39 disks.
RAID Level 3 Redundancy with error correction codes , byte-level
stripping Parity bit (1 bit per word)
Single access involves all drives 9
RAID (Continued) RAID Level 4
Data striped as in RAID 0 and 1 Large strips
Parity is calculated across blocks All parity stored on one disk
Write requires update of all parity bits Uses block-level stripping
RAID Level 5 Similar to RAID level 4 Parity is calculated across blocks
Parity is distributed across all disks Write requires update of all parity bits Uses block-level stripping
10
RAID (Continued) + RAIT RAID Level 6
Extents RAID 5 by adding an additional parity block It uses block-level striping with two parity blocks distributed across
all member disks RAID 0+1
Used for both mirroring and stripping Advantages
Implemented as a mirrored array Has the same fault tolerance as RAID 5 High I/O rates
Disadvantages Single failure will cause the whole array to become in essence
a RAID level 0 array Very expensive and yields a high overhead It has limited scalability
RAID 10 Known as RAID 1+0 which has high reliability and performance
RAIT Stands for redundant Array of Independent Tapes Level 1 RAIT Uses tapes instead of disks and provides real-
time mirroring11
Hot spares & Other backups
Unused backup disk installed in the array that remains in standby mode
When an array disk fails it is activated to replace the failed array disk
Types of host spare Global hot spare Dedicated hot spare
There are several other backup types, some are
Data mirroring File imaging Electronic vaulting Database shadowing etc
12
Fault tolerance and failover
Fault tolerance is required when a hardware failure is present what usually happens is The system knows that a failure has occurred
and the system has to take some sort of an action
Examples include RAID Cluster servers Failover firewalls Multiple Data centers Load balancing and alterative paths for traffic, etc
13
Trusted Recovery
One of the areas of operational assurance Makes sure systems are still in a secure
state after a failure happens Types include
Normal system reboot Emergency restart Cold start
Fail secure ensures that if a system fails it should in a secure manner.
14
Incident handling & response Incident handling is responsible to log,
analyze and track incidents therefore it is also considered the first line of
defense escalation procedures also have to be in place
An Incident response team needs to be in place To handle all notification Respond efficiently
15
Contingency Plans
Used by an organization or business unit to respond to a specific system failure or disruption
Some contingency plans which should be considered are Failures Denial of service Production delays etc
16
Change control Is the process of developing a planned
approach to controlling changes in an environment
They should be reviewed for potential security impact and process of ownership of changes
There should also be a change control committee which ensures the following Properly tested before deployment Authorized by the prospective business unit Scheduled for a specific date and time Communicated with the other business units Documented 17
Change Control (Continued)
Procedure Request Impact Assessment Approval Build/Test Implement monitor
18
Configuration Management Includes the control of all changes that are
made Hardware
Hardware Inventory Hardware Configuration chart
Software Operation files protection
Backups Source code Object code etc
Firmware Documentation
Format Copies 19
Patch Management
Patch Management goes through a cycle By identifying a patch Testing the patch to see if it has any side
affects Complete rollout to systems
20
Privileges Operator Privileges
Selecting and loading input and output Observing operational equipment Initializing computer operations, etc
Administrator Privileges Running technically advanced information systems Server Startup and shutdown Performing backups of data Answering technical queries, etc
Security Administrator privileges Monitors the system and reports security problems Vulnerability assessments Setting passwords, etc
21
Control over privileged entities
Personnel with privileged access pose a higher level of risk to an organization
Important to have adequate controls in place to prevent either intentional or accidental breaches of the security of the organization Review of access rights Supervision Monitoring
22
References ISC2 CBK Material ISC2 Official CISSP Exam Guide
23