Operations Security Objective
The main goal of the operations security is to control how data is processed and accessed. It implements controls over computer hardware, applications, networks, environments, and over the people who have access to these resources. The operations security also encompasses the understanding of the threats and vulnerabilities of computer systems, networks, applications, and environments in order to implement preventative measures against attacks and to ensure that systems are functioning securely and correctly. Important operation security concepts are: Need-to-Know/Least Privilege, Separation of Duties, Auditing, Monitor Special Privilege of operators or admins, Job Rotation, Marking, handling, storing, and destroying sensitive information, record retention, media and asset management, incident response. Other responsibilities of operation security are support and patch management, change and configuration management, system resilience and fault tolerance.
Operation Security IT Functions
Examples of operation security IT functions are: Help desk functions; application, database, systems programming; change and configuration management; disaster recovery, contingency planning; system analyst; database, network, security administrator; job control analyst; operations, production control analyst.
Management Operation Security Functions
The management functions is the areas of operation security encompass the following activities: due care and due diligence; adherence to to legislative requirements; data classification; media labeling; privacy regulation; handling violations and breaches; auditing.
Security Operations Abuse Management
The security operations abuse management encompasses the following activities: evaluating system vulnerabilities; audit trails or log corruption; denial of service; employee, government or industrial sabotage; errors and omissions; interference with operations; off-hour activities; unauthorized access.
Operation Security Control Types
The operation security control types are divided into the following seven categories.
A preventive operation security control is implemented to stop unwanted or unauthorized access or activity from occurring. Examples of operation security preventive controls are authentication requirements, security policies, separation of duties, door locks, individual access permissions.
Directive controls, also referred to as administrative or management controls are placed to promote desirable behavior and adherence to policies, rules and regulations. Directive controls are designed to establish desired outcomes. Examples of directive operation controls are training seminars, meetings, policies, standards, procedures and guidelines, record retention.
Detective controls are implemented to discover unwanted or unauthorized activity. Typically, detective controls operate after something happens rather that in real time. Examples of detective access controls include motion detectors, recording and reviewing of events captured be security cameras or CCTV, intrusion detection systems, mandatory vacations, audit trails, violation reports, incident investigations.
Corrective controls are implemented to restore systems to normal after an unwanted or unauthorized activity has occurred. Corrective controls have only minimal capability to respond to access violations. Examples of corrective access controls include intrusion detection systems, antivirus solutions, and business continuity planning.
Deterrent controls are implemented to discourage violation of security policies. Examples of deterrent access controls are warning banners, security cameras, trespass or intrusion alarms, auditing, security awareness training.
Recovery controls are implemented to repair or restore resources, functions, and capabilities after a violation of security policies. Recovery controls have more advanced or complex capabilities to respond to access violations than corrective access controls. Examples of recovery access controls include backups and restores, fault-tolerant drives, server clustering, and database or VM shadowing.
Compensating controls are second or third access control that kicks in in case the first one fails. Examples of compensating security control are VM shadowing, power supply.
Layers of Operation Security Controls
Data Layer security controls include: ACL - list of permissions assigned to data, specifying which users or systems processes are granted access to objects, as well as what operations are allowed on a given object. Encryption - sensitive data must be encrypted and stored in separate secure locations depending on the sensitivity. Secure Data Transmission - data must be encrypted when it is transmitted electronically.
Application Layer security controls include: Application Hardening - update applications to the latest available versions, regularly review the code of internal developed apps, implement proper input validation, properly check the size of input. Antivirus - install and regularly update antivirus software.
Host/System Hardening security controls include: OS hardening Update Management Authentication Logging HIDS
Internal Network Layer
Internal Network security controls include: Network Segmentation Monitoring IPSec NIDS
Logical perimeter security controls include:
Physical perimeter security controls include: Guards Locks Access Control Devices Biometrics
Management practices security controls include: Policies, standards, procedures, and guidelines Security Awareness Training Data Classification
Change management is a process that helps organizations to successfully transition to a desired future state. Change management plans and controls all major changes to the infrastructure, such as transitioning individuals, teams, organizational departments, systems, or applications. The change control process includes the following steps: 1. Request for change. 2. Approval for change. 3. Documentation of change. 4. Testing and presenting. 5. Implementation. 6. Report change to management.
Examples of change management processes are: changes in software development/coding practices; installation, modification, removal or relocation or computing equipment; integration of new application systems and removal of obsolete elements; any modification or relocation of desktop equipment and services; any changes that are required to complete tasks associated with normal job requirements.
Configuration management is a process for establishing and maintaing consistency of a product’s performance and integrity in its configuration data over multiple instances of the same device. Configuration management objects may be hardware, software, network components, software versions, and documentation.
Service Interruption, MTBF and MTBR
Service interruption or outage occurs when you loose access to services, which results in disruption to normal business functions and processes. Service interruptions can be divided into scheduled service maintenance and non-scheduled. Service interruptions could be result of power failures, network failures, failure to various hardware components or devices.
Meat Time Between Failures (MTBF) is a predicted elapsed time between failures of a system during operation. MTBF is typically calculated as the average time between failures for a system or system components.
Mean Time To Repair (MTTR) represents the average time required to repair a failed component or device.
Operation Security Concepts
Service Level Agreement
An SLA is a part of a contract where a service is specifically defined, usually in measurable terms. SLAs may specify the following term:
- What percentage of time services will be available
- Specific performance benchmarks
- Number of users that can be server simultaneously
- Help desk response time
- Usage statistics
Operational Level Agreement (OLA)
The OLA defines the interdependent relationships among the internal support groups of an organization working to support a service-level agreement (SLA). The agreement describes the responsibilities of each organizational department/group toward other support groups, including the process and timeframe for delivery of their services. The objective of the OLA is to present a clear, concise and measurable description of the service provider’s internal support relationships.
Redundant Configuration of Systems/Apps
This is also known as server or application clustering or high availability, extra duplication or a system or application. Redundant configurations are necessary parts of SLAs. HA combines software with hardware to minimize downtime by quickly restoring services when a system or application fails.
With fault-tolerant configuration the system is able to continue properly even if one or more components of the system fail. Fault tolerance is extremely important is high availability or life-critical systems. It prevents errors or faults from becoming failures. It relies on special hardware to detects faults and instantaneously switch to a redundant hardware component. It is apparently seamless and it offers non-stop service. This type of model does not address software failures, however.
Contingency planning prepares an organization to respond coherently to an unplanned event. The contingency plan can be also used as an alternative for action if expected results fail to materialize. A contingency plan is sometimes referred to as “Plan B.”
Single Point of Failure
Single point of failure is a concept that states that is a single component or application fails the whole system will fail to respond.
Direct Access Storage Device (DASD)
Direct Access Storage Device (DASD) is a disk storage device that is directly connected to a computer. Internal disk drives or external disk drives connect through interfaces such as Firewire or USB and are considered DASD. Unlike DASD, Network Attached Storage (NAS) is available only via the network.
Server and Application Clustering
Server Clustering is multiple servers grouped together to represent one server and dedicated to a single task. Application clustering is server clustering using a software program to configure the server to perform a specific task such as load balancing, failure detection, compensation for individual failures.
Hierarchical Storage Management (HSM)
Hierarchical Storage Management is a management of data backup and archiving based on policy. It is designed to use data storage economically, by automatically moving data between high and low-cost storage media. HSM systems exist because it is more expensive to save data on high speed devices such as hard disk drive arrays than slower devices such as optical disks or media tapes. HSM turns the fast disk drives into caches for the slower mass storage devices.
Vulnerability assessment is the process of identifying and quantifying vulnerabilities in a system. The system being studied could be a physical facility, a computer system, or a communication infrastructure.
Vulnerability assessments are performed in the following steps: 1. Cataloging assets and capabilities (resources) in a system. 2. Assigning quantifiable value (or at least rank order) and importance to those resources. 3. Identifying the vulnerabilities or potential threats to each resource. 4. Mitigating or eliminating the most serious vulnerabilities for the most valuable resources.
Penetration testing is a method of evaluating the security of a computer system or network by simulating an attack by a malicious hacker. The process involves an active analysis of the system for any weaknesses, technical flaws to vulnerabilities. Penetration testing is carried out from the position of a potential attacker, and can involve active exploitation of security vulnerabilities.
The penetration testing process includes the following phases: 1. Planning and Preparation 2. Information Gathering and Analysis 3. Vulnerability Detection 4. Penetration Attempt 5. Analysis and Reporting 6. Cleaning Up