Operations Security
Dr. Bhavani Thuraisingham
The University of Texas at Dallas (UTD)
June 2015
Domain Objectives
• Protection and Control of Data Processing Resources
– Media Management
– Backups and Recovery
– Change Control
• Privileged Entity Control
Control Categories
•
•
•
•
•
•
•
Preventive
Detective
Corrective
Deterrent
Recovery
Directive
Compensating
Application-related Controls
•
•
•
•
•
•
•
•
•
Transaction
Input
Processing
Output
Test
Supervision / balancing
Job-flow
Logging
Licensing
Operations Security Focus Areas
•
•
•
•
•
•
•
•
Auditors
Support staff
Vendors
Security
Programmers
Operators
Engineers
Administrators
Domain Agenda
•
•
•
•
Resource Protection
Continuity of Operations
Change Control Management
Privileged Entity Control
Facility Support Systems
• The support systems in centralized and decentralized operation
centers must be protected
–
–
–
–
–
Hardware
Software
Storage media
Cabling
Physical security
Facility Support Systems (cont.)
• Fire protection
• HVAC
• Electrical power goals
Facility Support Systems (cont.)
• Water
• Communications
• Alarm systems
Media Management
•
•
•
•
Storage
Encryption
Retrieval
Disposal
Object Reuse
•
•
•
•
Securely reassigned
Disclosure
Contamination
Recoverability
Clearing of Magnetic Media
• Overwriting
• Degaussing
• Physical destruction
Media Management Practices
• Sensitive Media Controls
–
–
–
–
–
–
Destroying
Marking
Labeling
Handling
Storing
Declassifying
Misuse Prevention
Threats
Countermeasures
Personal use
Acceptable use policy, workstation controls, web
content filtering, email filtering
Theft of media
Appropriate media controls
Fraud
Balancing of input/output reports, separation of
duties, verification of information
Sniffers
Encryption
Records Management
• Consideration for records management program development
• Guidelines for developing a records management program
• Records retention
Domain Agenda
•
•
•
•
Resource Protection
Continuity of Operations
Change Control Management
Privileged Entity Control
Adequate Software & Data Backup
• Operations controls ensure adequate backups of:
–
–
–
–
–
–
Data
Operating systems
Applications
Transactions
Configurations
Reports
• Backups must be tested
• Alternate site recovery plan
Fault Tolerance
•
•
•
•
Hardware failure is planned for
System recognizes a failure
Automatic corrective action
Standby systems
– Cold – configured, not on, lost connections
– Warm – On, some lost data or transactions (TRX)
– Hot – ready – failover
RAID – Redundant Array of
Independent Discs
• Hardware-based
• Software-based
• Hot spare
RAID Level 0
• Two or more disks
• No redundancy
• Performance only
RAID Level 1
•
•
•
•
Exact copy (or mirror)
Two or more disks
Fault tolerant
200% cost
RAID Level 2
• Striping of data with error correcting codes (ECC)
• Requires more disks than RAID 3/4/5
• Not used, not commercially viable
RAID Level 3
• Byte level stripes
• 1 drive for parity
• All other drives are for data
RAID Level 4
• Block level stripes
• 1 drive for parity
• All other drives are for data
RAID Level 5
• Block level stripes
• Data and parity interleaved amongst all drives
• The most popular RAID implementation
RAID Level 6
•
•
•
•
•
Block level stripes
All drives used for data AND parity
2 parity types
Higher cost
More fault tolerant than RAID implementations 2 - 5
RAID Level 0+1
• Mirroring and striping
• Higher cost
• Higher speed
RAID Level 10
• Mirroring and striping
• Higher cost
• Higher speed
Redundant Array of Independent Taps
(RAIT)
• Using tapes not disk
• Rea-time mirroring
Hot Spares
• Waiting for disaster
• Global
• Dedicated
Backup Types
•
•
•
•
•
•
•
•
File image
System image
Data mirroring
Electronic vaulting
Remote journaling
Database shadowing
Redundant servers
Standby services
System Recovery – Trusted Recovery
• Correct implementation
• Failures don’t compromise a system’s secure operation
Types of Trusted Recovery
• System reboot
• Emergency system restart
• System cold start
Fail Secure
• Cause little or no harm to personnel
• System remains secure
Operational Incident Handling
• First line of defense
• Logging, tracking and analysis of incidents
• Escalation and notification
Incident Response Team
•
•
•
•
•
Benefits
Protection of assets
Profitability
Regulations
Avoiding downstream
damage
Limit exposure
•
•
•
•
Priorities
Life safety
Labeled data
Communication
Reduce disruption
Contingency Plans
• Business continuity plans and procedures
–
–
–
–
–
–
–
–
Power failure
System failure
Denial of service
Intrusions
Tampering
Communication
Production delay
I/O errors
Domain Agenda
•
•
•
•
Resource Protection
Continuity of Operations
Change Control Management
Privileged Entity Control
Change Control Management
• Business and technology balance
• Defines
– Process of changes
– Ownership of changes
• Changes are reviewed for impact on security
Change Control Committee
Responsibilities
•
•
•
•
•
Management
Business impact
Regulations
Risk management
Approval
Accreditation
•
•
•
•
•
•
Technical
Request process
Functional impact
Access control
Testing
Rollback
Certification
Change Control Procedures
•
•
•
•
•
•
Request
Impact assessment
Approval
Build/test
Implement
Monitor
Configuration Management Elements
•
•
•
•
•
•
Hardware inventory
Hardware configuration chart
Software
Firmware
Documentation requirements
Testing
Patch Management
•
•
•
•
Knowledge of patches
Testing
Deployment
Zero-day challenges
Protection of Operational Files
• Library Maintenance
–
–
–
–
Backups
Source code
Object code
Configuration files
• Librarian
Domain Agenda
•
•
•
•
Resource Protection
Continuity of Operations
Change Control Management
Privileged Entity Control
Operator Privileges
•
•
•
•
Data input and output
Data maintenance
Labeling
Inventory
Administrator Privileges
• Systems administrators
• Network administrators
• Audit highly-privileged accounts
Security Administrator Privileges
• Security administration include:
– Policy
• Development
• Implementation
• Maintenance and compliance
– Vulnerability assessments
– Incident response
Control Over Privileged Entities
• Review of access rights
• Supervision
• Monitoring/audit
Domain Summary
•
•
•
•
Resource Protection
Continuity of Operations
Change Control Management
Privileged Entity Control