Post on 28-Dec-2015
Operations Security
The CISSP candidate will be expected to know the resources that must be protected, the privileges that must be restricted, the control mechanisms that are available, the potential for access abuse, the appropriate controls, and the principles of good practice.
Controls and Protections
The Operations Security domain is concerned with the controls that are used to protect hardware, software, and media resources from the following:– Threats in an operating environment– Internal or external intruders– Operators who are inappropriately accessing
resources
Categories of Controls
• Preventative Controls – lower the amount & impact of unintentional errors
• Detective Controls – used to detect an error once it has occurred
• Corrective (or Recovery) Controls – help mitigate the impact of a loss event through data recovery procedures
Additional Control Categories
• Deterrent Controls (also called directive controls)• Application Controls (built into software) • Transaction Controls
– Input Controls (properly input)– Processing Controls (valid trans & exceptions are reprocessed)– Output Controls (only prints to acct’ing printer)– Change Controls (configuration management)– Test Controls (prevent violations of confidentiality)
Covert Channel Analysis
Information path not normally used for communication within a system – not protected – 2 types
•Covert storage channels - allow the direct or indirect writing of a storage location by one process and the direct or indirect reading of it by another •Covert timing channels - allow one process to signal information to another process by modulating its own use of system resources in such a way that the change in response time observed by the second process would provide information
Separation of DutiesTypical system administrator or enhanced operator functions:– Installing system software– Starting up (booting) and shutting down a system– Adding and removing system users– Performing backups and recovery– Handling printers and managing print queues
Typical security administrator functions:– Setting user clearances, initial passwords, and other security
characteristics for new users– Changing security profiles for existing users– Setting or changing file sensitivity labels– Setting the security characteristics of devices and
communications channels– Reviewing audit data
Two Man Control – check each otherRotation of Duties
Trusted Recovery
• Failure Preparation (backup)• System Recovery
– Rebooting the system into a single user mode—an operating system loaded without the security front end activated—so no other user access is enabled at this time
– Recovering all file systems that were active at the time of the system failure
– Restoring any missing or damaged files and databases from the most recent backups
– Recovering the required security characteristics, such as file security labels
– Checking security-critical files, such as the system password file
Configuration/Change Management Control
• The following are the primary functions of configuration or change control:– To ensure that the change is implemented in a orderly manner through
formalized testing– To ensure that the user base is informed of the impending change– To analyze the effect of the change on the system after implementation– To reduce the negative impact the change may have had on the
computing services and resources• Five generally accepted procedures exist to implement and support
the change control process:1. Applying to introduce a change.2. Cataloging the intended change.3. Scheduling the change.4. Implementing the change.5. Reporting the change to the appropriate parties.
Administrative Controls
• Personnel Security– Employment Screening or Background Checks– Mandatory Taking of Vacation in One Week
Increments– Job Action Warnings or Termination
• Separation of Duties and Responsibilities• Least Privilege• Need to Know• Change/Configuration Management Controls• Record Retention and Documentation
Least Privilege
• The three basic levels of privilege are defined as follows:– Read Only– Read/Write– Access Change
Due Care and Due Diligence
The concepts of due care and due diligence require that an organization engage in good business practices relative to the organization's industry.
Resource Protection• HARDWARE RESOURCES
– Communications, which includes routers, firewalls, gateways, switches, modems, and access servers
– Storage media, which includes floppies, removable drives, external hard drives, tapes, and cartridges
– Processing systems, which includes file servers, mail servers, Internet servers, backup servers, and tape drives
– Standalone computers, which includes workstations, modems, disks, and tapes
– Printers and fax machines• SOFTWARE RESOURCES
– Program libraries and source code– Vendor software or proprietary packages– Operating system software and systems utilities
• DATA RESOURCES– Backup data– User data files– Password files– Operating Data Directories– System logs and audit trails
Hardware Controls
• Hardware Maintenance• Maintenance Accounts• Diagnostic Port Control• Hardware Physical Control
– Sensitive operator terminals and keyboards– Media storage cabinets or rooms– Server or communications equipment data centers– Modem pools or telecommunication circuit rooms
Software Controls
• Anti-Virus Management
• Software Testing
• Software Utilities
• Safe Software Storage
• Backup Controls
Privileged Entity Controls
• Special access to system commands
• Access to special parameters
• Access to the system control program
Physical Access Controls
• HARDWARE– Control of communications and the computing
equipment– Control of the storage media– Control of the printed logs and reports
• SOFTWARE– Control of the backup files– Control of the system logs– Control of the production applications– Control of the sensitive/critical data
Monitoring Techniques
• Intrusion Detection
• Penetration Testing
• Violation processing using clipping levels
Security Auditing
• Backup controls
• System and transaction controls
• Data library procedures
• Systems development standards
• Data center security
Audit Trails• The audit logs should record the following:
– The transaction's date and time– Who processed the transaction– At which terminal the transaction was processed– Various security events relating to the transaction
• In addition, an auditor should also examine the audit logs for the following:– Amendments to production jobs– Production job reruns– Computer operator practices
• Other important security issues regarding the use of audit logs are as follows:– Retention and protection of the audit media and reports when
their storage is off site– Protection against the alteration of audit or transaction logs– Protection against the unavailability of an audit media during an
event
Problem Management Concepts
The goal of problem management is threefold:
1. To reduce failures to a manageable level.
2. To prevent the occurrence or re-occurrence of a problem.
3. To mitigate the negative impact of problems on computing services and resources.
Threats and Vulnerabilities
• Accidental Loss– Operator input errors and omissions– Transaction processing errors
• Inappropriate Activities– Inappropriate Content– Waste of Corporate Resources– Sexual or Racial Harassment– Abuse of Privileges or Rights
• Illegal Computer Operations and Intentional Attacks– Eavesdropping– Fraud– Theft– Sabotage– External Attack