Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

ODAA Process Manual

advertisement 
Beyond Standards
1
Beyond Standards
•
•
•
•
•
Standards
ISFO Manual
Threats
Case Study
Future
2
Baseline Standards
•
•
•
•
Audit Policy Event Logs Configuration
User rights Security options
Network, Firewall, Port protocol
Others
3
Baseline Standards
Audit Policy
 Basic Audit versus Advanced Audit Policy
Event Logs
 Retain old events and Automatically backup log
when full
4
Baseline Standards
User Rights
 Add workstations to domain
 Synchronize directory service data
Bypass traverse checking
5
Baseline Standards
User Rights
 Impersonate a client after authentication
Devices: Allow undock without having to log on
6
Baseline Standards
Security Options
 Domain controller: Refuse machine account password
changes
Domain controller: Allow server operators to schedule
tasks
7
Baseline Standards
Networking
 Internet Communication
Events.asp Links
Turn Off Handwriting Personalization Data
Sharing
 Power Options
Require a Password When a Computer Wakes
Network Connections
Route all traffic through internal network
8
Baseline Standards
Networking
 NTP server : Configure Windows NTP client
localtimeserver Type
Set to NT5D5. ( Set to NT5DS if the system is not PDC)
 TCPIP Settings\IPv6 Transition Technologies
IPHTTPS Url
Firewall
Display Notification ( Set to Yes)
Firewall log file ( currently set to %windir%.log)
Set to
9
Baseline Standards
Networking
 Firewall
IPv6 Block of UDP 3544
 Remote Desktop Services
Do not use temporary folders per session should be associated
with Remote Desktop Session Host\Temporary folders.
 Search Setting
Search-Allow indexing of encrypted files
Search-Enable indexing uncached Exchange folders
10
Baseline Standards
Services
 Remote Desk Services Crashes on refresh of GPO
 Remote Desktop Help Session Manager ( ignored on
windows 7 and windows 2008)
 SNMP Trap Service is SNMP Trap
 Simple Service Discovery Protocol Discovery Service is
SSDP Discovery ( needed for plug and play)
 World Wide Web Publishing Services is World Wide Web
Publishing Service
11
Baseline Standards
Virtualization
 Allow log on through Remote Desktop Services
 Deny log on through Remote Desktop Services
Set to Everyone ( should be Guests)
 Virtual OS
12
Baseline Standards
Security Relevant Objects
 SROs for NT5 (XP, 2003) but not used by NT6 (7,2008)
 c:\windows\system32\kdcsvc.dll
 c:\windows\system32\msgina.dll
 c:\windows\system32\ntbackup.exe
 c:\windows\system32\ntdsa.dll
 c:\windows\system32\ntdsatq.dll
 c:\windows\system32\regedit.exe
 c:\windows\system32\rshx32.exe
 c:\windows\syswow64\rshx32.exe
 c:\windows\syswow64\spool\printers
13
Baseline Standards
Others
Difference in baseline between NT5 and NT6
 NT5 Audit: Shut down system immediately is. Enabled.
 NT6 Audit: Shut down system immediately is Undefined.
 NT5 Restrict CD-ROM access to locally logged-on user
only is Enabled.
 NT6 Restrict CD-ROM access to locally logged-on user
only is Disabled.
14
Baseline Standards
Others
Difference in baseline between NT5 and NT6
 NT5 Interactive logon: Number of previous logons to
cache is 0
• NT6 Interactive logon: Number of previous logons to
cache is 2 logons or less
 NT5 Shutdown: Clear virtual memory page file is Enabled
 NT6 Shutdown: Clear virtual memory page file is Disabled
NT6 Every Administrative actions required
authentication
15
ODAA Process Manual
ODAA Process Manual v3.2,
November 15, 2013
Summary of Changes
16
ODAA Process Manual
Aligned under National Institute of
Standards and Technology (NIST) 80053 Controls
17
ODAA Process Manual
C&A Documentation Process Divided
into Three Categories
• Management Controls, 3.0
• Operational Controls, 4.0
• Technical Controls, 6.0
18
ODAA Process Manual
NIST 800-53 Control Mapping 10.0 (page 86)
SECURITY CONTROL IDENTIFIERS AND FAMILY NAMES
ID
FAMILY
ID
FAMILY
AC
Access Control
MP
Media Protection
AT
Awareness and Training
PE
Physical and Environmental Protection
AU
Audit and Accountability
PL
Planning
CA
Security Assessment and Authorization
PS
Personnel Security
CM
Configuration Management
RA
Risk Assessment
CP
Contingency Planning
SA
System and Services Acquisition
IA
Identification and Authentication
SC
System and Communications Protection
IR
Incident Response
SI
System and Information Integrity
MA
Maintenance
PM
Program Management
Refer to http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf for a more comprehensive list
of the entire catalog of security controls.
19
ODAA Process Manual
Publication date: November 15, 2013
Effective date: May 15, 2014
20
ODAA Process Manual
Removable Media Restrictions 4.7.2 (p. 51)
•Write ability will be restricted to people designated and
briefed by ISSM.
•The default will be to disable write ability for all forms of
removable media.
21
ODAA Process Manual
SIPRNet Section 9.0 (pp. 81-84)
• Command Cyber Readiness Inspections (CCRI)
• NISP SIPRNet Circuit Acquisition Process
22
ODAA Process Manual
Defense Industrial Base Cyber Security
Accreditation Process (DIBNet) 9.2
Use to report cyber security incidents
23
ODAA Process Manual
Self-Certification Requirements (p.32)
•Introduction to NISP C&A Process
•NISP C&A Process: A Walk-Through
•Technical Implementation of C&A
24
ODAA Process Manual
Logon Banner (pp 68-70)
•NISPOM compliant systems (p. 69)
•DoD Warning Banner for SIPRNet (p. 70)
25
ODAA Process Manual
Other Items:
But nothing really new
26
ODAA Process Manual
Examples of reasons to deny an IATO:
•Missing or incomplete UID
•ISSM did not sign the IS Security Package Statement
•Missing H/W List – S/W List – Configuration Diagram
•Physical security not adequately explained
27
ODAA Process Manual
Examples of reasons to deny an IATO:
•No signed DSS Form 147 – for Closed Area
•No Certification Test Guide Results provided
•Missing letter from GCA if variances are needed
•Identification and authentication not fully addressed
28
ODAA Process Manual
Periods Processing 3.2.10.2 (p. 19)
Clearing can be used to overwrite HD for
reuse at same or higher level.
Not for TS
29
ODAA Process Manual
Sanitizing 4.4.2 (pp 41-43)
•Spills can be cleaned up by overwriting
•Get GCA approval prior to or after incident
•If GCA does not respond after 30 days assume approved
•GCA may require destruction
30
ODAA Process Manual
Incident Response Plan 4.5.2
• The contractor shall develop an incident response
plan.
• Distribute copies of the incident response plan to
appropriate incident response personnel.
• The incident response plan shall be reviewed and
revised when appropriate to ensure accuracy.
31
ODAA Process Manual
Classified Spill Cleanup Procedures 4.5.3
• Coordination with sender / receiver / data owner
• Wiping Utility Instructions 4.5.4 (p. 45)
• Reporting (NISPOM 1-303)
32
ODAA Process Manual
Trusted Download 4.7.4
Alternate Trusted Download procedures need letterhead
memo signed by data owner or GCA. (p. 53)
33
ODAA Process Manual
Weekly Audits 6.7.1 (p.71-72)
• Audits need to be done at least weekly
• “At least weekly” means once per calendar week
34
Threat
Cyber Threat
Insider Threat
35
Threat
Insider
Any person with authorized access to any United States Government resource to
include personnel, facilities, information, equipment, networks, or systems.
Insider Threat:
The threat that an insider will use his/her authorized access, wittingly or
unwittingly, to do harm to the security of the United States. This threat can
include damage to the United States through espionage, terrorism, unauthorized
disclosure of national security information, or through the loss or degradation of
resources or capabilities.
36
UNCLASSIFIED//FOUO
Insider Threat mitigation has become an
urgent requirement for DoD agencies
• Presidential Memorandum and Executive Order (EO) 13587
– Created steering committee
– Executive Agent for Safeguarding Classified Info on Networks
– National Insider Threat Task Force
• Produce national policy, standards
• Provide assistance and assessments to departments/agencies
•
EO 10450, Security Requirements for Government Employment
• Authority to investigate any information that comes to its attention that indicates retaining any
officer or employee of the agency may not be consistent with national security interests
• Provides authority to conduct inquires both prior to an actual hiring and after an
individual has been hired by the agency
“In the wake of an unprecedented document dump that is straining U.S. diplomatic relations in some
corners of the world, the administration ordered agencies last month to ensure that unauthorized
employees do not get access to sensitive or classified information.”
37
UNCLASSIFIED//FOUO
Threat
(not all-inclusive)
Excessive and abnormal intranet browsing, beyond the individual's duties and
responsibilities, of internal file servers or other networked system contents
Attempts to obtain classified or sensitive information by an individual not
authorized to receive such information
Unauthorized copying, printing, faxing, e-mailing, or transmitting classified
material
Contact with an individual who is known or suspected of being associated with a
foreign intelligence or security organization
Hacking or cracking activities, social engineering, electronic elicitation, e-mail
spoofing or spear phishing
38
Case Study
What would you do?
39
Questions ?
Contact DSS….
40
Related documents
ODAA Brainstorming
ODAA Brainstorming
Intro to UF Foundation & ODAA
Intro to UF Foundation & ODAA
ODAA Update Overview July 2014
ODAA Update Overview July 2014
DSS ISFO ODAA Presentation December 2013
DSS ISFO ODAA Presentation December 2013
System Security Plan - jsac
System Security Plan - jsac
Pre-K Morning Meeting through Responsive Classroom: An
Pre-K Morning Meeting through Responsive Classroom: An
View PPT
View PPT
Stress Management - Dr. Fayose
Stress Management - Dr. Fayose
Download
advertisement