1 / 55

Introduction

Introduction. Topic: Operations Security Approach - General security principles The Problem The Control. General Security Principles. Accountability Authorization Logging Separation of duties Least privilege Risk reduction Layered defense Redundancy. Critical Operational Controls.

benjamin
Download Presentation

Introduction

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Introduction • Topic: Operations Security • Approach - General security principles • The Problem • The Control Operations Security

  2. General Security Principles • Accountability • Authorization • Logging • Separation of duties • Least privilege • Risk reduction • Layered defense • Redundancy Operations Security

  3. Critical Operational Controls • Resource protection • Privileged-entity control • Hardware control Operations Security

  4. The Problem • Powerful system utilities • Powerful system commands • Superzapping - system utility or application that bypasses all access controls and audit/logging functions to make updates to code or data • Direct control over hardware and software • Direct control over all files • Direct control over printers and output queues • Powerful Input/Output commands • Direct access to servers • Initial program load from console Operations Security

  5. The Problem • Initial program load - IPL from tape • Control over job schedule and execution • Control over all storage media • Bypass label processing • Re-labeling resources • Resetting date/time, passwords • Control of access ports/lines • Erroneous transactions (fraud) • Altering proper transactions • Adding improper transactions • Denial of service/Delays in operation • Personal use, Disclosure • Audit trail/log corruption/modification Operations Security

  6. Protected Resources • Password files • Application program libraries • Source code • Vendor software • Operating System • Libraries • Utilities • Directories • Address Tables • Proprietary packages • Communications HW/SW • Main storage • Disk & tape storage Operations Security

  7. Protected Resources (2) • Processing equipment • Stand-alone computers • Printers • Sensitive/Critical data • Files • Programs • System utilities • System logs/audit trails • Violation reports • Backup files • Sensitive forms • Printouts • People Operations Security

  8. The Control • Accountability - • Personnel reviews - Background checks Operations Security

  9. The Control • Accountability - • Personnel reviews - Background checks • Password management • Personal • System • Maintenance • Trap door - system or application password included for ease of vendor maintenance Operations Security

  10. The Control • Accountability - • Personnel reviews - Background checks • Password management • Logging of all activities • Protected/duplicated log Operations Security

  11. The Control • Accountability - • Problem reporting and change procedures • Reports, tracks, resolves problems affecting service • Reduce failures • Prevent recurrence • Reduce impact • Types - Performance/availability • Hardware/software • Environment • Procedures/Operations • Network • Safety/security Operations Security

  12. The Control • Accountability - • Problem reporting and change procedures • Violation analysis • Repetitive mistakes • Exceeding authority • Unrestricted access • Where? • Patterns - hackers, disgruntled employees • Clipping level - baseline violation count to establish normal violation levels Operations Security

  13. The Control • Least Privilege • Granular access control over system commands • Individual access permissions • Hardware/Software elements & procedures to enable authorized access and prevent unauthorized access Operations Security

  14. The Control • Personnel reviews - Background checks • Password management • Logging of all activities • Problem reporting and change procedures • Granular access control over system commands • Individual access permissions • Periodic review of access needed/granted • Separation of Duties • All changes require approval Operations Security

  15. The Control • Separation of Duties • All changes require approval • Operational staff should not code or approve changes • Operating system OR Applications OR Job controls Operations Security

  16. The Control • Separation of Duties • All changes require approval • Operational staff should not code or approve changes • Operational staff should not perform security duties • Security administration • Network administration • Application administration Operations Security

  17. The Control • Personnel reviews - Background checks • Password management • Logging of all activities • Problem reporting and change procedures • Granular access control over system commands • Individual access permissions • Periodic review of access needed/granted • Separation of Duties • All changes require approval • Operational staff should not code or approve changes • Operational staff should not perform security duties • Operations staff should not do data entry • Transaction logging with date/time/person • Control counts Operations Security

  18. The Control • Responsibilities in Operations should be divided • Help desk • Job rotation Operations Security

  19. Separation of Duties - Operator • Installing system software • Start up/Shut down • Backup/recovery • Mounting disks/tapes • Handling hardware • Adding/removing users (?) Operations Security

  20. Separation of Duties - Security • User activities • Adding/removing users (?) • Setting clearances • Setting passwords • Setting other security characteristics • Changing profiles • Setting file sensitivity labels • Setting security characteristics of devices, communications channels • Reviewing audit data Operations Security

  21. The Control • Personnel reviews - Background checks • Password management • Logging of all activities • Problem reporting and change procedures • Granular access control over system commands • Individual access permissions • Periodic review of access needed/granted • All changes require approval • Operational staff should not code or approve changes • Operational staff should not perform security duties • Operations staff should not do data entry • Responsibilities in Operations should be divided • Layered Defense • Emergency procedures requiring approval Operations Security

  22. The Control • Personnel reviews - Background checks • Password management • Logging of all activities • Problem reporting and change procedures • Granular access control over system commands • Individual access permissions • Periodic review of access needed/granted • All changes require approval • Operational staff should not code or approve changes • Operational staff should not perform security duties • Operations staff should not do data entry • Responsibilities in Operations should be divided • Emergency procedures requiring approval • Read vs Read/Write access Operations Security

  23. The Control • Personnel reviews - Background checks • Password management • Logging of all activities • Problem reporting and change procedures • Granular access control over system commands • Individual access permissions • Periodic review of access needed/granted • All changes require approval • Operational staff should not code or approve changes • Operational staff should not perform security duties • Operations staff should not do data entry • Responsibilities in Operations should be divided • Emergency procedures requiring approval • Training - Equipment/system documentation, procedures Operations Security

  24. The Problem • Physical access to the computer room and devices there • IS programmers • Cleaning/maintenance • Vendor support • Contract/Temp staff • Memory content modification • Microcode changes • Device shutdown • Shoulder surfing over Operator’s shoulder • Physical access to printouts - rerouting • Access to print queues • Access to printers Operations Security

  25. The Control • Authentication & Least Privilege • Authorization for access to the facility • Closed shop - physical access controls limiting access to authorized personnel • Operations security - controls over resources - HW, media & operators with access • Operations terminals • Servers/routers/modems/circuit rooms • Sniffer - device that attaches to the network and captures network traffic • Magnetic media Operations Security

  26. The Control • Authentication & Least Privilege • Authorization for access to the facility • Enforced control of access to the facility • Security perimeter - boundary where security controls protect assets • System high security - system and all peripherals are protected at level of highest security classification of any information housed by the system • Tempest - reception of electromagnetic emanations which can be analyzed to disclose sensitive or protected information Operations Security

  27. The Control • Authentication & Least Privilege • Authorization for access to the facility • Enforced control of access to the facility • Physical oversight of operator console • Supervision of personnel - Realtime and Non-realtime • Morale evaluation • Operating logs • Inventory • Change control procedures • Incident reporting • System/audit logs • Audits/security reviews • Job rotation Operations Security

  28. The Control • Authorization for access to the facility • Enforced control of access to the facility • Physical oversight of operator console • Separation of Duties & Layered Defense • Protection of printouts • Heading/Trailing banners with recipient name and location • Print “No Output” when report is empty Operations Security

  29. The Control • Authorization for access to the facility • Enforced control of access to the facility • Physical oversight of operator console • Separation of Duties & Layered Defense • Protection of printouts • Positive identification and logging of printouts • Sign for receipt of sensitive printouts Operations Security

  30. The Control • Authorization for access to the facility • Enforced control of access to the facility • Physical oversight of operator console • Separation of Duties & Layered Defense • Protection of printouts • Positive identification and logging of printouts • Protection of print queues Operations Security

  31. The Control • Authorization for access to the facility • Enforced control of access to the facility • Physical oversight of operator console • Separation of Duties & Layered Defense • Protection of printouts • Positive identification and logging of printouts • Protection of print queues • Audit of facility and processes • audit logs • logons • operating system calls/utilities • system connectivity Operations Security

  32. The Problem • Inability to recover from failures • Legal liabilities Operations Security

  33. The Control • Redundancy • Regular backups of all software and files Operations Security

  34. The Control • Regular backups of all software and files • Hardware Asset Management • Hardware configuration • Hardware inventory • Fault tolerant equipment - design reliability • Configuration • Secure disposal • Cleaning/Sanitizing • Overwriting • Destructive delete • Degaussing • Destruction • Environmental protection Operations Security

  35. Environmental Contamination • Buildup of conductive particles, contaminants • Circuit boards, microswitches, sensors • Spontaneous combustion • National Fire Protection - US computer room fire every 10 min • 80% unknown causes (HW) • Causes equipment failure • Mass storage devices • Pass through disk drive filters • Read/write errors, disk crashes • Government/contractor installations • Max 100K parts per million in cubic foot of air • Data center particulates <= 0.5 microns (19.69 microinches) Operations Security

  36. Environmental Contamination • Contaminants - Max 20 m-inches • Hair - 3,000 m-inches • Dust - 1,500 m-inches • Fingerprint - 600 m-inches • Smoke - 250 m-inches • 2314 head flying height - 100 m-inches • 2300 head flying height - 50 m-inches • Metallics (vacuum cleaner brushes, printers, floors) • Carbonaceous (autos, tobacco, toner, paper, burn) • Synthetic (clothing, carpet) • Cement/crystalline (subfloor, cleaning fluids, air purifiers) Operations Security

  37. Environmental Detection • White glove samples examined with microscope • Identification, no concentrations • Petri dish samples examined with microscope • Identification, no concentrations • Aspirating pump collection examined with microscope • Identification, some concentration data • Particulate counter and collection bag • Contaminant typing, some concentration data • Vicon detector with filtering media and micro exam • Accurate typing and concentration with multiple samples Operations Security

  38. Environmental Controls • Cost justification • Analyze with Vicon & maintain error logs • Control program • Separate equipment • Activity restrictions • Brushless vacuums with micron ratings <= 1 micron or wall mounted vacuum outside • No ion-generating purifiers, conditioners, heaters • Tile quality of floors • Top-line filtration • Train maintenance staff Operations Security

  39. The Control • Regular backups of all software and files • Hardware configuration and inventory • Fault tolerant equipment • Secure disposal • Software Asset Management • Operating/Backup software inventory • Backups • Generations • Off-site • Environmental control • Controlled & authorized access to backups • COTS Computer Off-the-Shelf Products • Maintenance accounts/passwords Operations Security

  40. The Control • Regular backups of all software and files • Hardware configuration and inventory • Fault tolerant equipment • Operating and backup software inventory • Off-site storage of backups • Environmental and access control of backup storage • Trusted recovery procedures • Ensure security not breached during system crash and recovery • Requires backup • Reboot (Crash or power failure) • Recover file systems (Missing resource) • Restore files and databases (Inconsistent database) • Check security files (System compromise) Operations Security

  41. Trusted System Operations • Trusted computer base - HW/FW/SW protected by appropriate mechanisms at appropriate level of sensitivity/security to enforce security policy • Trusted facility management - supports separate operator and administrator roles (B2) • Clearly identify security admin functions • Definition - Integrity • formal declaration or certification of a product Operations Security

  42. Definitions • Acceptance • Verification that performance & security requirements have been met • Accreditation • Formal acceptance of security adequacy, authorization for operation and acceptance of existing risk (QC) • Certification • Formal testing of security safeguards • Operational assurance • Verification that a system is operating according to its security requirements • Design & Development reviews • Formal modeling • Security architecture • ISO 9000 quality techniques • Assurance • Degree of confidence that the implemented security measures work as intended Operations Security

  43. The Control • Regular backups of all software and files • Hardware configuration and inventory • Fault tolerant equipment • Operating and backup software inventory • Off-site storage of backups • Environmental and access control of backup storage • Trusted reboot procedures • Contingency Management • Tested procedures to be taken before, during and after a threatening incident • Continuity of operations - maintenance of essential DP services after incident • Recovery procedure - actions to restore DP capability after incident Operations Security

  44. Emergency Procedures • Communications channel for evacuation signal • Procedures to secure tapes, programs, … • Evacuation routes/wardens • Transportation routes for transporting employees • Medical assistance • Requesting police/fire assistance • Storing backup files off-site • Activating backup Operations Security

  45. Configuration Management • Controlling modifications to system HW/FW/ SW/Documentation • Ensure integrity and limiting non-approved changes • Baseline controls • policies • standards • procedures • responsibilities • requirements • impact assessments • software level maintenance Operations Security

  46. Configuration Management • Organized and consistent plan covering • description of physical/media controls • electronic transfer of software • communications software/protocols • encryption methods/devices • security features/limitations of software • hardware requirements/settings/protocols • system responsibilities/authorities • security roles/responsibilities • user needs (sensitivity, functionality) • audit information and process • risk assessment results Operations Security

  47. Risk Assessment/Analysis • Includes: • Threat • Vulnerability • Asset • Ease of Use principle • A system that is easier to secure is more likely to be secure Operations Security

  48. Vulnerabilities Summary • Improper access to system utilities • Improper access to information • Improper update of information • Improper destruction of information • Improper change to job schedule • Improper access to printed materials • Physical access to the computer room • Physical access to printouts • Access to print queues • Denial of service • Inability to recover from failures • Fraud Operations Security

  49. Summary of Controls • Personnel reviews - Background checks • Password management • Logging of all activities • Problem reporting and change procedures • All changes require approval • Granular access control over system commands • Individual access permissions • Periodic review of access needed/granted • Operational staff should not code or approve changes • Operational staff should not perform security duties • Operations staff should not do data entry • Responsibilities in Operations should be divided • Password Management • Emergency procedures requiring approval Operations Security

  50. Summary of Controls (2) • Read vs Read/Write access • Authorization for access to the facility • Enforced control of access to the facility • Physical oversight of operator console • Protection of printouts • Positive identification and logging of printouts • Protection of print queues • Regular backups of all software and files • Off-site storage of backups • Environmental control of backup storage • Controlled & authorized access to backups Operations Security

More Related