ISA 562 1

Topic 9: Operations Security

ISA 562Internet Security Theory & Practice

2

Objectives

Protection of information and data Categories of control Privileged Entity Controls

Introduction

Operation security identifies the controls over hardware, media, and the operators and administrators with access privileges to these resources

Although data centers existence today, the term operations security now refers to the central location of all IT Processing areas

3

Facility support systems

Support for some of the same in physical security Protection against fire

Fire Prevention, detection or suppression HVAC systems Electric power

Clean steady power Water

Protection against water problems and damages Communication Physical Access Risks

For unauthorized physical access4

Media control Media takes many forms: electronic or non-electronic

(verbal, written, etc) Electronic media stored on-site or off-site When media is recycled or retired, no residual data

should be available to the new subject Ways destroying and clearing data on magnetic

storage By completely overwriting the magnetic storage Destroying the media physically so it can no longer be used de-Gauss

Some of the best practices for media management are

Marking Labeling Declassifying and destroying etc

5

Misuse prevention Controls preventing technological misuse

Personal use Acceptable use policy Internet usage policy Workstation control

Content Filtering internally and externally Web filtering Email Flirting Messenger Filtering Content filtering

Media Theft Fraud Prevention and detection Using sniffers on clear text traffic

6

Data & information backup Records are managed through the whole

life cycle from the moment it is stored until it is destroyed

Continuity of operation ensures critical business operations continue after disaster or failure

Continuous backups and frequent testing needed for Data and reports Applications and Transactions Operating systems and Configurations

7

RAID

RAID stands for Redundant Array of Independent Disks

Raid is for Backup and performance, can be implemented by hardware or software

RAID levels RAID level 0

Data is distributed across drives (strips) Strips: (blocks, sectors, …)

High performance Data transfer capacity, I/O request rate

No support for redundancy

8

RAID (Continued) RAID level 1

Duplicate all data strips on a second drive Access either drive (whichever is free), high

performance for reads - Must update both drives on a write

Recovery is simple Duplication increases cost considerably

RAID Level 2 Redundancy with error correction codes such as

Hamming Code with multiple bits per word Single access involves all drives Requires 39 disks.

RAID Level 3 Redundancy with error correction codes , byte-level

stripping Parity bit (1 bit per word)

Single access involves all drives 9

RAID (Continued) RAID Level 4

Data striped as in RAID 0 and 1 Large strips

Parity is calculated across blocks All parity stored on one disk

Write requires update of all parity bits Uses block-level stripping

RAID Level 5 Similar to RAID level 4 Parity is calculated across blocks

Parity is distributed across all disks Write requires update of all parity bits Uses block-level stripping

10

RAID (Continued) + RAIT RAID Level 6

Extents RAID 5 by adding an additional parity block It uses block-level striping with two parity blocks distributed across

all member disks RAID 0+1

Used for both mirroring and stripping Advantages

Implemented as a mirrored array Has the same fault tolerance as RAID 5 High I/O rates

Disadvantages Single failure will cause the whole array to become in essence

a RAID level 0 array Very expensive and yields a high overhead It has limited scalability

RAID 10 Known as RAID 1+0 which has high reliability and performance

RAIT Stands for redundant Array of Independent Tapes Level 1 RAIT Uses tapes instead of disks and provides real-

time mirroring11

Hot spares & Other backups

Unused backup disk installed in the array that remains in standby mode

When an array disk fails it is activated to replace the failed array disk

Types of host spare Global hot spare Dedicated hot spare

There are several other backup types, some are

Data mirroring File imaging Electronic vaulting Database shadowing etc

12

Fault tolerance and failover

Fault tolerance is required when a hardware failure is present what usually happens is The system knows that a failure has occurred

and the system has to take some sort of an action

Examples include RAID Cluster servers Failover firewalls Multiple Data centers Load balancing and alterative paths for traffic, etc

13

Trusted Recovery

One of the areas of operational assurance Makes sure systems are still in a secure

state after a failure happens Types include

Normal system reboot Emergency restart Cold start

Fail secure ensures that if a system fails it should in a secure manner.

14

Incident handling & response Incident handling is responsible to log,

analyze and track incidents therefore it is also considered the first line of

defense escalation procedures also have to be in place

An Incident response team needs to be in place To handle all notification Respond efficiently

15

Contingency Plans

Used by an organization or business unit to respond to a specific system failure or disruption

Some contingency plans which should be considered are Failures Denial of service Production delays etc

16

Change control Is the process of developing a planned

approach to controlling changes in an environment

They should be reviewed for potential security impact and process of ownership of changes

There should also be a change control committee which ensures the following Properly tested before deployment Authorized by the prospective business unit Scheduled for a specific date and time Communicated with the other business units Documented 17

Change Control (Continued)

Procedure Request Impact Assessment Approval Build/Test Implement monitor

18

Configuration Management Includes the control of all changes that are

made Hardware

Hardware Inventory Hardware Configuration chart

Software Operation files protection

Backups Source code Object code etc

Firmware Documentation

Format Copies 19

Patch Management

Patch Management goes through a cycle By identifying a patch Testing the patch to see if it has any side

affects Complete rollout to systems

20

Privileges Operator Privileges

Selecting and loading input and output Observing operational equipment Initializing computer operations, etc

Administrator Privileges Running technically advanced information systems Server Startup and shutdown Performing backups of data Answering technical queries, etc

Security Administrator privileges Monitors the system and reports security problems Vulnerability assessments Setting passwords, etc

21

Control over privileged entities

Personnel with privileged access pose a higher level of risk to an organization

Important to have adequate controls in place to prevent either intentional or accidental breaches of the security of the organization Review of access rights Supervision Monitoring

22

References ISC2 CBK Material ISC2 Official CISSP Exam Guide

23