Lecture Security + Guide to Network Security Fundamentals (2th edition) - Chapter 10: Operational security

Lecture Security + Guide to Network Security Fundamentals - Chapter 10 include objectives: Harden physical security with access controls, minimize social engineering, secure the physical environment, define business continuity, plan for disaster recovery.

Chapter 10: Operational Security

Security+ Guide to Network Security

Fundamentals

Second Edition

• Harden physical security with access controls

• Minimize social engineering

• Secure the physical environment

• Define business continuity

• Plan for disaster recovery

Hardening Physical Security with

Access Controls

• Adequate physical security is one of the first lines of defense against attacks

• Protects equipment and the infrastructure itself

• Has one primary goal: to prevent unauthorized users from reaching equipment to use, steal, or vandalize

Hardening Physical Security with

Access Controls (continued)

• Configure an operating system to enforce access

controls through an access control list (ACL), a table that defines the access rights each subject has to a folder or file

• Access control also refers to restricting physical

access to computers or network devices

Controlling Access with

Physical Barriers

• Most servers are rack-mounted servers

• A rack-mounted server is 1.75 inches (445 cm) tall

and can be stacked with up to 50 other servers in a closely confined area

• Rack-mounted units are typically connected to a KVM (keyboard, video, mouse) switch, which in turn is

connected to a single monitor, mouse, and keyboard

Controlling Access with Physical

Barriers (continued)

Controlling Access with Physical

Barriers (continued)

Controlling Access with Physical

Barriers (continued)

• In addition to securing a device itself, you should also secure the room containing the device

• Two basic types of door locks require a key:

– A preset lock (key-in-knob lock) requires only a key for unlocking the door from the outside

– A deadbolt lock extends a solid metal bar into the door frame for extra security

• To achieve the most security when using door locks, observe the good practices listed on pages 345 and

346 of the text

Controlling Access with Physical

Controlling Access with Physical

Controlling Access with Biometrics

• Biometrics uses a person’s unique characteristics to authenticate that person

• Some human characteristics used for identification include fingerprint, face, hand, iris, retina, and voice

• Many high-end biometric scanners are expensive, can be difficult to use, and can produce false

positives (accepting unauthorized users) or false

negatives (restricting authorized users)

Minimizing Social Engineering

• The best defenses against social engineering are a strong security policy along with adequate training

• An organization must establish clear and direct

policies regarding what information can be given out and under what circumstances

Securing the Physical Environment

• Take steps to secure the environment itself to reduce the risk of attacks:

– Limiting the range of wireless data signals

– Shielding wired signals

– Controlling the environment

– Suppressing the risk of fires

Limiting Wireless Signal Range

• Use the following techniques to limit the wireless signal range:

– Relocate the access point

– Substitute 802.11a for 802.11b

– Add directional antenna

– Reduce power

– Cover the device

– Modify the building

Shielding a Wired Signal

• The insulation and shielding that covers a copper cable does not always prevent a signal from leaking out or having an even stronger signal affect the data transmission on the cable

• This interference (noise) can be of several types

• Radio frequency interference (RFI) refers to

interference caused by broadcast signals from a

radio frequency (RF) transmitter, such as from a

commercial radio or television transmitter

Shielding a Wired Signal (continued)

• Electromagnetic interference (EMI) may be caused

by a variety of sources

– A motor of another source of intense electrical activity can create an electromagnetic signal that interferes with a data signal

– EMI can also be caused by cellular telephones,

citizens’ band and police radios, small office or

household appliances, fluorescent lights, or loose

electrical connections

Shielding a Wired Signal (continued)

• The source of near end crosstalk (NEXT) interference

is usually from another data signal being transmitted

• Loss of signal strength is known as attenuation

• Two types of defenses are commonly referenced for shielding a signal

– Telecommunications Electronics Material Protected

from Emanating Spurious Transmissions (TEMPEST) – Faraday cage

Shielding a Wired Signal (continued)

• TEMPEST

– Classified standard developed by the US government

to prevent attackers from picking up stray RFI and EMI signals from government buildings

• Faraday cage

– Metallic enclosure that prevents the entry or escape of

an electromagnetic field

– Consists of a fine-mesh copper screening directly

connected to an earth ground

Reducing the Risk of Fires

• In order for a fire to occur, four entities must be present at the same time:

– Sufficient oxygen to sustain the combustion

– Enough heat to raise the material to its ignition temperature

– Some type of fuel or combustible material

– A chemical reaction that is the fire itself

Reducing the Risk of Fires

(continued)

• Refer to page 355 for the types of fires, their fuel

source, how they can be extinguished, and the types

of handheld fire extinguishers that should be used

• Stationary fire suppression systems that integrate into the building’s infrastructure and release a

suppressant in the entire room are used

Reducing the Risk of Fires

(continued)

• Systems can be classified as:

– Water sprinkler systems that spray the room with

pressurized water

– Dry chemical systems that disperse a fine, dry powder over the fire

– Clean agent systems that do not harm people,

documents, or electrical equipment in the room

Understanding Business Continuity

• Process of assessing risks and developing a

management strategy to ensure that business can continue if risks materialize

• Business continuity management is concerned with developing a business continuity plan (BCP)

addressing how the organization can continue in the event that risks materialize

Understanding Business Continuity

(continued)

• The basic steps in creating a BCP:

– Understand the business

– Formulate continuity strategies

– Develop a response

– Test the plan

– Primary purpose is to continue to supply power if the electrical power fails

Maintaining Utilities (continued)

• A UPS can complete the following tasks:

– Send a special message to the network administrator’s computer, or page or telephone the network manager

to indicate that the power has failed

– Notify all users that they must finish their work

immediately and log off

– Prevent any new users from logging on

– Disconnect users and shut down the server

Establishing High Availability

through Fault Tolerance

• The ability to endure failures (fault tolerance) can

keep systems available to an organization

• Prevents a single problem from escalating into a total disaster

• Can best be achieved by maintaining redundancy

• Fault-tolerant server hard drives are based on a

standard known as Redundant Array of Independent Drives (RAID)

Creating and Maintaining Backups

• Data backups are an essential element in any BCP

• Backup software can internally designate which files have already been backed up by setting an archive bit in the properties of the file

• Four basic types of backups:

– Full backup

– Differential backup

– Incremental backup

– Copy backup

Creating and Maintaining Backups

(continued)

Creating and Maintaining Backups

(continued)

• Develop a strategy for performing backups to make sure you are storing the data your organization needs

• A grandfather-father-son backup system divides

backups into three sets:

– A daily backup (son)

– A weekly backup (father)

– A monthly backup (grandfather)

Creating and Maintaining Backups

(continued)

Planning for Disaster Recovery

• Business continuity is concerned with addressing anything that could affect the continuation of service

• Disaster recovery is more narrowly focused on

recovering from major disasters that could cease operations for an extended period of time

• Preparing for disaster recovery always involves

having a plan in place

Creating a Disaster Recovery Plan (DRP)

• A DRP is different from a business continuity plan

• Typically addresses what to do if a major catastrophe occurs that could cause the organization to cease

Identifying Secure Recovery

• Major disasters may require that the organization temporarily move to another location

• Three basic types of alternate sites are used during

or directly after a disaster

– Hot site

– Cold site

– Warm site

Identifying Secure Recovery

(continued)

• A hot site is generally run by a commercial disaster recovery service that allows a business to continue computer and network operations to maintain

business continuity

• A cold site provides office space but customer must provide and install all equipment needed to continue operations

• A warm site has all equipment installed but does not have active Internet or telecommunications facilities

• Be sure backup tapes are located in a secure

environment that is adequately protected

• Adequate physical security is one of the first lines of defense against attacks

• Physical security involves restricting with access

controls, minimizing social engineering attacks, and securing the environment and infrastructure

• Business continuity is the process of assessing risks and developing a management strategy to ensure that business can continue if risks materialize

Summary (continued)

• Disaster recovery is focused on recovering from

major disasters that could potentially cause the

organization to cease operations for an extended

period of time

• A DRP typically addresses what to do if a major

catastrophe occurs that could cause the organization

to cease functioning