Operations Security Dr. Bhavani Thuraisingham The University of Texas at Dallas (UTD) June 2015 Domain Objectives • Protection and Control of Data Processing Resources – Media Management – Backups and Recovery – Change Control • Privileged Entity Control Control Categories • • • • • • • Preventive Detective Corrective Deterrent Recovery Directive Compensating Application-related Controls • • • • • • • • • Transaction Input Processing Output Test Supervision / balancing Job-flow Logging Licensing Operations Security Focus Areas • • • • • • • • Auditors Support staff Vendors Security Programmers Operators Engineers Administrators Domain Agenda • • • • Resource Protection Continuity of Operations Change Control Management Privileged Entity Control Facility Support Systems • The support systems in centralized and decentralized operation centers must be protected – – – – – Hardware Software Storage media Cabling Physical security Facility Support Systems (cont.) • Fire protection • HVAC • Electrical power goals Facility Support Systems (cont.) • Water • Communications • Alarm systems Media Management • • • • Storage Encryption Retrieval Disposal Object Reuse • • • • Securely reassigned Disclosure Contamination Recoverability Clearing of Magnetic Media • Overwriting • Degaussing • Physical destruction Media Management Practices • Sensitive Media Controls – – – – – – Destroying Marking Labeling Handling Storing Declassifying Misuse Prevention Threats Countermeasures Personal use Acceptable use policy, workstation controls, web content filtering, email filtering Theft of media Appropriate media controls Fraud Balancing of input/output reports, separation of duties, verification of information Sniffers Encryption Records Management • Consideration for records management program development • Guidelines for developing a records management program • Records retention Domain Agenda • • • • Resource Protection Continuity of Operations Change Control Management Privileged Entity Control Adequate Software & Data Backup • Operations controls ensure adequate backups of: – – – – – – Data Operating systems Applications Transactions Configurations Reports • Backups must be tested • Alternate site recovery plan Fault Tolerance • • • • Hardware failure is planned for System recognizes a failure Automatic corrective action Standby systems – Cold – configured, not on, lost connections – Warm – On, some lost data or transactions (TRX) – Hot – ready – failover RAID – Redundant Array of Independent Discs • Hardware-based • Software-based • Hot spare RAID Level 0 • Two or more disks • No redundancy • Performance only RAID Level 1 • • • • Exact copy (or mirror) Two or more disks Fault tolerant 200% cost RAID Level 2 • Striping of data with error correcting codes (ECC) • Requires more disks than RAID 3/4/5 • Not used, not commercially viable RAID Level 3 • Byte level stripes • 1 drive for parity • All other drives are for data RAID Level 4 • Block level stripes • 1 drive for parity • All other drives are for data RAID Level 5 • Block level stripes • Data and parity interleaved amongst all drives • The most popular RAID implementation RAID Level 6 • • • • • Block level stripes All drives used for data AND parity 2 parity types Higher cost More fault tolerant than RAID implementations 2 - 5 RAID Level 0+1 • Mirroring and striping • Higher cost • Higher speed RAID Level 10 • Mirroring and striping • Higher cost • Higher speed Redundant Array of Independent Taps (RAIT) • Using tapes not disk • Rea-time mirroring Hot Spares • Waiting for disaster • Global • Dedicated Backup Types • • • • • • • • File image System image Data mirroring Electronic vaulting Remote journaling Database shadowing Redundant servers Standby services System Recovery – Trusted Recovery • Correct implementation • Failures don’t compromise a system’s secure operation Types of Trusted Recovery • System reboot • Emergency system restart • System cold start Fail Secure • Cause little or no harm to personnel • System remains secure Operational Incident Handling • First line of defense • Logging, tracking and analysis of incidents • Escalation and notification Incident Response Team • • • • • Benefits Protection of assets Profitability Regulations Avoiding downstream damage Limit exposure • • • • Priorities Life safety Labeled data Communication Reduce disruption Contingency Plans • Business continuity plans and procedures – – – – – – – – Power failure System failure Denial of service Intrusions Tampering Communication Production delay I/O errors Domain Agenda • • • • Resource Protection Continuity of Operations Change Control Management Privileged Entity Control Change Control Management • Business and technology balance • Defines – Process of changes – Ownership of changes • Changes are reviewed for impact on security Change Control Committee Responsibilities • • • • • Management Business impact Regulations Risk management Approval Accreditation • • • • • • Technical Request process Functional impact Access control Testing Rollback Certification Change Control Procedures • • • • • • Request Impact assessment Approval Build/test Implement Monitor Configuration Management Elements • • • • • • Hardware inventory Hardware configuration chart Software Firmware Documentation requirements Testing Patch Management • • • • Knowledge of patches Testing Deployment Zero-day challenges Protection of Operational Files • Library Maintenance – – – – Backups Source code Object code Configuration files • Librarian Domain Agenda • • • • Resource Protection Continuity of Operations Change Control Management Privileged Entity Control Operator Privileges • • • • Data input and output Data maintenance Labeling Inventory Administrator Privileges • Systems administrators • Network administrators • Audit highly-privileged accounts Security Administrator Privileges • Security administration include: – Policy • Development • Implementation • Maintenance and compliance – Vulnerability assessments – Incident response Control Over Privileged Entities • Review of access rights • Supervision • Monitoring/audit Domain Summary • • • • Resource Protection Continuity of Operations Change Control Management Privileged Entity Control