1 / 38

Operations Security

Operations Security. “Controls over the hardware in a computing facility, over the data media used, and over the operators using these resources.”. C.I.A. as affected by Operations Controls. Confidentiality: affect sensitivity & secrecy Integrity:

dcastaneda
Download Presentation

Operations Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Operations Security “Controls over the hardware in a computing facility, over the data media used, and over the operators using these resources.”

  2. C.I.A.as affected by Operations Controls • Confidentiality: • affect sensitivity & secrecy • Integrity: • how well implementation directly affects accuracy & authenticity • Availability: • affect system’s level of fault tolerance and recovery capability

  3. Controls & Protections • Controls used to protect hardware, software, & media from • Threats in environment • Internal or External Intruders • Operators inappropriately accessing resources

  4. Categories of Controls • Preventative Controls are designed to • lower amount & impact of unintentional errors • Prevent unauthorized intruders from entering • EX: prenumbered forms & data validation • Detective Controls • To detect an error once it has occurred • After the fact • Corrective (or Recovery) Controls • Implemented to mitigate the loss • Restoring data

  5. Categories of Controls (conti) • Deterrent Controls • Encourage compliance, complement other controls • Application Controls • Designed into software to minimize & detect irregularities • Transaction Controls • Input Controls • Processing Controls • Output Controls • Change Controls • Test Controls

  6. TCEC “Orange Book” Controls D: Minimal Protection C: Discretionary Protection C1: Discretionary Security Protection C2: Controlled Access Protection B: Mandatory Protection B1:Labeled Security Protection B2: Structured Protection B3: Security Domains A1: Verified Protection

  7. Orange Book • Defines assurance requirements for secure computer operations • Assurance: level of confidence that security policy has been correctly implemented • Two types: • Operational: basic features & architecture • Life cycle: controls & standards used in operations & maintenance

  8. Orange Book: Covert Channel Analysis • Channel: info transfer path • Covert channel: path that violates security policy • Covert storage channel • Covert timing channel • TCSEC B2: must protect against, must perform analysis for all storage channels • TCSEC B3 & A1: must protect against both types of convert channels

  9. Orange Book:Trusted Facility Management • Assignment of a specific individual to administer secruity related system functions • Must take auditable action before being able to assume admin role • B2: System must support separate operator & system admin roles • B3: Must clearly identify functions of security admin

  10. Orange Book:Separation of Duties • Assignment of parts of task to different personnel • No one person with total control == no one person that can completely compromise system • “Two man control” • Three distinct system admin roles • System admin • Security admin • Enhanced operator

  11. Orange Book:Rotation of Duties • Limit amount of time any individual performs the same security related duties

  12. Orange Book:Trusted Recovery • Required only in B3 & A1 level systems • System failure == serious security risk • Security bypassed while not fully functional • Ex: System crash while sensitive data written to disk before ACL changed • Hierarchical Recovery Types • Manual Recovery • Automated Recovery of single failure • Automated Recovery without undue loss

  13. Modes of Operation • Dedicated Mode • Each user with any access has a valid personnel clearance, formal access approval (with signed non disclosure), & a valid “need to know” all info • System-High Mode • All above except need to know some info • Compartmental Mode • Need to know only info they have direct access to • Multilevel Mode • Some do not have valid clearance for all info but have clearance & need to know for info they will have access to

  14. Change Control • Manages process of tracking & approving changes • Identify, control, audit • Insure changes not diminish sys sec • Document all changes • Primary functions of change control • Change implemented in orderly manner -- test • Inform user base of change • Analyze effect of the change • Reduce negative impact of change

  15. Procedures for Change Control • Applying to introduce change • Approval of change • Cataloging intended change • Testing change • Scheduling & implementing change • Reporting change to management

  16. Configuration Management • More formalized for highly sec system • Configuration Managers • Identify & document each functional & physical config item • Personally assure approval for and manage all config changes • Record & report status of changes • Audit system config for unknown changes • Configuration Control Board

  17. Administrative Controls • More to do with human than hardware or software • Personnel Security • Employment screening / background chk • Mandatory vacations • Job action warnings & terminations • Separation of duties & responsibilities • Least Privilege • Need to know • Change control • Record retention & documentation control

  18. Least Privilege • Separate levels of access based on job function • Three basic levels • Read Only • Read/Write: only to data copied from original location • Access Change: original location

  19. Operations Job Functions • Computer Operator • Operations analyst • Job control analyst • Production Scheduler • Production Control Analyst • Tape Librarian

  20. Others • Record Retention concerns • Data remanence • Info on media after it has been erased • Due care & Due Diligence • Legal, governmental, & simple good business practices • Documentation Control • Security plans, risk ana, security policy, etc

  21. Operations Controls • Day-to-day procedures to protect • Most important aspects of (details follow): • Resource protection • Hardware controls • Software controls • Privileged-entity controls • Media controls • Physical access controls

  22. Resource Protection • Protect from loss or compromise • Hardware • Lan Hardware, Storage Media, Processing Systems, Standalone Computers, Printers, etc • Software • Program Libraries & Source, Vendor Software, O/S & Utilities • Data • Backup Data, User Data Files, Password Files, Operating data directories, Sys logs

  23. Hardware Controls • Hardware maintenance • Maintenance accounts • Disabled until needed • Preset, widely known ids & passwords • Diagnostic port controls • Ports for trouble shooting • Hardware physical contols

  24. Software Controls • What software used on system • Licensed software only • Anti-virus management • Software testing • Software utilities • Safe software storage • Backup controls

  25. Privileged-Entity Controls • Oversite of personnel with “special” access to systems • Examples of special access • Lower level system commands • Special operational parameters • System control programs

  26. Media Controls • Media Security • Logging, Access Control, & Proper Disposal • Overwriting: a pattern, its compliment, then another pattern (0011, 1100, 1010) • Degaussing & Destruction • Media Viability Controls • Protect viability of media used • Marking, Handling, Storage, Orig. Quality • Media Librarian

  27. Physical Access Controls • Hardware • Control of comm. Equip, storage media, printed logs & reports • Software • Control of backup files, system logs, production apps, sensitive/critical data • Some personnel need special physical access • It department personnel, Cleaning Staff, Maintenance personnel, third-party contractors, consultants, temp staff • Supervision • Physical piggybacking – 2nd person follows 1st through door (man trap)

  28. Monitoring & Auditing • “Reviewing an operational system to see that controls, both manual & automated, are functioning effectively & correctly” • Are technical features being bypassed • Are required procedures being followed • Is there evidence of abnormal computer usage

  29. Monitoring • Looking for: • Illegal software installing • Hardware faults & error states • Operational events for abnormalities • Techniques • Intrusion detection • Penetration testing • Violation analysis

  30. Intrusion Detection & Violation Analysis • Sampling traffic patterns • Look for activities above clipping level • Clipping Level & Profile based anomaly detection • Baseline of user activity considered “normal” • Enables ignoring normal user errors • When exceeded violation report filed • Also used for variance detection • Looking for • Repetitive mistakes, individuals exceeding their authority, too many people with restricted access, patterns showing serious intrusion attempts

  31. Penetration Testing • Attempting to access a system from outside normal • Technology based • Scanning & probing • Demon Dialing / War Driving • Sniffing • Personnel Oriented • Dumpster Diving • Social Engineering

  32. Auditing • Checking for internal & external compliance • Patterns of abnormal use • Audit these functions • Backup controls • System & transaction controls • Data library procedures & center security • Systems development standards • Contingency plans

  33. Audit Trails • Enables tracing a transaction’s history • Enforcement of accountability • Audit Logs should record • Transaction date & time, who processed it, & where • Any security events relating to transaction • Any commands (with options) executed by user • All identification & authorization attempts • Any files or other resources accessed • Auditor should look for • Amendments to production jobs • Production job returns • Computer operator practices

  34. Security Goals of Audit Mechanism • Allow review of patterns of access to individual objects • Allow discovery of repeated attempts to bypass security mechanisms • Find use of privileges by user greater than they should have • An additional form of user assurance that attempt to bypass security will be caught

  35. Audit Logs • Prevent log file from being altered • Protect availability of log during event • Protect logging media from destruction or damage

  36. Benefits of Auditing & Problem Management • Enhancement of risk assessment program • Enhancement of internal readiness & communications • Personnel Security Training • Reduced failures to manageable level • Prevent (re)occurrence of problem • Mitigate impact of violation

  37. Threats • Event that if realized can cause damage to system • Accidental Loss • Operator errors • Transaction processing errors • Inappropriate activities • Inappropriate content • Waste of corporate resources • Sexual or racial harassment • Abuse of privileges • Illegal Computer Operations • Eavesdropping • Fraud, Theft, Sabotage • External Attack

  38. Vulnerabilities & Attacks • Traffic / Trend analysis • Analyze data characteristics & pattern rather than content • Stop by: padding message, sending noise, covert channel analysis • Maintenance Accounts • Data-Scavenging Attacks • Keyboard attacks & Laboratory Attacks • Initial Program Load vulnerabilities • Single user mode, boot sequence, bios, CD • Social Engineering • Network Address Hijacking

More Related