Operations Security - act of understanding threats to and vulnerabilities of computer operations in order to routinely support operational activities that

enable computer systems to function correctly. Threat - presence of any potential event that could cause harm by violating security FecsitytWy oiola LATm cm Tm-1 (erm cm ) -1 ( )1 (abil)ny m cm hng t kcempiog taTm cm Tm cm uroTm cm or 6bilite Vulnerabilit1 (1 (abil) 1 717 Tm cm c4Tm /hreTm cm Tm cm in t s) -1 (es) -1 (t) -1 (e) -1 (m)t

Failure Resistant Disk System Failure Tolerant Disk System Disaster Tolerant Disk System Raid 0 - Stripping Raid 1 - Mirroring Raid 2 - Hamming Code Raid 3 - Byte Level Parity Raid 4 Block Level Parity Raid 5 Interleave Parity Level 6 - Second Independent Parity Level 7 - Single Virtual Disk Level 10 - Stripping Across Multiple Pairs (1+0) Level 15 - Striping with Parity across RAID 5 Pairs (1+5) Level 51 - Mirrored Raid 5 Arrays with parity (5+1) Full Backup Method Incremental Backup Method Differential Method Write once read many (WORM) Used for archives that does not change individual backups of small data sets of specific application Continuous online backup by using optical or tape jukeboxes, similar to WORMs Appears as infinite disk to the system Can be configured to provide the closest version of an available real-time backup THis is commonly employed in very large data retrieval systems hardware/software system that used RAID technology in large device with multiple tapes (32 or 64 sometimes). Configured as a single array Fast and multitasking backup of multiple targets with considerable fault tolerance Slow data transfer of the backup Server disk utilization expands over time The time the last backup was run is never the time of the server crash. Backup Issues and Problems Tape Arrays Hierarchical Storage Management (HSM) Other Backup formats Tape Backup Methods Levels RAID Classification

Resource Availability
Compact Disc Optical Media

Zip/Jaz Drives, SyQuest and Bernoulli Boxes

Problem Identification Problem Resolution Intrusion Detection Scanning and Probing Demon Dialing/War dialing Sniffing Dumpster Diving Social Engineering Clipping Levels - baseline of user activity that is considered a routine level of user errors. Profile-based anomaly detection uses profiles to look for abnormalities in user behavior. Profile Metrics - ways in which various types of activities are recorded in the profile. Primary Benefit - containing and repairing damage from incidents and preventing future damage. Enhancement of the risk assessment process. Enhancements of internal communications and the readiness of the organization to respond to any type of incident, not just computer security Security Training Personnel will have better understanding of users knowledge of security issues. Benefits of Incident-handling capability Violation Processing Penetration Testing

Goals

Monitoring Techniques

Auditing Internal - work for organization whose systems are to be audited External - hired from third party organizations Enables enforcement of individual accountability be creating a reconstruction of events. Purpose is to assist with problem identification, which leads to problem resolution Auditor can retrieve and certify data Must allow the review of patterns of access to individual objects, access histories of specific processes and individuals, and the use of the various protection mechanisms supported be the system and their effectiveness Allow discovery of both users and outsiders repeated attempts to bypass the protection mechanisms Act as a deterrent against perpetrators habitual attempts to bypass the system protection mechanisms Supply an additional form of user assurance that attempts to bypass the protection mechanisms are recorded and discovered. Problem management is a way to control the process of problem isolation and problem resolution. Reduce failures to a manageable level Prevent the occurrence or reoccurrence of a problem Mitigate negative impact of problems on computing services and resources Final Objective is resolution of a problem Goals Problem Management Concepts

Auditor types

Monitoring and Auditing

Audit Trail - set of records that collectively provides documentary evidence of processing, used to aid in tracing from original transactions forward to related records and reports or backward from records and reports to their component source transactions. Audit Mechanism Goals Security Auditing

Fax Encryptor, encrypts all fax traffic on data link layer

Fax Security