dr. bhavani thuraisingham the university of texas at dallas (utd) june 2015 operations security
TRANSCRIPT
Dr. Bhavani ThuraisinghamThe University of Texas at Dallas (UTD)
June 2015
Operations Security
Domain Objectives• Protection and Control of Data Processing Resources
– Media Management– Backups and Recovery– Change Control
• Privileged Entity Control
Control Categories• Preventive• Detective• Corrective• Deterrent• Recovery• Directive• Compensating
Application-related Controls• Transaction• Input• Processing• Output• Test• Supervision / balancing• Job-flow• Logging• Licensing
Operations Security Focus Areas• Auditors• Support staff• Vendors• Security• Programmers• Operators• Engineers• Administrators
Domain Agenda• Resource Protection• Continuity of Operations• Change Control Management• Privileged Entity Control
Facility Support Systems• The support systems in centralized and decentralized operation
centers must be protected– Hardware– Software– Storage media– Cabling– Physical security
Facility Support Systems (cont.)• Fire protection• HVAC• Electrical power goals
Facility Support Systems (cont.)• Water• Communications• Alarm systems
Media Management• Storage• Encryption• Retrieval• Disposal
Object Reuse• Securely reassigned• Disclosure• Contamination• Recoverability
Clearing of Magnetic Media• Overwriting• Degaussing• Physical destruction
Media Management Practices• Sensitive Media Controls
– Destroying– Marking– Labeling– Handling– Storing– Declassifying
Misuse Prevention
Threats Countermeasures
Personal use Acceptable use policy, workstation controls, web content filtering, email filtering
Theft of media Appropriate media controls
Fraud Balancing of input/output reports, separation of duties, verification of information
Sniffers Encryption
Records Management• Consideration for records management program development• Guidelines for developing a records management program• Records retention
Domain Agenda• Resource Protection• Continuity of Operations• Change Control Management• Privileged Entity Control
Adequate Software & Data Backup• Operations controls ensure adequate backups of:
– Data– Operating systems– Applications– Transactions– Configurations– Reports
• Backups must be tested• Alternate site recovery plan
Fault Tolerance• Hardware failure is planned for• System recognizes a failure• Automatic corrective action• Standby systems
– Cold – configured, not on, lost connections– Warm – On, some lost data or transactions (TRX)– Hot – ready – failover
RAID – Redundant Array of Independent Discs
• Hardware-based• Software-based• Hot spare
RAID Level 0• Two or more disks• No redundancy• Performance only
RAID Level 1• Exact copy (or mirror)• Two or more disks• Fault tolerant• 200% cost
RAID Level 2• Striping of data with error correcting codes (ECC)• Requires more disks than RAID 3/4/5• Not used, not commercially viable
RAID Level 3• Byte level stripes• 1 drive for parity• All other drives are for data
RAID Level 4• Block level stripes• 1 drive for parity• All other drives are for data
RAID Level 5• Block level stripes• Data and parity interleaved amongst all drives• The most popular RAID implementation
RAID Level 6• Block level stripes• All drives used for data AND parity• 2 parity types• Higher cost• More fault tolerant than RAID implementations 2 - 5
RAID Level 0+1• Mirroring and striping• Higher cost• Higher speed
RAID Level 10• Mirroring and striping• Higher cost• Higher speed
Redundant Array of Independent Taps (RAIT)
• Using tapes not disk• Rea-time mirroring
Hot Spares• Waiting for disaster• Global• Dedicated
Backup Types• File image• System image• Data mirroring• Electronic vaulting• Remote journaling• Database shadowing• Redundant servers• Standby services
System Recovery – Trusted Recovery• Correct implementation• Failures don’t compromise a system’s secure operation
Types of Trusted Recovery• System reboot• Emergency system restart• System cold start
Fail Secure• Cause little or no harm to personnel• System remains secure
Operational Incident Handling• First line of defense• Logging, tracking and analysis of incidents• Escalation and notification
Incident Response TeamBenefits
• Protection of assets• Profitability• Regulations• Avoiding downstream
damage• Limit exposure
Priorities• Life safety• Labeled data• Communication• Reduce disruption
Contingency Plans• Business continuity plans and procedures
– Power failure– System failure– Denial of service– Intrusions– Tampering– Communication– Production delay– I/O errors
Domain Agenda• Resource Protection• Continuity of Operations• Change Control Management• Privileged Entity Control
Change Control Management• Business and technology balance• Defines
– Process of changes– Ownership of changes
• Changes are reviewed for impact on security
Change Control Committee Responsibilities
Management• Business impact• Regulations• Risk management• Approval• Accreditation
Technical• Request process• Functional impact• Access control• Testing• Rollback• Certification
Change Control Procedures• Request• Impact assessment• Approval• Build/test• Implement• Monitor
Configuration Management Elements• Hardware inventory• Hardware configuration chart• Software• Firmware• Documentation requirements• Testing
Patch Management• Knowledge of patches• Testing• Deployment• Zero-day challenges
Protection of Operational Files• Library Maintenance
– Backups– Source code– Object code– Configuration files
• Librarian
Domain Agenda• Resource Protection• Continuity of Operations• Change Control Management• Privileged Entity Control
Operator Privileges• Data input and output• Data maintenance• Labeling• Inventory
Administrator Privileges• Systems administrators• Network administrators• Audit highly-privileged accounts
Security Administrator Privileges• Security administration include:
– Policy• Development• Implementation• Maintenance and compliance
– Vulnerability assessments– Incident response
Control Over Privileged Entities• Review of access rights• Supervision• Monitoring/audit
Domain Summary• Resource Protection• Continuity of Operations• Change Control Management• Privileged Entity Control