Information Systems Security

Operations Security
Domain #9

Operations Security Objectives

Operations Responsibility & Personnel

Configuration Management
Media Access Protection
System Recovery
Facsimile Security
Vulnerability and Penetration Testing
Attack Types

Computer Operations

Fixing Hardware and software issues

Media Libraries
Controlling Remote Access
Contingency Planning
Incident Handling
Licensing Issues
Input Controls
Backup and Recovery

Threats to Operations

Disclosure
Destruction
Loss of system and network capabilities
Corruption and Modification
Theft
Espionage
Hackers/Crackers
Malicious Code

Issues
Backup Maintenance
Change workstation/location
Used to improve security

Need to Know Required

Least Privilege Principle Enforced
Due Care
Due Diligence
U.S. Federal Sentencing Guidelines of 1991
Up to 290M for non-performance

Security Control Types

Directive control
Used to guide the security implementation

Preventive control
Can deter or mitigate undesirable actions

Detective control
Verifies whether a control has been successful

Corrective control
Used to reverse the effects of an unwanted
activity

Examples
Directive policies, standards, laws
Preventive firewalls, authentication,
access controls, antivirus software
Detective audit trails, logs, CCTV, CRC
Corrective incident handling, fire
extingiuishers

Vulnerability Testing
Things to agree upon
Goals of the assessment
Written agreement from management
Explaining testing ramifications
Understand results are just a snapshot

Steps in Testing
Reconnaissance
Obtain info either passively or actively
Sniffing, eavesdropping, ARIN, Whois, etc.

Scanning
ID systems that are running and active services
Ping sweeps and port scans

Gaining Access
Exploiting vulnerabilities to gain access
Buffer overflow, brute force

More Steps
Maintaining Access
Uploading software to ensure reentry
Trojan Horse, backdoor

Covering Tracks
Hide ones malicious activities
Delete system and application logs

Honeypots
Usually placed in DMZ
Should not be connected to internal network

Sacrificial lamb system

Goal is that hackers will attack this system
instead of production system
Leaves many ports open and services
running to be more enticing

Sensitive Media Handling

Marking
Handling
Storing
Destruction
Declassification

Continuity of Operations
Fault Tolerance
Software
Hardware

Data Protection
RAID 0, 1, 5, 10

Redundant Communications
Phone, Broadband, Wireless, Satellite

Redundant Power Supplies

Auditing
Auditing Basics
Logs, monitors, and triggers

Accountability, Compliance
Audit trails
Sampling and clipping levels
External auditors

Monitoring Tools

Warning banners
Keystroke monitoring
Traffic analysis
CCTV

More Terms

Ethical Hacking
War dialing
Radiation monitoring
Dumpster diving
Social engineering

Physical Security

Facility Location and construction

Electrical Issues
Perimeter Protection
Physical Intrusion Detection
Fire Prevention

Threats

Physical Damage
Theft of Assets
Interruption of Service
Disclosure of Proprietary Information
Natural Disaster
Vandalism
Terrorism

Administration Controls

Facility construction
Site management
Personnel controls
Emergency procedures
Awareness training

Technical Controls

Access controls
Alarms
CCTV/Monitors
HVAC
Power Supplies
Fire detection and suppression