sfbayissa_cissp_operations2010

8/7/2019 sfbayissa_cissp_operations2010

http://slidepdf.com/reader/full/sfbayissacisspoperations2010 1/91

Operations Security

CISSP Review

4/2/2010 1

Presented By: Bob Harren, CISSP, CCNA, [email protected]

mailto:[email protected]




Domain Objective

• Recognize the activities involved in securing theoperations of an enterprise and identify thetechnologies used to maintain network and

resource availability.

• Identify the effects of various hardware and

software violations on the system, and recognizehow different types of operational and life-cycleassurance are used to secure operations.

• Determine the effects of different attacks on thenetwork and identify the consequences of thoseeffects.

4/2/2010 2



Domain Objective

• Recognize how different auditing andmonitoring techniques are used to identify

and protect against system and network

attacks.

• Recognize the need for resource protection,

distinguish between e-mail protocols, andidentify different types of e-mail vulnerability.

• Identify mechanisms & security issues withthe Web, & recognize technologies fortransferring & sharing files over the Internet.

4/2/2010 3



Domain Objective

• Recognize key reconnaissance attack

methods and identify different types ofadministrative management and media

storage control.

• Identify appropriate security measures &

controls for creating more secure workspace

in given scenarios.

4/2/2010 4



Administrative Management

(Separation of Duties)

Assign different tasks to different personnel

No single person can completely compromise a system

Related to the concept of least privileges – least privilegesrequired to do one’s job

Secure Systems - System Administrator and SecurityAdministrator must be different roles.

Highly Secure Systems - System Administrator, SecurityAdministrator & Enhanced Operator must be different roles.

If same person roles must be controlled and audited.

4/2/2010 5



Administrative Management(Separation of Duties)

Organizational Role Core Responsibilities

Control Group Obtains & validates info from analysts, admins, and users and passes to usergroups.

Systems Analyst Designs data flow of systems based on operational and user requirements.

Application Programmer Develops and maintains production software.

Help Desk/Support Resolves end-user and system technical or operations problems.

IT Engineer Performs the day-to-day operational duties on systems and applications.

Database Administrator Creates new database tables and manages the database.

Network Administrator Installs and maintains the LAN/WAN environment.

Security Administrator Defines, configures, and maintains the security mechanisms

Tape Librarian Receives, records, releases, and protects files backed up on media

Quality Assurance Can consist of both Quality Assurance (QA) and Quality Control (QC).

4/2/2010 6



Introduction

• Topic: Operations Security

• Approach - General security principles• The Problem

• The Control

4/2/2010 7



Confidentiality

operationscontrols affect

confidentiality ofdata.

Integrityhow well

operationscontrols are

implementedaffects data

integrity

Availability

faulttolerance and

ability torecover

4/2/2010 8

C.I.A. Triad



General Security Principles

• Accountability

– Authorization

– Logging• Separation of duties

• Least privilege

• Risk reduction – Job Rotation

– Mandatory vacations

• Layered defense

• Redundancy

4/2/2010 9



Threat – an event that could cause harm by

violating the security ( i.e. Operator abuse ofprivileges)

Vulnerability – weakness in a system that enablessecurity to be violated (i.e. Weak Segregation ofduties)

Asset – anything that is a computer resource (i.e.software data)

4/2/2010 10

Definitions



Critical Operational Controls

• Resource protection

• Privileged-entity control

• Hardware control

• Controls to protect hardware, software and

media from: – Threats in an operating environment

– Internal and external intruders

– Operators inappropriately accessing resources

4/2/2010 11



Preventative – prevent harmful occurrence

• Lower amount and impact of errors entering the system

• Prevent unauthorized intruders from accessing thesystem

Detective – detect after harmful occurrence

• Track unauthorized transactions

Corrective – restore after harmful occurrence

• Data recovery

4/2/2010 12

Categories of Controls



The Problem

Powerful system utilities

Powerful system commands

Direct control over hardware and software

Direct control over all files

Direct control over printers and output queues

Powerful Input / Output commandsDirect access to servers

Initial program load from console4/2/2010 14



The Problem

Erroneous transactions (fraud)

• Altering proper transactions

• Adding improper transactions

Denial of service/Delays in operation

Personal use, Disclosure

Audit trail/log corruption/modification

4/2/2010 15



Protected Resources

Password files

Application program libraries

Source code

Vendor software

Communications HW/SW

Main storage

Disk & tape storage4/2/2010 16



Protected Resources

Processing equipment

Stand-alone computers

Printers

Sensitive/Critical data

System utilitiesSystem logs/audit trails

Backup files

Sensitive forms

Printouts

People4/2/2010 17



Separation of Duties - Operator

Installing system software

Start up/Shut down

Backup/recovery

Mounting disks/tapes

Handling hardware

Adding/removing users

4/2/2010 19



Separation of Duties - Security

• User activities

– Adding/removing users

– Setting clearances – Setting passwords

– Setting other security characteristics

– Changing profiles• Setting file sensitivity labels

• Setting security characteristics of devices,

communications channels

• Reviewing audit data

4/2/2010 20



Installing software

Start up and shutdown of system

Adding removingusers

Performing backup and recovery

Handling printersand queues

4/2/2010 21

System AdminEnhanced Operator Functions



4/2/2010 22

Security Admin Functions

Setting user clearances,

Setting initial passwords and userids

Changing security profiles for users

Setting file sensitivity labels

Setting security of devices

Renewing audit data



4/2/2010 23

Security Admin Functions

B2 security level requires that systems must supportseparate operator and system administrator roles.

B3 and A1, systems must clearly identify the functionsof the security administrator to perform the security-

related functions.

Rotation of duties - Limiting the length of time a

person performs duties before being moved



The Problem

Physical access to the computer room and devices there

Shoulder surfing over Operator’s shoulder

Physical access to printouts - rerouting

Access to print queues

Access to printers

4/2/2010 24



The Control

• Authentication & Least Privilege – Authorization for access to the facility

– Closed shop - physical access controls limitingaccess to authorized personnel

– Operations security - controls over resources - HW,media & operators with access

• Operations terminals

• Servers/routers/modems/circuit rooms

• Sniffer - device that attaches to the network andcaptures network traffic

• Magnetic media

4/2/2010 25



The Problem

• Inability to recover from failures

• Legal liabilities

4/2/2010 26



The Control

• Redundancy

– Regular backups of all software and files

4/2/2010 27



• Assurance – level of confidence that security policies

have been implemented correctly•

• Operational Assurance – focuses on basic features

and architecture of a system•

• Life Cycle Assurance – controls and standards required

for building and maintaining a system

4/2/2010 28

Orange Book Controls (TCSEC)

Trusted Computer Security Evaluation Criteria



Trusted Computer Security Evaluation

Criteria• Orange Book Addresses:

– Confidentiality

– NOT Integrity

– It looks specifically at the operating system and notother issues

• Levels

– D – Minimal Protection

– C – Discretionary Protection – (C1 and C2)

– B – Mandatory Protection – (B1, B2, and B3)

– A – Verified protection, formal methods (A1)

4/2/2010 29



• Operational Assurance – focuses on basic

features and architecture of a system – System Architecture

– System Integrity

– Covert Channel Analysis

– Trusted Facility Management

– Trusted Recovery

4/2/2010 30





• Life Cycle Assurance – controls and standards

required for building and maintaining a system – Security Testing

– Design Specification and testing

– Configuration Management

– Trusted Distribution

4/2/2010 31





Trusted System Operations

• Trusted computer base - HW/FW/SW protected

by appropriate mechanisms at appropriate levelof sensitivity/security to enforce security policy

• Trusted facility management - supports separate

operator and administrator roles (B2)• Clearly identify security admin functions

• Definition - Integrity – formal declaration or certification of a product

4/2/2010 32



An information path that is not normally within a system and istherefore not protected by the systems’ normal securitymechanism.

Secret ways to convey information to another program or person

• Covert Storage Channels - convey information by changing

stored data (B2)• Covert Timing Channels – convey information by altering the

performance of or modifying the timing of system resources inmeasurable way. (B3, A1= Storage and Timing)

Combat Covert Channel Analysis - with noise and trafficgeneration

4/2/2010 33

Covert Channel Analysis



Configuration Management

• Controlling modifications to system HW/FW/ SW/Documentation

• Ensure integrity and limiting non-approved changes

• Baseline controls

– policies

– standards – procedures

– responsibilities

– requirements – impact assessments

– software level maintenance

4/2/2010 34



Configuration Management

• Organized and consistent plan covering

– description of physical/media controls

– electronic transfer of software – communications software/protocols

– encryption methods/devices

– security features/limitations of software – hardware requirements/settings/protocols

– system responsibilities/authorities

4/2/2010 35



• Ensures Security is not breached when a systemcrashes or fails

• System must be restarted without compromising security• Two primary activities

1. Failure Preparation – Backups on a regular basis

2. System Recovery

• Rebooting in single user mode – no other usersallowed on the system

• Recovering all file systems

• Restoring files & security

• Checking security of critical files

4/2/2010 36

Trusted RecoveryRequired for B3 and A1 levels



Backup Management

Summary of Technologies Used to Keep the JuicesFlowing

• Disk shadowing (mirroring)

• Redundant servers

• RAID, MAID, RAIT

• Clustering, Grid Computing• Backups

• Dual backbones

• Direct Access Storage Device• Redundant power

• Mesh network topology instead of star, bus, or ring

4/2/2010 37



Manual Recovery – Sys Admin must be involved

Automated Recovery – no intervention for singlefailure

Automated Recovery without Undue Loss – similarto Automated Recovery, higher level of recovery noundue loss of protected object

4/2/2010 38

Three hierarchical recovery types:



• Enter into single user mode

• Fix issue and recover

• Validate critical files and operations

• Security Concerns

– Boot up sequence (C:, A:, D:) should not be availableto reconfigure

– Writing actions to system logs should not be able to

be bypassed – System forced shutdown should not be allowed

– Output should not be able to be rerouted

After a System Crash

4/2/2010 39

Ch C l



Change Control process

The following steps are examples of the typesof procedures that should be part of any change

control policy:1. Approval of the change

2. Documentation of the change

3. Tested and presented

4. Implementation

5. Report change to management

4/2/2010 40

C fi ti Ch M t



• Process of tracking and approving changes

• Identify, control and audit changes

• Changes to the system must not diminish security

• Includes roll back procedures

• Documentation updates to reflect changes

• Recommended for systems below B2, B3 and A1

• Change Control Functions: – Orderly manner and formalized testing

– Users informed of changes

– Analyze effects of changes

– Reduce negative impact of changes

• Configuration Management required for Development andImplementation stages for B2 and B3

• Configuration Management required for life cycle of system for A1

4/2/2010 41

Configuration Change ManagementRequired B2, B3 and A1



Risk Assessment/Analysis

• Includes:

– Threat – Vulnerability

– Asset

• Ease of Use principle – A system that is easier to secure is more likely to be

secure

4/2/2010 42



• HR and personnel controls• Personnel Security –

• Employment screening

• Mandatory Vacation

• Warnings and Termination for violating security policy

• Separation of Duties

• Least Privileges

• Need to Know

• Change Control/ Configuration Control• Record Retention and Documentation

4/2/2010 43

Administrative Controls



No access beyond job requirements

Group level privileges for Operators

Read Only

Read /Write - usually copies of original data

Access Change – make changes to original data

4/2/2010 44

Least privilege



Media Controls

Tapes, disks, diskettes, cards, paper, optical

Volume labels required

• Human/machine readable

• Date created, created by

• Date to destroy/retention period

• Volume/file name, version• Classification

Audit trail

Separation of responsibility - librarian

Backup procedures

4/2/2010 45



Media Controls

Record Retention - Records should be maintained IAWmanagement, legal, audit and tax requirements

Data Remanence – Data left on media after it has beenerased

Due care and Due Diligence – Security Awareness,Signed Acceptance of Employee Computer Use Policy

Ensuring environmental conditions do not endanger media

Documentation – procedures for operations, contingencyplans, security polices and procedures

4/2/2010 46



Protecting Resources from disclosure alteration or

misuse

Hardware – routers, firewalls, computers, printers

Software – libraries, vendor software, OS software

Data Resource – backup data, user data, logs

4/2/2010 47

Operation Controls

Resource Protection



4/2/2010 48

Hardware Controls

• Hardware Maintenance

– Requires physical and logical access by support and

vendors – Supervision of vendors and maintenance, background

checks

• Maintenance Accounts – Disable maintenance accounts when not needed

– Rename default passwords



4/2/2010 49

Hardware Controls

• Diagnostic Port Control

– Specific ports for maintenance

– Should be blocked from external access

• Hardware Physical Controls – require locks andalarms

– Sensitive operator terminals

– Media storage rooms

– Server and communications equipment – Modem pools and circuit rooms



• Redundant hardware ready for “hot swapping” keeps informationhighly available by having multiple copies of information (mirroring)or enough extra information available to reconstruct information in

case of partial loss (parity, error correction).• Fault-tolerant technologies keep information available against not

only individual storage device faults but even against whole systemfailures. Fault tolerance is among the most expensive possible

solutions, justified only for the most mission-critical information. Alltechnology will eventually experience a failure of some form.

• Service level agreements (SLAs) help service providers, whether

they are an internal IT operation or an outsourcer, decide what typeof availability technology is appropriate

• Solid operational procedures are also required to maintainavailability.

Availability Solutions

4/2/2010 50



4/2/2010 51

RAIDLevels

Activity Name

0 Data striped over several drives. No redundancy orparity is involved. If one volume fails, the entirevolume can be unusable

Striping

1 Mirroring of drives. Data are written to two drives at

once. If one drive fails, the other drive has the exactsame data available

Mirroring

3 Data striping over all drives and parity data held onone drive. If a drive fails, it can be reconstructed

from the parity drive.

Byte-level parity

5 Data are written in disk sector units to all drives.Parity is written to all drives also, which ensuresthere is no single point of failure.

Interleave parity

6Similar to level 5 but with added fault tolerance,which is a second set of parity data written to alldrives.

Second or doubleparity data

10 Data are simultaneously mirrored and striped acrossseveral drives and can support multiple drive

failures.

Striping andMirroring

Terms you may most likely see again on the exam



• Disk shadowing (mirroring)• Redundant servers

• RAID, MAID, RAIT• Clustering

• Backups• Dual backbones

• Direct Access Storage Device

• Redundant power

• Mesh network topology

Terms you may most likely see again on the exam.

4/2/2010 52



4/2/2010 53

Software Controls

Anti-virus Management – prevent download of viruses

Software Testing – formal rigid software testing process

Software Utilities – control of powerful utilities

Safe software Storage – prevent modification of

software and copies of backups

Back up Controls – test and restore backups



4/2/2010 54

Privileged Entity Controls

“ privileged operations functions”

Extended special access to systemcommands

Access to special parameters

Access to system control program – someonly run in particular state



• Simple Mail Transfer Protocol (SMTP)

• Post Office Protocol (POP)• Internet Message Access Protocol (IMAP)

• E-mail Relaying

– Spamming

– Phishing

– Spear phishing

E-mail

4/2/2010 55



• Logging – log the use of the media,provides accountability

• Access Control – physical access control• Proper Disposal – sanitization of data – rewriting, degaussing, destruction

Media SecurityControls – preventthe loss of sensitive

information whenthe media is storedoutside the system

• Marking – label and mark media, barcodes

• Handling – physical protection of data• Storage – security and environmentalprotection from heat, humidity, liquids,dust, smoke, magnetism

Media ViabilityControls – protect

during handling,shipping and

storage

4/2/2010 56

Media Resource Protection



• Hardware – routers, firewalls,

computers, printers• Software – libraries, vendor

software, OS software

Protectionfrom physicalaccess

• following an authorized personthrough a doorPhysicalpiggybacking

4/2/2010 57

Physical Protection



• Monitoring – problem identification and

resolution• Monitor for:

– Illegal Software Installation

– Hardware Faults – Error States

– Operational Events

4/2/2010 58

Monitoring and Auditing

Penetration Testing



Scanning and Probing – port scanners, network mapping tools

Vulnerability Scanning – determine best possible attacks

Demon Dialing – war dialing for modems

Sniffing – capture data packets

Dumpster Diving – searching paper disposal areas

Social Engineering – most common, get information by asking

4/2/2010 59

gTesting a networks defenses by using the same techniquesas external intruders



• Clipping levels must be established to beeffective

• Clipping Level – baseline of normal activity, usedto ignore normal user errors

• Profile Based Anomaly Detection

• Looking for:

– Repetitive Mistakes

– Individuals who exceed authority – Too many people with unrestricted access

– Patterns indication serious intrusion attempts

4/2/2010 60

Violation Analysis



Backup Controls

System and Transaction Controls

Data Library Controls

Systems Development Standards

Data Center Security

Contingency Plans

4/2/2010 61

Auditing

A dit T il



• history of modifications, deletions,additions.Enables tracking

Allows foraccountability

• Transaction time and date• Who processed transaction

• Which terminal was used

• Security events relating to transaction

Audit logs shouldrecord:

• Amendment to production jobs• Production job reruns

• Computer Operator practicesAlso should look at:

4/2/2010 62

Audit Trails



Goals of problem management:

Reduce failures to a manageable level

Prevent occurrence of a problem

Mitigate the impact of problems

4/2/2010 63

Problem Management

Objective of problem management is



• Performance and availability ofcomputing resources

• The system and networkinginfrastructure

• Procedures and transactions

• Safety and security of personnel

PotentialProblems

• Degraded resource availability

• Deviations from the standardtransaction procedures

• Unexplained occurrences in aprocessing chain

Abnormal Eventscan be discovered

by an audit

4/2/2010 64

j p g

resolution of the problem



• if realized can causedamage to a system orcreate a loss of C.I.A.

Threat

• a weakness in a systemthat can be exploited by athreat

Vulnerability

4/2/2010 65

Threats and Vulnerabilities

Th t



• Accidental loss• Operator input error and omissions - manual input

errors

• Transaction processing errors – programming errors• Inappropriate Activities:

– Can be grounds for job action or dismissal

• Illegal Computer Operations – Eavesdropping – sniffing, dumpster diving, social engineering

– Fraud – collusion, falsified transactions

– Theft – information or trade secrets, physical hardware andsoftware theft

– Sabotage – Denial of Service (DoS), production delays

– External Attacks – malicious cracking, scanning, war dialing

4/2/2010 66

Threats

Some Attacks to know!



• Denial-of-Service (DoS) attack: Attacker sends multiple service requests

to the victim’s computer until they eventually overwhelm the system.

• Man-in-the-middle attack: An intruder injects herself into an ongoingdialog between two computers to intercept and read messages

• Mail bombing: An attack used to overwhelm mail servers and clients

with unrequested e-mails - DoS attack.

• Wardialing: Brute force attack in which an attacker has a programto systematically dials a large bank of phone numbers to find modems.

• Ping of death: Type of DoS attack in which oversized ICMP packets

are sent to the victim.

• Fake login screens: A fake login screen is created and installed on thevictim’s system.

• Teardrop: Attack sends malformed fragmented packets to a victim. The

victim’s system crashes – can’t reassemble the packets correctly.

• Slamming and cramming: When a user’s service provider hasbeen changed without that user’s consent

• Traffic analysis: This is a method of uncovering information by watching

traffic patterns on a network.

4/2/2010 67

Some Attacks to know!



• analyzing data characteristicsTraffic/Trend

Analysis

• Padding Messages – making

messages uniform size• Sending Noise – transmittingnon-informational data elementsto disguise real data

Countermeasuresinclude:

• unintended channelCovert Channel

Analysis

4/2/2010 68

Vulnerabilities



Piecing together information from bits of data

Keyboard Attacks – sitting at the keyboard usingnormal utilities to gain information

Laboratory Attack – using very precise electronicequipment

4/2/2010 69

Data Scavenging



• Ability to put the system in singleuser mode at boot up

• Grants Operator powerful

features

Initial ProgramLoad (IPL)

Vulnerabilities

• Enables intruder to capturetraffic for analysis or passwordtheft

• Intruder can reroute the dataoutput, obtain supervisoryterminal function and bypasssystem logs.

Network Address

Hijacking

4/2/2010 70

Summary



• Operations Security involves: – keeping up with implemented solutions,

– keeping track of changes,

– properly maintaining systems,

– continually enforcing necessary standards,

– following thru on security practices & tasks.

• Security requires discipline day in and day out,

sticking to a regime, and practicing due care.

Summary

4/2/2010 71



Which of the following permissions should not beassigned to system operators?

a. Volume mounting

b. Changing the system time

c. Controlling job flow

d. Monitoring execution of the system

Question?

4/2/2010 72



Original copies of software should reside with?

a. Media librarian

b. Software librarian

c. Security administrator

d. System administrator

Question?

4/2/2010 73



When a computer is collected and then reissued toa different employee the operations managershould be concerned with?

a. Buffer overflowb. Data remanence

c. Media reissued. Purging

Question?

4/2/2010 74



Compensating controls are used

a. To detect errors in the system

b. When an existing control is insufficient to

provide the required access

c. To augment a contingency plan

d. As a deterrent control

Question?

4/2/2010 75



XYZ Corporation has created a new application fortracking customer information as well as their

product database. Of the following individualswho should be given full access and control overthis application??

a. Network administrator

b. No onec. Security administrator

d. Application developer

Question?

4/2/2010 76



Which of the following describes the level that isset within a system to enable it to determine atwhat point activity is considered suspicious?

a. Clipping level

b. Threshold levelc. Baseline level

d. Error level

Question?

4/2/2010 77



Relative humidity levels in the IT operations centershould be less than?

a. 20 percent

b. 35 percent

c. 50 percent

d. 60 percent

Question?

4/2/2010 78



The correlation of system time among networkcomponents is important for what purpose?

a. Availability

b. Network connectivity

c. Backups

d. Audit log review

Question?

4/2/2010 79



• An operations manager is alerted to a serioussituation that was the result of a security breach.As it turns out a network segment is no longerfunctioning. Of the following which would not be

a possible cause?• Smurf attack

• Network sniffer and tester

• Chosen cipher text attack

• Fraggle attack

Question?

4/2/2010 80



Patch management is a part of?

• Contingency planning

• Change control management

• Business continuity planning

• System update management

Question?

4/2/2010 81



Which type of users should be allowed to usesystem accounts?

• Ordinary users

• Security administrators

• System administrators

• None of the above

Question?

4/2/2010 82



Which group characteristic or practice should beavoided?

a. Account groupings based on duties

b. Group accounts

c. Distribution of privileges to members of the

groupd. Assigning an account to multiple groups

Question?

4/2/2010 83

Q i ?



Which of the following would be considered adetective control that could be used by thesecurity department to detect a securityviolation?

• Access control log• Intrusion prevention system

• Biometric access control

• Separation of duties

Question?

4/2/2010 84

Q i ?



Wireless network traffic is the best security withwhich of the following protocols?

• Wireless Encryption Protocol (WEP)

• Wired Equivalent Privacy (WEP)

• Wi-Fi Protected Access (WPA)v

• Wireless Protected Access (WPA)

Question?

4/2/2010 85

Q i ?



XYZ Corporation has found that their employeesare consistently coat tailing into the data center.Of the following what should be done first tobegin to stop this practice??

a. Create a visitor log

b. Install biometric access control

c. Install a proximity card reader

d. Create a policy regarding access control

Question?

4/2/2010 86

Q ti ?



• Phishing is essentially another form of?

• Denial of service

• Social engineering

• Malware

• Spyware

Question?

4/2/2010 87

Q ti ?



Which level of RAID stripes data across multipledisks at the byte level and writes all parity to aseparate drive?

• RAID 0

• RAID 1• RAID 3

• RAID 4

Question?

4/2/2010 88

Q ti ?



• What measurement unit is used to describe theamount of energy necessary to reduce amagnetic field to zero?

• Reduction• Maxwell

• Tesla• Gauss

Question?

4/2/2010 89

Q ti ?



• Which of the following would be the bestrecommendation for destroying sensitiveinformation that has been stored on a CD-ROM?

a. Degauss the CD-ROMb. Physically destroy the CD-ROM

c. Physically alter the CD-ROMd. Sanitize the CD-ROM

Question?

4/2/2010 90



Operations Security

CISSP Review

Presented By: Bob Harren, CISSP, CCNA, CCDA


sfbayissa_cissp_operations2010

Documents

Transcript of sfbayissa_cissp_operations2010