Information Systems Security Operations Security Domain #9
Operations Security Objectives Operations Responsibility & Personnel Configuration Management Media Access Protection System Recovery Facsimile Security Vulnerability and Penetration Testing Attack Types
Computer Operations Fixing Hardware and software issues Media Libraries Controlling Remote Access Contingency Planning Incident Handling Licensing Issues Input Controls Backup and Recovery
Threats to Operations Disclosure Destruction Loss of system and network capabilities Corruption and Modification Theft Espionage Hackers/Crackers Malicious Code
Issues Backup Maintenance Change workstation/location –Used to improve security Need to Know Required Least Privilege Principle Enforced Due Care Due Diligence –U.S. Federal Sentencing Guidelines of 1991 Up to 290M for non-performance
Security Control Types Directive control –Used to guide the security implementation Preventive control –Can deter or mitigate undesirable actions Detective control –Verifies whether a control has been successful Corrective control –Used to reverse the effects of an unwanted activity
Examples Directive – policies, standards, laws Preventive – firewalls, authentication, access controls, antivirus software Detective – audit trails, logs, CCTV, CRC Corrective – incident handling, fire extingiuishers
Vulnerability Testing Things to agree upon –Goals of the assessment –Written agreement from management –Explaining testing ramifications –Understand results are just a ‘snapshot’
Steps in Testing Reconnaissance –Obtain info either passively or actively Sniffing, eavesdropping, ARIN, Whois, etc. Scanning –ID systems that are running and active services Ping sweeps and port scans Gaining Access –Exploiting vulnerabilities to gain access Buffer overflow, brute force
More Steps Maintaining Access –Uploading software to ensure reentry Trojan Horse, backdoor Covering Tracks –Hide one’s malicious activities Delete system and application logs
Honeypots Usually placed in DMZ –Should not be connected to internal network Sacrificial lamb system Goal is that hackers will attack this system instead of production system Leaves many ports open and services running to be more ‘enticing’
Sensitive Media Handling Marking Handling Storing Destruction Declassification
Continuity of Operations Fault Tolerance –Software –Hardware Data Protection –RAID 0, 1, 5, 10 Redundant Communications –Phone, Broadband, Wireless, Satellite Redundant Power Supplies
Auditing Auditing Basics –Logs, monitors, and triggers Accountability, Compliance Audit trails Sampling and clipping levels External auditors
Monitoring Tools Warning banners Keystroke monitoring Traffic analysis CCTV
More Terms Ethical Hacking War dialing Radiation monitoring Dumpster diving Social engineering
Physical Security Facility Location and construction Electrical Issues Perimeter Protection Physical Intrusion Detection Fire Prevention
Threats Physical Damage Theft of Assets Interruption of Service Disclosure of Proprietary Information Natural Disaster Vandalism Terrorism
Administration Controls Facility construction Site management Personnel controls Emergency procedures Awareness training
Technical Controls Access controls Alarms CCTV/Monitors HVAC Power Supplies Fire detection and suppression