ISMN 5730 Final

CCTV Levels- Detection

The ability to detect the presence of an object

CCTV Levels-Identification

The ability to determine the object details

BCP Document

The final aspect of this phase is to combine all of the various steps into the organizations BCP. This plan should then be interfaced with the organizations other emergency plan

Architecture

The highest level concept of a system in its environment

Team Members

The same people who would be responsible for executing the plan in the event of an outage, must also be involved in preparing the BCP

Remote Access Services

Typically conducted over an untrusted network -Increased risk to disclosure, modification and denial of service -Remote access security minimums -Rapid growth of remote access via the internet --Wide availability -Economical

Eavesdropping

WLAN signals extend beyond physical security boundaries -Standard wired equivalent privacy encryption is often not used -When used, WEP is flawed and vulnerable -No user authentication in WEP

5 Support System Threats

-Fire -HVAC -Gas Leakage -Power Loss -Water

Computer Equipment Protections-Portable Device Security

-Involves protecting the device, protecting the data on the device, and keeping the security controls easy for the user

Architecture

-Principles -Concepts -Methods -Practices -Standards --Shift from an IT-centric to a business-centric security process to more effectively manage risk

Systems Life Cycle

-Project management-based methodology used to plan, execute, and control software development and maintenance -Provides a framework for the phases of software development projects and includes disposal stage -Involves teams of developers, analysts, owners, users, technical experts, and security experts

Guard Stations

-Security forces (guards) can provide a deterrence to unauthorized entry. In some cases, may also prevent unauthorized entry

The Target

-Sensitive and critical information -Computing services, such as storage space and other resources -Toll telephone services -Voice mail -Network access to interconnected networks, such as customers or business partners

Perimeter Intrusion Detection Systems

-Sensors that detect access into an area

Landscaping

-Shrubs or trees can provide a barrier an entry point -Spiny shrubs make it harder for an intruder to cross the barrier

6 Key Malicious Threats

-Theft -HVAC Access -Shoulder Surfing -Social Engineering -Dumpster Diving -Espionage

Goals of Physical Security

1. Deter 2. Delay 3. Detect 4. Assess 5. Respond

HVAC

Access via HVAC vents

Remote Access Technologies

Allows users to access network information through a dial in wireless connection

Internet Access

Allows users to access network information through an internet service provider connection (ISP)

Cold Site

Basic HVAC and connections. (Weeks to months)

Utility Systems Threats

Communication outages, power outages

Water

Flooding/dripping

Facility and Supply Recovery

Focus is on restoration and recovery such as -Facility- main building, remote ory- supplies, equipment, paper, forms -Equipment- network environments, servers, mainframe, microcomputers, etc -Telecommunications- voice and data -Documentation- application, technical materials -transportation- movement of equipment, personnel -Supporting equipment- HVAC, safety, security

Surveillance

High degree of visual control

Social Engineering

Intelligence Attack. Getting people to give in to give you information/ credit or social info

Malicious Threats are?

Intentional

Espionage

Loss of intellectual property and market share. Steals classified data

Fault

Momentary loss of power

HVAC

Overheating/overcooling

Warm Site

Partially prepared for operations (days-weeks)

Fire Detection

Receive warnings of fire before to becomes a problem

Fire Prevention

Reduce causes of fire

Physical Safety Requirements -Life Safety

Safety of people is the primary concern

Disaster

-A disaster is something that interrupts normal business process --A disaster is defined as a sudden, unplanned calamitous event that brings about great damage or loss --In the business environment, it is any event that creates an inability on an organizations part to support critical business functions for some predetermined period of time

Bollards

-A rising post designed for use in traffic control and protecting property premises -Provides security against vehicles ramming into, or stopping near buildings -Lighted bollards can be used for lighting controls along parks, paths, sidewalks, etc.

Network Protocol Definition

-A standard set of rules that governs the exchange of data between hardware and software components in a communications network -A network protocol also describes the format of a message and how it is exchanged --When computers communicate with one another, they exchange a series of messages --To understand and act on these messages, computers must agree on what a message means

Business Continuity Management

-A strategic and operational framework to review the way an organization provides its products and services while increasing its reliance to disruption, interruption or loss -Provides a framework for building resilience and the capability for an effective response which safeguards the interests of a company key stakeholders, reputation, brand and value creating activities

Closed Circuit Television

-A television transmission system that uses cameras to transmit pictures by a transmission medium to connected monitors -The transmission media can use wired or wireless technologies -EX: Cameras attached to fences or stoplights

Intrusion Prevention Systems

-Ability to block attacks in real time -Actively intercept and forward packets -Considered access control and policy enforcement whereas IDS is considered network monitoring and audit -Preventive control

Strategic Alignment Key Considerations

-Active executive participation -Owner, custodian, stakeholder alignment -Assigned responsibility, accountability and authority -Security Life Cycle -Business and IT alignment -Security process and management fundamentals -All stakeholders speaking the same language

BCP

-An approved set of advanced arrangements and procedures that enable an organization to --Ensure the safety of people --Minimize the amount of loss --Repair or replace the damaged facilities as soon as possible --Continuity plans address every critical function of an enterprise

Subtopics

-Applications Environment -Database Environment -Environment Threats -System Life Cycle -Change Management

Layered Defense Model

-Approaching security through layers of controls -Multi Layered -Starts with the perimeter, then building grounds, then building entry points, etc.

Architecture Facts

-Are fundamental statements of value, operation or belief that defines the overall approach to IT security -Define the philosophy of the organization that directs the definition of the security policies -Will require formal commitment from the executives to be relied upon for guidance and -Often are challenging to define --May require assistance with scope definition and management, issue validation and the definition of the resulting security principles

Fences

-Are used to enclose security areas and designate property boundaries -Should meet specific gauge and fabric specifications -High-security areas may need a "top guard" (barb wire at top) -Should meet certain height and location provisions -Fences must be checked and repaired on a regular basis -Fence fabric must be securely attached to poles -Be sure that vegetation or adjacent structures cannot provide a "bridge" over the fence

DNS Security Issues

-Attackers have been known to corrupt the tree and obtain access to a trusted machine -The name servers can be poisoned so that legitimate addresses are replaced -Unauthorized users could discover sensitive information if querying is allowed by users

Virus

-Central characteristic is reproduction -Generally requires some action by the user -May or may not carry payloads -Payload may or may not be damaging

Surveillance Devices

-Closed-circuit television

Executable Content/Mobile Code

-Code that is downloaded to the users machine and executed -Running programs on a computer may given the program unexpected access to resources on the machine EX: -Web applets- mini programs written in Java that are automatically loaded and run -Dynamic email- Active scripts/messages are included in email messages

Inside the Building, Building Floors, Office Suites, Offices

-Compartmentalized Areas -Support System Controls -Fire Protection -Intrusion Detection Systems

IP Addresses

-Composed of 32-bit addresses that are often displayed in the form of four groups of decimal digits separated by a period/dot -Each group of numbers cannot be larger than 254

Applications Software

-Comprised of programs, processes, utilities, drivers, etc to provide user functionality and support business activities -Allows users to execute and perform computerized tasks

Types of Lighting

-Continuous lighting --Glare projection lighting --Flood lighting -Trip lighting -Standby lighting -Emergency lighting

Compartmentalized Areas

-Defines a location where sensitive equipment is stored and where sensitive information is processed -Must have a higher level of security controls -To be effective, they need an appropriate access control system

Various Network Threats and Attacks

-Denial of Service -Distributed DoS -Mobile Code -Malicious Code -Wireless LAN Vulnerabilities -Spoofing -Sniffing -Eavesdropping -Masquerading -Instant Messaging

Access Controls

-Depending on the sensitivity of the information, and value of the equipment, electronic access controls may need to be installed --Smart Cards --Biometric Devices --Locks

OLTP Systems should:

-Detect when individual processes abort -Automatically restart an aborted process -Back out of a transaction of necessary -Have transaction logs record information on a transaction before it is processed, then mark it as processed after it is done

Damage Assessment

-Determine the extent of damage to the facility -Estimate the time needed to resume normal operations -Notify management of the findings

Domain Name System

-Distributed internet directory service -Global network of 'name servers' that translate host names to numerical IP addresses -Internet services rely on DNS to work, if DNS fails, web sites cannot be located and email delivery stalls -It is tree structured -Contains two elements: Name server and resolver

Countermeasures for Social Engineering

-Employee Accountability -Employee Security Awareness

Countermeasures for Espionage

-Employee Tracking and job rotation -Strict internal controls

BCP Planner/Coordinator

-Ensures that all elements of the plan are thoroughly addressed and an appropriate level of planning, preparation, and training have been accomplished -Serves as leader for the development team -Has direct access and authority to interact with all employees necessary to complete the plans -Is in a position within the organization to balance the needs of the organization with the needs of the individual business units that may be affected -Has knowledge of the business to be able to understand how a disaster can affect the organization -Has easy access to management -Is able to review the charter, mission statement, and executive viewpoint

Relational Database Security Issues

-Ensuring integrity of input data -Preventing deadlocking (stalemate when 2 or more processes are each waiting for the other to do something before they can proceed) -Access controls ensuring only authorized users are performing authorized activities

Phase 1. Project Management and Initiation

-Establish the need for a BCP -Obtain management support -Identify strategic internal and external resources to ensure that BCP matches overall business and technology plans -Establush the project management work plan that includes --Scope of the project --Identification of objectives --Determination of methods for organizing and managing development of the BCP --Identification of related tasks and responsibilities --Scheduling of formal meetings and task completion dates

Virus Types

-File infector -Boot sector infector -System infector -Email virus -Multipartite -Macro Virus -Script Virus -Hoax

How to prevent fire

-Fire containment system (floors, vents, HVAC) -Fire extinguishing system (permanent and mobile) -Abiding by the fire codes -fire prevention training and drills

Logic Bomb

-Generally implanted by an insider -Waits for condition or time -Triggers negative payload

Features of Lighting

-Good lighting is one of the most successful crime preventive measures -When used properly, light discourages unlawful activity, improves natural observation, and decreases fear -Typically used with other controls, such as fences, patrols, alarm systems

Infrastructure includes:

-Hardware -Software -Operating System and all associated functions -Applications -Utilities -Network Environment

Doors

-Hollow-core versus solid-core -Isolation of critical areas -Lighting of doorways -Contact devices (switches) -Mantraps (double door systems)

Countermeasures for Theft

-IDS and locked doors and keys -Access controls

Project Plan

-Identify and develop business continuity plan phases similar to traditional project plan phases. --Including problem investigation, problem definition, feasibility study, systems description, implementation, installation, and evaluation -Establish business continuity plan project characteristics --Such as goals/objectives, tasks, resources, time schedules, budget estimates, and critical success factors

Backdoor, Trapdoor

-Implanted intentionally in development, or by error, usually by an insider -Maintenance hook -Also bug/loophole/wormhole

Database Security Issues

-Inference -Aggregation -Unauthorized Access -Improper modification of data -Access Availability -Database Views -Query Attacks -Bypass attacks -Interception of data -Web security -Data contamination

Infrastructure vs. Architecture

-Infrastructure refers to the supporting elements needed for functionality -Architecture refers to the cohesive design of the elements

RAT

-Installed, usually remotely, after system installed and working, not in development -Trojan vs. tool -Rootkits require working account, RATs generally don't

Spyware and Adware

-Intended as marketing, not malice -Installed with other software --Seperate function -Generates unwanted or irrelevant advertising -Reports on user activities --Possibly other installed programs, possibly user surfin

Intrusion Detection Systems

-Intrusion attempts and any set of actions that attempt to gain unauthorized access are detected -Auditing for intrusion attempts in a timely basis

Countermeasures for Shoulder Surfing

-Keyboard keystroke placement -Awareness of your surroundings

Countermeasures for Dumpster Diving

-Layered defense system -Disposal Policy

Locks-Security Measures

-Lock and key control system -Key control procedures must be documented and followed --Procedures for issue, sign out, inventory, destruction, and lost keys -Combinations must be changed at specified times and under specified circumstances

Recovery Strategies Focus

-Meeting the pre-determined recovery time frames -Maintaining the operation of the critical business functions -Compiling the resource requirement -Identifying alternatives that are available for recovery

Locks

-Most accepted and used physical security device -Considered delay devices and not foolproof bars to entry- they are easily defeated -All lock types are subject to force and specific tools that can be used to gain entry -Should be just one aspect of many physical security controls

IM Security Issues

-Most lack encryption capabilities -Most have features to bypass traditional corporate firewalls -Insecure password management -Increased exposure to account hijacking and spoofing

Countermeasures for HVAC Access

-Narrow Shifts -Section lock downs

Potentially Disastrous Events

-Natural -System/Technical -Supply Systems (electrical power) -Human-Made/Political (Riots, vandalism)

Application Environment Threats

-Object Reuse (an object may contain sensitive residual data) -Garbage collection (de-allocation of storage following program execution -Trap doors/back doors (hidden mechanisms that bypass authentication measures, could enable unauthorized access)

Object Protection

-Objects are placed inside security containers such as safes, vaults, or locking file cabinets --Should be theft-resistant and fire-resistant --Steel containers with a locking device -Create good lock combinations, change them frequently, and monitor the distribution

Remote Access Threat

-Often provides undetected access to unprotected back doors -Brute force attack on locations prefix using "war dialer" is an example -Targets of opportunity

Subtopics

-Open system interconnection model -Transmission control protocol/internet protocol

Applications Environment

-Operating System (O/S) --First layer of software -Two objectives of O/S --Control use of system resources --Provide a convenient, east to understand view of the computer to users

Data Diddler

-Payload in a trojan or virus that deliberately corrupts data, generally by small increments over time

Layered Defense Model Subtopics

-Perimeter and Building grounds -Building entry points -inside the building-building floors/office suites -Data centers or server room security -computer equipment protection -object protection

Data Network Structures

-Personal area network -Wireless personal area network -Local area network -Metropolitan area network -Campus area network -Wide area network -Internet -Intranet -Extranet -Value added network -World wide web -Global area network

Perimeter Intrusion Detection Systems

-Photoelectric -Ultrasonic -Microwave -Passive infrared -Pressure-Sensitive

Return to Primary Site Example

-Plan for the return -Reactivate fire protection and other alarm systems -Planning is different from recovery plan - least critical work should be initiated first -Certify and accredit the system ready for operations -When notified that normal operations have resumed at the primary site, shutdown operations at the alternate site and return backup materials to storage

Computer Equipment Protections

-Portable device security includes items such as --Locking mechanisms for docking stations --Tracing software --Audible motion alarm --Encryption software --Constant control procedures --Inventory system --Anti-virus software

Electrical Power Countermeasures

-Power Loss --Surge Suppressors --UPS and UPS testing -Electrical facilities separated from data center --Generators

Requirements of a Business Continuity Planning

-Provide an immediate, accurate and measured response to emergency situations, with the overall goal of ensuring the safety of individuals -Mitigate the damage you are experiencing as a result of the disaster -Ensure the survivability of the business -Provide procedures and a listing of resources to assist in the recovery process

Transmission Control Protocol

-Provides reliable data transmission -Retransmits lost/damaged data segments -Sequences incoming segments to match original order -Marks every TCP packet with a source host and port number, as well as a destination host and port number

General Remote Access Safeguards

-Publish a clear/definitive remote access policy and enforce it through audit -Justify all remote users and review regularly, such as yearly -Identify and periodically audit all remote access facilities, lines and connections -Consolidate all general user dial up facilities into a central bank that is positioned on a DMZ -Use phone lines restricted to outbound access for dial up services -Set modems to answer after a predetermined number of rings -Consolidate remote access facilities when practical -Use personal firewalls and anti virus tools on remote computers

Locks Types --Keyless Locks

-Push-button (cipher) locks have buttons that are pushed in sequence to open the locks

Online Transaction Processing (OLTP)

-Records transactions are they occur in real time -Security concerns are concurrency and atomicity. --Concurrency controls ensure that two users cannot change the same data --Atomicity ensures that if one step fails, then all steps should not complete

Team Members

-Representatives also include, but are not limited to: --Senior Management, Chief Financial Officer --Legal Staff --Business Unit/Functions --Support Systems --Recovery team leaders --Information Security Department

Change Management Key Points

-Rigorous process that addresses quality assurance -Changes must be submitted, approved, tested and recorded -Should have a back out plan in case change is not successful

Site Location

-Security should include where the building is and how it should be built. Crime? Riots? Natural Disasters? Airport? Highway? Military Base?

OSI Model

-Seven layers -Data transfer is accomplished by a layer interacting with the layer above or below through the use of interface control info -ISO 7498 --Describes the OSI Model -Access Control -Data Integrity -Encipherment -Traffic Padding -Routing Control

Card Access controls or Biometric Systems

-Smart cards, magnetic stripe cards, proximity cards -Fingerprint, retina scans, signature dynamics, voice recognition, hand geometry

Malicious Software Definition

-Software or programs intentionally designed to include functions for penetrating a system, breaking security policies, or to carry malicious or damaging payloads -Programming bugs or errors are not generally included in the topic -Backdoors, data diddlers, DDoS, hoax warnings, logic bombs, pranks, RATs, trojans, viruses, worms, zombies

Windows

-Standard plate glass -Tempered glass -Acrylic materials -Polycarbonate Windows-glass and polycarbonite combinations combine the best quality of glass and acrylics

Typical Phases of a System Life Cycle

-Start Up -Acquisition and Development -Implementation -Operations and Maintenance -Decommissioning

Heating, Ventilation and Air Conditioning Practices

-Temperature Controls Protection -Emergency Detection System -Auto Shutoff Mechanisms -Proper Maintenance

BCP Scope

-The BCP should cover all aspects of an organization, including --Personnel --Facilities --Infrastructure --Support Systems --Information Systems

Phase II: Business Impact Analysis

-The BIA is a functional analysis that identifies the impacts should an outage occur. Impact is measured by the following --Allowable Business Interruption- the maximum tolerable downtime --Financial and operational considerations

Crime Prevention Through Environmental Design

-The physical environment of a building is changed or managed to produce behavioral effects that will assist in reducing the incidence and fear of crime -Focuses on the relationships between the social behavior of people and the environments

Gates

-The portions of a wall or fence system that control entrance and or egress by persons or vehicles and complete the perimeter of the defined area

Buffer Overflow

-The process of exploiting a program weakness by sending long strings of input data to a system that is not prepared to truncate it through proper bounds checking -Developers should take this type of vulnerability into account when developing and testing programs

Denial of Service

-The result of another person or process consuming the resources on the system and thus denying the resources for the use of others -When testing programs, test for how the application would respond to a DoS attack

Data Center or Server Room Security - Walls

-To the extent possible, walls should not form part of an external building -Walls should extend from the floor to the underside of the above floor slab

Data Encapsulation

-To transmit data across a layered network, the data passes through each layer of the protocol stack -It begins at the application layer with the application software passing the data to the next lower protocol in the stack -At each layer the data is encapsulated- the protocol processes the data in the format that the next protocol layer requires

DBMS should provide:

-Transaction persistence -Fault tolerance and recovery -Sharing by multiple users -Security controls

Tunneling

-Tunnleing is the act of packaging one network packet inside another -The tunnel is the vehicle for encapsulating packets inside a protocol that is understood at the entry and exit points of a given network -For confidentiality and integrity the tunnels should be encrypted

Lock Controls

-Used to control read and write access to specific rows of data in relational systems, or objects in object oriented systems -Locks ensure only one user at a time can alter data -Better programming logic and testing reduce deadlocking problems

Address Resolution Protocol

-Used when a node knows the network layer address, but needs the data link layer address to forward the encapsulating frame -The ARP software maintains a table of translations between IP addresses and data link addresses

Hoax

-Uses users rather than programming -'Meme' or mind virus, social engineering -Usually warns of a new virus -Can be a bigger problem than viruses themselves

Malware Types

-Virus -Worm -Hoax Warning -Trojan -Logic Bomb -Data Diddler -Backdoor -RAT -DDoS -Prank -Spyware/Adware -Botnets

Facility Construction Issues

-Walls, Windows, and Doors -Entry Points --Primary and secondary entrances --Windows --Roof Access --Maintenance Entrance --Emergency Exits --Loading Docks

Categories of Recovery Strategies

1. Business Recovery 2. Facility and Supply 3. User 4. Operational 5. Data

Plan testing strategies

1. Checklist 2. Structured walk through 3. Simulation 4. Parallel 5. Full interruption

Recovery Strategies Development Steps

1. Document all costs with each alternative 2. Obtain cost estimates for any outside services 3. Develop written agreements for such services 4. Evaluate resumption strategies based on full loss of the facility 5. Docuement recovery strategies and present to management for comments and approval

Attack Methodology

1. Identify the target and collect info 2. Analyze the target to identify vulnerability 3. Gain access to target 4. Escalate privileges 5. Complete the attack

Phases of the BCP Subtopics

1. Project Management and Initiation 2. Business Impact Analysis 3. Recovery Strategy 4. Plan Design and Development 5. Testing, Maintenance, Awareness and Training

Example of a recovery process

1. Respond to the disaster 2. Recover critical functions 3. recover non critical functions 4. salvage and repair 5. return to primary site

8 Steps for the BIA

1. Select Interviewees 2. Determine information gathering techniques 3. Customize questionnaire to gather economic and operational impact information 4. Analyze information 5. Determine the time-critical business systems 6. Determine maximum tolerable downtimes 7. Prioritize critical business systems based on maximum tolerable downtimes 8. Document findings and report recommendations

Stages of BCM

1. Understanding your business 2. Business continuity strategies 3. Develop and implement business continuity response 4. Building and imbedding a continuity culture 5. Maintenance and audit 6. Program management

Hot Site

A fully operational off-site data-processing facility equipped with hardware and system software to be used in the event of a disaster. EXCEPT data/staff Takes minutes to hours to use

Security Architecture

A high level design used to satisfy a systems security requirements as defined in an organizations security policy

Sag/Dip

A short period of low voltage

Dumpster Diving

Access to sensitive corporate information. Gain information to make an attack

Mirror Site

Actively running identical processes in parallel (high cost, instant)

Lock Controls - the ACID Test

Atomicity- either all changes take affect or none do Consistency- a transaction is allowed only if it meets owner/syatem defined integrity constraints Isolation- the results of the transaction are not visible until the transaction is complete Durability- a completed transaction is permanent

Security Foundation

Core security program and architecture established -Active executive participation -Owner, custodian, stakeholder alignment -Assigned responsibility, accountability, and authority -Security life cycle -Business and IT alignment

Fire

Damage and destruction of facilities/equipment

Data Network Components

Data network components include -Mainframe/Server Hosts -File Servers -Workstations -Software-Network operating system and applications

Data Network Components

Data network components include: -Network adapter/network interface card -Hub/concentration/repeater -Bridges -Switches -Routers -Gateways

Major Elements

Database Hardware Software Users

Enterprise Security Architecture

Defines the information security strategy that consists of layers of policy, standards, and procedures and the way they are linked across an enterprise

Operational Recovery

Determine the necessary equipment configurations such as -Mainframes, LANs, microocomputers, peripherals, -Explore opportunities for integration/consolidation -Usage paramters Data communications configurations include -Switching equipment, routers, bridges, gateways Outline alternative strategies for technical capabilities, such as network infrastructure components Options include -Hot sitem Warm site, cold site, mobile site -Reciprocal or mutual aid agreements -Multiple processing centers -Service bureaus

Plan Maintenance Goal

Develop processes that maintain the currency of continuity capabilities and the BCP document in accordance with the organizations strategic direction. This includes: -Changing management procedures -Resolving problems found during testing -Building maintenance procedures into the process -Centralizing responsibility for updates -Reporting results regularly to team members

Databases

Developed to manage information from many sources in one location. --Eliminates the need for duplication of information in the system --Preserves storage space --Prevents inconsistency in data by making changes in one central location

Confidentiality

Direct loss (backdoors, viruses) Indirect loss: Consequential damage due to unauthorized disclosure of confidential information

Power Loss

Disruption/stop in operations

Electrical Power

Disruptions in electrical power can have a serious business impact :Goal is to have "clean and steady power" -Dedicated feeders -Alternate power source -Access Controls-Secure breaker and transformer rooms

The Business Continuity Planning

Domain addresses the preservation and recovery of the business in the event of outages to normal business operations

Virtual Private Network (VPN)

Dynamically established secure network link between two specific network nodes or subnets using a secure encapsulate method -Uses tunneling and encryption to protect private traffic over an untrusted network

Natural/Environmental Threats

Earthquakes, floods, storms, hurricanes, fires

Business Enablement

End to End transaction integrity -Policy and standards -Awareness and training -People, process and technology driven requirements -Consistent application of solution models -Zone analysis for end to end transaction integrity

Process Enhancement

Evolutionary integration and consistent execution of security across the enterprise -Key security standards, model and criteria proactively championed through existing enterprise wide management processes -Roles and responsibilities clearly defined and championed

DDoS Zombie

Expands effect of denial of service -Middle of master/attacker-agent -Hides attacker, multiplies attack

Gas Leakage

Explosion

Human-Made/Political Events Threats

Explosions, vandalism, theft, terrorist attack, riots

Carbon Dioxide

Extinguishes provide a colorless, odorless chemical that displaces oxygen in the air

User Recovery

Focus is on personnel requirements such as -Manual procedures -Vital record storage (Medical, personnel) -Employee transportation -Critical documentation and forms -User workplace and equipment -Alternate site access procedures -Procedures for the organizations employees to follow during the outage include items such as -Team responsibilities -Distribution of information -Manual processing techniques -Disaster policies -Notification procedures -High priority tasks -Emergency accountung -Checklists

Business Recovery

Focus is on the critical resources and the maximum tolerable downtime for each business/support unit system. This may include the identification of -Critical IT system hardware, software, and data -Critical equipment, supplies, furniture, and office space -Key personnel for each business unit and support unit, such as Operations, Facilities, Security, etc.

Software and Data Recovery

Focus is on the recovery of information (data). -Backing up and off site storage -Electronic vaulting -On-line tape vaulting -Remote journaling -Database shawdowing -Standby services -Software escrow

Gas Threats

Gas leakage -identify location and test the main shut off valve -Secure the natural gas line -communicate natural gas line design to fire department -clearly mark shutoff valves

Fire Suppression

How to extinguish and contain a fire to minimize damage

IP Security Issues

IP Fragmentation Attacks -Tiny fragment attack -Overlapping fragment attack -Teardrop denial of service attack IP Address Spoofing Source Routing Smurf and Fraggle IP Tunneling over other products

BCP Design and Development

In this phase the team prepares and documents a detailed plan for recovery of critical business systems. End products include: -Business and Service Recovery Plans -Plan maintenance Programs -Employee Awareness and Training Programs -Test Method Descriptions -Restoration Plans

Testing, Maintenance, Awareness and Training

In this phase, plans for testing and maintaining the BCP are implemented and also awareness and training procedures are executed

Brownout

Intentional reduction of voltage by the utility company for a prolonged period of time

Theft

Internal/External results in increased costs

Intrusion Prevention Systems

Intrusions are prevented

Lighting

Is the illumination of a locale, typically by artificial means such as light fixtures or lamps. -A consistent level of light supplying reasonably good visibility needs to be available

Access Controls

Limit access and control the flow of access

Network Aware

Moder malware is network aware. -New means of spread -New methods of attack -New payloads

FM200

Most effective alternative- requires 7% concentration

Enterprise

Multiple internal networks, internal areas of domains, and various internal devices and systems, applications, and a diverse user presence as a single collective unit

BotNets

Networks of infected machines -for distributed denial of service -as proxies for SPAM -often controlled via internet relay chat servers

3 Key Strategies To Crime Prevention Through Environmental Design-Territoriality

People protect territory that is their own

Lock Types --Smart Locks

Permit only authorized people into certain doors at certain times. An example is a magnetic stripe card that is time-sensitive

Plan Maintenance Functions

Plan maintenance functions are -Receive and monitor input on needed revisions -Plan maintenance reviews as needed -Monitor changes within business units, such as upgrades to systems -Control plan maintenance distribution- who receives a copy of plan updates -Ensuring version control- obsolete editions of the plan are collected and destroyed

Plan Testing

Plan testing ensures that the business continuity capability remain effective, regardless of the disaster. It includes -Testing objectives -Measurement criteria -Test schedules -Post-test reviews -Test results reported to management

Blackout

Prolonged loss of commercial power

Managements Expectation

Protect the company, make it easy for users, don't stand in the way of progress and do it as cheaply as possible

Trojan Horse

Purported to be a positive utility -Hidden negative payload -Social engineering

Recovery Strategies

Recovery Strategies are a set of pre-defined and management approved actions that will be followed and implemented in response to a business interruption

Worm

Reproduces -Generally uses loopholes in systems --Does not involve user -Often attacks server software of some type

Restoration Actions

Restoration operations involve restoring the primary site to normal operation conditions. -Complete an assessment of all damage -Initiate cleanup of the primary site -Implement necessary replacement procedures -Move unused backup materials from the alternate site to the primary site -Do least critical work first -Perform installations and updates of programs and data -Certify and accredit the system at the primary site -Initiate normal processing

Shoulder Surfing

Results in unauthorized access. Looking over someones shoulder to gain information

Malformed Input Attacks

SQL Injection- Inserting a series of SQL statements into a query by manipulating data input into an application

Secure Shell (SSH, SSH2)

SSH -Powerful method of performing client authentication -Safeguards multiple service sessions between two systems Provides support for -Host and user authentication -Data compression -Data confidentiality and integrity Credentials are validated by digital certificate exchange using RSA

View Based Access Controls

Security achieved through the appropriate use of 'views' -Allows the database to be logically divided into pieces- sensitive data is hidden from unauthorized users -Controls are located in the front-end application that the user interfaces with and not the back end query engine

Availability

Security actions that ensure that data is accessible to authorized users.

The Enterprise Security Architecture..

Strategic- longer life than a blueprint, design specification, topology or configuration -Constrained by current or changing circumstances if too specific -Cannot provide good guidance if it is too general -Support long term view of technical direction, not short term technical constraints -Business centered acceptance and management of risk -Allows for multiple implementations depending on requirements

Surge

Sudden rise in voltage in the power supply

CCTV Levels-Recognition

The ability to determine the type of object

Physical Security

The physical measures and their associated procedures to safeguard and protect against -Damage -Loss -Theft Implementing controls that discourage attackers by convincing them that the cost of attacking is greater than the value received from the attack

TCP/IP

The protocols in the TCP/IP suite work together to: -Break the data into small pieces that can be efficiently handled by the network -Communicate the destination of the data to the network -Verify the receipt of the data on the other end of the transmission -Reconstruct the data in its original form

Detection

WLAN will generate and broadcast detectable radio waves for a great distance

Water Threats

Water Detection Sensors -Raised floors -Emergency shut off valves -Server room above ground level Water pipes not located above server rooms

Decommissioning/Disposal

When an asset is being taken out of production and is decommissioned or retired, the asset owner shall ensure the following stages are adhered to -Information Recovery Protection -Media Sanitization -Hardware and Software Disposal

Time of Check/Time of Use

When control information is changed between the time that the system security functions check the contents of the variables and when the variables are actually used

Integrity

honesty, decency. Trust relationships. Formal-Technical trust between subnet and domains Informal-Social relations between partners, customers and clients