566-7
The acquisition process should be designed to meet specific objectives, including:
- Gaining the most value from expenditures - Strategic planning for system and application upgrades - Reducing risk of data loss or breach - Disposing of assets in a cost-effective manner that secures data and meets recycling goals
network services
- MFDs often come with a number of services enabled, many of which are not required in a given environment and should be disabled - Two categories of network services are management protocols and services protocols
Physical security Proper physical security is needed to guard against a number of threats including:
- Making modifications to the global configuration via the console interface - Sending unauthorized faxes - Obtaining printouts or faxes that do not belong to them - Physically removing the hard disk, which might contain print spool file and other information
There are essentially two approaches to managing IT-related hardware assets within an organization
- One is an ad hoc approach that follows guidance in the installation, configuration, and user's manual on a case-by-case basis with no overall approach - The other is an organized hardware life cycle management policy, perhaps under a designated hardware asset manager
IBM integrated solution brings a variety of benefits to an enterprise, including:
- Predicting the best time to perform maintenance on a monitored asset - Uncovering process deficiencies that can affect product quality - Identifying the root causes of asset failures
Denial-of-Service Attacks These types of attacks, which may also result in denial of service for legitimate users, include:
- Sending multiple bogus print jobs to exhaust paper resources and tie up a printer - Modifying settings to make the device unusable - Stopping or deleting jobs - Setting the IP address of the MFD to be the same as a router, causing routing confusion
multifunction device (MFD)
A network-attached document production device that combines two or more of these functions: copy, print, scan, and fax
A repository containing information on all the devices, software, interconnections, and users in use, together with relevant configuration settings. Generally, a CMDB also includes historical configuration information
Configuration management database (CMDB)
The DHS has offered these recommendations for protecting ICSs
Implement application whitelisting Ensure configuration management and patch management Reduce attack surface areas Build a defendable environment Manage authentication Implement secure remote access Monitor and respond
The best resource in developing a security plan for an ICS is the
Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) website, maintained by the U.S. Department of Homeland Security
consists of combinations of control components (for example, electrical, mechanical, hydraulic, pneumatic) that act together to achieve an industrial objective
Industrial control systems
include supervisory control and data acquisition (SCADA) systems used to control geographically dispersed assets, as well as distributed control systems (DCSs) and smaller control systems, using programmable logic controllers to control localized processes
Industrial control systems
Many office devices run an embedded commercial operating system, which renders them subject to the same threats and vulnerabilities as any other computing devices running those same operating systems Manufacturers may embed versions of operating systems for which the operating system provider is no longer providing updates or the functionality to install patches or updates is not available
Operating system security
IBM offers a solution called that uses information collected about products, processes, and assets to optimize maintenance schedules, production processes, and product quality
Predictive Maintenance and Quality (PMQ)
Information Disclosure Three potential sources of vulnerability are:
Print, fax, and copy/scan logs Address books Mailboxes
Applies physical or logical techniques that render target data recovery infeasible using state-of-the-art laboratory techniques. This can be achieved by performing multiple overwrites. For a self-encrypting drive (SED), cryptographic erasure can be used. If the drive automatically encrypts all user-addressable locations, then all that is required is to destroy the encryption key, which could be done by multiple overwrites
Purge
A security feature for computers and mobile devices that helps prevent unauthorized access to the device. A screen lock requires the user to perform a specific action, such as entering a PIN code or presenting a fingerprint, to gain access to the device
Screen lock
Relates to security controls in place for HAM and planned for meeting strategic security objectives.
Security plan
Details how security concerns will be incorporated into the hardware life cycle.
Security policy
A hard drive with a circuit built into the disk drive controller chip that encrypts all data to the magnetic media and decrypts all the data from the media automatically. All SEDs encrypt all the time from the factory onward, performing like any other hard drive, with the encryption being completely transparent or invisible to the user. To protect the data from theft, the user must provide a password to read from or write data to the disk
Self-encrypting drive (SED)
Measures some parameter of a physical, chemical, or biological entity and delivers an electronic signal proportional to the observed characteristic, either in the form of an analog voltage level or a digital signal
Sensor
Elements of an Industrial control systems ics
Sensor Actuator Controller Human-machine interface Remote diagnostics and maintenance
An attack enabled by leakage of information from a physical cryptosystem. Characteristics that could be exploited in a side-channel attack include timing, power consumption, and electromagnetic and acoustic emissions
Side-channel attack
Includes designation of a responsible individual and a budget for HAM.
Strategic plan
PLANNING PHASE
Strategic plan Security plan Security policy Acceptable use policy
Develops a threat model consisting of six areas and provides a detailed summary of the greatest threats in each area as well as current mitigations and defenses.
Study on Mobile Device Security
A number of documents for U.S. agencies are valuable resources for any organization. The following are particularly useful:
Study on Mobile Device Security Assessing Threats to Mobile Devices & Infrastructure Guidelines for Managing and Securing Mobile Devices in the Enterprise Vetting the Security of Mobile Applications Guidelines on Hardware-Rooted Security in Mobile Devices Mobile Device Security
The DHS's Study on Mobile Device Security lists the following as common threats resulting from gaining physical access to a device:
Substitution of a compromised Bluetooth headset to facilitate eavesdropping Replacement of a SIM card to facilitate illegal activity such as identity fraud or theft of services Brute-force attacks on a stolen device Side-channel attacks to obtain cryptographic private keys Installation of malicious apps via USB, an infected computer, or a charging station without the user's knowledge
NIST SP 800-53, Recommended Security Controls for Federal Information Systems and Organizations, in control family CM-1, provides detailed guidance in the area of tracking and IT hardware configuration management T or F
T
The small, portable nature of mobile devices increases their susceptibility to physical-based threats T or F
T
many organizations find it convenient or even necessary to adopt a bring your own device (BYOD) policy that allows the personal mobile devices of employees to have access to corporate resources. T or F
T
Mobile device security
Portable computing and communications device with information storage capability (e.g., notebook/laptop computers, personal digital assistants, cellular telephones, digital cameras, and audio recording devices
Including existing contracts and new opportunities
Vendor relationships
Describes in detail app vetting and app approval/rejection activities.
Vetting the Security of Mobile Applications
The security strategy can also include
firewall policies specific to mobile device traffic
Hardware life cycle management, also known as
hardware asset management (HAM)
Office equipment
includes printers, photocopiers, facsimile machines, scanners, and multifunction devices (MFDs). Office equipment often contains the same components as a server (e.g., operating system, hard disk drives, and network interface cards) and runs services such as web, mail, and ftp. As a result, sensitive information processed by or stored on office equipment is subject to similar threats as to servers, yet this equipment is often poorly protected.
IT managers should be able to
inspect each device before allowing network access
Hardware life cycle management
is a subset discipline of IT asset management, which deals specifically with the hardware portion of IT assets.
Industrial control system (ICS)
is used to control industrial processes such as manufacturing, product handling, production, and distribution.
In Deployment Each item should be categorized based on
its security impact
A strong authentication protocol should be used to
limit access from the device to the resources of the organization
Once equipment is deployed it needs to be
maintained and managed
Each hardware item needs to be included in a .......................... perhaps as part of a CMDB. The register should be complete and protected.
master register or database
A restricted-use, logical (that is, artificial or simulated) computer network that is constructed from the system resources of a relatively public, physical (that is, real) network (for example, the Internet), often using encryption (located at hosts or gateways) and authentication. The endpoints of the virtual network are said to be tunneled through the larger network
virtual private network (VPN)
There are a number of reasons an organization should adopt a detailed hardware life cycle management policy, including:
- Systematic approach to life cycle management can provide guidance on when to replace particular equipment - Bridge communication gaps that allow assets to be lost, acquisitions to be made when spares are in the warehouse, or upgrades to fail due to incomplete information -Hardware information can be centralized in a CMBD - Risk can be reduced by having and using the appropriate tools to track and manage hardware -With hardware life cycle management, an organization can use a number of automated tools for tasks
Applies logical techniques to sanitize data in all user-addressable storage locations for protection against simple non-invasive data recovery techniques; typically applied through the standard read and write commands to the storage device, such as by rewriting with a new value or using a menu option to reset the device to the factory state
Clear
NIST SP 800-88, Guidelines for Media Sanitization, defines three actions:
Clear Purge Destroy
Relates to how users are allowed to use hardware assets. In addition to security concerns, users need to be aware that the assets belong to the organization, without expectation of privacy, unless an organization's privacy policy dictates otherwise.
Acceptable use policy
With a formal selection processes, contract negotiations, and contracts execution
Acquisition
Receives an electronic signal from a controller and responds by interacting with its environment to produce an effect on some parameter of a physical, chemical, or biological entity
Actuator
An online repository of applications that can be browsed, purchased, and downloaded
App store
Provides a detailed description of the threats related to mobile devices and the enterprise.
Assessing Threats to Mobile Devices & Infrastructure
The reachable and exploitable vulnerabilities in a system
Attack surface
Because EMM systems have elevated privileges, intruders can leverage control over EMMs to launch attacks against mobile devices and the mobile enterprise An attacker may steal administrative credentials or exploit vulnerabilities in the EMM infrastructure or software to gain unauthorized access to the administrative console and launch attacks against mobile devices Defenses against such attacks can include security audits threat intelligence, strong authentication, and secure network connections
Attacks on the EMM system
It may be possible for an adversary to bypass the vetting process and introduce apps with malware delivered to devices from the enterprise app store Such malware can target the mobile device or can be used to spread malware to other platforms in the enterprise
Attacks related to an enterprise app store
These enterprise threats are in two broad areas:
Attacks related to an enterprise app store Attacks on the EMM system
According to SP 800-82, possible threats ICSs may face include the following:
Blocked or delayed flow of information through ICS networks, which could disrupt ICS operation Unauthorized changes to instructions, commands, or alarm thresholds, which could damage, disable, or shut down equipment, create environmental impacts, and/or endanger human life Inaccurate information sent to system operators, either to disguise unauthorized changes or to cause the operators to initiate inappropriate actions, which could have various negative effects ICS software or configuration settings modified, or ICS software infected with malware, which could have various negative effects Interference with the operation of equipment protection systems, which could endanger costly and difficult-to-replace equipment Interference with the operation of safety systems, which could endanger human life
Operating system security Some examples of these vulnerabilities include:
Buffer overflows Execution of arbitrary code Taking control of the device using remote administration capabilities
Interprets the signals and generates corresponding manipulated variables, based on a control algorithm and target set points, which it transmits to the actuators
Controller
An attack that prevents authorized access to resources or delays time-critical operations
Denial-of-service (DoS) attacks
refers to the preliminary steps taken prior to installation followed by the installation of the hardware so that it is ready to use.
Deployment
Renders target data recovery infeasible using state-of-the-art laboratory techniques and results in the subsequent inability to use the media for storage of data. Typically, the medium is pulverized or incinerated at an outsourced metal destruction or licensed incineration facility
Destroy
The DHS report recommends the following defenses:
Ensure that devices are enterprise managed so that the organization can enforce security policies, monitor device state, and remotely track or wipe lost or stolen devices Ensure that the device's screen lock is enabled. The lock should be enabled with an appropriately strong password
is an important security area that should not be overlooked as part of an organization's security program for office devices
Equipment disposal
The SGP breaks down physical asset management best practices into two areas
Equipment management Mobile computing
A collection of data records, in a centralized database or a synchronized distributed database, defined to be authoritative within the organization. The golden record encompasses all relevant data entities in the organizational information system. The golden record can be used as a basis for reconciliation, as a guarantee of data integrity, and as the basis for backups and archives
Golden record
Also called single version of truth
Golden record
Mobile device security organization's networks must accommodate the following:
Growing use of new devices Cloud-based applications De-perimeterization External business requirements
Provides recommendations for selecting, implementing, and using centralized management technologies, explains the security concerns inherent in mobile device use, and provides recommendations for securing mobile devices throughout their life cycles.
Guidelines for Managing and Securing Mobile Devices in the Enterprise:
Focuses on defining the fundamental security primitives and capabilities needed to securely enable mobile devices.
Guidelines on Hardware-Rooted Security in Mobile Devices
entails managing the physical components of computers, computer networks and systems, beginning with acquisition and continuing through maintenance until the hardware's ultimate disposal.
HAM
Any physical asset that is used to support corporate information or systems (e.g., a server, network device, mobile device, printer or specialized equipment, such as that used by manufacturing, transport or utility companies), including the software embedded within them and the operating systems supporting them
Hardware
Operators and engineers use human interfaces to monitor and configure set points, control algorithms, and adjust and establish parameters in the controller
Human-machine interface
All traffic should be ....................... and travel by secure means, such as SSL or IP Security (Ipsec)
encrypted
SP 800-124, Guidelines for Managing and Securing Mobile Devices in the Enterprise, lists seven major security concerns for mobile devices
Lack of physical security controls Use of untrusted mobile devices Use of untrusted networks Use of applications created by unknown parties Interaction with other systems Use of untrusted content Use of location services
The principle that access control should be implemented so that each system entity is granted the minimum system resources and authorizations needed for the entity to do its work. This principle tends to limit damage that can be caused by an accident, an error, or a fraudulent or unauthorized act
Least privilege
Cloud and Hybrid Builds: Contains reference architectures; demonstrates implementation of standards-based, commercially available cybersecurity technologies; and helps organizations use technologies to reduce the risk of intrusion via mobile devices.
Mobile Device Security
The use of two or more factors to achieve authentication. Factors include something you know (for example, password/ PIN), something you have (for example, cryptographic identification device, token), or something you are (for example, biometric). MFA can involve two or three factors
Multifactor authentication (mfa)
To trigger payment of invoices and creation of incidents to configure and deliver to the correct individual/location/department
Receipt
Utilities used to prevent, identify, and recover from abnormal operation or failures
Remote diagnostics and maintenance
Including application of standards, redeployment, and initiation of a purchase, if appropriate
Request and approval
The International Association of Information Technology Asset Managers [IAT12] states that the processes and systems of acquisition should include the following:
Request and approval Vendor relationships Acquisition Receipt
The deployment process involves ...................................such as changing default vendor passwords and applying secure configuration settings.
ensuring that any software running on the new hardware is subject to security hardening,
A number of individuals and groups should be involved in the hardware acquisition process, including an
acquisition manager, stakeholders, receivers, technical personnel, and the financial manager.
A preferable strategy is to have a two-layer authentication mechanism, which involves
authenticating the device and also authenticating the user of the device
IT should establish
configuration guidelines for operating systems and applications
Whether a device is owned by the organization or an employee, the organization should
configure the device with security controls
Intrusion detection and intrusion prevention systems can be
configured with tighter rules for mobile device traffic
The process of encrypting the data on a medium and then destroying the key, making recovery impossible
cryptographic erasure
The SGP recommends that sensitive information stored on office equipment be securely destroyed before the equipment is
decommissioned, sold, or transferred to an external party
Automated asset identification, such as with a bar code or radio-frequency identification (RFID) tag, is often........................... This supports inventory management, life cycle management, and, ultimately, disposal management.
desirable
The organization should have security mechanisms to
protect the network from unauthorized access
The act of removing a restricted mode of operation. For example, rooting may enable content with digital rights to be used on any computer, or it may allow enhanced third-party operating systems or applications to be used on a mobile device. While rooting is the term used for Android devices, jailbreaking is the equivalent term used for Apple's devices
rooting
management simplest approach is to
schedule maintenance in accordance with supplier/manufacturer recommendations
Firewall policies can limit the
scope of data and application access for all mobile devices
The act of down-loading an app to a device without going through the official app store, via links or websites. While enterprises often use sideloading as a method for distributing home-grown apps, malicious actors also use sideloading (via enterprise certificates in many cases bought on the black market) to distribute their malware
sideloading
Attacks on mobile devices with enterprise access can..................... to other enterprise systems
spread
VPNs can be configured so that all traffic between a mobile device and the organization's network is
via a VPN
There are numerous potential threats to office equipment:
•Network Services •Information Disclosure •Denial-of-Service Attacks •Physical Security •Operating System Security