Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Wireless security wikipedia , lookup
Cracking of wireless networks wikipedia , lookup
Network tap wikipedia , lookup
Airborne Networking wikipedia , lookup
List of wireless community networks by region wikipedia , lookup
Distributed firewall wikipedia , lookup
Add the following new Subclause 4.6 after Subclause 4.5 1.1 Operational Environment E 1.1.1 Description Operational Environment E is generally characterized by a private information processing environment in which many elements of security are provided by the physical environment. Some level of network security is needed to protect the device and its network from misuse originating outside of the environment. Operational Environment E is generally characterized as a commercial information processing environment in which many elements of security are provided by the physical environment but the sensitive nature and volume of the documents processed often require a moderate to high level of document security, network security, and security assurance. Typically, this environment involves one or more dedicated operators that handle a high volume of documents commissioned by multiple enterprise organizations or paying customers. Figure 1 shows a typical Operational Environment E environment. Environments for which Operational Environment E applies cover all different types of businesses – higher education, insurance, healthcare, utilities, graphic arts, federal/state/local governments manufacturing, etc. - as well as all different sizes of businesses - from the small “family” printing shops with 10-20 people to large publishing houses. In fact, the businesses for which Operational Environment E is appropriate cover all the types of businesses and system environments discussed in subclauses <5.2> through <5.5> for Operational Environments A – D. What distinguishes business with systems that fall into Operational Environment E is that the IT systems involved support two types of applications: a. Publishing – Publishing applications involve copying or printing multiple (usually a very large number) copies of a document directly from electronic data that is either scanned into the HCD, electronically submitted to the HCD via a remote network or both. The HCD will process the documents and then store them on the HCD in print-ready format until the documents are “published”; “publishing” in this context can be printing of the documents for later physical distribution or electronically distribution of the print-ready formatted documents. There are different types of publishing models that can be used on submitted documents; examples of these models are print on demand, where the document is printed in the exact quantity only where and when it is needed, demand on request, where the document is printed in only the quantity needed upon request, and distribute-then-print, where the document is printed at the point of need instead of at a central location. b. Transaction Printing – Transaction printing applications involve a mode of production printing where the System Processor (see <4.2.2.6>) doesn’t know at the time the job starts when the job will end. Transaction printing involves the HCD extracting information from computer databases stored either in the HCD or on remote, third party servers. This data is variable and relates to the “transaction” between the business and the end customer for whom the document is being prepared for. This requires the system to fill in at the time of printing personally identifiable information (PII) (e.g., names, addresses, Social Security Numbers) and other information specific to the particular business involved onto multiple similar pages called forms. Additional data may be derived by the production system using personal attributes from the database. The result is a (usually very large) number of printed individualized forms that can then be distributed either physically or electronically. The variable data (PII) and fixed data (PII, corporate data) may be extremely sensitive and must be protected under privacy-related regulations (e.g, HIPAA). The Production system must also assure the integrity of some of the variable data (e.g., billing information). NOTE: Transaction systems are often connected directly to enterprise data bases, where much of the data is not intended to be used for printing. However, the printing system, if compromised, could provide a way for an attacker get access to this other highly valuable data. Alternatively the printing system could be used as a spring-off point to attack other systems on the network. Production Printing – A business-critical printing application which can share characteristics of either publishing or transaction printing. In the publishing case, high volumes and a large variety of jobs are particularly germane to operation. In the transaction case the main characteristic is the need to print frequently including variable data supplied by sources that may be outside the printing organization, and all this done reliably within a very constrained time window,. For transaction cases, the time deadlines are given by their customers to them and are not usually negotiable (e.g, checks or bills must go out on time with very little lead time thus minimal time buffering is possible. These systems are extremely sensitive to DoS attacks. c. Systems in Operational Environment E are very similar (in some cases exactly the same) to systems described for Operational Environments A – D. What separates systems in Operational Environment E, however, from the other four operational environments are the following key elements: a. They are most often located in a central facility that provides support to a large number of external users (often entire businesses or populations) b. They are managed by a very small and dedicated group of trained administrators (denoted as operators) who perform all of the HCD user functions and many (if not all) of the HCD administrative functions, as well as manage the security functions for these systems. Separate IT professionals often perform the network administration functions, although the dedicated operators can perform this function instead, c. Remote connection will only be allowed from a small number of dedicated workstations/PCs that are physically located in the same central facility as the HCDs; remote connection from workstations/PCs external to the central facility is almost never allowed; the network is a dedicated internal network for the central facility. d. Many of the HCDs in Operational Environment E (but certainly not all) also have service personnel who are dedicated solely to these HCDs. Figure 1 Operational Environment E Example Outside Fax Equipment Fax Phone Line Operational Environment E PSTN NonNetworked Fax Phone Line Isolated Fax ` E-Mail Server Isolated Desktops and Hardcopy Devices Hardcopy Devices Web Servers Internet File/Print Servers ` Router External Firewalls ` Operator Terminals ` 1.1.2 Typical security environment Systems in this environment face many of the same threats as systems in Operational Environments B and D. However, since systems in Operational Environment E tend to have only internal networks, the main remote threats tend to be from unauthorized access to the internal network from outside of the network via the Internet, as media is entered into the system or the use of other internal systems as a means of attack. As a result, measures to protect from these outside threats tend to be important in this environment. Like Operational Environment B, most systems on these internal networks are protected from direct exposure to the Internet by firewalls or restriction of IP addresses — but penetrations of those systems through other means could permit intruder access to internal networks. Physical security tends to be extremely important in Operational Environment E because of the centralized nature of these systems. In addition, many of these systems are used to print out PII and other sensitive information as indicated earlier, so physical security measures are put in place to make sure that only authorized persons have access to the system. Adding to this concern is that some systems in this environment use sensitive resources like blank check stock; unauthorized access to these resources could have large negative consequences (e.g., check fraud). In Operational Environment E, systems are typically susceptible to both local and remote threats. Local attacks, such as unauthorized access to the dedicated workstations or HCDs, can often lead to unauthorized access to sensitive documents, PII and other sensitive data, and may also lead to unauthorized data modification or consumption of resources. The threat of unauthorized remote (and internal) users obtaining access to documents that are stored in the HCD during processing of publishing jobs or to PII and other sensitive information in addition to the documents themselves during processing of transaction print jobs becomes much more important in this environment because the documents and data tend to be stored in nonvolatile memory for long periods of time relative to systems in the other four environments. Since the network in this environment tends to be a dedicated one, the threat of local users attacking other local systems from within the organization’s network is much less in Operational Environments E than in Operational Environments A & B. Security breaches caused by remote threats involving malicious payloads sent by external parties, such as viruses and worms acquired via email or infected Web sites, are possible but much less likely in this environment. Threats against network-based applications caused by internal or external parties can also occur in this environment; if they do occur they tend to affect the entire system because of the limited number of remote dedicated nodes connected inside the network. Both malicious payloads and network application attacks are most likely to affect availability (e.g., crashing the system or device, consuming all network bandwidth, breaking functionality) but may also affect integrity (e.g., infecting data files) or confidentiality (e.g., providing remote access to sensitive data). Data disclosure threats tend to come from internal parties who are monitoring traffic on local networks, and they primarily affect confidentiality. Some commonly accepted security practices found in Operational Environment E are as follows: A) Internal networks are segmented with internal firewalls and other defense-in-depth techniques to restrict access and filter unnecessary protocols/IP addresses B) Systems restrict access to only a few dedicated users C) Remote administration or access is generally restricted D) System management is centralized with restricted access to management functions to the authorized dedicated operators and network administrators E) Security-related applications (e.g. antivirus) are centrally managed F) Physical access to printer and multifunction devices and their features is restricted, and accounting features are enabled 1.1.3 Examples The examples that follow describe typical HCD environments that might be considered Operational Environment E. University Publishing Center – These are generally centralized facilities containing one or more production systems as well as other HCDs that handle all of the printing needs for a college or university; this may include printing/copies of research papers, theses, books, articles, etc. Typically there is some type of minimal physical security maintained at the facility so that only the authorized operators who run and maintain the various HCDs are permitted access to them. The susceptible assets in this case focus primarily on intellectual property of the university staff and students, although reprint of previously published material can involve copyright issues. Centers of this type must maintain and protect accounting information to make sure that student and faculty accounts are properly charged for the pages that are printed or copied. Computer Center for a Bank – Typically this will also be a centralized facility that uses HCDs to print or copy customer bank statements, credit card statements, and a myriad of financial reports. Limiting access to only authorized persons is very important here because of the sensitive nature of the information that needs to be protected – customer PII, sensitive account information associated with each customer, financial information about individuals or companies, etc. Regulatory mandates involving financial reporting and Federal Reserve requirements become very important in this case. Print-for-Pay Company – These are retail establishments or contract firms that specialize in printing or copying for a fee large volume of documents for individuals or other companies. Are generally in small to medium office buildings located in highly accessible locations. As in the University Publishing Centre case these will typically be some type of minimal physical security to make sure that only authorized operators can access and run the HCDs. Depending on the company there may be dedicated network access to the HCDs via PCs or workstations at the company’s physical location; there generally is no network access to these HCDs from outside this dedicated network. Protection from access to HCDs outside of the dedicated network becomes important as a result. Pay-for-Print companies get requests for printing or copying all types of information; however, the susceptible assets would likely be the same types of assets described in the examples for Operational Environment B. Few, if any, legislative controls are required or observed, although some privacy controls would be required to protect any confidential business information that might be printed or copied. Corporate Reproduction Center – This would be a facility to handle all of the reproductive needs for a group or division within a large enterprise. Such centers may be a shop or room inside another facility or it could be a centralized facility in a separate, stand-alone building. A center of this type would typically handle a high volume of documents such as reports, packaging labels, product user documentation for both internal and customer use. Physical security becomes very important for such centers, as is protection of sensitive and confidential financial, intellectual property, and not-yet-launched product information that may be printed and copied for internal use. Internet and network access to the HCDs in these centers is almost always limited only to the personnel authorized to run and maintain the HCDs. As in the University Publishing Center case, maintaining and protecting accounting information is also important to make sure that each department is properly charged for the pages that are printed or copied. Public Utility – Public utilities encompass a wide range of industries covering natural gas production and distribution, electrical energy distribution, water and sewer services, etc. Public utilities are separated from other industries by the degree of both federal and state regulatory requirements that cover every type of utility. Public utilities print and manage thousands of documents including customer bills, company brochures, price lists, service manuals and bulletins, and documentation required by government regulators. As a result, the security of electronic documents becomes very important to public utilities. Public utilities also have to maintain and protect private customer information used in billing and accounting. Insurance Company – Insurance companies fundamentally are in the business of providing coverage against loses resulting from occurrences such as auto accidents, injuries or natural disasters that carry some degree of risk. Insurance companies run the gamut in size from small local firms to large multinational companies, but they all have in common a need to attract more business by lowering premiums and expanding services. Because of the broad range of insurance services available to customers insurance companies are forced to print and warehouse thousands of forms, ranging from enrollment kits to policies to customer statements to marketing information, for a large number of customers. Physical security is typically not a concern for insurance companies. However, due to the highly competitive nature of the insurance industry, protection of internal information such as pricing data becomes important. Business customer privacy issues such as protection of PII and regulatory compliance requirements mean that insurance companies must also place a great emphasis on both data security and protection of the large volume of internal documents they must maintain as they transition to electronic document management and off-site image storage. Modify Table 1 in Subclause 5.6 as follows: Factors Affecting Security Effect on Security Requirements A B C D E Operational Environment Element of Security Value of Asset High Moderate Moderate – Low Low Moderate - High Physical Security High Moderate Low Low High Network Protection High Moderate Moderate Low Moderate Laws and Regulations High Moderate – Low Low Low Moderate - High (1) Personnel Trust High Moderate Low Low High NOTE— “Laws and Regulations” include privacy and governance laws, industry-specific standards, etc.