Domain 5.0 Operational / Organizational Security
5.1 Understand the application of the following concepts of physical security
Computer and network security is not only about the securing data and information on computers, but securing the physical computers as well. Attackers may try to get physical access to your systems, which should be prevented.
o Access Control - Physical access control involves limiting the places people can go and managing access to critical rooms. ID cards can help identify personnel who need access for a certain reason. There can be access logs where everybody must sign in and out of a room or building. Guests should be accompanied by a trusted employee at all times. Alarms may be used to alert security personnel of unauthorized access attempts. Computers should not have any accounts without passwords and should be locked when not in use.
o Physical Barriers - Physical barriers are fairly effective for keeping things safe. There can be locks, keypads, card scanners, or another device to lock doors and keep people from going into the room. Servers and other network devices should be locked in a rack or cabinet to prevent unauthorized access. Windows should be shut and locked and large air vents should have bolted grates. A raised floor should be protected as well as a false ceiling. Make sure there is no way to gain access without the proper credentials from any direction.
o Biometrics - Biometrics use human characteristics for authentication and access control. This can be a very secure method of access control.
o Social Engineering - Social engineering attacks can attempt to gain physical access to a system. For example, an attacker may dress as a maintenance worker to gain access to the server. Education is the best way to prevent social engineering.
o Environment - The environment around computer should also be monitored. High temperatures and high humidity can damage computer components. EMI and electrostatic discharge (ESD) can also damage computers, so they should be protected against.
o Wireless Cells - Wireless data can pass through walls and be picked up with specially made antennas from "war drivers." If possible, shield the walls, but some shielding also blocks cell phone signals.
o Location - Location of the company is important. If tornadoes or hurricanes are common, the walls should be built to resist breaking from high winds. Additionally, the location of important network devices is crucial. Servers shouldn't be placed in the lobby. They should maybe be placed off the ground so water spills won't damage them, but not high enough that they are likely to fall. Keep cables organized and out of the way so they are not tripped over.
o Shielding - As mentioned, shielding may be used to prevent unwanted wireless signals from going out or coming in.
o Fire Suppression - it is very important to have a working fire suppression system. Previously, many companies used halon gas, which could be used with bromine, which combined with hydrogen instead of oxygen, which removed the fuel for the fire. But, halon damages the ozone, and is no longer used. Alternatives include Inergen, Heptafluoropropane, Trifluromethane, Carbon Dioxide, etc. There are four classes of fire extinguishers, but many extinguishers are multi-class meaning that they can be used with more than one type of fire.
Class A - these are meant for ordinary fires from materials such as wood or paper
Class B - these are used on flammable liquids such as oil and grease.
Class C - these are for electrical fires when something like water would make it worse.
Class D - these are for flammable metals and are usually only for a specific metal.
5.2 Understand the security implications of the following topics of disaster recovery
o Backups - Backups should be done frequently, and these backups should be kept secure. Files have what is known as an archive bit. This shows if the file has changed since the last backup. There are several types of backups:
Full backup - this backup type backs up all of the data and marks the archive bit of files as being backed up
Incremental backup - this is the fastest backup since it only backs up data that changed since the last backup and marks the archive bit as being backed up.
Differential backup - this type of backup backs up all of the data changed after the last full backup was performed. It does not mark the archive bit as backed up.
Copy backup - this is a full backup except that the archive bit is not changed.
Rotation - all backup plans should rotate following a certain plan. One popular plan is the Grandfather-father-son (GFS) which has daily, weekly, and monthly backups and sets of tapes. There is a minimum of one full backup each week and differential or incremental backups on the other days. After the week is finished, the backups are stored and another set is created. After a certain amount of time, the incremental/differential tapes can be reused since it would be too expensive to keep buying tapes, but the full backup tapes can be kept until the month is over, then just one is kept for that month.
Backups should always be verified.
o Off Site Storage - it is best to have multiple backups stored at multiple locations. There are many companies that will store your backups for you in a secure location.
o Secure Recovery - recovery varies depending on the damage and backup type. If there is only software damage, just the backups can be used. If there are only full backups, restore the last full backup. For a full backup w/ incremental backups daily, just restore the last full backup and each daily backup since then. For a full with differential, you have to restore just the last full backup and the latest differential backup.
o Alternate Sites - many companies that require minimum or no downtime have alternate sites where the backups can be restored on servers and continue there if something happens to the main site. There are a few different types:
Hot sites - these have everything necessary to continue operation almost instantly: software, hardware, network connections, etc. Data on the main server is replicated on the server in a hot site, so no backups have to be restored.
Warm sites - these have a portion of the hardware, software, and other tools ready and would require a short period of time to setup. Backups would probably have to be restored.
Cold site - these require more work than warm sites to setup. When a disaster comes, nearly everything must be setup, but there is a location to do it in.
o Disaster Recovery Plan - All companies should have a disaster recovery plan. These list certain potential threats and how to best deal with them. A DRP is more based on IT functionality while a business continuity plan (BCP) is more based on the entire business.
5.3 Understand the security implications of the following topics of business continuity
o Utilities - There are devices such as uninterruptible power supplies (UPSes) that can use a battery to provide power for a short period of time in the event of a power outage. Many companies also have backup generators that can provide power for the business for an extended period of time.
o High Availability / Fault Tolerance - It is best to avoid having one single point on which many things depend, because if that point is broken or fails, everything is brought down. Reduncancy can help make resources available more often.
o Backups - see 5.2
5.4 Understand the concepts and uses of the following types of policies and procedures
o Security Policy
o Acceptable Use
o Due Care
o Privacy
o Separation of Duties
o Need to Know
o Password Management
o SLAs (Service Level Agreements)
o Disposal / Destruction
o HR (Human Resources) Policy
􀂃 Termination (Adding and revoking passwords and privileges, etc.)
􀂃 Hiring (Adding and revoking passwords and privileges, etc.)
􀂃 Code of Ethics
o Incident Response Policy
5.5 Explain the following concepts of privilege management
o User / Group / Role Management
o Single Sign-on
o Centralized vs. Decentralized
o Auditing (Privilege, Usage, Escalation)
o MAC / DAC / RBAC (Mandatory Access Control / Discretionary Access Control / Role Based Access
Control)
5.6 Understand the concepts of the following topics of forensics
o Chain of Custody
o Preservation of Evidence
o Collection of Evidence
5.7 Understand and be able to explain the following concepts of risk identification
o Asset Identification
o Risk Assessment
o Threat Identification
o Vulnerabilities
5.8 Understand the security relevance of the education and training of end users, executives and human resources
o Communication
o User Awareness
o Education
o On-line Resources
5.9 Understand and explain the following documentation concepts
o Standards and Guidelines
o Systems Architecture
o Change Documentation
o Logs and Inventories
o Classification
o Notification
o Retention / Storage
o Destruction
Resources:
PrepLogic Security+ Mega Guide - http://www.preplogic.com/products/mega-guides/mega-guides-product-details.asp?eid=129
ExamCram CompTIA Security+ ISBN 0-7897-2910-5 Que Publishing July 2006.
http://www.hanford.gov/fire/safety/extingrs.htm
This page was last modified on 07/28/07 02:05 PM