Introduction - PowerPoint PPT Presentation

benjamin
introduction l.
Skip this Video
Loading SlideShow in 5 Seconds..
Introduction PowerPoint Presentation
Download Presentation
Introduction

play fullscreen
1 / 55
Download Presentation
Introduction
182 Views
Download Presentation

Introduction

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Introduction • Topic: Operations Security • Approach - General security principles • The Problem • The Control Operations Security

  2. General Security Principles • Accountability • Authorization • Logging • Separation of duties • Least privilege • Risk reduction • Layered defense • Redundancy Operations Security

  3. Critical Operational Controls • Resource protection • Privileged-entity control • Hardware control Operations Security

  4. The Problem • Powerful system utilities • Powerful system commands • Superzapping - system utility or application that bypasses all access controls and audit/logging functions to make updates to code or data • Direct control over hardware and software • Direct control over all files • Direct control over printers and output queues • Powerful Input/Output commands • Direct access to servers • Initial program load from console Operations Security

  5. The Problem • Initial program load - IPL from tape • Control over job schedule and execution • Control over all storage media • Bypass label processing • Re-labeling resources • Resetting date/time, passwords • Control of access ports/lines • Erroneous transactions (fraud) • Altering proper transactions • Adding improper transactions • Denial of service/Delays in operation • Personal use, Disclosure • Audit trail/log corruption/modification Operations Security

  6. Protected Resources • Password files • Application program libraries • Source code • Vendor software • Operating System • Libraries • Utilities • Directories • Address Tables • Proprietary packages • Communications HW/SW • Main storage • Disk & tape storage Operations Security

  7. Protected Resources (2) • Processing equipment • Stand-alone computers • Printers • Sensitive/Critical data • Files • Programs • System utilities • System logs/audit trails • Violation reports • Backup files • Sensitive forms • Printouts • People Operations Security

  8. The Control • Accountability - • Personnel reviews - Background checks Operations Security

  9. The Control • Accountability - • Personnel reviews - Background checks • Password management • Personal • System • Maintenance • Trap door - system or application password included for ease of vendor maintenance Operations Security

  10. The Control • Accountability - • Personnel reviews - Background checks • Password management • Logging of all activities • Protected/duplicated log Operations Security

  11. The Control • Accountability - • Problem reporting and change procedures • Reports, tracks, resolves problems affecting service • Reduce failures • Prevent recurrence • Reduce impact • Types - Performance/availability • Hardware/software • Environment • Procedures/Operations • Network • Safety/security Operations Security

  12. The Control • Accountability - • Problem reporting and change procedures • Violation analysis • Repetitive mistakes • Exceeding authority • Unrestricted access • Where? • Patterns - hackers, disgruntled employees • Clipping level - baseline violation count to establish normal violation levels Operations Security

  13. The Control • Least Privilege • Granular access control over system commands • Individual access permissions • Hardware/Software elements & procedures to enable authorized access and prevent unauthorized access Operations Security

  14. The Control • Personnel reviews - Background checks • Password management • Logging of all activities • Problem reporting and change procedures • Granular access control over system commands • Individual access permissions • Periodic review of access needed/granted • Separation of Duties • All changes require approval Operations Security

  15. The Control • Separation of Duties • All changes require approval • Operational staff should not code or approve changes • Operating system OR Applications OR Job controls Operations Security

  16. The Control • Separation of Duties • All changes require approval • Operational staff should not code or approve changes • Operational staff should not perform security duties • Security administration • Network administration • Application administration Operations Security

  17. The Control • Personnel reviews - Background checks • Password management • Logging of all activities • Problem reporting and change procedures • Granular access control over system commands • Individual access permissions • Periodic review of access needed/granted • Separation of Duties • All changes require approval • Operational staff should not code or approve changes • Operational staff should not perform security duties • Operations staff should not do data entry • Transaction logging with date/time/person • Control counts Operations Security

  18. The Control • Responsibilities in Operations should be divided • Help desk • Job rotation Operations Security

  19. Separation of Duties - Operator • Installing system software • Start up/Shut down • Backup/recovery • Mounting disks/tapes • Handling hardware • Adding/removing users (?) Operations Security

  20. Separation of Duties - Security • User activities • Adding/removing users (?) • Setting clearances • Setting passwords • Setting other security characteristics • Changing profiles • Setting file sensitivity labels • Setting security characteristics of devices, communications channels • Reviewing audit data Operations Security

  21. The Control • Personnel reviews - Background checks • Password management • Logging of all activities • Problem reporting and change procedures • Granular access control over system commands • Individual access permissions • Periodic review of access needed/granted • All changes require approval • Operational staff should not code or approve changes • Operational staff should not perform security duties • Operations staff should not do data entry • Responsibilities in Operations should be divided • Layered Defense • Emergency procedures requiring approval Operations Security

  22. The Control • Personnel reviews - Background checks • Password management • Logging of all activities • Problem reporting and change procedures • Granular access control over system commands • Individual access permissions • Periodic review of access needed/granted • All changes require approval • Operational staff should not code or approve changes • Operational staff should not perform security duties • Operations staff should not do data entry • Responsibilities in Operations should be divided • Emergency procedures requiring approval • Read vs Read/Write access Operations Security

  23. The Control • Personnel reviews - Background checks • Password management • Logging of all activities • Problem reporting and change procedures • Granular access control over system commands • Individual access permissions • Periodic review of access needed/granted • All changes require approval • Operational staff should not code or approve changes • Operational staff should not perform security duties • Operations staff should not do data entry • Responsibilities in Operations should be divided • Emergency procedures requiring approval • Training - Equipment/system documentation, procedures Operations Security

  24. The Problem • Physical access to the computer room and devices there • IS programmers • Cleaning/maintenance • Vendor support • Contract/Temp staff • Memory content modification • Microcode changes • Device shutdown • Shoulder surfing over Operator’s shoulder • Physical access to printouts - rerouting • Access to print queues • Access to printers Operations Security

  25. The Control • Authentication & Least Privilege • Authorization for access to the facility • Closed shop - physical access controls limiting access to authorized personnel • Operations security - controls over resources - HW, media & operators with access • Operations terminals • Servers/routers/modems/circuit rooms • Sniffer - device that attaches to the network and captures network traffic • Magnetic media Operations Security

  26. The Control • Authentication & Least Privilege • Authorization for access to the facility • Enforced control of access to the facility • Security perimeter - boundary where security controls protect assets • System high security - system and all peripherals are protected at level of highest security classification of any information housed by the system • Tempest - reception of electromagnetic emanations which can be analyzed to disclose sensitive or protected information Operations Security

  27. The Control • Authentication & Least Privilege • Authorization for access to the facility • Enforced control of access to the facility • Physical oversight of operator console • Supervision of personnel - Realtime and Non-realtime • Morale evaluation • Operating logs • Inventory • Change control procedures • Incident reporting • System/audit logs • Audits/security reviews • Job rotation Operations Security

  28. The Control • Authorization for access to the facility • Enforced control of access to the facility • Physical oversight of operator console • Separation of Duties & Layered Defense • Protection of printouts • Heading/Trailing banners with recipient name and location • Print “No Output” when report is empty Operations Security

  29. The Control • Authorization for access to the facility • Enforced control of access to the facility • Physical oversight of operator console • Separation of Duties & Layered Defense • Protection of printouts • Positive identification and logging of printouts • Sign for receipt of sensitive printouts Operations Security

  30. The Control • Authorization for access to the facility • Enforced control of access to the facility • Physical oversight of operator console • Separation of Duties & Layered Defense • Protection of printouts • Positive identification and logging of printouts • Protection of print queues Operations Security

  31. The Control • Authorization for access to the facility • Enforced control of access to the facility • Physical oversight of operator console • Separation of Duties & Layered Defense • Protection of printouts • Positive identification and logging of printouts • Protection of print queues • Audit of facility and processes • audit logs • logons • operating system calls/utilities • system connectivity Operations Security

  32. The Problem • Inability to recover from failures • Legal liabilities Operations Security

  33. The Control • Redundancy • Regular backups of all software and files Operations Security

  34. The Control • Regular backups of all software and files • Hardware Asset Management • Hardware configuration • Hardware inventory • Fault tolerant equipment - design reliability • Configuration • Secure disposal • Cleaning/Sanitizing • Overwriting • Destructive delete • Degaussing • Destruction • Environmental protection Operations Security

  35. Environmental Contamination • Buildup of conductive particles, contaminants • Circuit boards, microswitches, sensors • Spontaneous combustion • National Fire Protection - US computer room fire every 10 min • 80% unknown causes (HW) • Causes equipment failure • Mass storage devices • Pass through disk drive filters • Read/write errors, disk crashes • Government/contractor installations • Max 100K parts per million in cubic foot of air • Data center particulates <= 0.5 microns (19.69 microinches) Operations Security

  36. Environmental Contamination • Contaminants - Max 20 m-inches • Hair - 3,000 m-inches • Dust - 1,500 m-inches • Fingerprint - 600 m-inches • Smoke - 250 m-inches • 2314 head flying height - 100 m-inches • 2300 head flying height - 50 m-inches • Metallics (vacuum cleaner brushes, printers, floors) • Carbonaceous (autos, tobacco, toner, paper, burn) • Synthetic (clothing, carpet) • Cement/crystalline (subfloor, cleaning fluids, air purifiers) Operations Security

  37. Environmental Detection • White glove samples examined with microscope • Identification, no concentrations • Petri dish samples examined with microscope • Identification, no concentrations • Aspirating pump collection examined with microscope • Identification, some concentration data • Particulate counter and collection bag • Contaminant typing, some concentration data • Vicon detector with filtering media and micro exam • Accurate typing and concentration with multiple samples Operations Security

  38. Environmental Controls • Cost justification • Analyze with Vicon & maintain error logs • Control program • Separate equipment • Activity restrictions • Brushless vacuums with micron ratings <= 1 micron or wall mounted vacuum outside • No ion-generating purifiers, conditioners, heaters • Tile quality of floors • Top-line filtration • Train maintenance staff Operations Security

  39. The Control • Regular backups of all software and files • Hardware configuration and inventory • Fault tolerant equipment • Secure disposal • Software Asset Management • Operating/Backup software inventory • Backups • Generations • Off-site • Environmental control • Controlled & authorized access to backups • COTS Computer Off-the-Shelf Products • Maintenance accounts/passwords Operations Security

  40. The Control • Regular backups of all software and files • Hardware configuration and inventory • Fault tolerant equipment • Operating and backup software inventory • Off-site storage of backups • Environmental and access control of backup storage • Trusted recovery procedures • Ensure security not breached during system crash and recovery • Requires backup • Reboot (Crash or power failure) • Recover file systems (Missing resource) • Restore files and databases (Inconsistent database) • Check security files (System compromise) Operations Security

  41. Trusted System Operations • Trusted computer base - HW/FW/SW protected by appropriate mechanisms at appropriate level of sensitivity/security to enforce security policy • Trusted facility management - supports separate operator and administrator roles (B2) • Clearly identify security admin functions • Definition - Integrity • formal declaration or certification of a product Operations Security

  42. Definitions • Acceptance • Verification that performance & security requirements have been met • Accreditation • Formal acceptance of security adequacy, authorization for operation and acceptance of existing risk (QC) • Certification • Formal testing of security safeguards • Operational assurance • Verification that a system is operating according to its security requirements • Design & Development reviews • Formal modeling • Security architecture • ISO 9000 quality techniques • Assurance • Degree of confidence that the implemented security measures work as intended Operations Security

  43. The Control • Regular backups of all software and files • Hardware configuration and inventory • Fault tolerant equipment • Operating and backup software inventory • Off-site storage of backups • Environmental and access control of backup storage • Trusted reboot procedures • Contingency Management • Tested procedures to be taken before, during and after a threatening incident • Continuity of operations - maintenance of essential DP services after incident • Recovery procedure - actions to restore DP capability after incident Operations Security

  44. Emergency Procedures • Communications channel for evacuation signal • Procedures to secure tapes, programs, … • Evacuation routes/wardens • Transportation routes for transporting employees • Medical assistance • Requesting police/fire assistance • Storing backup files off-site • Activating backup Operations Security

  45. Configuration Management • Controlling modifications to system HW/FW/ SW/Documentation • Ensure integrity and limiting non-approved changes • Baseline controls • policies • standards • procedures • responsibilities • requirements • impact assessments • software level maintenance Operations Security

  46. Configuration Management • Organized and consistent plan covering • description of physical/media controls • electronic transfer of software • communications software/protocols • encryption methods/devices • security features/limitations of software • hardware requirements/settings/protocols • system responsibilities/authorities • security roles/responsibilities • user needs (sensitivity, functionality) • audit information and process • risk assessment results Operations Security

  47. Risk Assessment/Analysis • Includes: • Threat • Vulnerability • Asset • Ease of Use principle • A system that is easier to secure is more likely to be secure Operations Security

  48. Vulnerabilities Summary • Improper access to system utilities • Improper access to information • Improper update of information • Improper destruction of information • Improper change to job schedule • Improper access to printed materials • Physical access to the computer room • Physical access to printouts • Access to print queues • Denial of service • Inability to recover from failures • Fraud Operations Security

  49. Summary of Controls • Personnel reviews - Background checks • Password management • Logging of all activities • Problem reporting and change procedures • All changes require approval • Granular access control over system commands • Individual access permissions • Periodic review of access needed/granted • Operational staff should not code or approve changes • Operational staff should not perform security duties • Operations staff should not do data entry • Responsibilities in Operations should be divided • Password Management • Emergency procedures requiring approval Operations Security

  50. Summary of Controls (2) • Read vs Read/Write access • Authorization for access to the facility • Enforced control of access to the facility • Physical oversight of operator console • Protection of printouts • Positive identification and logging of printouts • Protection of print queues • Regular backups of all software and files • Off-site storage of backups • Environmental control of backup storage • Controlled & authorized access to backups Operations Security