SlideShare uma empresa Scribd logo

Operations Security Presentation

Wajahat Rajab
Wajahat Rajab
EducaçãoTecnologiaNegócios
1 de 99
Baixar para ler offline
Operations Security Muhammad Wajahat Rajab
Question… Operations Security seeks to primarily protect against which of the following? A. Object reuse B. Facility disaster C. Compromising emanations D. Asset threats
Question… Operations Security seeks to primarily protect against which of the following? A. Object reuse B. Facility disaster C. Compromising emanations D. Asset threats
Punch Line • Primarily concerned with the protection and control of information processing assets
Overview
Domain Introduction • Mixture of all the domains… • Core goal of Operations Security? – Availability • Are others important? – Surely, they are! • The domain is divided into following sections: – Privileged Entity Controls – Resource Protection – Continuity of Operations – Change Control Management
Points to ponder • What is the state of being free from danger or injury? • What are the opposite terms for the following? – Availability – Integrity – Confidentiality
Privileged Entity Controls
Introduction • Privileged Entity Controls are the mechanisms that give privileged access to… – Hardware – Software – Data • Where do the controls that permit privileged functions usually reside?
Privileged Entity Controls • Account Management • System Accounts • System Operators • Ordinary Users • System Administrators • Security Administrators
Account Management • Involves life-cycle process for every account in a system • Primarily four types of accounts… – Root – Service – Privileged user – Ordinary user • Accounts not needed should be disabled or deleted!
Account Management (2) • Efficient management requires assignment of individual accounts into groups or roles – What is a group account? • Group management involves assigning a user account to one or multiple groups – Each group is given a set of permissions to access objects within a system!
System Accounts • Dedicated accounts to provide a variety of system services using autonomous processes – Services are background processes that run in their own security context – DBMS contain number of these accounts
System Operators • Work in data center environments where mainframe systems are used – Given elevated privileges • Which can lead to circumvention of security policy! • Use of these privileges should be monitored through audit log • Responsibilities assigned to operators include… – Implementing the initial program load – Monitoring execution of the system – Volume mounting
System Operators (2) – Controlling job flow – Bypass label processing – Renaming and relabeling resources – Reassignment of ports
Ordinary Users • Given restrictive system privileges! • Allowed access that require minimum privileges to run • Work in client/server architecture environment • Should not be allowed to monitor system execution • Should not be allowed to reassign ports • Should not be allowed the re-labeling of the resources
System Administrators • Manage system operations and maintenance • Ensure system is functioning properly for system users • Privileges assigned to trained and authorized individuals • Privileges to affect critical operations such as setting… – Time, Boot sequence, System logs and Passwords
Security Administrators • Oversee the security operations of a system • Security operations include: – Account management – Assignment of file sensitive labels – System security settings – Audit data review – Provide a check and balance of the power assigned to System Administrators • Through auditing and reviewing the activities
Security Administrator Functions • File Sensitivity Labels • Clearances • System Security Characteristics • Passwords • Audit Data Analysis and Management
File Sensitivity Labels • Implemented to control access to information • Allow privileges or deny access to a file • Prevent data from being written to an area on the system with a lower sensitivity
Clearances • Assigned according to trustworthiness and the level of access needed for sensitive information • Ensure proper level of clearance has been assigned prior to providing access
System Security Characteristics • Define the security settings of systems and applications… – Network devices – Database Management Systems • Improper configuration can impact the proper operation of the system or network!
Passwords • Password distribution is an important function • Trusted distribution channels needed to avoid a compromise • Types of passwords?
Audit Data Analysis and Management • Auditing information can be obtained from – Servers, Workstations, Databases, Firewalls, etc… • Tools used must detect unauthorized activity or attacks • Auditing mechanism must support organizational policy • Auditing can affect the system availability… – Consume CPU time, Network bandwidth, Storage Space! • Keep in mind the log retaining issues – Regulations
Question… What setup should an administrator use for regularly testing the strength of user passwords? A. A networked workstation so that the live password database can easily be accessed by the cracking program. B. A networked workstation so the password database can easily be copied locally and processed by the cracking program. C. A standalone workstation on which the password database is copied and processed by the cracking program. D. A password-cracking program is unethical; therefore it should not be used.
Question… What setup should an administrator use for regularly testing the strength of user passwords? A. A networked workstation so that the live password database can easily be accessed by the cracking program. B. A networked workstation so the password database can easily be copied locally and processed by the cracking program. C. A standalone workstation on which the password database is copied and processed by the cracking program. D. A password-cracking program is unethical; therefore it should not be used.
Resource Protection
Introduction • Resource protection includes… – Facilities – Hardware – Software – Documentation – Threats to Operations – Control Methods – Data and Media Control – Disposal Control
Facilities • Use systems and controls to sustain the IT operation environment – Fire detection and suppression systems – HVAC – Water and sewage systems – Reliable power supply and distribution system – Power line conditioners – Telecommunication systems – Access control and intrusion detection systems
Hardware • Appropriate physical security needed to ensure CIA… – Concept of least privilege – Restricted access – Escorting a visitor – Protecting workstations – Protecting the printing devices – Authorized access to firewalls – Limited access to… • Routers, Switches etc – Periodic inspection of network cables
Hardware (2) – Use of strong encryption in wireless communication • WPA over WEP
Software • Preventing copyright infringements • Preventing illegal duplication and distribution of software – Periodic inventory scans • Software escrow – Need? • Proper SDLC procedures • Proper testing and version control – Separation of duties • Protecting the Operating System passwords • Protecting the Audit Logs
Documentation • Ensuring the protection of documentation related to… – Network design – Vulnerabilities – Proprietary methods • Proprietary information  Trade secrets – Source code • All important documentation should be controlled and catalogued!
Threats to Operations • Disclosure of sensitive information – Confidentiality • Corruption/modification of processes – Integrity • Theft / Removal of resources – Confidentiality, Integrity, Availability • Destruction of resources – Availability • Interruption of resources – Availability
Control Methods • Input / Output Control • Equipment Control • Support System Control • Personnel Control • Antivirus Management
Input / Output Control • Input… – Time-stamping, Authentication, Logging – Audit trails • Record of data entered into the system • Record of the data edited • Output… – Release sensitive data after signing it – Empty report should contain "No Output" – Information storage area must be protected
Equipment Control • Regular monitoring, maintenance • Penetration test should be conducted • Use encryption for data communication • Remote maintenance should be restricted • Third party maintenance should be supervised • Data center should have minimal exposure from environmental threats • Restricted access to secure room where operational components are located – Keep log of equipment moving in and out of restricted room!
Personnel Control • Security awareness training • Background checks and screening • Separation of duties • Job rotation • Accountability through logging and monitoring – Need to know basis – The principle of least privilege • Mandatory vacation!
Antivirus Management • Continuous monitored updates • Automatic scheduled scanning – Issues? • Antivirus software must be present in... – Email servers – File servers – Workstations
Data and Media Control • Data – Backup data – Encrypt sensitive data • Media – Use a media library/librarian – Marking – Logging – Integrity verification – Physical Access Protection – Transmittal – Disposition
Disposal Control • Initiates at the end of life cycle of a system • Ensure that regulations do not require to keep specific data for a period of time • Prevent dumpster diving • Properly erasing data from media – Degaussing – Zeroization – Physical destruction
Degaussing • Data is stored on magnetic media by the representation of the polarization of the atoms • Degaussing changes this polarization (magnetic alignment) by using a type of large magnet to bring it back to its original flux
Zeroization • Purging (Overwriting) existing data with '1s' and '0s‘… – Single pass - Data area is overwritten once with '1' or '0' – DoD Method - The data area is overwritten with '0s' then '1s' and then once with pseudo random data – NSA erasure algorithm - Data is overwritten seven times with '0' pattern then with '1' and so on… – Gutmann Method - The data is overwritten 35 times!
Physical Destruction • Best method for papers and read only media – There are highly specialized recovery programs to recover data after disk wiping
Question What is the main issue with media reuse? A. Degaussing B. Data remanence C. Media destruction D. Purging
Question What is the main issue with media reuse? A. Degaussing B. Data remanence C. Media destruction D. Purging
Continuity of Operations
Introduction • Backup Types • Backup Methods • Hardware • Communications • Facilities • Operational Controls • Problem Management
Backup Types • Full Backup • Incremental Backup • Differential Backup
Full Backup • All files are backed up • Fastest restoration process • Takes the longest to perform backup
Incremental Backup • Backs up files that have changed since last backup • Backups can be performed quickly • Restoration takes longer
Differential Backup • Backs up files that have changed since last full backup • For restoration, full backup is restored and then differential backup is restored
Backup Methods • Hierarchical Storage Management • Disk Mirroring • Disk Duplexing • RAID • Storage Area Network
Hierarchical Storage Management • Uses hard disk and optical or tape jukebox technology to offer continuous online backup functionality • Files are moved along a hierarchy of storage devices to less expensive form storage based on rules tied to the frequency of data access • Transparent to users
Disk Mirroring • Exact same data is written to two or more hard disks • Uses one disk controller – Controller is the single point of failure
Disk Duplexing • Exact same data is written to two or more hard disks • Backup device has more than one disk controller
RAID • Level 0 – Striping • No fault tolerance – High performance • Level 1 – Mirroring • Level 2 – Data strip over all drives at the bit level – Parity = Yes – Requires 39 disks (Not Practical)
RAID (2) • Level 3 – Byte level parity – All parity data is on one disk • Level 4 – Block level parity • Level 5 – Parity = Yes – Parity over all disks!
Byte level
Storage Area Network • Several distinct storage systems that connected together to create a backup network • High speed sub-network of shared storage devices • Transparent to user
Hardware • Redundant and backup components – Hot spares / Cold spares • Multiple power supplies • Fail over devices – Router, Firewalls etc • Standby services
Communications • Redundant communication links – Multiple lines between distributed resources • Backup communication links include... – Local Phone company – Long distance carriers – Competitive telecommunication carriers – Broadband through telephone lines – Broadband over cable modems – Wireless metropolitan area networks – Satellite links
Facilities • Continuous well regulated power – Redundant feeds, Power line regulators – Back up power sources • UPS, Generators • Proper humidity and temperature level – 40% to 60% – 70° to 74° F • Physical Security – Access controls, Intrusion detection systems, Guards etc. • Well documented contingency plans
Operational Controls • Development and enforcement of SOPs – System start up – Error conditions and how to handle them? – System shutdown – Restoring the system from backup media • Boot up sequence (C:, A:, D:) should not be available to reconfigure • Writing activities to system logs should not be bypassed
Operational Controls (2) • Output should not be able to be rerouted • Fail secure (Fail closed) • Fail safe (Fail open) • Recovery action… – Warm reboot (Controlled, Automatic) – Emergency system restart (Uncontrolled, Automatic) – System cold start (Uncontrolled, Manual)
Problem Management • Problem = Unknown cause of one or more incidents • Known error = Successfully diagnosed problem – For which a solution or work around has been identified! • Problem tracking and reporting • Advantages: – Lowering impact – Reducing failures – Preventing from reoccurring
Problem Management (2) • Problems to be investigated… – Any incident different from standard procedures – Unexplainable, Randomly occurring process – Any processing anomalies • Examples… – System component failure – Power failure – Telecommunication failure
Problem Management (3) • Examples – Tampering – Production delay – Input / Output errors – Spam – Phishing – Malware – Spyware – Denial of service
Change Control Management
Introduction • Change Control Management – Change Control Process – Configuration Management – Contingency Planning – Intrusion Response – Operations Management
Change Control Management • Authorizes changes to production systems, including system and application software • Changes to production system include... – Implementation of new applications – Modifications of existing applications – Removing old applications – Upgrading or patching system software
Change Control Process • Request • Impact assessment • Approval/Disapproval • Build – Test • Notification • Implementation • Monitoring • Documentation
Configuration Management • Performed after a change has been approved through a change control process • Ensures that the changes to production systems are done properly • Ensures that changes do not take place unintentionally or unknowingly • Documentation and maintenance of documents pertaining to system and software changes
Contingency Planning • Allows production environment to continue to operate after disruption • Coordinates backups and recovery plans • Identifies mission critical functions and systems that support them • Identifies critical interdependencies • Generates formal written recovery procedures • Promotes proper training as well as testing of plans
Intrusion Response • Audit trail monitoring • Auditing event include… – Monitoring and identifying system resource use – Monitoring and analyzing network traffic and connections – Monitoring and identifying user account and file access – Scanning for malicious code – Verifying file and data integrity – Probing for system and network vulnerabilities
Operations Management • Operation Management include reviewing… – Implementation of vendor patches – Operating logs – Inventory – Change control practices – Incident reporting in Problem Management – System/Audit logs – Audits/Security reviews
Thank you… • Any Questions…
Question 1 Critical data is? A. Subject to classification by regulatory bodies or legislation B. Data of high integrity C. Always protected at the highest level D. Instrumental for business operations
Question 1 Critical data is? A. Subject to classification by regulatory bodies or legislation B. Data of high integrity C. Always protected at the highest level D. Instrumental for business operations
Question 2 When an organization is determining which data is sensitive, it must consider all of the following EXCEPT: A. Expectations of customers B. Legislation or regulations C. Quantity of data D. Age of the data
Question 2 When an organization is determining which data is sensitive, it must consider all of the following EXCEPT: A. Expectations of customers B. Legislation or regulations C. Quantity of data D. Age of the data
Question 3 All of the following are examples of Preventative Control EXCEPT? A. Intrusion detection systems B. Human resources policies C. Anti-virus software D. Fences
Question 3 All of the following are examples of Preventative Control EXCEPT? A. Intrusion detection systems B. Human resources policies C. Anti-virus software D. Fences
Question 4 To speed up RAID disk access, an organization can: A. Use larger hard drives B. Stripe the data across several drives C. Mirror critical drives D. Disallow some queries
Question 4 To speed up RAID disk access, an organization can: A. Use larger hard drives B. Stripe the data across several drives C. Mirror critical drives D. Disallow some queries
Question 5 A timely review of system access audit records is an example of which type of security function? A. Avoidance B. Deterrence C. Prevention D. Detection
Question 5 A timely review of system access audit records is an example of which type of security function? A. Avoidance B. Deterrence C. Prevention D. Detection
Question 6 Which of the following is not a technique used for monitoring? A. Penetration testing B. Intrusion detection C. Violation processing (using clipping levels) D. Countermeasures testing
Question 6 Which of the following is not a technique used for monitoring? A. Penetration testing B. Intrusion detection C. Violation processing (using clipping levels) D. Countermeasures testing
Thank you…

Recomendados

2. access control
2. access control2. access control
2. access control7wounders
 
Access Controls
Access ControlsAccess Controls
Access Controlsprimeteacher32
 
Access Control System, BMS
Access Control System, BMSAccess Control System, BMS
Access Control System, BMSMohammad Azam Khan
 
Access Control Presentation
Access Control PresentationAccess Control Presentation
Access Control PresentationWajahat Rajab
 
Ch07 Access Control Fundamentals
Ch07 Access Control FundamentalsCh07 Access Control Fundamentals
Ch07 Access Control FundamentalsInformation Technology
 
8 Access Control
8 Access Control8 Access Control
8 Access ControlAlfred Ouyang
 
Access_Control_Systems_and_methodology
Access_Control_Systems_and_methodologyAccess_Control_Systems_and_methodology
Access_Control_Systems_and_methodologyArti Ambokar
 
Operations_Security - Richard Mosher
Operations_Security - Richard MosherOperations_Security - Richard Mosher
Operations_Security - Richard Mosheramiable_indian
 

Recomendados

2. access control
2. access control2. access control
2. access control7wounders
 
Access Controls
Access ControlsAccess Controls
Access Controlsprimeteacher32
 
Access Control System, BMS
Access Control System, BMSAccess Control System, BMS
Access Control System, BMSMohammad Azam Khan
 
Access Control Presentation
Access Control PresentationAccess Control Presentation
Access Control PresentationWajahat Rajab
 
Ch07 Access Control Fundamentals
Ch07 Access Control FundamentalsCh07 Access Control Fundamentals
Ch07 Access Control FundamentalsInformation Technology
 
8 Access Control
8 Access Control8 Access Control
8 Access ControlAlfred Ouyang
 
Access_Control_Systems_and_methodology
Access_Control_Systems_and_methodologyAccess_Control_Systems_and_methodology
Access_Control_Systems_and_methodologyArti Ambokar
 
Operations_Security - Richard Mosher
Operations_Security - Richard MosherOperations_Security - Richard Mosher
Operations_Security - Richard Mosheramiable_indian
 
Managing your access control systems
Managing your access control systemsManaging your access control systems
Managing your access control systemsWalter Sinchak,
 
CISSP - Chapter 3 - Physical security
CISSP - Chapter 3 - Physical securityCISSP - Chapter 3 - Physical security
CISSP - Chapter 3 - Physical securityKarthikeyan Dhayalan
 
An overview of access control
An overview of access controlAn overview of access control
An overview of access controlElimity
 
6 Physical Security
6 Physical Security6 Physical Security
6 Physical SecurityAlfred Ouyang
 
Chap5 2007 C I S A Review Course
Chap5 2007 C I S A Review CourseChap5 2007 C I S A Review Course
Chap5 2007 C I S A Review CourseDesmond Devendran
 
Application and Systems Development
Application and Systems DevelopmentApplication and Systems Development
Application and Systems Developmentamiable_indian
 
Data/File Security & Control
Data/File Security & ControlData/File Security & Control
Data/File Security & ControlAdetula Bunmi
 
Access control Week 1
Access control Week 1Access control Week 1
Access control Week 1jemtallon
 
It security
It securityIt security
It securityavi2607
 
Development of security architecture
Development of security architectureDevelopment of security architecture
Development of security architectureImran Khan
 
BAIT1103 Chapter 7
BAIT1103 Chapter 7BAIT1103 Chapter 7
BAIT1103 Chapter 7limsh
 
3. security architecture and models
3. security architecture and models3. security architecture and models
3. security architecture and models7wounders
 
CISSP Week 22
CISSP Week 22CISSP Week 22
CISSP Week 22jemtallon
 
Information systems security(1)
Information systems security(1)Information systems security(1)
Information systems security(1)Sandeep Agarwal
 
Access control3
Access control3Access control3
Access control3Awhydot
 
CISSP week 26
CISSP week 26CISSP week 26
CISSP week 26jemtallon
 
Security Architecture
Security ArchitectureSecurity Architecture
Security Architectureamiable_indian
 
Unit v
Unit vUnit v
Unit vbharatnaruka90
 
Linux Security best Practices with Fedora
Linux Security best Practices with FedoraLinux Security best Practices with Fedora
Linux Security best Practices with FedoraUditha Bandara Wijerathna
 
Security and privacy
Security and privacySecurity and privacy
Security and privacyHaa'Meem Mohiyuddin
 
Physical Security Presentation
Physical Security PresentationPhysical Security Presentation
Physical Security PresentationWajahat Rajab
 
Training to be done this year
Training to be done this yearTraining to be done this year
Training to be done this yearPasilo Drango
 

Mais conteúdo relacionado

Mais procurados

Managing your access control systems
Managing your access control systemsManaging your access control systems
Managing your access control systemsWalter Sinchak,
 
CISSP - Chapter 3 - Physical security
CISSP - Chapter 3 - Physical securityCISSP - Chapter 3 - Physical security
CISSP - Chapter 3 - Physical securityKarthikeyan Dhayalan
 
An overview of access control
An overview of access controlAn overview of access control
An overview of access controlElimity
 
Chap5 2007 C I S A Review Course
Chap5 2007 C I S A Review CourseChap5 2007 C I S A Review Course
Chap5 2007 C I S A Review CourseDesmond Devendran
 
Application and Systems Development
Application and Systems DevelopmentApplication and Systems Development
Application and Systems Developmentamiable_indian
 
Data/File Security & Control
Data/File Security & ControlData/File Security & Control
Data/File Security & ControlAdetula Bunmi
 
Access control Week 1
Access control Week 1Access control Week 1
Access control Week 1jemtallon
 
It security
It securityIt security
It securityavi2607
 
Development of security architecture
Development of security architectureDevelopment of security architecture
Development of security architectureImran Khan
 
BAIT1103 Chapter 7
BAIT1103 Chapter 7BAIT1103 Chapter 7
BAIT1103 Chapter 7limsh
 
3. security architecture and models
3. security architecture and models3. security architecture and models
3. security architecture and models7wounders
 
CISSP Week 22
CISSP Week 22CISSP Week 22
CISSP Week 22jemtallon
 
Information systems security(1)
Information systems security(1)Information systems security(1)
Information systems security(1)Sandeep Agarwal
 
Access control3
Access control3Access control3
Access control3Awhydot
 
CISSP week 26
CISSP week 26CISSP week 26
CISSP week 26jemtallon
 

Mais procurados (20)

Managing your access control systems
Managing your access control systemsManaging your access control systems
Managing your access control systems
 
CISSP - Chapter 3 - Physical security
CISSP - Chapter 3 - Physical securityCISSP - Chapter 3 - Physical security
CISSP - Chapter 3 - Physical security
 
An overview of access control
An overview of access controlAn overview of access control
An overview of access control
 
6 Physical Security
6 Physical Security6 Physical Security
6 Physical Security
 
Chap5 2007 C I S A Review Course
Chap5 2007 C I S A Review CourseChap5 2007 C I S A Review Course
Chap5 2007 C I S A Review Course
 
Application and Systems Development
Application and Systems DevelopmentApplication and Systems Development
Application and Systems Development
 
Data/File Security & Control
Data/File Security & ControlData/File Security & Control
Data/File Security & Control
 
Access control Week 1
Access control Week 1Access control Week 1
Access control Week 1
 
It security
It securityIt security
It security
 
Development of security architecture
Development of security architectureDevelopment of security architecture
Development of security architecture
 
BAIT1103 Chapter 7
BAIT1103 Chapter 7BAIT1103 Chapter 7
BAIT1103 Chapter 7
 
3. security architecture and models
3. security architecture and models3. security architecture and models
3. security architecture and models
 
CISSP Week 22
CISSP Week 22CISSP Week 22
CISSP Week 22
 
Information systems security(1)
Information systems security(1)Information systems security(1)
Information systems security(1)
 
Access control3
Access control3Access control3
Access control3
 
CISSP week 26
CISSP week 26CISSP week 26
CISSP week 26
 
Security Architecture
Security ArchitectureSecurity Architecture
Security Architecture
 
Unit v
Unit vUnit v
Unit v
 
Linux Security best Practices with Fedora
Linux Security best Practices with FedoraLinux Security best Practices with Fedora
Linux Security best Practices with Fedora
 
Security and privacy
Security and privacySecurity and privacy
Security and privacy
 

Destaque

Physical Security Presentation
Physical Security PresentationPhysical Security Presentation
Physical Security PresentationWajahat Rajab
 
Training to be done this year
Training to be done this yearTraining to be done this year
Training to be done this yearPasilo Drango
 
Writing Goals For Your Employees
Writing Goals For Your EmployeesWriting Goals For Your Employees
Writing Goals For Your EmployeesKathrynG
 
Operational Security Intelligence
Operational Security IntelligenceOperational Security Intelligence
Operational Security IntelligenceSplunk
 
Operational Security
Operational SecurityOperational Security
Operational SecuritySplunk
 
8. operations security
8. operations security8. operations security
8. operations security7wounders
 
Training coordinator kpi
Training coordinator kpiTraining coordinator kpi
Training coordinator kpijomricos
 
Training coordinator performance appraisal
Training coordinator performance appraisalTraining coordinator performance appraisal
Training coordinator performance appraisalmartinezrosie780
 
G4S Security Officer Training and Benefits Proposal
G4S Security Officer Training and Benefits Proposal G4S Security Officer Training and Benefits Proposal
G4S Security Officer Training and Benefits Proposal Jodii Weiner
 
Employee Security Training[1]@
Employee Security Training[1]@Employee Security Training[1]@
Employee Security Training[1]@R_Yanus
 
Security Training Incident Investigation And Report Writing.Ppt
Security Training Incident Investigation And Report Writing.PptSecurity Training Incident Investigation And Report Writing.Ppt
Security Training Incident Investigation And Report Writing.PptFaheem Ul Hasan
 
Security training module
Security training moduleSecurity training module
Security training modulepagare_c
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation CenterS.E. CTS CERT-GOV-MD
 
4 Operations Security
4 Operations Security4 Operations Security
4 Operations SecurityAlfred Ouyang
 

Destaque (18)

Physical Security Presentation
Physical Security PresentationPhysical Security Presentation
Physical Security Presentation
 
Training to be done this year
Training to be done this yearTraining to be done this year
Training to be done this year
 
Writing Goals For Your Employees
Writing Goals For Your EmployeesWriting Goals For Your Employees
Writing Goals For Your Employees
 
Operational Security Intelligence
Operational Security IntelligenceOperational Security Intelligence
Operational Security Intelligence
 
Enterprise GIS Planning and Framework
Enterprise GIS Planning and FrameworkEnterprise GIS Planning and Framework
Enterprise GIS Planning and Framework
 
Operational Security
Operational SecurityOperational Security
Operational Security
 
8. operations security
8. operations security8. operations security
8. operations security
 
Training coordinator kpi
Training coordinator kpiTraining coordinator kpi
Training coordinator kpi
 
KPIs, Work flow & evaluating performances
KPIs, Work flow & evaluating performancesKPIs, Work flow & evaluating performances
KPIs, Work flow & evaluating performances
 
Training coordinator performance appraisal
Training coordinator performance appraisalTraining coordinator performance appraisal
Training coordinator performance appraisal
 
G4S Security Officer Training and Benefits Proposal
G4S Security Officer Training and Benefits Proposal G4S Security Officer Training and Benefits Proposal
G4S Security Officer Training and Benefits Proposal
 
Certificate Security Guard
Certificate Security GuardCertificate Security Guard
Certificate Security Guard
 
Employee Security Training[1]@
Employee Security Training[1]@Employee Security Training[1]@
Employee Security Training[1]@
 
Security Training Incident Investigation And Report Writing.Ppt
Security Training Incident Investigation And Report Writing.PptSecurity Training Incident Investigation And Report Writing.Ppt
Security Training Incident Investigation And Report Writing.Ppt
 
KPI Course slides
KPI Course slidesKPI Course slides
KPI Course slides
 
Security training module
Security training moduleSecurity training module
Security training module
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation Center
 
4 Operations Security
4 Operations Security4 Operations Security
4 Operations Security
 

Semelhante a Operations Security Presentation

Operating system security
Operating system securityOperating system security
Operating system securityRamesh Ogania
 
3 securityarchitectureandmodels-120331064706-phpapp01
3 securityarchitectureandmodels-120331064706-phpapp013 securityarchitectureandmodels-120331064706-phpapp01
3 securityarchitectureandmodels-120331064706-phpapp01wardell henley
 
Information Security
Information SecurityInformation Security
Information Securitysonykhan3
 
Types_of_Access_Controlsggggggggggggggggg
Types_of_Access_ControlsgggggggggggggggggTypes_of_Access_Controlsggggggggggggggggg
Types_of_Access_ControlsgggggggggggggggggSaurabh846965
 
Lecture 10 intruders
Lecture 10 intrudersLecture 10 intruders
Lecture 10 intrudersrajakhurram
 
CISSP Chapter 7 - Security Operations
CISSP Chapter 7 - Security OperationsCISSP Chapter 7 - Security Operations
CISSP Chapter 7 - Security OperationsKarthikeyan Dhayalan
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security conceptsG Prachi
 
Defcon 22-tim-mcguffin-one-man-shop
Defcon 22-tim-mcguffin-one-man-shopDefcon 22-tim-mcguffin-one-man-shop
Defcon 22-tim-mcguffin-one-man-shopPriyanka Aash
 
Network management
Network managementNetwork management
Network managementMohd Arif
 
Security Baselines and Risk Assessments
Security Baselines and Risk AssessmentsSecurity Baselines and Risk Assessments
Security Baselines and Risk AssessmentsPriyank Hada
 
Tckhjhhjbbggujvg Day13-Post-Exploitation.pptx
Tckhjhhjbbggujvg Day13-Post-Exploitation.pptxTckhjhhjbbggujvg Day13-Post-Exploitation.pptx
Tckhjhhjbbggujvg Day13-Post-Exploitation.pptxAlfredObia1
 
ch03Threat Modeling - Locking the Door to Vulnerabilities.ppt
ch03Threat Modeling - Locking the Door to Vulnerabilities.pptch03Threat Modeling - Locking the Door to Vulnerabilities.ppt
ch03Threat Modeling - Locking the Door to Vulnerabilities.pptgealehegn
 
CIA-Triad-Presentation.pdf
CIA-Triad-Presentation.pdfCIA-Triad-Presentation.pdf
CIA-Triad-Presentation.pdfBabyBoy55
 
Chapter Last.ppt
Chapter Last.pptChapter Last.ppt
Chapter Last.pptmiki304759
 
CISA_WK_4.pptx
CISA_WK_4.pptxCISA_WK_4.pptx
CISA_WK_4.pptxdotco
 

Semelhante a Operations Security Presentation (20)

Operating system security
Operating system securityOperating system security
Operating system security
 
Cyber Security # Lec 4
Cyber Security # Lec 4 Cyber Security # Lec 4
Cyber Security # Lec 4
 
Chapter 7
Chapter 7Chapter 7
Chapter 7
 
3 securityarchitectureandmodels-120331064706-phpapp01
3 securityarchitectureandmodels-120331064706-phpapp013 securityarchitectureandmodels-120331064706-phpapp01
3 securityarchitectureandmodels-120331064706-phpapp01
 
ISBB_Chapter6.pptx
ISBB_Chapter6.pptxISBB_Chapter6.pptx
ISBB_Chapter6.pptx
 
Information Security
Information SecurityInformation Security
Information Security
 
Types_of_Access_Controlsggggggggggggggggg
Types_of_Access_ControlsgggggggggggggggggTypes_of_Access_Controlsggggggggggggggggg
Types_of_Access_Controlsggggggggggggggggg
 
Lecture 10 intruders
Lecture 10 intrudersLecture 10 intruders
Lecture 10 intruders
 
CISSP Chapter 7 - Security Operations
CISSP Chapter 7 - Security OperationsCISSP Chapter 7 - Security Operations
CISSP Chapter 7 - Security Operations
 
security in is.pptx
security in is.pptxsecurity in is.pptx
security in is.pptx
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security concepts
 
Defcon 22-tim-mcguffin-one-man-shop
Defcon 22-tim-mcguffin-one-man-shopDefcon 22-tim-mcguffin-one-man-shop
Defcon 22-tim-mcguffin-one-man-shop
 
Network management
Network managementNetwork management
Network management
 
Security Baselines and Risk Assessments
Security Baselines and Risk AssessmentsSecurity Baselines and Risk Assessments
Security Baselines and Risk Assessments
 
Tckhjhhjbbggujvg Day13-Post-Exploitation.pptx
Tckhjhhjbbggujvg Day13-Post-Exploitation.pptxTckhjhhjbbggujvg Day13-Post-Exploitation.pptx
Tckhjhhjbbggujvg Day13-Post-Exploitation.pptx
 
ch03Threat Modeling - Locking the Door to Vulnerabilities.ppt
ch03Threat Modeling - Locking the Door to Vulnerabilities.pptch03Threat Modeling - Locking the Door to Vulnerabilities.ppt
ch03Threat Modeling - Locking the Door to Vulnerabilities.ppt
 
CIA-Triad-Presentation.pdf
CIA-Triad-Presentation.pdfCIA-Triad-Presentation.pdf
CIA-Triad-Presentation.pdf
 
Coud discovery chap 5
Coud discovery chap 5Coud discovery chap 5
Coud discovery chap 5
 
Chapter Last.ppt
Chapter Last.pptChapter Last.ppt
Chapter Last.ppt
 
CISA_WK_4.pptx
CISA_WK_4.pptxCISA_WK_4.pptx
CISA_WK_4.pptx
 

Último

Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Krashi Coaching
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingTechSoup
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsTechSoup
 
General AI for Medical Educators April 2024
General AI for Medical Educators April 2024General AI for Medical Educators April 2024
General AI for Medical Educators April 2024Janet Corral
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfJayanti Pande
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfagholdier
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfAdmir Softic
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdfQucHHunhnh
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphThiyagu K
 
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...Sapna Thakur
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfciinovamais
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAssociation for Project Management
 

Último (20)

Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 
General AI for Medical Educators April 2024
General AI for Medical Educators April 2024General AI for Medical Educators April 2024
General AI for Medical Educators April 2024
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
Advance Mobile Application Development class 07
Advance Mobile Application Development class 07Advance Mobile Application Development class 07
Advance Mobile Application Development class 07
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot Graph
 
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptxINDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
 
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across Sectors
 

Operations Security Presentation

  • 2. Question… Operations Security seeks to primarily protect against which of the following? A. Object reuse B. Facility disaster C. Compromising emanations D. Asset threats
  • 3. Question… Operations Security seeks to primarily protect against which of the following? A. Object reuse B. Facility disaster C. Compromising emanations D. Asset threats
  • 4. Punch Line • Primarily concerned with the protection and control of information processing assets
  • 6. Domain Introduction • Mixture of all the domains… • Core goal of Operations Security? – Availability • Are others important? – Surely, they are! • The domain is divided into following sections: – Privileged Entity Controls – Resource Protection – Continuity of Operations – Change Control Management
  • 7. Points to ponder • What is the state of being free from danger or injury? • What are the opposite terms for the following? – Availability – Integrity – Confidentiality
  • 9. Introduction • Privileged Entity Controls are the mechanisms that give privileged access to… – Hardware – Software – Data • Where do the controls that permit privileged functions usually reside?
  • 10. Privileged Entity Controls • Account Management • System Accounts • System Operators • Ordinary Users • System Administrators • Security Administrators
  • 11. Account Management • Involves life-cycle process for every account in a system • Primarily four types of accounts… – Root – Service – Privileged user – Ordinary user • Accounts not needed should be disabled or deleted!
  • 12. Account Management (2) • Efficient management requires assignment of individual accounts into groups or roles – What is a group account? • Group management involves assigning a user account to one or multiple groups – Each group is given a set of permissions to access objects within a system!
  • 13. System Accounts • Dedicated accounts to provide a variety of system services using autonomous processes – Services are background processes that run in their own security context – DBMS contain number of these accounts
  • 14. System Operators • Work in data center environments where mainframe systems are used – Given elevated privileges • Which can lead to circumvention of security policy! • Use of these privileges should be monitored through audit log • Responsibilities assigned to operators include… – Implementing the initial program load – Monitoring execution of the system – Volume mounting
  • 15. System Operators (2) – Controlling job flow – Bypass label processing – Renaming and relabeling resources – Reassignment of ports
  • 16.
  • 17. Ordinary Users • Given restrictive system privileges! • Allowed access that require minimum privileges to run • Work in client/server architecture environment • Should not be allowed to monitor system execution • Should not be allowed to reassign ports • Should not be allowed the re-labeling of the resources
  • 18. System Administrators • Manage system operations and maintenance • Ensure system is functioning properly for system users • Privileges assigned to trained and authorized individuals • Privileges to affect critical operations such as setting… – Time, Boot sequence, System logs and Passwords
  • 19. Security Administrators • Oversee the security operations of a system • Security operations include: – Account management – Assignment of file sensitive labels – System security settings – Audit data review – Provide a check and balance of the power assigned to System Administrators • Through auditing and reviewing the activities
  • 20. Security Administrator Functions • File Sensitivity Labels • Clearances • System Security Characteristics • Passwords • Audit Data Analysis and Management
  • 21. File Sensitivity Labels • Implemented to control access to information • Allow privileges or deny access to a file • Prevent data from being written to an area on the system with a lower sensitivity
  • 22. Clearances • Assigned according to trustworthiness and the level of access needed for sensitive information • Ensure proper level of clearance has been assigned prior to providing access
  • 23. System Security Characteristics • Define the security settings of systems and applications… – Network devices – Database Management Systems • Improper configuration can impact the proper operation of the system or network!
  • 24. Passwords • Password distribution is an important function • Trusted distribution channels needed to avoid a compromise • Types of passwords?
  • 25. Audit Data Analysis and Management • Auditing information can be obtained from – Servers, Workstations, Databases, Firewalls, etc… • Tools used must detect unauthorized activity or attacks • Auditing mechanism must support organizational policy • Auditing can affect the system availability… – Consume CPU time, Network bandwidth, Storage Space! • Keep in mind the log retaining issues – Regulations
  • 26.
  • 27. Question… What setup should an administrator use for regularly testing the strength of user passwords? A. A networked workstation so that the live password database can easily be accessed by the cracking program. B. A networked workstation so the password database can easily be copied locally and processed by the cracking program. C. A standalone workstation on which the password database is copied and processed by the cracking program. D. A password-cracking program is unethical; therefore it should not be used.
  • 28. Question… What setup should an administrator use for regularly testing the strength of user passwords? A. A networked workstation so that the live password database can easily be accessed by the cracking program. B. A networked workstation so the password database can easily be copied locally and processed by the cracking program. C. A standalone workstation on which the password database is copied and processed by the cracking program. D. A password-cracking program is unethical; therefore it should not be used.
  • 30. Introduction • Resource protection includes… – Facilities – Hardware – Software – Documentation – Threats to Operations – Control Methods – Data and Media Control – Disposal Control
  • 31. Facilities • Use systems and controls to sustain the IT operation environment – Fire detection and suppression systems – HVAC – Water and sewage systems – Reliable power supply and distribution system – Power line conditioners – Telecommunication systems – Access control and intrusion detection systems
  • 32. Hardware • Appropriate physical security needed to ensure CIA… – Concept of least privilege – Restricted access – Escorting a visitor – Protecting workstations – Protecting the printing devices – Authorized access to firewalls – Limited access to… • Routers, Switches etc – Periodic inspection of network cables
  • 33. Hardware (2) – Use of strong encryption in wireless communication • WPA over WEP
  • 34. Software • Preventing copyright infringements • Preventing illegal duplication and distribution of software – Periodic inventory scans • Software escrow – Need? • Proper SDLC procedures • Proper testing and version control – Separation of duties • Protecting the Operating System passwords • Protecting the Audit Logs
  • 35. Documentation • Ensuring the protection of documentation related to… – Network design – Vulnerabilities – Proprietary methods • Proprietary information  Trade secrets – Source code • All important documentation should be controlled and catalogued!
  • 36. Threats to Operations • Disclosure of sensitive information – Confidentiality • Corruption/modification of processes – Integrity • Theft / Removal of resources – Confidentiality, Integrity, Availability • Destruction of resources – Availability • Interruption of resources – Availability
  • 37.
  • 38. Control Methods • Input / Output Control • Equipment Control • Support System Control • Personnel Control • Antivirus Management
  • 39. Input / Output Control • Input… – Time-stamping, Authentication, Logging – Audit trails • Record of data entered into the system • Record of the data edited • Output… – Release sensitive data after signing it – Empty report should contain "No Output" – Information storage area must be protected
  • 40. Equipment Control • Regular monitoring, maintenance • Penetration test should be conducted • Use encryption for data communication • Remote maintenance should be restricted • Third party maintenance should be supervised • Data center should have minimal exposure from environmental threats • Restricted access to secure room where operational components are located – Keep log of equipment moving in and out of restricted room!
  • 41.
  • 42. Personnel Control • Security awareness training • Background checks and screening • Separation of duties • Job rotation • Accountability through logging and monitoring – Need to know basis – The principle of least privilege • Mandatory vacation!
  • 43. Antivirus Management • Continuous monitored updates • Automatic scheduled scanning – Issues? • Antivirus software must be present in... – Email servers – File servers – Workstations
  • 44. Data and Media Control • Data – Backup data – Encrypt sensitive data • Media – Use a media library/librarian – Marking – Logging – Integrity verification – Physical Access Protection – Transmittal – Disposition
  • 45. Disposal Control • Initiates at the end of life cycle of a system • Ensure that regulations do not require to keep specific data for a period of time • Prevent dumpster diving • Properly erasing data from media – Degaussing – Zeroization – Physical destruction
  • 46. Degaussing • Data is stored on magnetic media by the representation of the polarization of the atoms • Degaussing changes this polarization (magnetic alignment) by using a type of large magnet to bring it back to its original flux
  • 47. Zeroization • Purging (Overwriting) existing data with '1s' and '0s‘… – Single pass - Data area is overwritten once with '1' or '0' – DoD Method - The data area is overwritten with '0s' then '1s' and then once with pseudo random data – NSA erasure algorithm - Data is overwritten seven times with '0' pattern then with '1' and so on… – Gutmann Method - The data is overwritten 35 times!
  • 48. Physical Destruction • Best method for papers and read only media – There are highly specialized recovery programs to recover data after disk wiping
  • 49. Question What is the main issue with media reuse? A. Degaussing B. Data remanence C. Media destruction D. Purging
  • 50. Question What is the main issue with media reuse? A. Degaussing B. Data remanence C. Media destruction D. Purging
  • 52. Introduction • Backup Types • Backup Methods • Hardware • Communications • Facilities • Operational Controls • Problem Management
  • 53. Backup Types • Full Backup • Incremental Backup • Differential Backup
  • 54. Full Backup • All files are backed up • Fastest restoration process • Takes the longest to perform backup
  • 55. Incremental Backup • Backs up files that have changed since last backup • Backups can be performed quickly • Restoration takes longer
  • 56. Differential Backup • Backs up files that have changed since last full backup • For restoration, full backup is restored and then differential backup is restored
  • 57. Backup Methods • Hierarchical Storage Management • Disk Mirroring • Disk Duplexing • RAID • Storage Area Network
  • 58. Hierarchical Storage Management • Uses hard disk and optical or tape jukebox technology to offer continuous online backup functionality • Files are moved along a hierarchy of storage devices to less expensive form storage based on rules tied to the frequency of data access • Transparent to users
  • 59. Disk Mirroring • Exact same data is written to two or more hard disks • Uses one disk controller – Controller is the single point of failure
  • 60. Disk Duplexing • Exact same data is written to two or more hard disks • Backup device has more than one disk controller
  • 61. RAID • Level 0 – Striping • No fault tolerance – High performance • Level 1 – Mirroring • Level 2 – Data strip over all drives at the bit level – Parity = Yes – Requires 39 disks (Not Practical)
  • 62. RAID (2) • Level 3 – Byte level parity – All parity data is on one disk • Level 4 – Block level parity • Level 5 – Parity = Yes – Parity over all disks!
  • 63.
  • 64.
  • 66.
  • 67. Storage Area Network • Several distinct storage systems that connected together to create a backup network • High speed sub-network of shared storage devices • Transparent to user
  • 68. Hardware • Redundant and backup components – Hot spares / Cold spares • Multiple power supplies • Fail over devices – Router, Firewalls etc • Standby services
  • 69. Communications • Redundant communication links – Multiple lines between distributed resources • Backup communication links include... – Local Phone company – Long distance carriers – Competitive telecommunication carriers – Broadband through telephone lines – Broadband over cable modems – Wireless metropolitan area networks – Satellite links
  • 70. Facilities • Continuous well regulated power – Redundant feeds, Power line regulators – Back up power sources • UPS, Generators • Proper humidity and temperature level – 40% to 60% – 70° to 74° F • Physical Security – Access controls, Intrusion detection systems, Guards etc. • Well documented contingency plans
  • 71.
  • 72. Operational Controls • Development and enforcement of SOPs – System start up – Error conditions and how to handle them? – System shutdown – Restoring the system from backup media • Boot up sequence (C:, A:, D:) should not be available to reconfigure • Writing activities to system logs should not be bypassed
  • 73. Operational Controls (2) • Output should not be able to be rerouted • Fail secure (Fail closed) • Fail safe (Fail open) • Recovery action… – Warm reboot (Controlled, Automatic) – Emergency system restart (Uncontrolled, Automatic) – System cold start (Uncontrolled, Manual)
  • 74. Problem Management • Problem = Unknown cause of one or more incidents • Known error = Successfully diagnosed problem – For which a solution or work around has been identified! • Problem tracking and reporting • Advantages: – Lowering impact – Reducing failures – Preventing from reoccurring
  • 75. Problem Management (2) • Problems to be investigated… – Any incident different from standard procedures – Unexplainable, Randomly occurring process – Any processing anomalies • Examples… – System component failure – Power failure – Telecommunication failure
  • 76. Problem Management (3) • Examples – Tampering – Production delay – Input / Output errors – Spam – Phishing – Malware – Spyware – Denial of service
  • 77.
  • 79. Introduction • Change Control Management – Change Control Process – Configuration Management – Contingency Planning – Intrusion Response – Operations Management
  • 80. Change Control Management • Authorizes changes to production systems, including system and application software • Changes to production system include... – Implementation of new applications – Modifications of existing applications – Removing old applications – Upgrading or patching system software
  • 81. Change Control Process • Request • Impact assessment • Approval/Disapproval • Build – Test • Notification • Implementation • Monitoring • Documentation
  • 82. Configuration Management • Performed after a change has been approved through a change control process • Ensures that the changes to production systems are done properly • Ensures that changes do not take place unintentionally or unknowingly • Documentation and maintenance of documents pertaining to system and software changes
  • 83. Contingency Planning • Allows production environment to continue to operate after disruption • Coordinates backups and recovery plans • Identifies mission critical functions and systems that support them • Identifies critical interdependencies • Generates formal written recovery procedures • Promotes proper training as well as testing of plans
  • 84. Intrusion Response • Audit trail monitoring • Auditing event include… – Monitoring and identifying system resource use – Monitoring and analyzing network traffic and connections – Monitoring and identifying user account and file access – Scanning for malicious code – Verifying file and data integrity – Probing for system and network vulnerabilities
  • 85. Operations Management • Operation Management include reviewing… – Implementation of vendor patches – Operating logs – Inventory – Change control practices – Incident reporting in Problem Management – System/Audit logs – Audits/Security reviews
  • 86. Thank you… • Any Questions…
  • 87. Question 1 Critical data is? A. Subject to classification by regulatory bodies or legislation B. Data of high integrity C. Always protected at the highest level D. Instrumental for business operations
  • 88. Question 1 Critical data is? A. Subject to classification by regulatory bodies or legislation B. Data of high integrity C. Always protected at the highest level D. Instrumental for business operations
  • 89. Question 2 When an organization is determining which data is sensitive, it must consider all of the following EXCEPT: A. Expectations of customers B. Legislation or regulations C. Quantity of data D. Age of the data
  • 90. Question 2 When an organization is determining which data is sensitive, it must consider all of the following EXCEPT: A. Expectations of customers B. Legislation or regulations C. Quantity of data D. Age of the data
  • 91. Question 3 All of the following are examples of Preventative Control EXCEPT? A. Intrusion detection systems B. Human resources policies C. Anti-virus software D. Fences
  • 92. Question 3 All of the following are examples of Preventative Control EXCEPT? A. Intrusion detection systems B. Human resources policies C. Anti-virus software D. Fences
  • 93. Question 4 To speed up RAID disk access, an organization can: A. Use larger hard drives B. Stripe the data across several drives C. Mirror critical drives D. Disallow some queries
  • 94. Question 4 To speed up RAID disk access, an organization can: A. Use larger hard drives B. Stripe the data across several drives C. Mirror critical drives D. Disallow some queries
  • 95. Question 5 A timely review of system access audit records is an example of which type of security function? A. Avoidance B. Deterrence C. Prevention D. Detection
  • 96. Question 5 A timely review of system access audit records is an example of which type of security function? A. Avoidance B. Deterrence C. Prevention D. Detection
  • 97. Question 6 Which of the following is not a technique used for monitoring? A. Penetration testing B. Intrusion detection C. Violation processing (using clipping levels) D. Countermeasures testing
  • 98. Question 6 Which of the following is not a technique used for monitoring? A. Penetration testing B. Intrusion detection C. Violation processing (using clipping levels) D. Countermeasures testing