SlideShare ist ein Scribd-Unternehmen logo

Information Security Lesson 10 - Operational Security - Eric Vanderburg

Eric Vanderburg
Eric Vanderburg

The document discusses various aspects of operational security including physical security of devices, locks, server rooms, and facilities. It also covers social engineering threats, wireless and wired signal security, shielding techniques, fire safety, business continuity planning, disaster recovery, and common acronyms related to operational security. Physical security involves securing devices, access controls, and monitoring restricted areas. Business continuity and disaster recovery plans are important to maintain critical business functions and enable recovery from catastrophic events. Various methods are presented to protect wireless and wired networks from interception and interference.

TechnologieBusiness
1 von 15
Downloaden Sie, um offline zu lesen
Information Security Chapter 10 Operational Security Information Security © 2006 Eric Vanderburg
Physical Security • Often overlooked • Securing devices – Remove or disable I/O hardware – Lock servers in the rack – Biometrics • Server room /wiring closet Information Security © 2006 Eric Vanderburg
Locks • Preset lock (key-in-knob lock) – automatically locks when it is closed. • Deadbolt – harder to break – requires key to lock and unlock • Cipher lock – button combination lock. It can also work at certain times (more expensive) • Securing keys – – – – – – – Track when keys are issued Issue keys to authorized people Inspect locks regularly Change locks when keys are lost Master keys should not be easily identified as a Master Lock up unused/spare keys Mark “Do not duplicate” on Master keys and remove the serial number so they cannot be reordered Information Security © 2006 Eric Vanderburg
Physical Security • Suspended ceiling – metal grid with ceiling tiles • HVAC (Heating Ventilation and Air Conditioning) – ducts that can be used to gain building access. • Exposed door hinges – Hinges should be be on the inside so that the pins cannot be removed from the outside. • Provide adequate lighting • Monitor dead end corridors • Minimize the number of entry points • Post guards at secure locations or checkpoints • Install cameras Information Security © 2006 Eric Vanderburg
Social Engineering • Train employees • Define what information is to be given out • People entering the facility should be preapproved and escorted through the building Information Security © 2006 Eric Vanderburg
Wireless • • • • • • Site surveys Reposition APs Adjust signal strength Change antenna type from omni to patch or yagi Use a different frequency (802.11b/g  802.11a) Make structural changes – Ground interior studded walls – Use metal windows treatments – Use thermally insulated glass with a copper film for windows – Use metallic doped paints on walls – Line network closets with aluminum sheeting or chicken wire. Information Security © 2006 Eric Vanderburg
Wired Signals • Interferrence – EMI (Electromagnetic Interference) – motor or lights – RFI (Radio Frequency Interference) – RF waves that conflict with the signal in the cable – NEXT (Near End Crosstalk) – One wire causes interference for another wire • Attenuation – Signals decrease in strength over time – Regenerate the signal • Equipment can be used to attempt to capture information traveling along a wire. Information Security © 2006 Eric Vanderburg
Shielding • TEMPEST (Telecommunications Electronics Material Protected from Emanating Spurious Transmissions) – Standard for stopping other from picking up stray RFI or EMI signals from components – Applies to an entire system • Faraday cage – metallic mesh enclosure that is grounded to prevent electromagnetic radiation from escaping or entering (used much in testing of equipment) Information Security © 2006 Eric Vanderburg
Fire • Extinguishers • Automated systems – Sprinklers – Dry chemical systems – Clean agent systems Information Security © 2006 Eric Vanderburg
Business Continuity • A plan that explains how business will continue when problems occur. • BCP (Business Continuity Plan) – – Identify the goals of the business (these must be maintained) – Formulate continuity strategies – changes that occur now for each event – Develop a response – what should be done in each case – Test the plan – run through a scenario/drill Information Security © 2006 Eric Vanderburg
Continuity Planning • Largest issue is power – UPS (Uninterruptible Power Supply) – Notify administrators of power outages – Notify users to log off – Prevent new users from logging on – Disconnect users and shut down Information Security © 2006 Eric Vanderburg
Redundancy • RAID (Redundant Array of Inexpensive Disks) – RAID 0 – RAID 1 – RAID 5 – RAID 0+1 – RAID 10 • Backups Information Security © 2006 Eric Vanderburg
Disaster Recovery • DRP (Disaster Recovery Plan) – Plan for how to deal with and recover from a catastrophic event – Purpose – Recovery team – who directs the plan – Preparation – what is done on a regular basis – Emergency Procedures – when the disaster happens – Recovery Procedures – after the disaster Information Security © 2006 Eric Vanderburg
Recovery • Hot Site – All equipment necessary – Live communication links – Fully replicated • Cold Site – Office space but no equipment • Warm Site – Equipment is installed but communication must be enabled – Recovered up to the last backup applied Information Security © 2006 Eric Vanderburg
Acronyms • • • • • • • BCP, Business Continuity Plan DRP, Disaster Recovery Plan EMI, Electromagnetic Interference NEXT, Near End Crosstalk RFI, Radio Frequency Interference RAID, Redundant Array of Independent Disks TEMPEST, Telecommunications Electronics Material Protected from Emanating Spurious Transmissions • UPS, Uninterruptible Power Supply Information Security © 2006 Eric Vanderburg

Empfohlen

Security telecoms 2015 short
Security telecoms 2015 shortSecurity telecoms 2015 short
Security telecoms 2015 shortJohn Jeffers
 
Cctv presentation
Cctv presentation Cctv presentation
Cctv presentation ZakarieBashir
 
Ditek TSS4D Data Sheet
Ditek TSS4D Data SheetDitek TSS4D Data Sheet
Ditek TSS4D Data SheetJMAC Supply
 
CorporateJan2016
CorporateJan2016CorporateJan2016
CorporateJan2016Mike Foley
 
Introduction to video security
Introduction to video securityIntroduction to video security
Introduction to video securityymcknight1596
 
Ditek 120SRD Data Sheet
Ditek 120SRD Data SheetDitek 120SRD Data Sheet
Ditek 120SRD Data SheetJMAC Supply
 
groundview-sentinel-v3
groundview-sentinel-v3groundview-sentinel-v3
groundview-sentinel-v3Mark Cromwell
 
Waterfall Wonderware Joint Offering
Waterfall Wonderware Joint OfferingWaterfall Wonderware Joint Offering
Waterfall Wonderware Joint OfferingWaterfall Security Solutions
 

Empfohlen

Security telecoms 2015 short
Security telecoms 2015 shortSecurity telecoms 2015 short
Security telecoms 2015 shortJohn Jeffers
 
Cctv presentation
Cctv presentation Cctv presentation
Cctv presentation ZakarieBashir
 
Ditek TSS4D Data Sheet
Ditek TSS4D Data SheetDitek TSS4D Data Sheet
Ditek TSS4D Data SheetJMAC Supply
 
CorporateJan2016
CorporateJan2016CorporateJan2016
CorporateJan2016Mike Foley
 
Introduction to video security
Introduction to video securityIntroduction to video security
Introduction to video securityymcknight1596
 
Ditek 120SRD Data Sheet
Ditek 120SRD Data SheetDitek 120SRD Data Sheet
Ditek 120SRD Data SheetJMAC Supply
 
groundview-sentinel-v3
groundview-sentinel-v3groundview-sentinel-v3
groundview-sentinel-v3Mark Cromwell
 
Waterfall Wonderware Joint Offering
Waterfall Wonderware Joint OfferingWaterfall Wonderware Joint Offering
Waterfall Wonderware Joint OfferingWaterfall Security Solutions
 
Telemecanqiue Cabling and Accessories Briefing
Telemecanqiue Cabling and Accessories BriefingTelemecanqiue Cabling and Accessories Briefing
Telemecanqiue Cabling and Accessories BriefingSchneider Electric
 
DI Product Presentation Feb 2018
DI Product Presentation Feb 2018DI Product Presentation Feb 2018
DI Product Presentation Feb 2018Detectors Incorporated
 
Physical security
Physical securityPhysical security
Physical securityFerdinand Camilo Kimura
 
Exloc is hj
Exloc is hjExloc is hj
Exloc is hjcountycitizen
 
RackMountBrochure
RackMountBrochureRackMountBrochure
RackMountBrochureRory O'Callaghan
 
MATC Fall Lecture Series: Steve Garbe
MATC Fall Lecture Series: Steve GarbeMATC Fall Lecture Series: Steve Garbe
MATC Fall Lecture Series: Steve GarbeMid-America Transportation Center
 
Information Security Lesson 5 - Network Infrastructure - Eric Vanderburg
Information Security Lesson 5 - Network Infrastructure - Eric VanderburgInformation Security Lesson 5 - Network Infrastructure - Eric Vanderburg
Information Security Lesson 5 - Network Infrastructure - Eric VanderburgEric Vanderburg
 
Andreas Agostin Installation Solutions
Andreas Agostin Installation SolutionsAndreas Agostin Installation Solutions
Andreas Agostin Installation SolutionsFieldComm Group
 
Physical Security Presentation
Physical Security PresentationPhysical Security Presentation
Physical Security PresentationWajahat Rajab
 
Physicalsecuritypresentation 130630193821-phpapp01
Physicalsecuritypresentation 130630193821-phpapp01Physicalsecuritypresentation 130630193821-phpapp01
Physicalsecuritypresentation 130630193821-phpapp01brijesh singh
 
Photovoltaic Training Course - Module 3.4 - plant security
Photovoltaic Training Course - Module 3.4 - plant securityPhotovoltaic Training Course - Module 3.4 - plant security
Photovoltaic Training Course - Module 3.4 - plant securityLeonardo ENERGY
 
Arc Presentation.pptx
Arc Presentation.pptxArc Presentation.pptx
Arc Presentation.pptxAlankarSharma14
 
Surge Protection
Surge ProtectionSurge Protection
Surge Protectionmichaeljmack
 
Uninterruptible power supply installations at mines Murray Timpson
Uninterruptible power supply installations at mines Murray TimpsonUninterruptible power supply installations at mines Murray Timpson
Uninterruptible power supply installations at mines Murray TimpsonNSW Environment and Planning
 
IP (Ingress protection) Ratings
IP (Ingress protection) RatingsIP (Ingress protection) Ratings
IP (Ingress protection) RatingsShamanth SH
 
See4423 chapter1 introduction[1]
See4423 chapter1 introduction[1]See4423 chapter1 introduction[1]
See4423 chapter1 introduction[1]mdshahmajid
 
10.Electrical and Equipment Safety (1).ppt
10.Electrical and Equipment Safety (1).ppt10.Electrical and Equipment Safety (1).ppt
10.Electrical and Equipment Safety (1).pptazmatdbg3
 
10.Electrical and Equipment Safety.ppt
10.Electrical and Equipment Safety.ppt10.Electrical and Equipment Safety.ppt
10.Electrical and Equipment Safety.pptanu200770
 
10.Electrical and Equipment Safety.ppt
10.Electrical and Equipment Safety.ppt10.Electrical and Equipment Safety.ppt
10.Electrical and Equipment Safety.pptRajaMannar6
 
Sansbox Mining SBM EMCA Presentation 2016
Sansbox Mining SBM EMCA Presentation 2016Sansbox Mining SBM EMCA Presentation 2016
Sansbox Mining SBM EMCA Presentation 2016Hennie Oelofse
 
Legend Power Systems company profile v2
Legend Power Systems company profile v2Legend Power Systems company profile v2
Legend Power Systems company profile v2Jerry Chang
 
Practical Arc Flash Protection for Electrical Safety Professionals
Practical Arc Flash Protection for Electrical Safety ProfessionalsPractical Arc Flash Protection for Electrical Safety Professionals
Practical Arc Flash Protection for Electrical Safety ProfessionalsLiving Online
 

Weitere ähnliche Inhalte

Was ist angesagt?

Telemecanqiue Cabling and Accessories Briefing
Telemecanqiue Cabling and Accessories BriefingTelemecanqiue Cabling and Accessories Briefing
Telemecanqiue Cabling and Accessories BriefingSchneider Electric
 

Was ist angesagt? (6)

Telemecanqiue Cabling and Accessories Briefing
Telemecanqiue Cabling and Accessories BriefingTelemecanqiue Cabling and Accessories Briefing
Telemecanqiue Cabling and Accessories Briefing
 
DI Product Presentation Feb 2018
DI Product Presentation Feb 2018DI Product Presentation Feb 2018
DI Product Presentation Feb 2018
 
Physical security
Physical securityPhysical security
Physical security
 
Exloc is hj
Exloc is hjExloc is hj
Exloc is hj
 
RackMountBrochure
RackMountBrochureRackMountBrochure
RackMountBrochure
 
MATC Fall Lecture Series: Steve Garbe
MATC Fall Lecture Series: Steve GarbeMATC Fall Lecture Series: Steve Garbe
MATC Fall Lecture Series: Steve Garbe
 

Ähnlich wie Information Security Lesson 10 - Operational Security - Eric Vanderburg

Information Security Lesson 5 - Network Infrastructure - Eric Vanderburg
Information Security Lesson 5 - Network Infrastructure - Eric VanderburgInformation Security Lesson 5 - Network Infrastructure - Eric Vanderburg
Information Security Lesson 5 - Network Infrastructure - Eric VanderburgEric Vanderburg
 
Andreas Agostin Installation Solutions
Andreas Agostin Installation SolutionsAndreas Agostin Installation Solutions
Andreas Agostin Installation SolutionsFieldComm Group
 
Physical Security Presentation
Physical Security PresentationPhysical Security Presentation
Physical Security PresentationWajahat Rajab
 
Physicalsecuritypresentation 130630193821-phpapp01
Physicalsecuritypresentation 130630193821-phpapp01Physicalsecuritypresentation 130630193821-phpapp01
Physicalsecuritypresentation 130630193821-phpapp01brijesh singh
 
Photovoltaic Training Course - Module 3.4 - plant security
Photovoltaic Training Course - Module 3.4 - plant securityPhotovoltaic Training Course - Module 3.4 - plant security
Photovoltaic Training Course - Module 3.4 - plant securityLeonardo ENERGY
 
Uninterruptible power supply installations at mines Murray Timpson
Uninterruptible power supply installations at mines Murray TimpsonUninterruptible power supply installations at mines Murray Timpson
Uninterruptible power supply installations at mines Murray TimpsonNSW Environment and Planning
 
IP (Ingress protection) Ratings
IP (Ingress protection) RatingsIP (Ingress protection) Ratings
IP (Ingress protection) RatingsShamanth SH
 
See4423 chapter1 introduction[1]
See4423 chapter1 introduction[1]See4423 chapter1 introduction[1]
See4423 chapter1 introduction[1]mdshahmajid
 
10.Electrical and Equipment Safety (1).ppt
10.Electrical and Equipment Safety (1).ppt10.Electrical and Equipment Safety (1).ppt
10.Electrical and Equipment Safety (1).pptazmatdbg3
 
10.Electrical and Equipment Safety.ppt
10.Electrical and Equipment Safety.ppt10.Electrical and Equipment Safety.ppt
10.Electrical and Equipment Safety.pptanu200770
 
10.Electrical and Equipment Safety.ppt
10.Electrical and Equipment Safety.ppt10.Electrical and Equipment Safety.ppt
10.Electrical and Equipment Safety.pptRajaMannar6
 
Sansbox Mining SBM EMCA Presentation 2016
Sansbox Mining SBM EMCA Presentation 2016Sansbox Mining SBM EMCA Presentation 2016
Sansbox Mining SBM EMCA Presentation 2016Hennie Oelofse
 
Legend Power Systems company profile v2
Legend Power Systems company profile v2Legend Power Systems company profile v2
Legend Power Systems company profile v2Jerry Chang
 
Practical Arc Flash Protection for Electrical Safety Professionals
Practical Arc Flash Protection for Electrical Safety ProfessionalsPractical Arc Flash Protection for Electrical Safety Professionals
Practical Arc Flash Protection for Electrical Safety ProfessionalsLiving Online
 
Railroad Industry Connectivity Solutions
Railroad Industry Connectivity SolutionsRailroad Industry Connectivity Solutions
Railroad Industry Connectivity SolutionsMETZ CONNECT USA Inc.
 
Power System Protection basics
Power System Protection basicsPower System Protection basics
Power System Protection basicsRajan Singh Tanwar
 
Obstraction light syatem
Obstraction light syatemObstraction light syatem
Obstraction light syatemAhmed Atwa
 

Ähnlich wie Information Security Lesson 10 - Operational Security - Eric Vanderburg (20)

Information Security Lesson 5 - Network Infrastructure - Eric Vanderburg
Information Security Lesson 5 - Network Infrastructure - Eric VanderburgInformation Security Lesson 5 - Network Infrastructure - Eric Vanderburg
Information Security Lesson 5 - Network Infrastructure - Eric Vanderburg
 
Andreas Agostin Installation Solutions
Andreas Agostin Installation SolutionsAndreas Agostin Installation Solutions
Andreas Agostin Installation Solutions
 
Physical Security Presentation
Physical Security PresentationPhysical Security Presentation
Physical Security Presentation
 
Physicalsecuritypresentation 130630193821-phpapp01
Physicalsecuritypresentation 130630193821-phpapp01Physicalsecuritypresentation 130630193821-phpapp01
Physicalsecuritypresentation 130630193821-phpapp01
 
Photovoltaic Training Course - Module 3.4 - plant security
Photovoltaic Training Course - Module 3.4 - plant securityPhotovoltaic Training Course - Module 3.4 - plant security
Photovoltaic Training Course - Module 3.4 - plant security
 
Arc Presentation.pptx
Arc Presentation.pptxArc Presentation.pptx
Arc Presentation.pptx
 
Surge Protection
Surge ProtectionSurge Protection
Surge Protection
 
Uninterruptible power supply installations at mines Murray Timpson
Uninterruptible power supply installations at mines Murray TimpsonUninterruptible power supply installations at mines Murray Timpson
Uninterruptible power supply installations at mines Murray Timpson
 
IP (Ingress protection) Ratings
IP (Ingress protection) RatingsIP (Ingress protection) Ratings
IP (Ingress protection) Ratings
 
See4423 chapter1 introduction[1]
See4423 chapter1 introduction[1]See4423 chapter1 introduction[1]
See4423 chapter1 introduction[1]
 
10.Electrical and Equipment Safety (1).ppt
10.Electrical and Equipment Safety (1).ppt10.Electrical and Equipment Safety (1).ppt
10.Electrical and Equipment Safety (1).ppt
 
10.Electrical and Equipment Safety.ppt
10.Electrical and Equipment Safety.ppt10.Electrical and Equipment Safety.ppt
10.Electrical and Equipment Safety.ppt
 
10.Electrical and Equipment Safety.ppt
10.Electrical and Equipment Safety.ppt10.Electrical and Equipment Safety.ppt
10.Electrical and Equipment Safety.ppt
 
Sansbox Mining SBM EMCA Presentation 2016
Sansbox Mining SBM EMCA Presentation 2016Sansbox Mining SBM EMCA Presentation 2016
Sansbox Mining SBM EMCA Presentation 2016
 
Legend Power Systems company profile v2
Legend Power Systems company profile v2Legend Power Systems company profile v2
Legend Power Systems company profile v2
 
Practical Arc Flash Protection for Electrical Safety Professionals
Practical Arc Flash Protection for Electrical Safety ProfessionalsPractical Arc Flash Protection for Electrical Safety Professionals
Practical Arc Flash Protection for Electrical Safety Professionals
 
Railroad Industry Connectivity Solutions
Railroad Industry Connectivity SolutionsRailroad Industry Connectivity Solutions
Railroad Industry Connectivity Solutions
 
Power System Protection basics
Power System Protection basicsPower System Protection basics
Power System Protection basics
 
Obstraction light syatem
Obstraction light syatemObstraction light syatem
Obstraction light syatem
 
Whitesands
WhitesandsWhitesands
Whitesands
 

Mehr von Eric Vanderburg

GDPR, Data Privacy and Cybersecurity - MIT Symposium
GDPR, Data Privacy and Cybersecurity - MIT SymposiumGDPR, Data Privacy and Cybersecurity - MIT Symposium
GDPR, Data Privacy and Cybersecurity - MIT SymposiumEric Vanderburg
 
Modern Security the way Equifax Should Have
Modern Security the way Equifax Should HaveModern Security the way Equifax Should Have
Modern Security the way Equifax Should HaveEric Vanderburg
 
Cybercrime and Cyber Threats - CBLA - Eric Vanderburg
Cybercrime and Cyber Threats - CBLA - Eric VanderburgCybercrime and Cyber Threats - CBLA - Eric Vanderburg
Cybercrime and Cyber Threats - CBLA - Eric VanderburgEric Vanderburg
 
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...Eric Vanderburg
 
Mobile Forensics and Cybersecurity
Mobile Forensics and CybersecurityMobile Forensics and Cybersecurity
Mobile Forensics and CybersecurityEric Vanderburg
 
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...Eric Vanderburg
 
Ransomware: 2016's Greatest Malware Threat
Ransomware: 2016's Greatest Malware ThreatRansomware: 2016's Greatest Malware Threat
Ransomware: 2016's Greatest Malware ThreatEric Vanderburg
 
Emerging Technologies: Japan’s Position
Emerging Technologies: Japan’s PositionEmerging Technologies: Japan’s Position
Emerging Technologies: Japan’s PositionEric Vanderburg
 
Principles of technology management
Principles of technology managementPrinciples of technology management
Principles of technology managementEric Vanderburg
 
Japanese railway technology
Japanese railway technologyJapanese railway technology
Japanese railway technologyEric Vanderburg
 
Evaluating japanese technological competitiveness
Evaluating japanese technological competitivenessEvaluating japanese technological competitiveness
Evaluating japanese technological competitivenessEric Vanderburg
 
Japanese current and future technology management challenges
Japanese current and future technology management challengesJapanese current and future technology management challenges
Japanese current and future technology management challengesEric Vanderburg
 
Technology management in Japan: Robotics
Technology management in Japan: RoboticsTechnology management in Japan: Robotics
Technology management in Japan: RoboticsEric Vanderburg
 
Incident response table top exercises
Incident response table top exercisesIncident response table top exercises
Incident response table top exercisesEric Vanderburg
 
The Prescription for Protection - Avoid Treatment Errors To The Malware Problem
The Prescription for Protection - Avoid Treatment Errors To The Malware ProblemThe Prescription for Protection - Avoid Treatment Errors To The Malware Problem
The Prescription for Protection - Avoid Treatment Errors To The Malware ProblemEric Vanderburg
 
Cloud Storage and Security: Solving Compliance Challenges
Cloud Storage and Security: Solving Compliance ChallengesCloud Storage and Security: Solving Compliance Challenges
Cloud Storage and Security: Solving Compliance ChallengesEric Vanderburg
 
Hacktivism: Motivations, Tactics and Threats
Hacktivism: Motivations, Tactics and ThreatsHacktivism: Motivations, Tactics and Threats
Hacktivism: Motivations, Tactics and ThreatsEric Vanderburg
 
Correct the most common web development security mistakes - Eric Vanderburg
Correct the most common web development security mistakes - Eric VanderburgCorrect the most common web development security mistakes - Eric Vanderburg
Correct the most common web development security mistakes - Eric VanderburgEric Vanderburg
 
Deconstructing website attacks - Eric Vanderburg
Deconstructing website attacks - Eric VanderburgDeconstructing website attacks - Eric Vanderburg
Deconstructing website attacks - Eric VanderburgEric Vanderburg
 
Countering malware threats - Eric Vanderburg
Countering malware threats - Eric VanderburgCountering malware threats - Eric Vanderburg
Countering malware threats - Eric VanderburgEric Vanderburg
 

Mehr von Eric Vanderburg (20)

GDPR, Data Privacy and Cybersecurity - MIT Symposium
GDPR, Data Privacy and Cybersecurity - MIT SymposiumGDPR, Data Privacy and Cybersecurity - MIT Symposium
GDPR, Data Privacy and Cybersecurity - MIT Symposium
 
Modern Security the way Equifax Should Have
Modern Security the way Equifax Should HaveModern Security the way Equifax Should Have
Modern Security the way Equifax Should Have
 
Cybercrime and Cyber Threats - CBLA - Eric Vanderburg
Cybercrime and Cyber Threats - CBLA - Eric VanderburgCybercrime and Cyber Threats - CBLA - Eric Vanderburg
Cybercrime and Cyber Threats - CBLA - Eric Vanderburg
 
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
 
Mobile Forensics and Cybersecurity
Mobile Forensics and CybersecurityMobile Forensics and Cybersecurity
Mobile Forensics and Cybersecurity
 
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
 
Ransomware: 2016's Greatest Malware Threat
Ransomware: 2016's Greatest Malware ThreatRansomware: 2016's Greatest Malware Threat
Ransomware: 2016's Greatest Malware Threat
 
Emerging Technologies: Japan’s Position
Emerging Technologies: Japan’s PositionEmerging Technologies: Japan’s Position
Emerging Technologies: Japan’s Position
 
Principles of technology management
Principles of technology managementPrinciples of technology management
Principles of technology management
 
Japanese railway technology
Japanese railway technologyJapanese railway technology
Japanese railway technology
 
Evaluating japanese technological competitiveness
Evaluating japanese technological competitivenessEvaluating japanese technological competitiveness
Evaluating japanese technological competitiveness
 
Japanese current and future technology management challenges
Japanese current and future technology management challengesJapanese current and future technology management challenges
Japanese current and future technology management challenges
 
Technology management in Japan: Robotics
Technology management in Japan: RoboticsTechnology management in Japan: Robotics
Technology management in Japan: Robotics
 
Incident response table top exercises
Incident response table top exercisesIncident response table top exercises
Incident response table top exercises
 
The Prescription for Protection - Avoid Treatment Errors To The Malware Problem
The Prescription for Protection - Avoid Treatment Errors To The Malware ProblemThe Prescription for Protection - Avoid Treatment Errors To The Malware Problem
The Prescription for Protection - Avoid Treatment Errors To The Malware Problem
 
Cloud Storage and Security: Solving Compliance Challenges
Cloud Storage and Security: Solving Compliance ChallengesCloud Storage and Security: Solving Compliance Challenges
Cloud Storage and Security: Solving Compliance Challenges
 
Hacktivism: Motivations, Tactics and Threats
Hacktivism: Motivations, Tactics and ThreatsHacktivism: Motivations, Tactics and Threats
Hacktivism: Motivations, Tactics and Threats
 
Correct the most common web development security mistakes - Eric Vanderburg
Correct the most common web development security mistakes - Eric VanderburgCorrect the most common web development security mistakes - Eric Vanderburg
Correct the most common web development security mistakes - Eric Vanderburg
 
Deconstructing website attacks - Eric Vanderburg
Deconstructing website attacks - Eric VanderburgDeconstructing website attacks - Eric Vanderburg
Deconstructing website attacks - Eric Vanderburg
 
Countering malware threats - Eric Vanderburg
Countering malware threats - Eric VanderburgCountering malware threats - Eric Vanderburg
Countering malware threats - Eric Vanderburg
 

Kürzlich hochgeladen

Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...Nikki Chapple
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesBernd Ruecker
 
A Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxA Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxAna-Maria Mihalceanu
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observabilityitnewsafrica
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein
 
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...Karmanjay Verma
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...amber724300
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
Kuma Meshes Part I - The basics - A tutorial
Kuma Meshes Part I - The basics - A tutorialKuma Meshes Part I - The basics - A tutorial
Kuma Meshes Part I - The basics - A tutorialJoão Esperancinha
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024TopCSSGallery
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
All These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFAll These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFMichael Gough
 

Kürzlich hochgeladen (20)

Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architectures
 
A Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxA Glance At The Java Performance Toolbox
A Glance At The Java Performance Toolbox
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
 
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
Kuma Meshes Part I - The basics - A tutorial
Kuma Meshes Part I - The basics - A tutorialKuma Meshes Part I - The basics - A tutorial
Kuma Meshes Part I - The basics - A tutorial
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
All These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFAll These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDF
 

Information Security Lesson 10 - Operational Security - Eric Vanderburg

  • 1. Information Security Chapter 10 Operational Security Information Security © 2006 Eric Vanderburg
  • 2. Physical Security • Often overlooked • Securing devices – Remove or disable I/O hardware – Lock servers in the rack – Biometrics • Server room /wiring closet Information Security © 2006 Eric Vanderburg
  • 3. Locks • Preset lock (key-in-knob lock) – automatically locks when it is closed. • Deadbolt – harder to break – requires key to lock and unlock • Cipher lock – button combination lock. It can also work at certain times (more expensive) • Securing keys – – – – – – – Track when keys are issued Issue keys to authorized people Inspect locks regularly Change locks when keys are lost Master keys should not be easily identified as a Master Lock up unused/spare keys Mark “Do not duplicate” on Master keys and remove the serial number so they cannot be reordered Information Security © 2006 Eric Vanderburg
  • 4. Physical Security • Suspended ceiling – metal grid with ceiling tiles • HVAC (Heating Ventilation and Air Conditioning) – ducts that can be used to gain building access. • Exposed door hinges – Hinges should be be on the inside so that the pins cannot be removed from the outside. • Provide adequate lighting • Monitor dead end corridors • Minimize the number of entry points • Post guards at secure locations or checkpoints • Install cameras Information Security © 2006 Eric Vanderburg
  • 5. Social Engineering • Train employees • Define what information is to be given out • People entering the facility should be preapproved and escorted through the building Information Security © 2006 Eric Vanderburg
  • 6. Wireless • • • • • • Site surveys Reposition APs Adjust signal strength Change antenna type from omni to patch or yagi Use a different frequency (802.11b/g  802.11a) Make structural changes – Ground interior studded walls – Use metal windows treatments – Use thermally insulated glass with a copper film for windows – Use metallic doped paints on walls – Line network closets with aluminum sheeting or chicken wire. Information Security © 2006 Eric Vanderburg
  • 7. Wired Signals • Interferrence – EMI (Electromagnetic Interference) – motor or lights – RFI (Radio Frequency Interference) – RF waves that conflict with the signal in the cable – NEXT (Near End Crosstalk) – One wire causes interference for another wire • Attenuation – Signals decrease in strength over time – Regenerate the signal • Equipment can be used to attempt to capture information traveling along a wire. Information Security © 2006 Eric Vanderburg
  • 8. Shielding • TEMPEST (Telecommunications Electronics Material Protected from Emanating Spurious Transmissions) – Standard for stopping other from picking up stray RFI or EMI signals from components – Applies to an entire system • Faraday cage – metallic mesh enclosure that is grounded to prevent electromagnetic radiation from escaping or entering (used much in testing of equipment) Information Security © 2006 Eric Vanderburg
  • 9. Fire • Extinguishers • Automated systems – Sprinklers – Dry chemical systems – Clean agent systems Information Security © 2006 Eric Vanderburg
  • 10. Business Continuity • A plan that explains how business will continue when problems occur. • BCP (Business Continuity Plan) – – Identify the goals of the business (these must be maintained) – Formulate continuity strategies – changes that occur now for each event – Develop a response – what should be done in each case – Test the plan – run through a scenario/drill Information Security © 2006 Eric Vanderburg
  • 11. Continuity Planning • Largest issue is power – UPS (Uninterruptible Power Supply) – Notify administrators of power outages – Notify users to log off – Prevent new users from logging on – Disconnect users and shut down Information Security © 2006 Eric Vanderburg
  • 12. Redundancy • RAID (Redundant Array of Inexpensive Disks) – RAID 0 – RAID 1 – RAID 5 – RAID 0+1 – RAID 10 • Backups Information Security © 2006 Eric Vanderburg
  • 13. Disaster Recovery • DRP (Disaster Recovery Plan) – Plan for how to deal with and recover from a catastrophic event – Purpose – Recovery team – who directs the plan – Preparation – what is done on a regular basis – Emergency Procedures – when the disaster happens – Recovery Procedures – after the disaster Information Security © 2006 Eric Vanderburg
  • 14. Recovery • Hot Site – All equipment necessary – Live communication links – Fully replicated • Cold Site – Office space but no equipment • Warm Site – Equipment is installed but communication must be enabled – Recovered up to the last backup applied Information Security © 2006 Eric Vanderburg
  • 15. Acronyms • • • • • • • BCP, Business Continuity Plan DRP, Disaster Recovery Plan EMI, Electromagnetic Interference NEXT, Near End Crosstalk RFI, Radio Frequency Interference RAID, Redundant Array of Independent Disks TEMPEST, Telecommunications Electronics Material Protected from Emanating Spurious Transmissions • UPS, Uninterruptible Power Supply Information Security © 2006 Eric Vanderburg