1 / 23

Topic 9: Operations Security

ISA 562 Internet Security Theory & Practice. Topic 9: Operations Security. Objectives. Protection of information and data Categories of control Privileged Entity Controls. 2. Introduction.

rosalyn-espinoza
Download Presentation

Topic 9: Operations Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ISA 562Internet Security Theory & Practice Topic 9: Operations Security

  2. Objectives Protection of information and data Categories of control Privileged Entity Controls 2

  3. Introduction Operation security identifies the controls over hardware, media, and the operators and administrators with access privileges to these resources Although data centers existence today, the term operations security now refers to the central location of all IT Processing areas 3

  4. Facility support systems • Support for some of the same in physical security • Protection against fire • Fire Prevention, detection or suppression • HVAC systems • Electric power • Clean steady power • Water • Protection against water problems and damages • Communication • Physical Access Risks • For unauthorized physical access 4

  5. Media control • Media takes many forms: electronic or non-electronic (verbal, written, etc) • Electronic media stored on-site or off-site • When media is recycled or retired, no residual data should be available to the new subject • Ways destroying and clearing data on magnetic storage • By completely overwriting the magnetic storage • Destroying the media physically so it can no longer be used • de-Gauss • Some of the best practices for media management are • Marking • Labeling • Declassifying and destroying etc 5

  6. Misuse prevention • Controls preventing technological misuse • Personal use • Acceptable use policy • Internet usage policy • Workstation control • Content Filtering internally and externally • Web filtering • Email Flirting • Messenger Filtering • Content filtering • Media Theft • Fraud Prevention and detection • Using sniffers on clear text traffic 6

  7. Data & information backup • Records are managed through the whole life cycle from the moment it is stored until it is destroyed • Continuity of operation ensures critical business operations continue after disaster or failure • Continuous backups and frequent testing needed for • Data and reports • Applications and Transactions • Operating systems and Configurations 7

  8. RAID • RAID stands for Redundant Array of Independent Disks • Raid is for Backup and performance, can be implemented by hardware or software • RAID levels • RAID level 0 • Data is distributed across drives (strips) • Strips: (blocks, sectors, …) • High performance • Data transfer capacity, I/O request rate • No support for redundancy 8

  9. RAID (Continued) • RAID level 1 • Duplicate all data strips on a second drive • Access either drive (whichever is free), high performance for reads - Must update both drives on a write • Recovery is simple • Duplication increases cost considerably • RAID Level 2 • Redundancy with error correction codes such as Hamming Code with multiple bits per word • Single access involves all drives • Requires 39 disks. • RAID Level 3 • Redundancy with error correction codes , byte-level stripping • Parity bit (1 bit per word) • Single access involves all drives 9

  10. RAID (Continued) • RAID Level 4 • Data striped as in RAID 0 and 1 • Large strips • Parity is calculated across blocks • All parity stored on one disk • Write requires update of all parity bits • Uses block-level stripping • RAID Level 5 • Similar to RAID level 4 • Parity is calculated across blocks • Parity is distributed across all disks • Write requires update of all parity bits • Uses block-level stripping 10

  11. RAID (Continued) + RAIT • RAID Level 6 • Extents RAID 5 by adding an additional parity block • It uses block-level striping with two parity blocks distributed across all member disks • RAID 0+1 • Used for both mirroring and stripping • Advantages • Implemented as a mirrored array • Has the same fault tolerance as RAID 5 • High I/O rates • Disadvantages • Single failure will cause the whole array to become in essence a RAID level 0 array • Very expensive and yields a high overhead • It has limited scalability • RAID 10 • Known as RAID 1+0 which has high reliability and performance • RAIT Stands for redundant Array of Independent Tapes • Level 1 RAIT Uses tapes instead of disks and provides real-time mirroring 11

  12. Hot spares & Other backups • Unused backup disk installed in the array that remains in standby mode • When an array disk fails it is activated to replace the failed array disk • Types of host spare • Global hot spare • Dedicated hot spare • There are several other backup types, some are • Data mirroring • File imaging • Electronic vaulting • Database shadowing etc 12

  13. Fault tolerance and failover • Fault tolerance is required when a hardware failure is present what usually happens is • The system knows that a failure has occurred and the system has to take some sort of an action • Examples include • RAID • Cluster servers • Failover firewalls • Multiple Data centers • Load balancing and alterative paths for traffic, etc 13

  14. Trusted Recovery • One of the areas of operational assurance • Makes sure systems are still in a secure state after a failure happens • Types include • Normal system reboot • Emergency restart • Cold start • Fail secure ensures that if a system fails it should in a secure manner. 14

  15. Incident handling & response • Incident handling is responsible to log, analyze and track incidents • therefore it is also considered the first line of defense • escalation procedures also have to be in place • An Incident response team needs to be in place • To handle all notification • Respond efficiently 15

  16. Contingency Plans • Used by an organization or business unit to respond to a specific system failure or disruption • Some contingency plans which should be considered are • Failures • Denial of service • Production delays • etc 16

  17. Change control • Is the process of developing a planned approach to controlling changes in an environment • They should be reviewed for potential security impact and process of ownership of changes • There should also be a change control committee which ensures the following • Properly tested before deployment • Authorized by the prospective business unit • Scheduled for a specific date and time • Communicated with the other business units • Documented 17

  18. Change Control (Continued) • Procedure • Request • Impact Assessment • Approval • Build/Test • Implement • monitor 18

  19. Configuration Management • Includes the control of all changes that are made • Hardware • Hardware Inventory • Hardware Configuration chart • Software • Operation files protection • Backups • Source code • Object code • etc • Firmware • Documentation • Format • Copies 19

  20. Patch Management • Patch Management goes through a cycle • By identifying a patch • Testing the patch to see if it has any side affects • Complete rollout to systems 20

  21. Privileges • Operator Privileges • Selecting and loading input and output • Observing operational equipment • Initializing computer operations, etc • Administrator Privileges • Running technically advanced information systems • Server Startup and shutdown • Performing backups of data • Answering technical queries, etc • Security Administrator privileges • Monitors the system and reports security problems • Vulnerability assessments • Setting passwords, etc 21

  22. Control over privileged entities • Personnel with privileged access pose a higher level of risk to an organization • Important to have adequate controls in place to prevent either intentional or accidental breaches of the security of the organization • Review of access rights • Supervision • Monitoring 22

  23. References ISC2 CBK Material ISC2 Official CISSP Exam Guide 23

More Related