Information Systems Security Operations Security Domain #9

Operations Security Objectives  Operations Responsibility & Personnel  Configuration Management  Media Access Protection  System Recovery  Facsimile Security  Vulnerability and Penetration Testing  Attack Types

Computer Operations  Fixing Hardware and software issues  Media Libraries  Controlling Remote Access  Contingency Planning  Incident Handling  Licensing Issues  Input Controls  Backup and Recovery

Threats to Operations  Disclosure  Destruction  Loss of system and network capabilities  Corruption and Modification  Theft  Espionage  Hackers/Crackers  Malicious Code

Issues  Backup Maintenance  Change workstation/location –Used to improve security  Need to Know Required  Least Privilege Principle Enforced  Due Care  Due Diligence –U.S. Federal Sentencing Guidelines of 1991  Up to 290M for non-performance

Security Control Types  Directive control –Used to guide the security implementation  Preventive control –Can deter or mitigate undesirable actions  Detective control –Verifies whether a control has been successful  Corrective control –Used to reverse the effects of an unwanted activity

Examples  Directive – policies, standards, laws  Preventive – firewalls, authentication, access controls, antivirus software  Detective – audit trails, logs, CCTV, CRC  Corrective – incident handling, fire extingiuishers

Vulnerability Testing  Things to agree upon –Goals of the assessment –Written agreement from management –Explaining testing ramifications –Understand results are just a ‘snapshot’

Steps in Testing  Reconnaissance –Obtain info either passively or actively  Sniffing, eavesdropping, ARIN, Whois, etc.  Scanning –ID systems that are running and active services  Ping sweeps and port scans  Gaining Access –Exploiting vulnerabilities to gain access  Buffer overflow, brute force

More Steps  Maintaining Access –Uploading software to ensure reentry  Trojan Horse, backdoor  Covering Tracks –Hide one’s malicious activities  Delete system and application logs

Honeypots  Usually placed in DMZ –Should not be connected to internal network  Sacrificial lamb system  Goal is that hackers will attack this system instead of production system  Leaves many ports open and services running to be more ‘enticing’

Sensitive Media Handling  Marking  Handling  Storing  Destruction  Declassification

Continuity of Operations  Fault Tolerance –Software –Hardware  Data Protection –RAID 0, 1, 5, 10  Redundant Communications –Phone, Broadband, Wireless, Satellite  Redundant Power Supplies

Auditing  Auditing Basics –Logs, monitors, and triggers  Accountability, Compliance  Audit trails  Sampling and clipping levels  External auditors

Monitoring Tools  Warning banners  Keystroke monitoring  Traffic analysis  CCTV

More Terms  Ethical Hacking  War dialing  Radiation monitoring  Dumpster diving  Social engineering

Physical Security  Facility Location and construction  Electrical Issues  Perimeter Protection  Physical Intrusion Detection  Fire Prevention

Threats  Physical Damage  Theft of Assets  Interruption of Service  Disclosure of Proprietary Information  Natural Disaster  Vandalism  Terrorism

Administration Controls  Facility construction  Site management  Personnel controls  Emergency procedures  Awareness training

Technical Controls  Access controls  Alarms  CCTV/Monitors  HVAC  Power Supplies  Fire detection and suppression