Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Beyond Standards. Standards ISFO Manual Threats Case Study Future 2 Beyond Standards.

Published bySky Mosley Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Beyond Standards. Standards ISFO Manual Threats Case Study Future 2 Beyond Standards."— Presentation transcript:

1 1 Beyond Standards

2 Standards ISFO Manual Threats Case Study Future 2 Beyond Standards

3 3 Audit Policy Event Logs Configuration User rights Security options Network, Firewall, Port protocol Others Baseline Standards

4 4 Audit Policy  Basic Audit versus Advanced Audit Poli c y Event Logs  Retain old events and Automatically backup log when full Baseline Standards

5 5 User Rights  Add workstations to domain  Synchronize directory service data Bypass traverse checking Baseline Standards

6 6 User Rights  Impersonate a client after authentication Devices: Allow undock without having to log on Baseline Standards

7 7 Security Options  Domain controller: Refuse machine account password changes Domain controller: Allow server operators to schedule tasks Baseline Standards

8 8 Networking  Internet Communication Events.asp Links Turn Off Handwriting Personalization Data Sharing  Power Options Require a Password When a Computer Wakes Network Connections Route all traffic through internal network Baseline Standards

9 9 Networking  NTP server : Configure Windows NTP client localtimeserver Type Set to NT5D5. ( Set to NT5DS if the system is not PDC)  TCPIP Settings\IPv6 Transition Technologies IPHTTPS Url Firewall Display Notification ( Set to Yes) Firewall log file ( currently set to %windir%.log) Set to Baseline Standards

10 10 Networking  Firewall IPv6 Block of UDP 3544  Remote Desktop Services Do not use temporary folders per session should be associated with Remote Desktop Session Host\Temporary folders.  Search Setting Search-Allow indexing of encrypted files Search-Enable indexing uncached Exchange folders Baseline Standards

11 11 Services  Remote Desk Services Crashes on refresh of GPO  Remote Desktop Help Session Manager ( ignored on windows 7 and windows 2008)  SNMP Trap Service is SNMP Trap  Simple Service Discovery Protocol Discovery Service is SSDP Discovery ( needed for plug and play)  World Wide Web Publishing Services is World Wide Web Publishing Service Baseline Standards

12 12 Virtualization  Allow log on through Remote Desktop Services  Deny log on through Remote Desktop Services Set to Everyone ( should be Guests)  Virtual OS Baseline Standards

13 13 Security Relevant Objects  SROs for NT5 (XP, 2003) but not used by NT6 (7,2008)  c:\windows\system32\kdcsvc.dll  c:\windows\system32\msgina.dll  c:\windows\system32\ntbackup.exe  c:\windows\system32\ntdsa.dll  c:\windows\system32\ntdsatq.dll  c:\windows\system32\regedit.exe  c:\windows\system32\rshx32.exe  c:\windows\syswow64\rshx32.exe  c:\windows\syswow64\spool\printers Baseline Standards

14 14 Others Difference in baseline between NT5 and NT6  NT5 Audit: Shut down system immediately is. Enabled.  NT6 Audit: Shut down system immediately is Undefined.  NT5 Restrict CD-ROM access to locally logged-on user only is Enabled.  NT6 Restrict CD-ROM access to locally logged-on user only is Disabled. Baseline Standards

15 15 Others Difference in baseline between NT5 and NT6  NT5 Interactive logon: Number of previous logons to cache is 0 NT6 Interactive logon: Number of previous logons to cache is 2 logons or less  NT5 Shutdown: Clear virtual memory page file is Enabled  NT6 Shutdown: Clear virtual memory page file is Disabled NT6 Every Administrative actions required authentication Baseline Standards

16 16 ODAA Process Manual v3.2, November 15, 2013 Summary of Changes ODAA Process Manual

17 17 ODAA Process Manual Aligned under National Institute of Standards and Technology (NIST) 800- 53Controls

18 18 ODAA Process Manual C&A Documentation Process Divided into Three Categories Management Controls, 3.0 Operational Controls, 4.0 Technical Controls, 6.0

19 19 ODAA Process Manual NIST 800-53 Control Mapping 10.0 (page 86)

20 20 ODAA Process Manual Publication date: November 15, 2013 Effective date: May 15, 2014

21 21 ODAA Process Manual Removable Media Restrictions 4.7.2 (p. 51) Write ability will be restricted to people designated and briefed by ISSM. The default will be to disable write ability for all forms of removable media.

22 22 ODAA Process Manual SIPRNet Section 9.0 (pp. 81-84) Command Cyber Readiness Inspections (CCRI) NISP SIPRNet Circuit Acquisition Process

23 23 ODAA Process Manual Defense Industrial Base Cyber Security Accreditation Process (DIBNet) 9.2 Use to report cyber security incidents

24 24 ODAA Process Manual Self-Certification Requirements (p.32) Introduction to NISP C&A Process NISP C&A Process: A Walk-Through Technical Implementation of C&A

25 25 ODAA Process Manual Logon Banner (pp 68-70) NISPOM compliant systems (p. 69) DoD Warning Banner for SIPRNet (p. 70)

26 26 ODAA Process Manual Other Items: But nothing really new

27 27 ODAA Process Manual Examples of reasons to deny an IATO: Missing or incomplete UID ISSM did not sign the IS Security Package Statement Missing H/W List – S/W List – Configuration Diagram Physical security not adequately explained

28 28 ODAA Process Manual Examples of reasons to deny an IATO: No signed DSS Form 147 – for Closed Area No Certification Test Guide Results provided Missing letter from GCA if variances are needed Identification and authentication not fully addressed

29 29 ODAA Process Manual Periods Processing 3.2.10.2 (p. 19) Clearing can be used to overwrite HD for reuse at same or higher level. Not for TS

30 30 ODAA Process Manual Sanitizing 4.4.2 (pp 41-43) Spills can be cleaned up by overwriting Get GCA approval prior to or after incident If GCA does not respond after 30 days assume approved GCA may require destruction

31 31 ODAA Process Manual Incident Response Plan 4.5.2 The contractor shall develop an incident response plan. Distribute copies of the incident response plan to appropriate incident response personnel. The incident response plan shall be reviewed and revised when appropriate to ensure accuracy.

32 32 ODAA Process Manual Classified Spill Cleanup Procedures 4.5.3 Coordination with sender / receiver / data owner Wiping Utility Instructions 4.5.4 (p. 45) Reporting (NISPOM 1-303)

33 33 ODAA Process Manual Trusted Download 4.7.4 Alternate Trusted Download procedures need letterhead memo signed by data owner or GCA. (p. 53)

34 34 ODAA Process Manual Weekly Audits 6.7.1 (p.71-72) Audits need to be done at least weekly “At least weekly” means once per calendar week

35 35 Threat Cyber Threat Insider Threat

36 36 Threat Insider Any person with authorized access to any United States Government resource to include personnel, facilities, information, equipment, networks, or systems. Insider Threat: The threat that an insider will use his/her authorized access, wittingly or unwittingly, to do harm to the security of the United States. This threat can include damage to the United States through espionage, terrorism, unauthorized disclosure of national security information, or through the loss or degradation of resources or capabilities.

37 37 Insider Threat mitigation has become an urgent requirement for DoD agencies Presidential Memorandum and Executive Order (EO) 13587 –Created steering committee –Executive Agent for Safeguarding Classified Info on Networks –National Insider Threat Task Force Produce national policy, standards Provide assistance and assessments to departments/agencies EO 10450, Security Requirements for Government Employment Authority to investigate any information that comes to its attention that indicates retaining any officer or employee of the agency may not be consistent with national security interests Provides authority to conduct inquires both prior to an actual hiring and after an individual has been hired by the agency “In the wake of an unprecedented document dump that is straining U.S. diplomatic relations in some corners of the world, the administration ordered agencies last month to ensure that unauthorized employees do not get access to sensitive or classified information.” UNCLASSIFIED//FOUO

38 38 Threat (not all-inclusive) Excessive and abnormal intranet browsing, beyond the individual's duties and responsibilities, of internal file servers or other networked system contents Attempts to obtain classified or sensitive information by an individual not authorized to receive such information Unauthorized copying, printing, faxing, e-mailing, or transmitting classified material Contact with an individual who is known or suspected of being associated with a foreign intelligence or security organization Hacking or cracking activities, social engineering, electronic elicitation, e-mail spoofing or spear phishing

39 39 Case Study What would you do?

40 40 Questions ? Contact DSS….

Download ppt "1 Beyond Standards. Standards ISFO Manual Threats Case Study Future 2 Beyond Standards."

Similar presentations

Auditing Microsoft Active Directory

Auditing Microsoft Active Directory
Chapter Five Users, Groups, Profiles, and Policies.

Chapter Five Users, Groups, Profiles, and Policies.
Managing a “Data Spill” Corrie Velez Technical Security Orlando, Florida March 14, 2012.

Managing a “Data Spill” Corrie Velez Technical Security Orlando, Florida March 14, 2012.
What’s the path to a SSP? Information System Profile Contractor: Lockheed Martin, Missiles and Fire Control Address: 1701 W. Marshall Dr. Grand Prairie,

What’s the path to a SSP? Information System Profile Contractor: Lockheed Martin, Missiles and Fire Control Address: 1701 W. Marshall Dr. Grand Prairie,
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
ISFO – ODAA Defense Security Service Industrial Security Field Operations (ISFO) Office of the Designated Approving Authority (ODAA) Nov 2013 1 Nov 2013.

ISFO – ODAA Defense Security Service Industrial Security Field Operations (ISFO) Office of the Designated Approving Authority (ODAA) Nov Nov 2013.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
Lesson 17: Configuring Security Policies

Lesson 17: Configuring Security Policies
Industrial Security Field Operations (ISFO) Office of the Designated Approving Authority (ODAA) August 2010.

Industrial Security Field Operations (ISFO) Office of the Designated Approving Authority (ODAA) August 2010.
1 For System Administrators INFORMATION INFORMATION SYSTEM SECURITY INFORMATION INFORMATION SYSTEM SECURITY.

1 For System Administrators INFORMATION INFORMATION SYSTEM SECURITY INFORMATION INFORMATION SYSTEM SECURITY.
MCDST 70-271: Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 6: Configure and Troubleshoot Local User and Group Accounts.

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 6: Configure and Troubleshoot Local User and Group Accounts.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 8: Implementing and Managing Printers.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 8: Implementing and Managing Printers.
Lesson 19: Configuring Windows Firewall

Lesson 19: Configuring Windows Firewall
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 8: Implementing and Managing Printers.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 8: Implementing and Managing Printers.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 8: Implementing and Managing Printers.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 8: Implementing and Managing Printers.
MCDST 70-271: Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 15: Internet Explorer and Remote Connectivity Tools.

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 15: Internet Explorer and Remote Connectivity Tools.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.
Corso referenti S.I.R.A. – Modulo 2 Local Security 20/11 – 27/11 – 05/12 11/12 – 13/12 (gruppo 1) 12/12 – 15/12 (gruppo 2) Cristiano Gentili, Massimiliano.

Corso referenti S.I.R.A. – Modulo 2 Local Security 20/11 – 27/11 – 05/12 11/12 – 13/12 (gruppo 1) 12/12 – 15/12 (gruppo 2) Cristiano Gentili, Massimiliano.

Similar presentations

Ads by Google