ISMN 5730 Final
CCTV Levels- Detection
The ability to detect the presence of an object
CCTV Levels-Identification
The ability to determine the object details
BCP Document
The final aspect of this phase is to combine all of the various steps into the organizations BCP. This plan should then be interfaced with the organizations other emergency plan
Architecture
The highest level concept of a system in its environment
Team Members
The same people who would be responsible for executing the plan in the event of an outage, must also be involved in preparing the BCP
Remote Access Services
Typically conducted over an untrusted network -Increased risk to disclosure, modification and denial of service -Remote access security minimums -Rapid growth of remote access via the internet --Wide availability -Economical
Eavesdropping
WLAN signals extend beyond physical security boundaries -Standard wired equivalent privacy encryption is often not used -When used, WEP is flawed and vulnerable -No user authentication in WEP
5 Support System Threats
-Fire -HVAC -Gas Leakage -Power Loss -Water
Computer Equipment Protections-Portable Device Security
-Involves protecting the device, protecting the data on the device, and keeping the security controls easy for the user
Architecture
-Principles -Concepts -Methods -Practices -Standards --Shift from an IT-centric to a business-centric security process to more effectively manage risk
Systems Life Cycle
-Project management-based methodology used to plan, execute, and control software development and maintenance -Provides a framework for the phases of software development projects and includes disposal stage -Involves teams of developers, analysts, owners, users, technical experts, and security experts
Guard Stations
-Security forces (guards) can provide a deterrence to unauthorized entry. In some cases, may also prevent unauthorized entry
The Target
-Sensitive and critical information -Computing services, such as storage space and other resources -Toll telephone services -Voice mail -Network access to interconnected networks, such as customers or business partners
Perimeter Intrusion Detection Systems
-Sensors that detect access into an area
Landscaping
-Shrubs or trees can provide a barrier an entry point -Spiny shrubs make it harder for an intruder to cross the barrier
6 Key Malicious Threats
-Theft -HVAC Access -Shoulder Surfing -Social Engineering -Dumpster Diving -Espionage
Goals of Physical Security
1. Deter 2. Delay 3. Detect 4. Assess 5. Respond
HVAC
Access via HVAC vents
Remote Access Technologies
Allows users to access network information through a dial in wireless connection
Internet Access
Allows users to access network information through an internet service provider connection (ISP)
Cold Site
Basic HVAC and connections. (Weeks to months)
Utility Systems Threats
Communication outages, power outages
Water
Flooding/dripping
Facility and Supply Recovery
Focus is on restoration and recovery such as -Facility- main building, remote ory- supplies, equipment, paper, forms -Equipment- network environments, servers, mainframe, microcomputers, etc -Telecommunications- voice and data -Documentation- application, technical materials -transportation- movement of equipment, personnel -Supporting equipment- HVAC, safety, security
Surveillance
High degree of visual control
Social Engineering
Intelligence Attack. Getting people to give in to give you information/ credit or social info
Malicious Threats are?
Intentional
Espionage
Loss of intellectual property and market share. Steals classified data
Fault
Momentary loss of power
HVAC
Overheating/overcooling
Warm Site
Partially prepared for operations (days-weeks)
Fire Detection
Receive warnings of fire before to becomes a problem
Fire Prevention
Reduce causes of fire
Physical Safety Requirements -Life Safety
Safety of people is the primary concern
Disaster
-A disaster is something that interrupts normal business process --A disaster is defined as a sudden, unplanned calamitous event that brings about great damage or loss --In the business environment, it is any event that creates an inability on an organizations part to support critical business functions for some predetermined period of time
Bollards
-A rising post designed for use in traffic control and protecting property premises -Provides security against vehicles ramming into, or stopping near buildings -Lighted bollards can be used for lighting controls along parks, paths, sidewalks, etc.
Network Protocol Definition
-A standard set of rules that governs the exchange of data between hardware and software components in a communications network -A network protocol also describes the format of a message and how it is exchanged --When computers communicate with one another, they exchange a series of messages --To understand and act on these messages, computers must agree on what a message means
Business Continuity Management
-A strategic and operational framework to review the way an organization provides its products and services while increasing its reliance to disruption, interruption or loss -Provides a framework for building resilience and the capability for an effective response which safeguards the interests of a company key stakeholders, reputation, brand and value creating activities
Closed Circuit Television
-A television transmission system that uses cameras to transmit pictures by a transmission medium to connected monitors -The transmission media can use wired or wireless technologies -EX: Cameras attached to fences or stoplights
Intrusion Prevention Systems
-Ability to block attacks in real time -Actively intercept and forward packets -Considered access control and policy enforcement whereas IDS is considered network monitoring and audit -Preventive control
Strategic Alignment Key Considerations
-Active executive participation -Owner, custodian, stakeholder alignment -Assigned responsibility, accountability and authority -Security Life Cycle -Business and IT alignment -Security process and management fundamentals -All stakeholders speaking the same language
BCP
-An approved set of advanced arrangements and procedures that enable an organization to --Ensure the safety of people --Minimize the amount of loss --Repair or replace the damaged facilities as soon as possible --Continuity plans address every critical function of an enterprise
Subtopics
-Applications Environment -Database Environment -Environment Threats -System Life Cycle -Change Management
Layered Defense Model
-Approaching security through layers of controls -Multi Layered -Starts with the perimeter, then building grounds, then building entry points, etc.
Architecture Facts
-Are fundamental statements of value, operation or belief that defines the overall approach to IT security -Define the philosophy of the organization that directs the definition of the security policies -Will require formal commitment from the executives to be relied upon for guidance and -Often are challenging to define --May require assistance with scope definition and management, issue validation and the definition of the resulting security principles
Fences
-Are used to enclose security areas and designate property boundaries -Should meet specific gauge and fabric specifications -High-security areas may need a "top guard" (barb wire at top) -Should meet certain height and location provisions -Fences must be checked and repaired on a regular basis -Fence fabric must be securely attached to poles -Be sure that vegetation or adjacent structures cannot provide a "bridge" over the fence
DNS Security Issues
-Attackers have been known to corrupt the tree and obtain access to a trusted machine -The name servers can be poisoned so that legitimate addresses are replaced -Unauthorized users could discover sensitive information if querying is allowed by users
Virus
-Central characteristic is reproduction -Generally requires some action by the user -May or may not carry payloads -Payload may or may not be damaging
Surveillance Devices
-Closed-circuit television
Executable Content/Mobile Code
-Code that is downloaded to the users machine and executed -Running programs on a computer may given the program unexpected access to resources on the machine EX: -Web applets- mini programs written in Java that are automatically loaded and run -Dynamic email- Active scripts/messages are included in email messages
Inside the Building, Building Floors, Office Suites, Offices
-Compartmentalized Areas -Support System Controls -Fire Protection -Intrusion Detection Systems
IP Addresses
-Composed of 32-bit addresses that are often displayed in the form of four groups of decimal digits separated by a period/dot -Each group of numbers cannot be larger than 254
Applications Software
-Comprised of programs, processes, utilities, drivers, etc to provide user functionality and support business activities -Allows users to execute and perform computerized tasks
Types of Lighting
-Continuous lighting --Glare projection lighting --Flood lighting -Trip lighting -Standby lighting -Emergency lighting
Compartmentalized Areas
-Defines a location where sensitive equipment is stored and where sensitive information is processed -Must have a higher level of security controls -To be effective, they need an appropriate access control system
Various Network Threats and Attacks
-Denial of Service -Distributed DoS -Mobile Code -Malicious Code -Wireless LAN Vulnerabilities -Spoofing -Sniffing -Eavesdropping -Masquerading -Instant Messaging
Access Controls
-Depending on the sensitivity of the information, and value of the equipment, electronic access controls may need to be installed --Smart Cards --Biometric Devices --Locks
OLTP Systems should:
-Detect when individual processes abort -Automatically restart an aborted process -Back out of a transaction of necessary -Have transaction logs record information on a transaction before it is processed, then mark it as processed after it is done
Damage Assessment
-Determine the extent of damage to the facility -Estimate the time needed to resume normal operations -Notify management of the findings
Domain Name System
-Distributed internet directory service -Global network of 'name servers' that translate host names to numerical IP addresses -Internet services rely on DNS to work, if DNS fails, web sites cannot be located and email delivery stalls -It is tree structured -Contains two elements: Name server and resolver
Countermeasures for Social Engineering
-Employee Accountability -Employee Security Awareness
Countermeasures for Espionage
-Employee Tracking and job rotation -Strict internal controls
BCP Planner/Coordinator
-Ensures that all elements of the plan are thoroughly addressed and an appropriate level of planning, preparation, and training have been accomplished -Serves as leader for the development team -Has direct access and authority to interact with all employees necessary to complete the plans -Is in a position within the organization to balance the needs of the organization with the needs of the individual business units that may be affected -Has knowledge of the business to be able to understand how a disaster can affect the organization -Has easy access to management -Is able to review the charter, mission statement, and executive viewpoint
Relational Database Security Issues
-Ensuring integrity of input data -Preventing deadlocking (stalemate when 2 or more processes are each waiting for the other to do something before they can proceed) -Access controls ensuring only authorized users are performing authorized activities
Phase 1. Project Management and Initiation
-Establish the need for a BCP -Obtain management support -Identify strategic internal and external resources to ensure that BCP matches overall business and technology plans -Establush the project management work plan that includes --Scope of the project --Identification of objectives --Determination of methods for organizing and managing development of the BCP --Identification of related tasks and responsibilities --Scheduling of formal meetings and task completion dates
Virus Types
-File infector -Boot sector infector -System infector -Email virus -Multipartite -Macro Virus -Script Virus -Hoax
How to prevent fire
-Fire containment system (floors, vents, HVAC) -Fire extinguishing system (permanent and mobile) -Abiding by the fire codes -fire prevention training and drills
Logic Bomb
-Generally implanted by an insider -Waits for condition or time -Triggers negative payload
Features of Lighting
-Good lighting is one of the most successful crime preventive measures -When used properly, light discourages unlawful activity, improves natural observation, and decreases fear -Typically used with other controls, such as fences, patrols, alarm systems
Infrastructure includes:
-Hardware -Software -Operating System and all associated functions -Applications -Utilities -Network Environment
Doors
-Hollow-core versus solid-core -Isolation of critical areas -Lighting of doorways -Contact devices (switches) -Mantraps (double door systems)
Countermeasures for Theft
-IDS and locked doors and keys -Access controls
Project Plan
-Identify and develop business continuity plan phases similar to traditional project plan phases. --Including problem investigation, problem definition, feasibility study, systems description, implementation, installation, and evaluation -Establish business continuity plan project characteristics --Such as goals/objectives, tasks, resources, time schedules, budget estimates, and critical success factors
Backdoor, Trapdoor
-Implanted intentionally in development, or by error, usually by an insider -Maintenance hook -Also bug/loophole/wormhole
Database Security Issues
-Inference -Aggregation -Unauthorized Access -Improper modification of data -Access Availability -Database Views -Query Attacks -Bypass attacks -Interception of data -Web security -Data contamination
Infrastructure vs. Architecture
-Infrastructure refers to the supporting elements needed for functionality -Architecture refers to the cohesive design of the elements
RAT
-Installed, usually remotely, after system installed and working, not in development -Trojan vs. tool -Rootkits require working account, RATs generally don't
Spyware and Adware
-Intended as marketing, not malice -Installed with other software --Seperate function -Generates unwanted or irrelevant advertising -Reports on user activities --Possibly other installed programs, possibly user surfin
Intrusion Detection Systems
-Intrusion attempts and any set of actions that attempt to gain unauthorized access are detected -Auditing for intrusion attempts in a timely basis
Countermeasures for Shoulder Surfing
-Keyboard keystroke placement -Awareness of your surroundings
Countermeasures for Dumpster Diving
-Layered defense system -Disposal Policy
Locks-Security Measures
-Lock and key control system -Key control procedures must be documented and followed --Procedures for issue, sign out, inventory, destruction, and lost keys -Combinations must be changed at specified times and under specified circumstances
Recovery Strategies Focus
-Meeting the pre-determined recovery time frames -Maintaining the operation of the critical business functions -Compiling the resource requirement -Identifying alternatives that are available for recovery
Locks
-Most accepted and used physical security device -Considered delay devices and not foolproof bars to entry- they are easily defeated -All lock types are subject to force and specific tools that can be used to gain entry -Should be just one aspect of many physical security controls
IM Security Issues
-Most lack encryption capabilities -Most have features to bypass traditional corporate firewalls -Insecure password management -Increased exposure to account hijacking and spoofing
Countermeasures for HVAC Access
-Narrow Shifts -Section lock downs
Potentially Disastrous Events
-Natural -System/Technical -Supply Systems (electrical power) -Human-Made/Political (Riots, vandalism)
Application Environment Threats
-Object Reuse (an object may contain sensitive residual data) -Garbage collection (de-allocation of storage following program execution -Trap doors/back doors (hidden mechanisms that bypass authentication measures, could enable unauthorized access)
Object Protection
-Objects are placed inside security containers such as safes, vaults, or locking file cabinets --Should be theft-resistant and fire-resistant --Steel containers with a locking device -Create good lock combinations, change them frequently, and monitor the distribution
Remote Access Threat
-Often provides undetected access to unprotected back doors -Brute force attack on locations prefix using "war dialer" is an example -Targets of opportunity
Subtopics
-Open system interconnection model -Transmission control protocol/internet protocol
Applications Environment
-Operating System (O/S) --First layer of software -Two objectives of O/S --Control use of system resources --Provide a convenient, east to understand view of the computer to users
Data Diddler
-Payload in a trojan or virus that deliberately corrupts data, generally by small increments over time
Layered Defense Model Subtopics
-Perimeter and Building grounds -Building entry points -inside the building-building floors/office suites -Data centers or server room security -computer equipment protection -object protection
Data Network Structures
-Personal area network -Wireless personal area network -Local area network -Metropolitan area network -Campus area network -Wide area network -Internet -Intranet -Extranet -Value added network -World wide web -Global area network
Perimeter Intrusion Detection Systems
-Photoelectric -Ultrasonic -Microwave -Passive infrared -Pressure-Sensitive
Return to Primary Site Example
-Plan for the return -Reactivate fire protection and other alarm systems -Planning is different from recovery plan - least critical work should be initiated first -Certify and accredit the system ready for operations -When notified that normal operations have resumed at the primary site, shutdown operations at the alternate site and return backup materials to storage
Computer Equipment Protections
-Portable device security includes items such as --Locking mechanisms for docking stations --Tracing software --Audible motion alarm --Encryption software --Constant control procedures --Inventory system --Anti-virus software
Electrical Power Countermeasures
-Power Loss --Surge Suppressors --UPS and UPS testing -Electrical facilities separated from data center --Generators
Requirements of a Business Continuity Planning
-Provide an immediate, accurate and measured response to emergency situations, with the overall goal of ensuring the safety of individuals -Mitigate the damage you are experiencing as a result of the disaster -Ensure the survivability of the business -Provide procedures and a listing of resources to assist in the recovery process
Transmission Control Protocol
-Provides reliable data transmission -Retransmits lost/damaged data segments -Sequences incoming segments to match original order -Marks every TCP packet with a source host and port number, as well as a destination host and port number
General Remote Access Safeguards
-Publish a clear/definitive remote access policy and enforce it through audit -Justify all remote users and review regularly, such as yearly -Identify and periodically audit all remote access facilities, lines and connections -Consolidate all general user dial up facilities into a central bank that is positioned on a DMZ -Use phone lines restricted to outbound access for dial up services -Set modems to answer after a predetermined number of rings -Consolidate remote access facilities when practical -Use personal firewalls and anti virus tools on remote computers
Locks Types --Keyless Locks
-Push-button (cipher) locks have buttons that are pushed in sequence to open the locks
Online Transaction Processing (OLTP)
-Records transactions are they occur in real time -Security concerns are concurrency and atomicity. --Concurrency controls ensure that two users cannot change the same data --Atomicity ensures that if one step fails, then all steps should not complete
Team Members
-Representatives also include, but are not limited to: --Senior Management, Chief Financial Officer --Legal Staff --Business Unit/Functions --Support Systems --Recovery team leaders --Information Security Department
Change Management Key Points
-Rigorous process that addresses quality assurance -Changes must be submitted, approved, tested and recorded -Should have a back out plan in case change is not successful
Site Location
-Security should include where the building is and how it should be built. Crime? Riots? Natural Disasters? Airport? Highway? Military Base?
OSI Model
-Seven layers -Data transfer is accomplished by a layer interacting with the layer above or below through the use of interface control info -ISO 7498 --Describes the OSI Model -Access Control -Data Integrity -Encipherment -Traffic Padding -Routing Control
Card Access controls or Biometric Systems
-Smart cards, magnetic stripe cards, proximity cards -Fingerprint, retina scans, signature dynamics, voice recognition, hand geometry
Malicious Software Definition
-Software or programs intentionally designed to include functions for penetrating a system, breaking security policies, or to carry malicious or damaging payloads -Programming bugs or errors are not generally included in the topic -Backdoors, data diddlers, DDoS, hoax warnings, logic bombs, pranks, RATs, trojans, viruses, worms, zombies
Windows
-Standard plate glass -Tempered glass -Acrylic materials -Polycarbonate Windows-glass and polycarbonite combinations combine the best quality of glass and acrylics
Typical Phases of a System Life Cycle
-Start Up -Acquisition and Development -Implementation -Operations and Maintenance -Decommissioning
Heating, Ventilation and Air Conditioning Practices
-Temperature Controls Protection -Emergency Detection System -Auto Shutoff Mechanisms -Proper Maintenance
BCP Scope
-The BCP should cover all aspects of an organization, including --Personnel --Facilities --Infrastructure --Support Systems --Information Systems
Phase II: Business Impact Analysis
-The BIA is a functional analysis that identifies the impacts should an outage occur. Impact is measured by the following --Allowable Business Interruption- the maximum tolerable downtime --Financial and operational considerations
Crime Prevention Through Environmental Design
-The physical environment of a building is changed or managed to produce behavioral effects that will assist in reducing the incidence and fear of crime -Focuses on the relationships between the social behavior of people and the environments
Gates
-The portions of a wall or fence system that control entrance and or egress by persons or vehicles and complete the perimeter of the defined area
Buffer Overflow
-The process of exploiting a program weakness by sending long strings of input data to a system that is not prepared to truncate it through proper bounds checking -Developers should take this type of vulnerability into account when developing and testing programs
Denial of Service
-The result of another person or process consuming the resources on the system and thus denying the resources for the use of others -When testing programs, test for how the application would respond to a DoS attack
Data Center or Server Room Security - Walls
-To the extent possible, walls should not form part of an external building -Walls should extend from the floor to the underside of the above floor slab
Data Encapsulation
-To transmit data across a layered network, the data passes through each layer of the protocol stack -It begins at the application layer with the application software passing the data to the next lower protocol in the stack -At each layer the data is encapsulated- the protocol processes the data in the format that the next protocol layer requires
DBMS should provide:
-Transaction persistence -Fault tolerance and recovery -Sharing by multiple users -Security controls
Tunneling
-Tunnleing is the act of packaging one network packet inside another -The tunnel is the vehicle for encapsulating packets inside a protocol that is understood at the entry and exit points of a given network -For confidentiality and integrity the tunnels should be encrypted
Lock Controls
-Used to control read and write access to specific rows of data in relational systems, or objects in object oriented systems -Locks ensure only one user at a time can alter data -Better programming logic and testing reduce deadlocking problems
Address Resolution Protocol
-Used when a node knows the network layer address, but needs the data link layer address to forward the encapsulating frame -The ARP software maintains a table of translations between IP addresses and data link addresses
Hoax
-Uses users rather than programming -'Meme' or mind virus, social engineering -Usually warns of a new virus -Can be a bigger problem than viruses themselves
Malware Types
-Virus -Worm -Hoax Warning -Trojan -Logic Bomb -Data Diddler -Backdoor -RAT -DDoS -Prank -Spyware/Adware -Botnets
Facility Construction Issues
-Walls, Windows, and Doors -Entry Points --Primary and secondary entrances --Windows --Roof Access --Maintenance Entrance --Emergency Exits --Loading Docks
Categories of Recovery Strategies
1. Business Recovery 2. Facility and Supply 3. User 4. Operational 5. Data
Plan testing strategies
1. Checklist 2. Structured walk through 3. Simulation 4. Parallel 5. Full interruption
Recovery Strategies Development Steps
1. Document all costs with each alternative 2. Obtain cost estimates for any outside services 3. Develop written agreements for such services 4. Evaluate resumption strategies based on full loss of the facility 5. Docuement recovery strategies and present to management for comments and approval
Attack Methodology
1. Identify the target and collect info 2. Analyze the target to identify vulnerability 3. Gain access to target 4. Escalate privileges 5. Complete the attack
Phases of the BCP Subtopics
1. Project Management and Initiation 2. Business Impact Analysis 3. Recovery Strategy 4. Plan Design and Development 5. Testing, Maintenance, Awareness and Training
Example of a recovery process
1. Respond to the disaster 2. Recover critical functions 3. recover non critical functions 4. salvage and repair 5. return to primary site
8 Steps for the BIA
1. Select Interviewees 2. Determine information gathering techniques 3. Customize questionnaire to gather economic and operational impact information 4. Analyze information 5. Determine the time-critical business systems 6. Determine maximum tolerable downtimes 7. Prioritize critical business systems based on maximum tolerable downtimes 8. Document findings and report recommendations
Stages of BCM
1. Understanding your business 2. Business continuity strategies 3. Develop and implement business continuity response 4. Building and imbedding a continuity culture 5. Maintenance and audit 6. Program management
Hot Site
A fully operational off-site data-processing facility equipped with hardware and system software to be used in the event of a disaster. EXCEPT data/staff Takes minutes to hours to use
Security Architecture
A high level design used to satisfy a systems security requirements as defined in an organizations security policy
Sag/Dip
A short period of low voltage
Dumpster Diving
Access to sensitive corporate information. Gain information to make an attack
Mirror Site
Actively running identical processes in parallel (high cost, instant)
Lock Controls - the ACID Test
Atomicity- either all changes take affect or none do Consistency- a transaction is allowed only if it meets owner/syatem defined integrity constraints Isolation- the results of the transaction are not visible until the transaction is complete Durability- a completed transaction is permanent
Security Foundation
Core security program and architecture established -Active executive participation -Owner, custodian, stakeholder alignment -Assigned responsibility, accountability, and authority -Security life cycle -Business and IT alignment
Fire
Damage and destruction of facilities/equipment
Data Network Components
Data network components include -Mainframe/Server Hosts -File Servers -Workstations -Software-Network operating system and applications
Data Network Components
Data network components include: -Network adapter/network interface card -Hub/concentration/repeater -Bridges -Switches -Routers -Gateways
Major Elements
Database Hardware Software Users
Enterprise Security Architecture
Defines the information security strategy that consists of layers of policy, standards, and procedures and the way they are linked across an enterprise
Operational Recovery
Determine the necessary equipment configurations such as -Mainframes, LANs, microocomputers, peripherals, -Explore opportunities for integration/consolidation -Usage paramters Data communications configurations include -Switching equipment, routers, bridges, gateways Outline alternative strategies for technical capabilities, such as network infrastructure components Options include -Hot sitem Warm site, cold site, mobile site -Reciprocal or mutual aid agreements -Multiple processing centers -Service bureaus
Plan Maintenance Goal
Develop processes that maintain the currency of continuity capabilities and the BCP document in accordance with the organizations strategic direction. This includes: -Changing management procedures -Resolving problems found during testing -Building maintenance procedures into the process -Centralizing responsibility for updates -Reporting results regularly to team members
Databases
Developed to manage information from many sources in one location. --Eliminates the need for duplication of information in the system --Preserves storage space --Prevents inconsistency in data by making changes in one central location
Confidentiality
Direct loss (backdoors, viruses) Indirect loss: Consequential damage due to unauthorized disclosure of confidential information
Power Loss
Disruption/stop in operations
Electrical Power
Disruptions in electrical power can have a serious business impact :Goal is to have "clean and steady power" -Dedicated feeders -Alternate power source -Access Controls-Secure breaker and transformer rooms
The Business Continuity Planning
Domain addresses the preservation and recovery of the business in the event of outages to normal business operations
Virtual Private Network (VPN)
Dynamically established secure network link between two specific network nodes or subnets using a secure encapsulate method -Uses tunneling and encryption to protect private traffic over an untrusted network
Natural/Environmental Threats
Earthquakes, floods, storms, hurricanes, fires
Business Enablement
End to End transaction integrity -Policy and standards -Awareness and training -People, process and technology driven requirements -Consistent application of solution models -Zone analysis for end to end transaction integrity
Process Enhancement
Evolutionary integration and consistent execution of security across the enterprise -Key security standards, model and criteria proactively championed through existing enterprise wide management processes -Roles and responsibilities clearly defined and championed
DDoS Zombie
Expands effect of denial of service -Middle of master/attacker-agent -Hides attacker, multiplies attack
Gas Leakage
Explosion
Human-Made/Political Events Threats
Explosions, vandalism, theft, terrorist attack, riots
Carbon Dioxide
Extinguishes provide a colorless, odorless chemical that displaces oxygen in the air
User Recovery
Focus is on personnel requirements such as -Manual procedures -Vital record storage (Medical, personnel) -Employee transportation -Critical documentation and forms -User workplace and equipment -Alternate site access procedures -Procedures for the organizations employees to follow during the outage include items such as -Team responsibilities -Distribution of information -Manual processing techniques -Disaster policies -Notification procedures -High priority tasks -Emergency accountung -Checklists
Business Recovery
Focus is on the critical resources and the maximum tolerable downtime for each business/support unit system. This may include the identification of -Critical IT system hardware, software, and data -Critical equipment, supplies, furniture, and office space -Key personnel for each business unit and support unit, such as Operations, Facilities, Security, etc.
Software and Data Recovery
Focus is on the recovery of information (data). -Backing up and off site storage -Electronic vaulting -On-line tape vaulting -Remote journaling -Database shawdowing -Standby services -Software escrow
Gas Threats
Gas leakage -identify location and test the main shut off valve -Secure the natural gas line -communicate natural gas line design to fire department -clearly mark shutoff valves
Fire Suppression
How to extinguish and contain a fire to minimize damage
IP Security Issues
IP Fragmentation Attacks -Tiny fragment attack -Overlapping fragment attack -Teardrop denial of service attack IP Address Spoofing Source Routing Smurf and Fraggle IP Tunneling over other products
BCP Design and Development
In this phase the team prepares and documents a detailed plan for recovery of critical business systems. End products include: -Business and Service Recovery Plans -Plan maintenance Programs -Employee Awareness and Training Programs -Test Method Descriptions -Restoration Plans
Testing, Maintenance, Awareness and Training
In this phase, plans for testing and maintaining the BCP are implemented and also awareness and training procedures are executed
Brownout
Intentional reduction of voltage by the utility company for a prolonged period of time
Theft
Internal/External results in increased costs
Intrusion Prevention Systems
Intrusions are prevented
Lighting
Is the illumination of a locale, typically by artificial means such as light fixtures or lamps. -A consistent level of light supplying reasonably good visibility needs to be available
Access Controls
Limit access and control the flow of access
Network Aware
Moder malware is network aware. -New means of spread -New methods of attack -New payloads
FM200
Most effective alternative- requires 7% concentration
Enterprise
Multiple internal networks, internal areas of domains, and various internal devices and systems, applications, and a diverse user presence as a single collective unit
BotNets
Networks of infected machines -for distributed denial of service -as proxies for SPAM -often controlled via internet relay chat servers
3 Key Strategies To Crime Prevention Through Environmental Design-Territoriality
People protect territory that is their own
Lock Types --Smart Locks
Permit only authorized people into certain doors at certain times. An example is a magnetic stripe card that is time-sensitive
Plan Maintenance Functions
Plan maintenance functions are -Receive and monitor input on needed revisions -Plan maintenance reviews as needed -Monitor changes within business units, such as upgrades to systems -Control plan maintenance distribution- who receives a copy of plan updates -Ensuring version control- obsolete editions of the plan are collected and destroyed
Plan Testing
Plan testing ensures that the business continuity capability remain effective, regardless of the disaster. It includes -Testing objectives -Measurement criteria -Test schedules -Post-test reviews -Test results reported to management
Blackout
Prolonged loss of commercial power
Managements Expectation
Protect the company, make it easy for users, don't stand in the way of progress and do it as cheaply as possible
Trojan Horse
Purported to be a positive utility -Hidden negative payload -Social engineering
Recovery Strategies
Recovery Strategies are a set of pre-defined and management approved actions that will be followed and implemented in response to a business interruption
Worm
Reproduces -Generally uses loopholes in systems --Does not involve user -Often attacks server software of some type
Restoration Actions
Restoration operations involve restoring the primary site to normal operation conditions. -Complete an assessment of all damage -Initiate cleanup of the primary site -Implement necessary replacement procedures -Move unused backup materials from the alternate site to the primary site -Do least critical work first -Perform installations and updates of programs and data -Certify and accredit the system at the primary site -Initiate normal processing
Shoulder Surfing
Results in unauthorized access. Looking over someones shoulder to gain information
Malformed Input Attacks
SQL Injection- Inserting a series of SQL statements into a query by manipulating data input into an application
Secure Shell (SSH, SSH2)
SSH -Powerful method of performing client authentication -Safeguards multiple service sessions between two systems Provides support for -Host and user authentication -Data compression -Data confidentiality and integrity Credentials are validated by digital certificate exchange using RSA
View Based Access Controls
Security achieved through the appropriate use of 'views' -Allows the database to be logically divided into pieces- sensitive data is hidden from unauthorized users -Controls are located in the front-end application that the user interfaces with and not the back end query engine
Availability
Security actions that ensure that data is accessible to authorized users.
The Enterprise Security Architecture..
Strategic- longer life than a blueprint, design specification, topology or configuration -Constrained by current or changing circumstances if too specific -Cannot provide good guidance if it is too general -Support long term view of technical direction, not short term technical constraints -Business centered acceptance and management of risk -Allows for multiple implementations depending on requirements
Surge
Sudden rise in voltage in the power supply
CCTV Levels-Recognition
The ability to determine the type of object
Physical Security
The physical measures and their associated procedures to safeguard and protect against -Damage -Loss -Theft Implementing controls that discourage attackers by convincing them that the cost of attacking is greater than the value received from the attack
TCP/IP
The protocols in the TCP/IP suite work together to: -Break the data into small pieces that can be efficiently handled by the network -Communicate the destination of the data to the network -Verify the receipt of the data on the other end of the transmission -Reconstruct the data in its original form
Detection
WLAN will generate and broadcast detectable radio waves for a great distance
Water Threats
Water Detection Sensors -Raised floors -Emergency shut off valves -Server room above ground level Water pipes not located above server rooms
Decommissioning/Disposal
When an asset is being taken out of production and is decommissioned or retired, the asset owner shall ensure the following stages are adhered to -Information Recovery Protection -Media Sanitization -Hardware and Software Disposal
Time of Check/Time of Use
When control information is changed between the time that the system security functions check the contents of the variables and when the variables are actually used
Integrity
honesty, decency. Trust relationships. Formal-Technical trust between subnet and domains Informal-Social relations between partners, customers and clients