Operations security involves keeping up with implemented solutions, keeping track of changes, properly maintaining systems, continuing enforcing necessary standards and following through with security practices and tasks. In light of these operations security, provide examples of operations security and organization must practice. You may use fictitious examples to support your argument.
Operations security is the most important aspect in ensuring the safety of information and data stored in the organization. In order to keep the operations security properly operational to protect the system is by focusing on the changes in systems and organization. It is because that only change is constant. Configuration management and change management should be at priority in operations security because both have the important role. The company should focus on implementing a policy that could ensure that the changes in system or policies are according to the standards. These standards should highlight that how the changes will take place, who are authorized to make changes and how the changes should be documented and communicated with other employees. The security practice implemented on a day in system does not ensure that the same security policy and practice will be enough to the coming week as well. There is possibility that a new virus attacks the system and the anti-virus is not updated then it might attack and compromise the confidentiality and integrity of information.
The changes in the system can cause a serious damage to the system and whole organization so it must be managed that a change in system should be approved through a structured manner. In order to implement a change in the system it should pass Change Control Process. In this process the change should be presented to a group of people who are responsible for approving the change and a reason for implementing change should also be provided to that team. After the change is approved it should be documented in change log and before implementation it should be tested and verified that it will be safe for the system. After the verification the change should be implemented and the change should be reported to all employees as well so they are also aware of any new feature of system (Rouse, 2011).
A continuous audit of security policies should also be a part of operations security that could track down new threats in security system and new security policies and practices could be implemented. The most important aspect in operation security is documentation that could keep record of all the security policies implemented in organization and any changes in it (Security). If a software or application is out dated or might have security threats should also be documented so that no other person should install that application.
The security team should always keep record of new threats in the market and do audit of the system; if the system is ready to face those threats to secure the system or not. The encryption of information, strong password policies, educating the employees for using computer system and internet. The roles of the users should be clearly defined by the security policies. In general the users should be divided in two groups; one who will be administrative users and other ones are standard users. Administrative users are the ones who can control the privileges for other users and the standard users can mostly install application and user them; application allowed by the administrator.
Explain why following operations security practices are important.
Data should be classified, and the necessary technical control should be put into place to protect its integrity, confidentiality and availability.
Hacker tools are becoming increasingly more sophisticated while requiring increasingly lesser knowledge by the attacker about how they work.
Clipping levels should be implemented to establish a baseline of user activity and acceptable errors.
Sensitive information should contain the correct markings and labels to indicate the corresponding sensitivity level.
A teardrop attack involves sending malformed fragmented packets to a vulnerable system.
Improper mail relay configuration allow for mail servers to be used to forward spam messages.
Phishing involves an attacker sending false messages to a victim in the hopes that the victim will provide personal information that can be used to steal their identity.
The data is meant to be protected from unauthorized persons as data should maintain its integrity and confidentiality. It is also important that data should be available to users all the time, however it is important that the legitimate user only gets access to data that he is authorized to. The system contains data that can be very sensitive and is for only few employees in organization. The higher authorities are allowed to access that sensitive information and no other employee or user is allowed to access that information. Moreover, the information should be encrypted as well when it is being transferred over a network as the information can be hacked by packet sniffing technique. In order to ensure confidentiality, integrity and viability of information it is important to implement all necessary protocols that could ensure all the aforementioned aspects. The information is very important and it should only be accessed by authorized users and management only.
As the use of digital technologies in organizations is increasing for storage and transfer of data, the hackers are also becoming quite sophisticated in their techniques of attacks. They are always looking for developing such tools and software that look like an authenticated product that users install on their computers. There is need to understand new practices being adopted by hackers and counter those threats. A simple example of such sophisticate attack is that the hackers now design the interface of website that is just like original and attract customers to believe and provide their credentials to log in. Some application contain malware that run at the background without knowledge of user. All these threats should be considered as well.
When an attacker tries to get into the system there might be times when he has to try different method to get access. There should be a clipping level implemented with a defined baseline threshold; that could alarm the network administrator once the threshold is crossed. This methodology is also called Intrusion Detection System (IDS). For example if an intruder gets to know the username of a person and tries to guess the password from different information relevant to the users. The authentication control should allow only 3 tries for login system, if user fails to provide accurate password after three times then an email should be generated to alarm the network administrator and the user.
The information system contains all kinds of information; that could include information of the user, sensitive information and employee’s information. The sensitive information is meant for only for few employees or directors of organization. While storing such information, it must be marked to be accessed by only few authorized persons only. If someone tries to access that sensitive information, the system should check the privileges assigned to that user, if he is allowed to access that information or not. Another way to secure that information is to set a two way authentication system that a PIN should be sent to that user’s cell number. If the user will be legitimate then he will enter the PIN, otherwise he could know that someone is trying to access sensitive information using his account.
Fault-tolerant system is important to ensure availability of information. The information is meant to be available all the times so that users can access them anytime. Incase if there is hardware failure or software error, the whole system could stop working or some parts of it. In order to make the system in working position all the time, it is important to make sure even if there is any hardware failure in the system it should keep working (Rouse, Fault-Tolerant, 2005). Fault-tolerant system is most expensive system to ensure availability of information but it is best as well. It keeps the system running all the time even if hardware failure occurs.
A teardrop attack could result in Denial of Service attack, as the system tries to reassemble the malformed packets and freezes (Radware). This would stop the users to access the system and relevant information. The system should have ingress system to detect these packets so that the system does not freezes with teardrop attack.
Mail servers should be configured properly because if a mail server is configured improperly then the spammers could user that mail server to send spam message for advertisement or adult content. It is because the spammers do not want the origin of mail to be tracked so they look for mail servers that are configured as “wide open” so that they could that server to send spam emails.
Phishing attacks are sophisticated in their nature as they imitate as to be originated from an original website but they extract user’s information by imitating to be original (Tank). A simple example is that a user receives an email from a bank with a link that will redirect them to bank’s website. However in reality the email is from hacker and the link will redirect the user to website owned by the attacked with exactly same interface of bank website. The user provides credential to login to the system but the hacker will get that information to login to user’s original bank account. In this regard educating the employees could help stop phishing attacks. They must be aware of such spam website and where they should user their credentials.
Radware. (n.d.). Teardrop Attack. Retrieved from Radware: https://security.radware.com/ddos-knowledge-center/ddospedia/teardrop-attack/
Rouse, M. (2005, 9). Fault-Tolerant. Retrieved from Tech Target: http://searchdisasterrecovery.techtarget.com/definition/fault-tolerant
Rouse, M. (2011, 1). Change Control. Retrieved from Tech Target: http://searchdisasterrecovery.techtarget.com/definition/change-control
Security, T. (n.d.). IT Security Audit. Retrieved from Trace Security: https://www.tracesecurity.com/services/it-security-audit
Tank, P. (n.d.). What is phishing? Retrieved from Phish Tank: https://www.phishtank.com/what_is_phishing.php