Chapter 10: Operational Security

Chapter 10: Operational Security

Security+ Guide to Network Security Fundamentals

Second Edition

Security+ Guide to Network Security Fundamentals, 2e

2

Objectives

• Harden physical security with access controls

• Minimize social engineering

• Secure the physical environment

• Define business continuity

• Plan for disaster recovery


3

Hardening Physical Security with Access Controls

• Adequate physical security is one of the first lines of defense against attacks

• Protects equipment and the infrastructure itself

• Has one primary goal: to prevent unauthorized users from reaching equipment to use, steal, or vandalize


4

Hardening Physical Security with Access Controls (continued)

• Configure an operating system to enforce access controls through an access control list (ACL), a table that defines the access rights each subject has to a folder or file

• Access control also refers to restricting physical access to computers or network devices


5

Controlling Access with Physical Barriers

• Most servers are rack-mounted servers

• A rack-mounted server is 175 inches (445 cm) tall and can be stacked with up to 50 other servers in a closely confined area

• Rack-mounted units are typically connected to a KVM (keyboard, video, mouse) switch, which in turn is connected to a single monitor, mouse, and keyboard


6

Controlling Access with Physical Barriers (continued)


7



8


• In addition to securing a device itself, you should also secure the room containing the device

• Two basic types of door locks require a key:

– A preset lock (key-in-knob lock) requires only a key for unlocking the door from the outside

– A deadbolt lock extends a solid metal bar into the door frame for extra security

• To achieve the most security when using door locks, observe the good practices listed on pages 345 and 346 of the text


9


• Cipher locks are combination locks that use buttons you push in the proper sequence to open the door

• Can be programmed to allow only the code of certain people to be valid on specific dates and times

• Basic models can cost several hundred dollars each while advanced models can run much higher

• Users must be careful to conceal which buttons they push to avoid someone seeing the combination (shoulder surfing)


10


• Other physical vulnerabilities should be addressed, including:

– Suspended ceilings

– HVAC ducts

– Exposed door hinges

– Insufficient lighting

– Dead-end corridors


11

Controlling Access with Biometrics

• Biometrics uses a person’s unique characteristics to authenticate that person

• Some human characteristics used for identification include fingerprint, face, hand, iris, retina, and voice

• Many high-end biometric scanners are expensive, can be difficult to use, and can produce false positives (accepting unauthorized users) or false negatives (restricting authorized users)


12

Minimizing Social Engineering

• The best defenses against social engineering are a strong security policy along with adequate training

• An organization must establish clear and direct policies regarding what information can be given out and under what circumstances


13

Securing the Physical Environment

• Take steps to secure the environment itself to reduce the risk of attacks:

– Limiting the range of wireless data signals

– Shielding wired signals

– Controlling the environment

– Suppressing the risk of fires


14

Limiting Wireless Signal Range

• Use the following techniques to limit the wireless signal range:

– Relocate the access point

– Substitute 80211a for 80211b

– Add directional antenna

– Reduce power

– Cover the device

– Modify the building


15

Shielding a Wired Signal

• The insulation and shielding that covers a copper cable does not always prevent a signal from leaking out or having an even stronger signal affect the data transmission on the cable

• This interference (noise) can be of several types

• Radio frequency interference (RFI) refers to interference caused by broadcast signals from a radio frequency (RF) transmitter, such as from a commercial radio or television transmitter


16

Shielding a Wired Signal (continued)

• Electromagnetic interference (EMI) may be caused by a variety of sources

– A motor of another source of intense electrical activity can create an electromagnetic signal that interferes with a data signal

– EMI can also be caused by cellular telephones, citizens’ band and police radios, small office or household appliances, fluorescent lights, or loose electrical connections


17


• The source of near end crosstalk (NEXT) interference is usually from another data signal being transmitted

• Loss of signal strength is known as attenuation

• Two types of defenses are commonly referenced for shielding a signal

– Telecommunications Electronics Material Protected from Emanating Spurious Transmissions (TEMPEST)

– Faraday cage


18


• TEMPEST

– Classified standard developed by the US government to prevent attackers from picking up stray RFI and EMI signals from government buildings

• Faraday cage

– Metallic enclosure that prevents the entry or escape of an electromagnetic field

– Consists of a fine-mesh copper screening directly connected to an earth ground


19

Reducing the Risk of Fires

• In order for a fire to occur, four entities must be present at the same time:

– Sufficient oxygen to sustain the combustion

– Enough heat to raise the material to its ignition temperature

– Some type of fuel or combustible material

– A chemical reaction that is the fire itself


20

Reducing the Risk of Fires (continued)

• Refer to page 355 for the types of fires, their fuel source, how they can be extinguished, and the types of handheld fire extinguishers that should be used

• Stationary fire suppression systems that integrate into the building’s infrastructure and release a suppressant in the entire room are used


21

Reducing the Risk of Fires (continued)

• Systems can be classified as:

– Water sprinkler systems that spray the room with pressurized water

– Dry chemical systems that disperse a fine, dry powder over the fire

– Clean agent systems that do not harm people, documents, or electrical equipment in the room


22

Understanding Business Continuity

• Process of assessing risks and developing a management strategy to ensure that business can continue if risks materialize

• Business continuity management is concerned with developing a business continuity plan (BCP) addressing how the organization can continue in the event that risks materialize


23

Understanding Business Continuity (continued)

• The basic steps in creating a BCP:

– Understand the business

– Formulate continuity strategies

– Develop a response

– Test the plan


24

Maintaining Utilities

• Disruption of utilities should be of primary concern for all organizations

• The primary utility that a BCP should address is electrical service

• An uninterruptible power supply (UPS) is an external device located between an outlet for electrical power and another device

– Primary purpose is to continue to supply power if the electrical power fails


25

Maintaining Utilities (continued)

• A UPS can complete the following tasks:

– Send a special message to the network administrator’s computer, or page or telephone the network manager to indicate that the power has failed

– Notify all users that they must finish their work immediately and log off

– Prevent any new users from logging on

– Disconnect users and shut down the server


26

Establishing High Availability through Fault Tolerance

• The ability to endure failures (fault tolerance) can keep systems available to an organization

• Prevents a single problem from escalating into a total disaster

• Can best be achieved by maintaining redundancy

• Fault-tolerant server hard drives are based on a standard known as Redundant Array of Independent Drives (RAID)


27

Creating and Maintaining Backups

• Data backups are an essential element in any BCP

• Backup software can internally designate which files have already been backed up by setting an archive bit in the properties of the file

• Four basic types of backups:

– Full backup

– Differential backup

– Incremental backup

– Copy backup


28

Creating and Maintaining Backups (continued)


29


• Develop a strategy for performing backups to make sure you are storing the data your organization needs

• A grandfather-father-son backup system divides backups into three sets:

– A daily backup (son)

– A weekly backup (father)

– A monthly backup (grandfather)


30



31

Planning for Disaster Recovery

• Business continuity is concerned with addressing anything that could affect the continuation of service

• Disaster recovery is more narrowly focused on recovering from major disasters that could cease operations for an extended period of time

• Preparing for disaster recovery always involves having a plan in place


32

Creating a Disaster Recovery Plan (DRP)

• A DRP is different from a business continuity plan

• Typically addresses what to do if a major catastrophe occurs that could cause the organization to cease functioning

• Should be a detailed document that is updated regularly

• All DRPs are different, but they should address the common features shown in the outline on pages 367 and 368 of the text


33

Identifying Secure Recovery

• Major disasters may require that the organization temporarily move to another location

• Three basic types of alternate sites are used during or directly after a disaster

– Hot site

– Cold site

– Warm site


34

Identifying Secure Recovery (continued)

• A hot site is generally run by a commercial disaster recovery service that allows a business to continue computer and network operations to maintain business continuity

• A cold site provides office space but customer must provide and install all equipment needed to continue operations

• A warm site has all equipment installed but does not have active Internet or telecommunications facilities


35

Protecting Backups

• Data backups must be protected from theft and normal environmental elements

• Tape backups should be protected against strong magnetic fields, which can destroy a tape

• Be sure backup tapes are located in a secure environment that is adequately protected


36

Summary

• Adequate physical security is one of the first lines of defense against attacks

• Physical security involves restricting with access controls, minimizing social engineering attacks, and securing the environment and infrastructure

• Business continuity is the process of assessing risks and developing a management strategy to ensure that business can continue if risks materialize


37

Summary (continued)

• Disaster recovery is focused on recovering from major disasters that could potentially cause the organization to cease operations for an extended period of time

• A DRP typically addresses what to do if a major catastrophe occurs that could cause the organization to cease functioning

Chapter 10: Operational Security

Documents

Transcript of Chapter 10: Operational Security