Operations Security - PowerPoint PPT Presentation

About This Presentation
Title:

Operations Security

Description:

Title: Operations Security Principles, Techniques, and Mechanisms Presented by Rino Granito VILLANOVA Author: workstation Last modified by: abdullfa – PowerPoint PPT presentation

Number of Views:180
Avg rating:3.0/5.0
Slides: 57
Provided by: work218
Category:

less

Transcript and Presenter's Notes

Title: Operations Security


1
Operations Security
2
Operations Security
  • Operations security pertains to everything needed
    to keep a network, computer systems, applications
    and environment up and running in a secure and
    protected manner
  • Main goal to protect the companys resources

3
CIA
  • Confidentiality
  • Controls that affect the sensitivity and secrecy
    of information
  • Integrity
  • Controls implementation quality
  • Affects the data's accuracy and authenticity
  • Availability
  • Controls that affect the level of fault tolerance
  • Ability to recover from failure

4
Controls and Protections
  • Controls that protect assets -hardware, software,
    and media -from-
  • Threats in an operating environment
  • Internal and external intruders
  • Operators accessing resources inappropriately
  • Root access to systems in an organization

5
Types of Controls
  • Preventive controls
  • Reduce the impact of unintentional errors
    entering the system
  • Prevent unauthorized intruders from accessing the
    system either internally or externally

6
Types of Controls
  • Detective controls
  • Detect an error once it has occurred
  • Corrective controls
  • Mitigate the impact of a loss through data
    recovery procedures

7
Types of Controls
  • Deterrent controls
  • Message for unauthorized data access, logins
  • Application controls
  • Transaction controls
  • Input controls
  • Processing controls
  • Output controls
  • Change controls
  • Test controls

8
Security Controls
  • Security controls come from
  • From the Orange Book - Trusted Computer Security
    Evaluation Criteria (TCSEC)
  • Superceded by Common Criteria
  • http//csrc.nist.gov/cc/
  • http//www.commoncriteriaportal.org/

9
Dual Control
  • Two or more people or systems to complete a task
  • Typical administrator and privileged operator
    tasks
  • Installing system software
  • Startup and shutdown of system
  • Performing backups and recovery
  • Adding and removing system users
  • Handling printers and managing print queues

10
Dual Control
  • Security operator will set up the account
  • Security administrator will
  • Set user clearances, initial passwords, access
    rights
  • Change security profiles for existing users
  • Set security characteristics of devices and
    communication channels
  • Set or change file sensitivity labels
  • Review audit data

11
Trusted Recovery
  • Failure preparation mode
  • Backing up all critical files on a regular
    schedule
  • System recovery
  • Rebooting into single user mode
  • Recovering all previously active file systems
  • Restoring missing or damaged files from recent
    backups
  • Recovering security characteristics (labels)
  • Validating security critical files
  • System recovery policies developed during the
    days of mainframes. Most apply to distributed
    systems.

12
Covert Channels
  • Information path -
  • Not used in normal operations
  • Not protected by security mechanisms
  • E.g. Retrieve information of a system usage based
    on the power usage.
  • Covert timing channels
  • Convey information by altering the timing of a
    system resource
  • Applicable to old mainframes.

13
Operations Security
  • Principles and Practices of Good Security

14
Operations Security
  • For operations security critical items are
  • Due Care - Doing the right thing!
  • Due Diligence -Continuing to do the right thing!

15
Operations Security
  • Includes
  • Administrative management
  • Product evaluation and operational assurance
  • Change configuration management
  • Keep track of the changes made
  • Trusted recovery states
  • Threats to operational security

16
Administrative Management
  • Separation of duties
  • Ensures that one person cannot compromise the
    organization's security
  • Job rotation
  • More than one person fulfills the task or
    position distributes responsibility
  • Least privilege
  • Provides access to just enough information to
    perform the task at hand
  • Bare minimum to do the job
  • ensures integrity
  • Need-to-know- Ensures confidentiality similar to
    military classifications
  • Top secret
  • Secret
  • Sensitive
  • Mandatory vacations
  • To keep individuals from hiding their actions
    e.g. Salami Slicing

17
Accountability
  • Users must be accountable for their actions
  • Controls
  • Potential damage to the organization
  • Responsibility
  • Maintained by
  • Audit logs

18
Security Operations and Product Evaluation
  • Operational assurance
  • Life cycle assurance
  • Company responsibilities after product is
    implemented
  • Clipping levels
  • Resource access

19
Operational Assurance
  • Guarantees that equipment will function as stated
  • Design
  • Monitoring
  • Auditing
  • Controlled Access
  • Recovery

20
Life Cycle Assurance
  • Guarantees that equipment
  • Was designed
  • Will operate
  • Will be updated ...
  • ... in a controlled, known manner
  • If there was a change made, we know
  • Who
  • When
  • why

21
Clipping Levels
  • Tolerance level set to trigger a problem
  • Set clipping levels for
  • Passwords
  • Logins
  • Violations
  • Behavior

22
Resource Access
  • What is needed vs. what is requested or preferred
  • Control access to resources by -
  • Discretional access control (DAC)
  • Mandatory access control (MAC)
  • Role-based access control

23
Change Management
  • Applies to
  • Hardware
  • Software
  • Firmware
  • Change control documentation
  • New hardware
  • New applications
  • Different configurations
  • Patches
  • Policies, procedures, and standards

24
Change Management
  • Steps in a Change management program
  • Request change
  • Approve change
  • Document change
  • Test change
  • Implement change
  • Report and record change

25
Media Controls
  • Media should be controlled by
  • Label
  • Date
  • Storage / retention
  • Classify
  • Sanitize / destroy
  • Above steps much be implemented for all
    electronic and non-electronic media (documents,
    stick-on notes etc.

26
Trusted Recovery
  • 3 types
  • System reboot
  • Restart in a controlled manner
  • Emergency reboot
  • Restarts when normal procedures cannot be
    initiated
  • System cold start
  • o/s brings the system down to maintenance mode
    and operator intervention is required to complete
    the recovery

27
Resource Protection Mechanisms and Techniques
28
Data Protection
  • Data must be verified when it enters or exits a
    system
  • Controls must be used to verify validity of
  • Data
  • Email
  • Transactional information

29
Input and Output Controls
  • Controls must be placed on inputs and outputs to
    insure their length, type, and range
  • Input controls include
  • Dollar counts
  • Transaction counts
  • Error detection and correction
  • Output controls include -
  • Validity checking
  • Authorization controls
  • Verification testing
  • Audit trails

30
E-mail attacks
  • Email is vulnerable to attack via-
  • Spoofing
  • Attackers uses your e-mail address
  • Attackers use a familiar e-mail address
  • Spam
  • Used to launch DOS attacks
  • Open Mail Relays
  • Any person can send e-mail through your e-mail
    servers
  • If spammers get access, your mail server could be
    blocked by ISPs and e-mail applications

31
Spoofing
  • Email appears to have originated from one source,
    but it actually was sent from another source
  • Usually an attempt to trick the user into some
    type of activity

32
SPAM
  • Unsolicited
  • Part of a mass emailing or bulk email
  • The sender is a stranger to the recipient... the
    recipient has never had willful, personal contact
    with the sender

33
Open Mail Relays
  • Occurs when mail is forwarded from someone else
    through the user's mail server
  • Forwarding e-mail is an acceptable event if
    either the originator or the receiver is a local
    user
  • Servers that allow third party mail relays are
    spammer favorites

34
Other Ways to Attack Email
  • Attackers "bounce" an email through the targeted
    network's mail systems
  • Reveals-
  • Each hop along the way
  • Valid IP addresses
  • Type of email server
  • Accomplished by -
  • Connecting to an email server
  • Sending an e-mail to an invalid address

35
Electronic Mail Security
  • PGP
  • SMIME
  • SSL (web-based mail)

36
PGP
  • Pretty Good Privacy (PGP)
  • A software package originally developed by
    Phillip Zimmermann
  • Provides -
  • Cryptographic routines for emails
  • File storage applications
  • Works off a public / private key system

37
SMIME
  • Does the same thing as PGP for end users
  • Uses a different algorithm and process
  • Both provide end-to-end security for email and
    file transfer

38
SSL
  • Secure Sockets Layer (SSL)
  • A protocol developed by Netscape for transmitting
    private documents via the Internet
  • Functions using a private key to encrypt data
    that is transferred over the SSL connection

39
Fax Security
  • Faxes stored in unsecured bins
  • Fax servers
  • Logging and auditing
  • Fax encryptor
  • Allows end-to-end encryptors

40
Phreakers
  • Individuals that hack phone systems for fun and
    free calls
  • PBX and business phone systems are still
    vulnerable today
  • Misconfigured systems allow phreakers to make
    thousands of dollars in free calls
  • Most organizations discover phreaking only after
    the phone bill is delivered.

41
Attacks and Prevention Methods
42
Malicious Hacker Attack Methodology
  • Reconnaissance
  • Corporate websites, job websites
  • Scanning
  • Networks
  • Hosts
  • Gaining access
  • Denial of Service
  • Maintaining access
  • Upload / alter / download programs or data
  • Covering tracks
  • Some evidence is always left behind

43
Reconnaissance
  • The preparatory phase
  • Occurs prior to launching an attack
  • Attacker seeks to gather as much information as
    possible about a target
  • Social Engineering

44
Scanning
  • The second pre-attack phase
  • Hacker scans the network with specific
    information gathered during reconnaissance using
    -
  • War dialers
  • Port scanners
  • Ping sweeping
  • Network mapping tool
  • Vulnerability assessment scanners
  • Wireless detectors

45
Gaining Access
  • First true attack phase
  • Hacker exploits the system to gain entry through
    -
  • Open service
  • Vulnerability
  • Buffer overflow
  • System misconfiguration
  • Blank password

46
Maintaining Access
  • Hacker attempts to retain ownership of the system
    through -
  • Backdoor planting
  • Password cracking
  • Root kit planting

47
Covering Tracks
  • Activities hackers undertake to extend their stay
    on the system without being detected
  • Their goals -
  • To continue using the system's resources
  • To remove evidence of their activities
  • To avoid legal action

48
Penetration Testing
  • The art of self assessment
  • Do penetration testing to find
  • What can the hacker see on the targeted system?
  • What can a hacker do with that information?
  • Do the administrators notice the penetration
    testers' attempts or success?

49
Hacking Tools
  • Security professionals can use hacking tools to
    verify their network's defenses
  • OS fingerprinting
  • Scanners
  • Sniffers
  • Hijacking
  • Password cracking
  • Backdoors
  • Vulnerability assessments

50
OS Fingerprinting
  • Determines the OS of the targeted system
  • Various OS vendors implement the TCP stack
    differently
  • Programs like NMAP -
  • Send specially crafted packets to a remote OS
  • Compare the response to a database
  • Determine the OS

51
Scanners
  • Scanning tools look for systems and services that
    respond.

52
Hijacking
  • Session hijacking involves intercepting an
    in-progress session with the objective of either
    snooping on it in real time or taking control of
    it

53
Password Cracking
  • Theft methods include
  • Physical access
  • Logical access
  • Tapping the wire
  • Password Cracking tools include -
  • L0PHTCRACK
  • John the Ripper
  • PalmCrack
  • Crack 5
  • Pocket PC Software

54
Password Cracking Types
  • Dictionary attack
  • Brute force attack
  • Hybrid attack

55
Backdoors
  • Enable complete control compromised system
  • Sniff passwords and login IDs
  • Perform reconnaissance activity communication
  • Spy on user activity, keystroke by keystroke
  • Control software
  • Control hardware

56
Vulnerability Assessments
  • Should be periodically performed to ensure the
    network is secure
  • There are many individuals waiting to attack
Write a Comment
User Comments (0)
About PowerShow.com