Lesson 3OperationalOrganizational Security - PowerPoint PPT Presentation

1 / 23
About This Presentation
Title:

Lesson 3OperationalOrganizational Security

Description:

They are put in place and generally left alone (static) ... Put the equipment beyond the point that the emanations can be picked. ... – PowerPoint PPT presentation

Number of Views:39
Avg rating:3.0/5.0
Slides: 24
Provided by: Hur8
Category:

less

Transcript and Presenter's Notes

Title: Lesson 3OperationalOrganizational Security


1
Lesson 3-Operational/Organizational Security
2
Background
  • The operational model of computer security stated
    that
  • Prevention technologies prevent unauthorized
    individuals from gaining access to systems or
    data.
  • In an operational environment, prevention is
    difficult.
  • Relying on prevention technologies alone is not
    sufficient.
  • They are put in place and generally left alone
    (static).
  • Detection and response technologies are dynamic.
  • They acknowledge that security is an ongoing
    process.

3
Security Operations
  • Policies
  • High-level, broad statements of what the
    organization wants to accomplish.
  • Made by the management when laying out the
    organization's position on some issues.
  • Standards
  • Mandatory elements regarding the implementation
    of a policy.
  • Accepted specifications of specific details on
    how a policy is to be implemented or enforced.
  • Procedures
  • Step-by-step instructions that describe exactly
    how employees are expected to act in a given
    situation or to accomplish a specific task.
  • Guidelines
  • Recommendations relating to a policy.
  • Not mandatory.

4
Policy Cycle
  • As the network constantly changes, the policies,
    procedures, and guidelines should be periodically
    monitored, evaluated and changed if necessary.
  • The four steps of the policy life cycle are
  • Plan (Adjust) Users develop the policies,
    procedures, and guidelines that design the
    security components to protect the network.
  • Implement Implementation of any policy,
    procedure, or guideline requires an instruction
    period to learn about its contents.
  • Monitor ensures that hardware and software,
    policies, procedures, and guidelines are
    effective in securing the systems.
  • Evaluate includes a vulnerability assessment
    and penetration test of the system to ensure that
    security meets expectations. After evaluating the
    organizations stand on security, the process
    restarts at step one, this time adjusting the
    security mechanisms that are in place. Evaluation
    is a continuous process.

5
IDS
  • An Intrusion Detection System is often a part of
    the security perimeter and is used for
    monitoring.
  • The IDS may be placed on the inside of the
    firewall, or the outside, or on both sides.
  • The specific location depends upon what a company
    is more concerned about (the insider threat or
    external threats).
  • Beyond this security perimeter is the corporate
    network.
  • This is simple depiction. An actual network may
    have numerous subnets and extranets.

6
More Complex Networks
  • Organizations may have a telephone network
    connected to the public switched telephone
    network (PSTN).
  • The potential exists for unauthorized modems, and
    hence the telephone network must be considered as
    a source of access for the data network.
  • The biggest danger to any organization is from an
    insider rather than external attacks.

7
Physical Security
  • Physical access to computer systems and networks
    should be restricted to authorized users.
  • Points of entry such as doors and windows should
    be examined.
  • Floors and ceiling should be scrutinized for
    possible access points.
  • There should be increased security for servers,
    firewalls, IDS
  • Monitoring systems? Alarm systems or security
    camera?
  • Who has access to the facility?
  • What procedures are in place to respond to
    unauthorized access?
  • Physical access control can be based on
  • Something that individuals have (key).
  • Something that they know (the combination).
  • Something that they are (biometrics).
  • PDAs and Laptops need to be protected.

8
Locks
  • A lock is the most common physical access control
    device.
  • Combination locks are something the individual
    knows, but they must be remembered and are hard
    to control.
  • Locks with keys depend on something the
    individual has (the key).
  • Key locks are simple and easy to use, but the key
    may be lost.
  • Keys may also be copied and can be hard to
    control.
  • Newer locks replace the traditional key with a
    card that must be passed through a reader or
    placed against it.
  • The individual may also have to provide a
    personal access code, thus making this form of
    access both a something-you-know and
    something-you-have method.

9
Access Control Logs
  • Other common physical security devices
  • video surveillance
  • control logs (sign-in logs).
  • Sign-in logs do not provide an actual barrier.
  • They provide a record of access.
  • When used in conjunction with a guard who
    verifies an individual's identity, they dissuade
    potential adversaries from attempting to gain
    access
  • Guards provide an extra level of examination of
    individuals
  • Security guards can counter piggybacking.

10
Biometrics
  • Biometrics
  • Uses something unique about the individual.
  • It is expensive.
  • Can control access to computer systems, networks,
    and physical access control devices.
  • Biometrics provides an additional layer of
    security.
  • Biometrics is normally used in conjunction with
    another method.
  • Biometric devices are not 100 percent accurate
    and may allow access to unauthorized individuals.

11
Weaknesses of Authentication
  • All forms of authentication have weaknesses that
    can be exploited.
  • For this reason, strong authentication or
    two-factor authentication should be used.
  • These methods use two of the three different
    types of authentication (something that the users
    have, know, or are)
  • WHAT ARE SOME OTHER MULTIFACTOR AUTHENTICATION?

12
Physical Barriers
  • Physical barriers help implement the
    physical-world equivalent of layered security.
  • The outermost layer of physical security contains
    the public activities - guards, concrete blocks
    to stop cars, open spaces.
  • Signs should indicate what is private and what is
    public.
  • An individual progresses through the layers.
  • The barriers and security mechanisms should
    become less public to make it more difficult for
    observers to determine what mechanisms are in
    place.

13
Environmental
  • HVAC systems are often computer-controlled and
    provide remote access via telephone connections.
  • These connections should be protected in a
    similar manner as computer modems
  • Electrical power is subject to momentary surges
    and disruption.
  • Surge protectors protect sensitive electronic
    equipment from fluctuations in voltage.
  • Uninterruptible Power Supply (UPS) should be
    considered for critical systems so that a loss of
    power will not halt processing.

14
Natural Disasters
  • Storms and floods require devices to sense water
    in a facility to warn pending problems.
  • Frequent hurricanes, earthquakes, and tornadoes
    in an area require reinforced facilities to
    protect important processing equipment.
  • All of these provide reasons for having an active
    program to ensure frequent backup of critical
    data and off-site storage.
  • Off-site storage total loss of the organization's
    critical data.
  • When considering backup and contingency plans, it
    is also important to consider backup processing
    locations in case a disaster not only destroys
    the data at the organization's primary site but
    all processing equipment as well.

15
Fire Suppression
  • A fire needs fuel, oxygen, and high temperatures
    for the chemical combustion to occur. If any of
    these are removed, fire will not continue.
  • Water-based fire suppression systems are
    primarily used to address and control structural
    fires. If items get wet
  • Open cabinet doors, remove side panels and pull
    out chassis drawers to allow water to run out.
  • Set up fans to move room-temperature air through
    equipment
  • Use compressed air at no higher tha 50 psi to
    blow out trapped water
  • Use hand held dryers on lowest settings.

16
Halon
  • Halon-based fire suppression systems interferes
    with the chemical combustion in a fire.
  • It mixes quickly with the air in a room and does
    not cause harm to computer systems.
  • It is dangerous to humans when subjected to
    extreme temperatures (fire) and degrades into
    toxic chemicals.
  • It is linked with ozone depletion and has been
    banned since 1994
  • Although EPA mandates no further production,
    existing systems are not required to be destroyed.

17
Clean Agent
  • Clean-Agent Fire Suppression Systems have
    replaced Halon and include cardon dioxide, Argon
    Inergen, and FM200 (heptafluoropropane).
  • CO2 displaces oxygen so that the amount of oxygen
    remaining is insufficient to sustain the fire. It
    provides cooling in the fire zone and reduces the
    concentration of gasified fuel.
  • Argon extinguishes fire by lowering the oxygen
    concentration below the 15 percent required for
    items to burn to about 12.5 percent.
  • Inergen is composed of three gases 52 percent
    nitrogen, 40 percent argon, and 8 percent carbon
    dioxide.
  • Like argon systems, Inergen systems reduce the
    level of oxygen to about 12.5 percent, which is
    sufficient for human safety but not sufficient to
    sustain a fire.

18
Hand-held Fire Extinguishers
  • Hand-held fire extinguishers
  • Can be used if a fire is caught and contained
    before automatic systems discharge.
  • Result in significant savings in time and
    equipment costs (including the recharging of the
    automatic system).
  • Are commonly used in offices.

19
Detection
  • Fire detection devices locate a fire before a
    fire suppression system is activated.
  • Smoke detectors - ionization and photoelectric.
    Both these devices are often referred to as smoke
    detectors, and combinations of both varieties are
    possible.
  • A photoelectric device monitors an internal beam
    of light.
  • If something degrades the light by obstructing
    it, the detector assumes it is smoke and the
    alarm sounds.
  • An ionization chamber uses a small radioactive
    source to detect fast-burning fires.
  • The chamber has two plates, one positive and one
    negative.
  • Oxygen and nitrogen particles become ionized.
  • The movement of particles creates a small
    electric current that the device measures.
  • Smoke inhibits this process, and the drop in
    current is detected and an alarm is sounded.

20
Fire Detection
  • Fire detector are activated by heat or flame.
  • Heat
  • Fixed-temperature or fixed-point devices activate
    if the temperature in the area ever exceeds a
    predefined level.
  • Rate-of-rise or rate-of-increase devices activate
    when there is a sudden increase in the local
    temperature
  • Rate-of-rise sensors provide an early warning and
    are also responsible for more false warnings.
  • Flame
  • The flames from the fire provides a change in the
    infrared energy
  • More expensive but can frequently detect a fire
    sooner.

21
Wireless Networks
  • Wireless communication generally refers to
    cellular phones.
  • A cell phone network consists of phones, cells,
    hardware and software
  • The base stations are made up of antennas,
    receivers, transmitters and amplifiers.
  • An individual may exit and enter multiple cells.
  • Bluetooth is a short range Personal Area Network
    (PAN) targeted at Mobile phones, PDAs,
    Peripherals and Laptop computers
  • Bluetooth creates a low-cost wireless
    communication network.
  • The IEEE 802.11 (WiFi) standards are well suited
    for a computer LANs.
  • Wireless networks are also a security risk.
  • The coverage areas of the access points are not
    easily controlled.
  • The network becomes vulnerable to attack.

22
Emanation Security
  • Electronic Eavesdropping could be accomplished by
    picking up and then decoding the electromagnetic
    interference produced by the monitors.
  • TEMPEST (Transient Electromagnetic Pulse
    Emanation Standard) both a description for a
    program in the military to control electronic
    emanations from electrical equipment
  • emanations security (EMSAC) Measures designed to
    reduce the susceptibility to eavesdropping. The
    term is primarily used in the military. See
    TEMPEST and emanation.
  • With the appropriate equipment, the exact image
    of what is being displayed can be re-created some
    distance away.

23
Shielding
  • There are three ways to prevent these emanations
    from being picked up by an attacker
  • Put the equipment beyond the point that the
    emanations can be picked.
  • Provide shielding for the equipment itself.
  • Provide a shielded enclosure (such as a room) to
    put the equipment.
  • All these solutions can be costly.
  • The cost of shielding is so substantial that in
    most cases, it probably cannot be justified.
  • A TEMPEST-approved computer will cost at least
    double what a normal computer would cost.
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Lesson 3OperationalOrganizational Security" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!