Operations Security - Domain 7 Flashcards
Q
A
Operations Security - 3 Daily Tasks
- Operational Assurance 2. Daily Procedures 3. Vulnerability assessment and pen test
Operations Security - Daily Procedures (6)
- Configuration Managment 2. Change Management 3. Asset Management 4 License Management 5 Capacity Planning 6 Fault Management
Operations Security - Operations Responsibilities (7)
- Maintaining production systems 2 Integrating new software and systems into production env. 3 Installing new versions of programs 4 Running bath jobs, creating reports, patching systems 5 Managing backups 6 Managing audit logs 7 dealing with network and system failures, upgrades, and configurations
Operations Security - Operational Duties (2)
- Unusaul or unexplained occurrences 2. Deviations from standards
Operations Security - Deviations from Standards (4)
- Performance decreases, bandwidth usage increases, excessive memory use 2 Unscheduled initial program loads 3 mainframe term for loading kernel 4 computer rebooting for no obvious reason
Operations Security - Personnel (Operators - mainframes)
- Monitor execution of system 2 control flow of jobs 3 mounting i/o volumes 4 initial program load 5 renaming/relabeling resources 6 reassigning ports/lines
Operations Security - Personnel (Network administrator)
- Maintenance and control of network operations 2. All device and system administration tasks
Operations Security - Personnel (Security administrator)
- Implementing dictated user clearances 2. setting initial passwords and security profiles for users 3. configuring sensitivity levels 4 Implementing device security mechanisms and secure communication channels 5 reviewing audit logs
Operations Security - Audit Data
- Audit logs are an automated feature of certain operating systems and programs that create a record of specific transactions or activities 2. computer fraud can increase if audit logs are not being kept and reviewed 3. trend analysis tools are used to identify anomalies in audit logs 4 exception reports area result of system monitoring activity that is a deviation from standards or policies
Operations Security - Library types
- Production - holds software in production 2 programmer - holds work in progress 3 source code - holds source and should be escrowed 4 media - hardware centrally controlled
Controlling access to media - Librarian
- librarian to control access 2 logs who takes what material out and when 3 materials should be properly labeled 4 media must be properly sanitized
Purpose of trusted recovery
- No comprimise of protection mechanisms or possibility of bypassing them (BSOD) 2. preparing system for failure and recovering the system 3 failure of system cannot be used to breach security
Fax machine security issues (2)
1 Can be used to xfer sensitive data 2 paper in bin for all to see
Fax security solution (5)
1 fax server can route faxes directly to email box instead of printing 2 can disable print feature 3 fax encryptor encrypts bulk data at data link layer 4 provides extensive logging and auditing 5 can use public key crypt for secure xfer of material
Network availability (3)
1 One of three primary security principles 2 attacks, component or device failure can affect a networks availability 3 single point of failure must be avoided
Hot Spares
1 SLA 2 MTBF 3 MTTR
RAID
- Provide fault tolerance 2 Data is separated into multiple units on multiple disks using the process striping and parity 3 HW or SW implementation 4 provides high availability
RAID types (4)
1 RAID 0 striped 2 RAID 1 Mirrored 3 RAID 5 striped w/ parity 4 RAID 10 Striped w/ mirrored
Backups
1 Backing up software and having backup hardware is a large part of network availability 2 It is important to be able to restore data
Backups - Types
- Full - archive bit set 2 Incremental - backup modified files and reset archive bit 3 Diff - all files since last backup - archive bit is not reset 4 Copy - same as full but archive is not reset
Intrusion Detection Systems (4) IDS
- Software is used to monitor a network segment or computer 2. used to detect attacks and other malicious activity 3 dynamic 4 two types - network and host
IDS - Network (3)
- Monitors traffic on a segment 2 computer or network appliance with nic in promiscuous mode 3 sensors communicate with a central management console
IDS - Host (2)
1 Small segment programs that reside on individual computer 2 detects suspicious activity on one system, not a network segment
IDS components (3)
- Sensors 2. Analysis engine 3. management console
IDS - Signature based (3)
- IDS has a dbase of signatures which are patterns of previously defined attacks 2 cannot identify new attacks 3 base needs continual updates
IDS - Behaviour based (3)
- compares audit files, logs, and network behavior and develops and maintains profiles of normal behavior 2 Better defense against new attacks 3 Creates many false positives
IDS - Analysis Engine Methods (Pattern)
- rule based ID 2 Signature based ID 3 knowledge based ID
IDS - Analysis Engine Methods (Profile)
1.Statistical ID 2 Anomaly ID 3 Behavior ID
IDS Response Options (5)
- page or email admin 2 log event 3 send reset packets to the attacker connections 4 change a firewall or router ACL to block an IP address or range 5 Reconfigure router or firewall to block protocol being used for attack
IDS Issues (5)
- May not be able to process all packets on a large network 2 cannot analyze encrypted data 3 switch-packet networks make it harder to pick up packets 4 a lot of false alarms 5 not an answer to all prayers
Honey Pot - Deployment (4)
1 Pseudo flaw: Loophole purposely added to operating sys or application to trap intruders 2 Sacrificial lamb system on network 3 Administrators hope that intruders will attack this system instead of their production systems 4 It is enticing because many ports are open and services are running
Depth in Defense
Multilayered with multiple dimensions
Security Testing - Vulnerability Assessment (3)
- Physical/Operations/Electronic 2 Identify weakness 3 Correct them
Security Testing - Penetration testing (3)
- Ethical hacking to validate discovered weakness 2 Red teams 3 Black box tests
Security Testing - NIST
SP 800-42 Guidline on security testing