* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download Change Control Management
Survey
Document related concepts
IT risk management wikipedia , lookup
Next-Generation Secure Computing Base wikipedia , lookup
Computer and network surveillance wikipedia , lookup
Wireless security wikipedia , lookup
Access control wikipedia , lookup
Cyber-security regulation wikipedia , lookup
Disaster recovery plan wikipedia , lookup
Cyberattack wikipedia , lookup
Unix security wikipedia , lookup
Distributed firewall wikipedia , lookup
Mobile security wikipedia , lookup
Security-focused operating system wikipedia , lookup
Computer security wikipedia , lookup
Transcript
Operations Security Chao-Hsien Chu, Ph.D. College of Information Sciences and Technology The Pennsylvania State University University Park, PA 16802 [email protected] IST 515 Organizational Security Policy Organizational Design Asset Classification and Control Access Control Compliance Personnel Security Awareness Education System Development and Maintenance Physical and Environmental Security Communications & Operations Mgmt. Business Continuity Management Scope of Operations Security • • • • • Users Operators System administrators Service accounts Security administrators Continuity of Operations • • • • • Problem management System recovery Intrusion detection Vulnerability scanning Continuity planning Privileged Entity Controls • • • • • Change Control Management Operations Security Resources Protection Configuration management Production software Software access control Library maintenance Patch management • • • • • Facilities Hardware Networked devices Software Documents Aspects of Operations Security • • • • • • • • • Identity Thefts Spyware Phishing / Spam Malware (Virus, Worm, Trojans) Awareness Training Configuration Management Change Control Management Patch Management Social Engineering Phishing Lininger, R. and Vines, R. D., Phishing: Cutting the Identify Theft Line, Wiley, 2005. Types of Malware Types of Changes Aspects of Change Management Social Engineering Social Engineering Objectives Describe the privileges that must be restricted. Describe the resources that must be protected and Employ resource protection. Handle violations, incidents, and breaches and report when necessary. Respond to attacks and other vulnerabilities such as spam, virus, spyware, phishing. Understand configuration management concepts. Implement and support patch and vulnerability management. Ensure administrative management and control. Readings • Tipton, H. and Henry, K. (Eds.), Official (ISC)2 Guide to the CISSP CBK, Auerbach, 2007. Domain 9 (Required). • Wikipedia, Operations security . http://en.wikipedia.org/wiki/Operations_security. Operations Security • Operations security is concerned with the protection and control of information processing assets in centralized and distributed environments. • The security service of availability is the core goal for operations security. • Operations security covers four major lessons: - Privileged entity controls. - Resources protection. - Continuity of operations. - Change control management. Privileged Entity Controls • Classes of System Accounts: - Operators. - System administrators. - Service accounts - Security administrators. • Assigning privileges among various classes of system accounts should follow the concepts of: - Least privilege. - Separation of duties. Privileges of Operators • Implementing the initial program load. This is used to start the operating system. • Monitoring execution of the system. This include errors, interruptions, and job completion messages. • Volume mounting. This allows the desired application access to the system and its data. • Controlling job flow. Operators can initiate, pause, or terminate programs. • Bypass label processing. This allows the operator to bypass security label information to run foreign tapes. • Renaming and relabeling resources. This allows programs to properly execute in the mainframe environment. • Reassignment of ports and lines. Privileges of Ordinary Users • Ordinary users should be assigned restrictive system privileges. They are only allowed access to applications that in turn have only those operating system privileges necessary to run. • The concept of least privilege should be used to protect the system from intentional and unintentional damage or misuse. • How about IPAS (Information Privacy and Security project)? http://www.ipas.psu.edu/ (http://www.teara.govt.nz/files/c916atl.jpg) Privileges of System Administrators • These individuals are assigned to ensure that the system is functioning properly for system users. • The two primary activities of administrator tasks are maintenance and monitoring. • System components requiring regular maintenance and monitoring include workstations, servers, network devices, databases, and applications. • System administrators require the ability to affect certain critical operations such as setting the time, boot sequence, system logs, and passwords. Privileges of Security Administrators • Security administrators provide a check and balance of the power assigned to system administrators with the ability to audit and review their activities. However, They usually have fewer rights than system administrators. • The aspects of security operations include: - Account management. - Assignment of file sensitivity labels. - System security settings. - Review of audit data Resource Protection Resources that need to be protected: • Facilities. Fire detection and suppression systems; Heating, ventilation and air conditioning systems; Water and sewage systems and systems; Power supply and distribution system; Integrated facility access control and intrusion detection system. • Network devices. Access control to servers, host systems, operator consoles, and workstations; Firewalls, Virtual private network; Router and switches; Cable media; Wireless equipment. • Software. Copyright infringement. • Documentation. Domain Definition • Threat: an event that could cause harm by violating the security • Vulnerability: A weakness in a system that enables security to be violated • Asset: Anything that is a computing resource or ability such as hardware, software, data, and personnel Threats to Operations • Disclosure. Unauthorized account sharing; inappropriate access by person with administrative privileges; Malicious code. • Destruction. Malware or malicious code; Unintentional errors; Nature or man-made disasters. • Interruption and Nonavailability. Failure of equipment, services, and operational procedures; Denial of services (DOS). • Theft. Insiders or burglary. Threats to Operations • Corruption and Modification. Sporadic fluctuations in temperature and power line while writing data. Inappropriate or accidental changes to file or table permissions. • Espionage. Loss of proprietary information. • Hackers and Crackers. • Malicious Code. Programs designed to steal information or cause damage to system operations. Trojan horses, viruses, worms, spyware, and logic bombs. Categories of Controls (1) • Preventative Controls. Controls that protect systems and information from intentional or accidental compromise by denying unauthorized access. Measures include: locks, encryption, and access control lists. • Detective Controls. Controls that react to changes in an environment or process that deviate a normal or accepted pattern. Automated measures include: audit logs, intrusion detection systems, and vulnerability scans. Manual measures include: review of audit logs, compliance review of systems, security tests and evaluations, penetration tests. Physical measures include: tamper-evident tape and intrusion detection seals. Categories of Controls (2) • Corrective Controls. Controls that react to detected events by rectifying the violation and preventing its reoccurrence. Measures include self-healing systems, rollback mechanisms (in DBMS), and awareness training. • Directive Controls. Controls that use to dictate appropriate behavior and acceptable types of activity regarding systems and information. Administrative directive controls include policies, procedures, guidelines and agreements. Other measures include laws, governmental regulations, and industry standards Categories of Controls (3) • Recovery Controls. Controls that encompass processes to return the system to a secure state after the occurrence of a security events. Administrative recovery controls include business continuity, disaster recovery and contingency plans. Technical recovery controls include backups, redundant systems, and antivirus corrective actions. • Deterrent Controls. Controls that use to cause an attacker or violator to reconsider his actions. E.g., policies that prescribe penalties for violators; video cameras; intrusion detection systems; misuse of detection systems; and auditing. Categories of Controls (4) • Compensating Controls. Controls that augment or supplement existing controls to mitigate the vulnerability (or address risk). E.g., a firewall adds in front of the service on the network. Control Methods • • • • • • • • Separation of responsibilities. Least privilege. Job rotation. Need to know. Security audits and reviews. Supervision. Input/output controls. Antivirus management. Media Types Soft-copy Media: • Magnetic (floppy disks, tapes, hard drives) • Optical (CD-ROMs, DVD). • Solid State (Flash drives, memory cards) Hard-copy Media: • Paper. • Microfiche. Media Protection Methods (1) • Transmission of sensitive information should be protected regardless of the storage method. • Sensitive data on electronic media should be encrypted during the transmission process. • Electronic transport strategies such as system snapshots, shadowing, network backups, and electronic vaulting should be use to send bulk information from one part of a network to another. Media Protection Methods (2) • Special seals and tamper-evident tape is helpful in deterring and detecting unauthorized access to hard-copy information. • Scans should be periodically conducted to discover the existence of sniffer devices or software. • Data saved to backup media should be protected from compromise through the use of encryption. • System auditing can be used to track access to information prior to a backup. Media Protection Methods (3) • Degassers can be used to erase data saved to magnetic media. • Software tools can be used to overwrite every sector of magnetic media with a random or predetermined bit pattern. • Shedding, burning, grinding and pulverizing are common methods of physically destroying media. Handling Sensitive Media • Marking – Organizations should have policies in place regarding the marking of media. • Handling. Only designated personnel should have access to sensitive media. • Storing. Sensitive media should not be left lying about where a passerby could access. • Destruction. Media that is no longer needed or is defective should be destroyed rather than simply disposed of. • Declassification. Declassification should be implemented to ensure that excessive protection controls are not used for nonsensitive information. Continuity of Operations (1) • Organizations that rely on IT systems must have plans and procedures to continue operations in the event of a failure or catastrophe such as temporary loss of electrical power or even a complete destruction of the IT system facility. • Continuity of operations also involves the implementation of detective and preventative controls to detect the potential of or prevent the loss of availability. Continuity of Operations (2) • System availability is ensured through properly implemented redundancy and backups. • Continuity of operations can also be accomplished through the focused asset management and maintenance of hardware, software, data, communications, and facilities. • A fault tolerant system can be used to detect equipment failure and take immediate automatic action to ensure the continuity of operations. Continuity of Operations Methods • Data protection. • Software management control be applied so that the latest copy can be restored on the system. • Hardware protection. • Communications protection. • Facilities protection. • Problem management. • System recovery. • Intrusion detection system. • Vulnerability scanning. • Business continuity planning Problem Management • System component failure. • Power failure. • Telecommunication failure. • Physical break-in. • Tampering. • Production delay. • Input/output errors. • Attacks. System Recovery Methods • Application restart. • Warm reboot. • Cold reboot. • Emergency restart. Types of Attacks • Denial of services (DoS). • Intrusion. • Malware. • Spyware. • SPAM. • Phishing. Change Control Management • The rapid advancement of technology, coupled with regular discovery of vulnerabilities, requires proper change control management to maintain the necessary integrity of the system. – Software packages are added, removed or modified. – New hardware is introduced, while legacy devices are replaced. – Software updates due to flaws. • Change control management is embodied in policies, procedures, and operational practices. (http://www.marriedtothesea.com/090406/olivia-tremor-control.gif) Change Control Management • • • • • • Configuration Management. Production Software. Software Access Control. Change Control Process. Library Maintenance. Patch Management. Change Control Management 1. Applying to introduce a change 2. Reviewing and approving the changes 3. Cataloging the intended change 4. Scheduling the change 5. Implementing the change 6. Reporting the change to the appropriate classes • • • • • Is complicated. Needs a process Multiple aspects Continued effort Respond to incidents It is easy to say than do! Be Creative! Configuration Management • Configuration management is a process of identifying and documenting hardware components, software, and the associated settings. • Detailed hardware inventories are necessary for recovery and integrity purpose. • A configuration list for each device (e.g., firewalls, routers, and switches) should also be maintained to provide assurance for network integrity and availability. These configurations should also be periodically checked to make sure that unauthorized changes have not occurred. Configuration/Change Management • To ensure the change is implemented in a orderly manner through formalized testing • To ensure the user base is informed of the impending change • To analyze the effect of the change on the system after implementation • To reduce the negative impact the change may have had on the computing services and resources • Risk management assessment/plan is needed Hardware Lists • • • • • • • • • Make. Model. MAC address. Serial number. Operating system or firmware version. Location. BIOS and other hardware-related password. Assigned IP address if applicable. Organizational property management label or bar code. Configuration Management • Operating systems and applications also require configuration management and be standardized to the greatest extent possible. • Original copies and installed versions of system and application software require appropriate protection and management for information assurance purposes. • Installed software should have appropriate access controls in place to prevent unauthorized access or modification. Change Control Process (1) • Maintaining system integrity is accomplished through the process of change control management. • A well-defined process implements structured and controlled changes necessary to support system integrity, and accountability for changes. • Decisions to implement changes should be made by a committee of representatives from various groups within the organization, such as ordinary users, security, system operations, and upper-level management. Change Control Process (2) • Actions of the committee should be documented for historical and accountability purposes. • The change management structure should be codified as an organization policy. • Procedures for the operational aspects of the change management process should also be created. • Change management policies and procedures are forms of directive controls. Change Control Process (3) • Requests. Proposed changes should be formally presented to the committee in writing. Focusing on justification, costs and benefits. • Impact Assessment. • Approval / Disapproval. • Build and Test. • Notification. • Implementation. • Validation. • Documentation. Change Control Process • System users Committee: • Users • Security • System operations • Upper-level management Requests • In writing • Justification • Cost/Benefit Impact Assessment • Feasibility • Cost/Benefit No Approve ? Documentation Yes • Operations support • Security Build & Test Validation Notification Implementation Patch Management Patch Management (1) • The process that involves the deployment of security updates. The patch management process must be formalized through documentation and receive management approval to provide the best possible strategy for implementing this type of system change. • Security practitioners should monitor their networks for known vulnerabilities due to product flaws. • Once a discovery is made of a flawed item in the system, a determination should be made whether to patch the item. A risk-based decision is required to determine the necessity of patching the problem. Patch Management (2) • When the need arises to patch a product, a schedule for conducting the fix must be established. • Consideration must be given for the order in which patches are deployed. • Furthermore, the organization should prioritize updates according to the criticality they represent. • Prior to deploying updates to production servers, make certain that a full system backup is conducted. • Deploy the update in stages, when possible, to accomplish a final validation of the update in the production environment. Categories of Flaw Type Level of Access or Damage: Ease of Exploit: • Provides administrator or root privilege for executing a process. • Allows execution of arbitrary code in the context of the executing process or user. • Denial of a network service. • Denial of service for local user. • Easy: Exploit tools exist for the attack, or it is too trivial in nature to exploit. • Moderate: Requires moderate skill or the use of complicated exploit tools. • Difficult: Requires a high level of technical skill with no exploit code available. Required Locality • Required locality defines the physical or logical access necessary to exploit the flaw: – Network exploitable from any port or protocol – Network exploitable through a particular port or protocol – Network exploitable by authorized users only – Local console or physical access required (Insider attack). Everyone needs a Crystal Ball! But where can we find it?