Bài giảng Security+ Guide to Network Security Fundamentals - Chapter 10: Operational Security
Summary
• Adequate physical security is one of the first lines of defense against attacks
• Physical security involves restricting with access controls, minimizing social engineering attacks, and
securing the environment and infrastructure
• Business continuity is the process of assessing risks and developing a management strategy to ensure
that business can continue if risks materialize
37 trang |
Chia sẻ: vutrong32 | Lượt xem: 1054 | Lượt tải: 0
Bạn đang xem trước 20 trang tài liệu Bài giảng Security+ Guide to Network Security Fundamentals - Chapter 10: Operational Security, để xem tài liệu hoàn chỉnh bạn click vào nút DOWNLOAD ở trên
Chapter 10: Operational Security
Security+ Guide to Network Security
Fundamentals
Second Edition
Objectives
• Harden physical security with access controls
• Minimize social engineering
• Secure the physical environment
• Define business continuity
• Plan for disaster recovery
Hardening Physical Security with
Access Controls
• Adequate physical security is one of the first lines of
defense against attacks
• Protects equipment and the infrastructure itself
• Has one primary goal: to prevent unauthorized users
from reaching equipment to use, steal, or vandalize
Hardening Physical Security with
Access Controls (continued)
• Configure an operating system to enforce access
controls through an access control list (ACL), a table
that defines the access rights each subject has to a
folder or file
• Access control also refers to restricting physical
access to computers or network devices
Controlling Access with
Physical Barriers
• Most servers are rack-mounted servers
• A rack-mounted server is 1.75 inches (445 cm) tall
and can be stacked with up to 50 other servers in a
closely confined area
• Rack-mounted units are typically connected to a KVM
(keyboard, video, mouse) switch, which in turn is
connected to a single monitor, mouse, and keyboard
Controlling Access with Physical
Barriers (continued)
Controlling Access with Physical
Barriers (continued)
Controlling Access with Physical
Barriers (continued)
• In addition to securing a device itself, you should also
secure the room containing the device
• Two basic types of door locks require a key:
– A preset lock (key-in-knob lock) requires only a key for
unlocking the door from the outside
– A deadbolt lock extends a solid metal bar into the door
frame for extra security
• To achieve the most security when using door locks,
observe the good practices listed on pages 345 and
346 of the text
Controlling Access with Physical
Barriers (continued)
• Cipher locks are combination locks that use buttons
you push in the proper sequence to open the door
• Can be programmed to allow only the code of certain
people to be valid on specific dates and times
• Basic models can cost several hundred dollars each
while advanced models can run much higher
• Users must be careful to conceal which buttons they
push to avoid someone seeing the combination
(shoulder surfing)
Controlling Access with Physical
Barriers (continued)
• Other physical vulnerabilities should be addressed,
including:
– Suspended ceilings
– HVAC ducts
– Exposed door hinges
– Insufficient lighting
– Dead-end corridors
Controlling Access with Biometrics
• Biometrics uses a person’s unique characteristics to
authenticate that person
• Some human characteristics used for identification
include fingerprint, face, hand, iris, retina, and voice
• Many high-end biometric scanners are expensive,
can be difficult to use, and can produce false
positives (accepting unauthorized users) or false
negatives (restricting authorized users)
Minimizing Social Engineering
• The best defenses against social engineering are a
strong security policy along with adequate training
• An organization must establish clear and direct
policies regarding what information can be given out
and under what circumstances
Securing the Physical Environment
• Take steps to secure the environment itself to reduce
the risk of attacks:
– Limiting the range of wireless data signals
– Shielding wired signals
– Controlling the environment
– Suppressing the risk of fires
Limiting Wireless Signal Range
• Use the following techniques to limit the wireless
signal range:
– Relocate the access point
– Substitute 802.11a for 802.11b
– Add directional antenna
– Reduce power
– Cover the device
– Modify the building
Shielding a Wired Signal
• The insulation and shielding that covers a copper
cable does not always prevent a signal from leaking
out or having an even stronger signal affect the data
transmission on the cable
• This interference (noise) can be of several types
• Radio frequency interference (RFI) refers to
interference caused by broadcast signals from a
radio frequency (RF) transmitter, such as from a
commercial radio or television transmitter
Shielding a Wired Signal (continued)
• Electromagnetic interference (EMI) may be caused
by a variety of sources
– A motor of another source of intense electrical activity
can create an electromagnetic signal that interferes
with a data signal
– EMI can also be caused by cellular telephones,
citizens’ band and police radios, small office or
household appliances, fluorescent lights, or loose
electrical connections
Shielding a Wired Signal (continued)
• The source of near end crosstalk (NEXT) interference
is usually from another data signal being transmitted
• Loss of signal strength is known as attenuation
• Two types of defenses are commonly referenced for
shielding a signal
– Telecommunications Electronics Material Protected
from Emanating Spurious Transmissions (TEMPEST)
– Faraday cage
Shielding a Wired Signal (continued)
• TEMPEST
– Classified standard developed by the US government
to prevent attackers from picking up stray RFI and EMI
signals from government buildings
• Faraday cage
– Metallic enclosure that prevents the entry or escape of
an electromagnetic field
– Consists of a fine-mesh copper screening directly
connected to an earth ground
Reducing the Risk of Fires
• In order for a fire to occur, four entities must be
present at the same time:
– Sufficient oxygen to sustain the combustion
– Enough heat to raise the material to its ignition
temperature
– Some type of fuel or combustible material
– A chemical reaction that is the fire itself
Reducing the Risk of Fires
(continued)
• Refer to page 355 for the types of fires, their fuel
source, how they can be extinguished, and the types
of handheld fire extinguishers that should be used
• Stationary fire suppression systems that integrate
into the building’s infrastructure and release a
suppressant in the entire room are used
Reducing the Risk of Fires
(continued)
• Systems can be classified as:
– Water sprinkler systems that spray the room with
pressurized water
– Dry chemical systems that disperse a fine, dry powder
over the fire
– Clean agent systems that do not harm people,
documents, or electrical equipment in the room
Understanding Business Continuity
• Process of assessing risks and developing a
management strategy to ensure that business can
continue if risks materialize
• Business continuity management is concerned with
developing a business continuity plan (BCP)
addressing how the organization can continue in the
event that risks materialize
Understanding Business Continuity
(continued)
• The basic steps in creating a BCP:
– Understand the business
– Formulate continuity strategies
– Develop a response
– Test the plan
Maintaining Utilities
• Disruption of utilities should be of primary concern for
all organizations
• The primary utility that a BCP should address is
electrical service
• An uninterruptible power supply (UPS) is an external
device located between an outlet for electrical power
and another device
– Primary purpose is to continue to supply power if the
electrical power fails
Maintaining Utilities (continued)
• A UPS can complete the following tasks:
– Send a special message to the network administrator’s
computer, or page or telephone the network manager
to indicate that the power has failed
– Notify all users that they must finish their work
immediately and log off
– Prevent any new users from logging on
– Disconnect users and shut down the server
Establishing High Availability
through Fault Tolerance
• The ability to endure failures (fault tolerance) can
keep systems available to an organization
• Prevents a single problem from escalating into a total
disaster
• Can best be achieved by maintaining redundancy
• Fault-tolerant server hard drives are based on a
standard known as Redundant Array of Independent
Drives (RAID)
Creating and Maintaining Backups
• Data backups are an essential element in any BCP
• Backup software can internally designate which files
have already been backed up by setting an archive
bit in the properties of the file
• Four basic types of backups:
– Full backup
– Differential backup
– Incremental backup
– Copy backup
Creating and Maintaining Backups
(continued)
Creating and Maintaining Backups
(continued)
• Develop a strategy for performing backups to make
sure you are storing the data your organization needs
• A grandfather-father-son backup system divides
backups into three sets:
– A daily backup (son)
– A weekly backup (father)
– A monthly backup (grandfather)
Creating and Maintaining Backups
(continued)
Planning for Disaster Recovery
• Business continuity is concerned with addressing
anything that could affect the continuation of service
• Disaster recovery is more narrowly focused on
recovering from major disasters that could cease
operations for an extended period of time
• Preparing for disaster recovery always involves
having a plan in place
Creating a Disaster Recovery Plan (DRP)
• A DRP is different from a business continuity plan
• Typically addresses what to do if a major catastrophe
occurs that could cause the organization to cease
functioning
• Should be a detailed document that is updated
regularly
• All DRPs are different, but they should address the
common features shown in the outline on pages 367
and 368 of the text
Identifying Secure Recovery
• Major disasters may require that the organization
temporarily move to another location
• Three basic types of alternate sites are used during
or directly after a disaster
– Hot site
– Cold site
– Warm site
Identifying Secure Recovery
(continued)
• A hot site is generally run by a commercial disaster
recovery service that allows a business to continue
computer and network operations to maintain
business continuity
• A cold site provides office space but customer must
provide and install all equipment needed to continue
operations
• A warm site has all equipment installed but does not
have active Internet or telecommunications facilities
Protecting Backups
• Data backups must be protected from theft and
normal environmental elements
• Tape backups should be protected against strong
magnetic fields, which can destroy a tape
• Be sure backup tapes are located in a secure
environment that is adequately protected
Summary
• Adequate physical security is one of the first lines of
defense against attacks
• Physical security involves restricting with access
controls, minimizing social engineering attacks, and
securing the environment and infrastructure
• Business continuity is the process of assessing risks
and developing a management strategy to ensure
that business can continue if risks materialize
Summary (continued)
• Disaster recovery is focused on recovering from
major disasters that could potentially cause the
organization to cease operations for an extended
period of time
• A DRP typically addresses what to do if a major
catastrophe occurs that could cause the organization
to cease functioning
Các file đính kèm theo tài liệu này:
- chapter10_8505.pdf