Operations Security - PowerPoint PPT Presentation

1 / 45
About This Presentation
Title:

Operations Security

Description:

Superzapping - system utility or application that bypasses ... Evacuation routes/wardens. Transportation routes for transporting employees. Medical assistance ... – PowerPoint PPT presentation

Number of Views:627
Avg rating:3.0/5.0
Slides: 46
Provided by: bat7
Category:

less

Transcript and Presenter's Notes

Title: Operations Security


1
Operations Security

2
Introduction
  • Topic Operations Security
  • Approach - General security principles
  • The Problem
  • The Control

3
General Security Principles
  • Accountability
  • Authorization
  • Logging
  • Separation of duties
  • Least privilege
  • Risk reduction
  • Layered defense
  • Redundancy

4
Critical Operational Controls
  • Resource protection
  • Privileged-entity control
  • Hardware control

5
The Problem
  • Powerful system utilities
  • Powerful system commands
  • Superzapping - system utility or application that
    bypasses all access controls and audit/logging
    functions to make updates to code or data
  • Direct control over hardware and software
  • Direct control over all files
  • Direct control over printers and output queues
  • Powerful Input/Output commands
  • Direct access to servers
  • Initial program load from console

6
The Problem
  • Control over job schedule and execution
  • Control over all storage media
  • Bypass label processing
  • Re-labeling resources
  • Resetting date/time, passwords
  • Control of access ports/lines
  • Erroneous transactions (fraud)
  • Altering proper transactions
  • Adding improper transactions
  • Denial of service/Delays in operation
  • Personal use, Disclosure
  • Audit trail/log corruption/modification

7
Protected Resources
  • Password files
  • Application program libraries
  • Source code
  • Vendor software
  • Operating System
  • Libraries
  • Utilities
  • Directories
  • Address Tables
  • Proprietary packages
  • Communications HW/SW
  • Main storage
  • Disk tape storage

8
Protected Resources (2)
  • Processing equipment
  • Stand-alone computers
  • Sensitive/Critical data
  • Files
  • Programs
  • System utilities
  • System logs/audit trails
  • Violation reports
  • Backup files
  • Sensitive forms
  • Printouts

9
The Control
  • Accountability -
  • Personnel reviews - Background checks
  • Password management
  • Personal
  • System
  • Maintenance
  • Trap door - system or application password
    included for ease of vendor maintenance

10
The Control
  • Accountability -
  • Logging of all activities
  • Protected/duplicated log

11
The Control
  • Accountability -
  • Problem reporting and change procedures
  • Reduce failures
  • Prevent recurrence
  • Reduce impact
  • Types - Performance/availability
  • Hardware/software
  • Environment
  • Procedures/Operations
  • Network
  • Safety/security

12
The Control
  • Accountability -
  • Problem reporting and change procedures
  • Violation analysis
  • Repetitive mistakes
  • Exceeding authority
  • Unrestricted access
  • Patterns - hackers, disgruntled employees
  • Clipping level - baseline violation count to
    establish normal violation levels

13
The Control
  • Least Privilege
  • Granular access control over system commands
  • Individual access permissions
  • Hardware/Software elements procedures to enable
    authorized access and prevent unauthorized access
  • Periodic review of access needed/granted

14
The Control
  • Separation of Duties - Operations
  • All changes require approval
  • Operational staff should not code or approve
    changes
  • Operational staff responsible for
  • Installing system software
  • Start up/Shut down
  • Backup/recovery
  • Mounting disks/tapes
  • Handling hardware
  • Adding/removing users (?)
  • Operational staff should not perform security
    duties
  • Security administration
  • Application administration
  • Network administration

15
The Control
  • Responsibilities in Operations should be divided
  • Help desk
  • Job rotation

16
The ProblemSeparation of Duties - Security
  • Operations activities
  • Adding/removing users (?) DAC
  • Setting clearances
  • Setting passwords
  • Setting other security characteristics
  • Changing profiles
  • Setting file sensitivity labels
  • Setting security characteristics of devices,
    communications channels
  • Reviewing audit data

17
The Control
  • Layered Defense
  • Emergency procedures requiring approval

18
The Control
  • Read vs Read/Write access
  • Training - Equipment/system
  • Documentation
  • Procedures

19
The Problem
  • Physical access to the computer room and devices
    there
  • IS programmers
  • Cleaning/maintenance
  • Vendor support
  • Contract/Temp staff
  • Memory content modification
  • Microcode changes
  • Device shutdown
  • Shoulder surfing over Operators shoulder
  • Physical access to printouts - rerouting
  • Access to print queues
  • Access to printers

20
The Control
  • Authentication Least Privilege
  • Authorization for access to the facility
  • Closed shop - physical access controls limiting
    access to authorized personnel
  • Operations security - controls over resources -
    HW, media operators with access
  • Operations terminals
  • Servers/routers/modems/circuit rooms
  • Sniffer - device that attaches to the network and
    captures network traffic
  • Magnetic media

21
The Control
  • Authentication Least Privilege
  • Enforced control of access to the facility
  • Security perimeter - boundary where security
    controls protect assets
  • System high security - system and all peripherals
    are protected at level of highest security
    classification of any information housed by the
    system
  • Tempest - reception of electromagnetic emanations
    which can be analyzed to disclose sensitive or
    protected information

22
The Control
  • Physical oversight of operator console
  • Supervision of personnel - Realtime and
    Non-realtime
  • Operating logs
  • Inventory
  • Change control procedures
  • Incident reporting
  • System/audit logs
  • Audits/security reviews
  • Job rotation

23
The Control
  • Separation of Duties Layered Defense
  • Protection of printouts
  • Heading/Trailing banners with recipient name and
    location
  • Protection of print queues

24
The Control
  • Audit of facility and processes
  • audit logs
  • logons
  • operating system calls/utilities
  • system connectivity

25
The Problem
  • Inability to recover from failures
  • Legal liabilities

26
The Control
  • Redundancy
  • Regular backups of all software and files
  • Hardware Asset Management
  • Hardware configuration
  • Hardware inventory
  • Fault tolerant equipment - design reliability
  • Configuration
  • Secure disposal
  • Cleaning/Sanitizing
  • Overwriting
  • Degaussing
  • Destruction
  • Environmental protection

27
The ProblemEnvironmental Contamination
  • Buildup of conductive particles, contaminants
  • Circuit boards, microswitches, sensors
  • Spontaneous combustion
  • National Fire Protection - US computer room fire
    every 10 min
  • 80 unknown causes (HW)

28
Controls Environmental
  • Control program
  • Separate equipment
  • Activity restrictions
  • Brushless vacuums with micron ratings lt 1 micron
    or wall mounted vacuum outside
  • Non ion-generating purifiers, conditioners,
    heaters
  • Tile quality of floors
  • Train maintenance staff

29
The Control
  • Software Asset Management
  • Operating/Backup software inventory
  • Backups
  • Generations
  • Off-site
  • Environmental control
  • Controlled authorized access to backups

30
The Control
  • Trusted recovery procedures
  • Ensure security not breached during system crash
    and recovery
  • Requires backup
  • Reboot (Crash or power failure)
  • Recover file systems (Missing resource)
  • Restore files and databases (Inconsistent
    database)
  • Check security files (System compromise)

31
Trusted System Operations
  • Trusted computer base - HW/FW/SW protected by
    appropriate mechanisms at appropriate level of
    sensitivity/security to enforce security policy
  • Trusted facility management - supports separate
    operator and administrator roles (B2)
  • Clearly identify security admin functions
  • Definition - Integrity
  • formal declaration or certification of a product

32
Definitions
  • Operational assurance
  • Verification that a system is operating according
    to its security requirements
  • Design Development reviews
  • Formal modeling
  • Security architecture
  • Assurance
  • Degree of confidence that the implemented
    security measures work as intended

33
The Control
  • Contingency Management
  • Tested procedures to be taken before, during and
    after a threatening incident
  • Continuity of operations - maintenance of
    essential DP services after incident
  • Recovery procedure - actions to restore DP
    capability after incident

34
Emergency Procedures
  • Communications channel for evacuation signal
  • Procedures to secure tapes, programs,
  • Evacuation routes/wardens
  • Transportation routes for transporting employees
  • Medical assistance
  • Requesting police/fire assistance
  • Storing backup files off-site
  • Activating backup

35
Configuration Management
  • Controlling modifications to system HW/FW/
    SW/Documentation
  • Ensure integrity and limiting non-approved
    changes
  • Baseline controls
  • policies
  • standards
  • procedures
  • responsibilities
  • requirements
  • impact assessments
  • software level maintenance

36
Configuration Management
  • Organized and consistent plan covering
  • description of physical/media controls
  • electronic transfer of software
  • communications software/protocols
  • encryption methods/devices
  • security features/limitations of software
  • hardware requirements/settings/protocols
  • system responsibilities/authorities
  • security roles/responsibilities
  • user needs (sensitivity, functionality)
  • audit information and process
  • risk assessment results

37
Risk Assessment/Analysis
  • Includes
  • Threat
  • Vulnerability
  • Asset
  • Ease of Use principle
  • A system that is easier to secure is more likely
    to be secure

38
Vulnerabilities Summary
  • Improper access to system utilities
  • Improper access to information
  • Improper update of information
  • Improper destruction of information
  • Improper change to job schedule
  • Improper access to printed materials
  • Physical access to the computer room
  • Physical access to printouts
  • Access to print queues
  • Denial of service
  • Inability to recover from failures
  • Fraud

39
Summary of Controls
  • Personnel reviews - Background checks
  • Password management
  • Logging of all activities
  • Problem reporting and change procedures
  • All changes require approval
  • Granular access control over system commands
  • Individual access permissions

40
Summary of Controls
  • Periodic review of access needed/granted
  • Operational staff should not code or approve
    changes
  • Operational staff should not perform security
    duties
  • Operations staff should not do data entry
  • Responsibilities in Operations should be divided
  • Password Management
  • Emergency procedures requiring approval

41
Summary of Controls
  • Read vs Read/Write access
  • Authorization for access to the facility
  • Enforced control of access to the facility
  • Physical oversight of operator console
  • Protection of printouts
  • Positive identification and logging of printouts
  • Protection of print queues
  • Regular backups of all software and files
  • Off-site storage of backups
  • Environmental control of backup storage
  • Controlled authorized access to backups

42
The Real World
  • Operations Controls
  • Organizations understaffed, wear too many hats
  • Separation of duties seldom complete
  • A single password is used by all operators
  • System commands are unrestricted on the console
  • OR are granted to all operations staff
  • Emergency procedures and approvals poorly defined
  • Operations personnel may support system software
  • OR perform security functions

43
The Real World (2)
  • Operations Controls
  • Most of IS and many users have access to facility
  • Printouts are laid out for pickup without
    oversight
  • Print queues are openly available to on-line
    users
  • Only some platforms are backed up
  • Backups are often stored on site
  • In computer room
  • OR In an office
  • No restrictions are placed on access to backups

44
Media Controls
  • Tapes, disks, diskettes, cards, paper, optical
  • Volume labels required
  • Human/machine readable
  • Date created, created by
  • Date to destroy/retention period
  • Volume/file name, version
  • Classification
  • Audit trail
  • Separation of responsibility - librarian
  • Backup procedures

45
Final Considerations
  • What system commands are available?
  • To whom? With what authentication?
  • How are changes made and approved?
  • To system software? To applications? To access?
  • How are responsibilities divided?
  • How available are printouts/print queues?
  • How accessible is operations facility?
  • Proportionality - Cost vs Benefit

Files graciously shared by Ben Rothke. Reformatted
and edited for Slide presentation
Write a Comment
User Comments (0)
About PowerShow.com