Download
1 / 69
690 likes | 695 Vues
Learn how to ensure the availability and security of your business in the face of system failures, disasters, and security threats. Understand business impact analysis, recovery time objectives (RTO), recovery point objectives (RPO), and various techniques for business continuity and disaster recovery planning.
E N D
Overview: Designing SecurityBusiness Continuity Security Planning Susan Lincke
Information Security Goals Confidentiality CIA Triad Integrity Availability Conformity to Law & Privacy Requirements
Imagine a system failure… • Server failure • Disk System failure • Hacker break-in • Denial of Service attack • Extended power failure • Snow storm • Spyware • Malevolent virus or worm • Earthquake, tornado • Employee error or revenge • How will this affect each business?
First Step: Business Impact Analysis • Which business processes are of strategic importance? • What disasters could occur? • What impact would they have on the organization financially? Legally? On human life? On reputation? • What is the required recovery time period? • Answers obtained via questionnaire, interviews, or meeting with key users of IT
Event Damage Classification Negligible: No significant cost or damage Minor: A non-negligible event with no material or financial impact on the business Major: Impacts one or more departments and may impact outside clients Crisis: Has a major material or financial impact on the business Minor, Major, & Crisis events should be documented and tracked to repair
Recovery Time: Terms Interruption Window: Time duration organization can wait between point of failure and service resumption Service Delivery Objective (SDO): Level of service in Alternate Mode Maximum Tolerable Outage: Max time in Alternate Mode Disaster Recovery Plan Implemented Regular Service Regular Service Alternate Mode SDO Time… Restoration Plan Implemented Interruption Window Interruption Maximum Tolerable Outage
Definitions Business Continuity: Offer critical services in event of disruption Disaster Recovery: Survive interruption to computer information systems Alternate Process Mode: Service offered by backup system Disaster Recovery Plan (DRP): How to transition to Alternate Process Mode Restoration Plan: How to return to regular system mode
Classification of Services Critical $$$$: Cannot be performed manually. Tolerance to interruption is very low Vital $$: Can be performed manually for very short time Sensitive $: Can be performed manually for a period of time, but may cost more in staff Nonsensitive¢: Can be performed manually for an extended period of time with little additional cost and minimal recovery effort
RPO and RTO Recovery Point Objective Recovery Time Objective Interruption Interruption 1 1 1 Hour Day Week 1 1 1 Week Day Hour How far back can you fail to? How long can you operate without a system? One week’s worth of data? Which services can last how long?
Recovery Point Objective Backup Images Mirroring: RAID Orphan Data: Data which is lost and never recovered. RPO influences the Backup Period
Business Impact Analysis Summary Work Book Partial BIA for a university
High Availability Solutions • RAID: Local disk redundancy • Fault-Tolerant Server: When primary server fails, backup server resumes service. • Distributed Processing: Distributes load over multiple servers. If server fails, remaining server(s) attempt to carry the full load. • Storage Area Network (SAN): disk network supports remote backups, data sharing and data migration between different geographical locations
RAID – Data Mirroring AB CD ABCD ABCD RAID 0: Striping RAID 1: Mirroring AB CD Parity Higher Level RAID: Striping & Redundancy Redundant Array of Independent Disks
Network Disaster Recovery Last-mile circuit protection E.g., Local: microwave & cable Alternative Routing >1 Medium or > 1 network provider Long-haul network diversity Redundant network providers Redundancy Includes: Routing protocols Fail-over Multiple paths Diverse Routing Multiple paths, 1 medium type Voice Recovery Voice communication backup
Question The amount of data transactions that are allowed to be lost following a computer failure (i.e., duration of orphan data) is the: Recovery Time Objective Recovery Point Objective Service Delivery Objective Maximum Tolerable Outage
Question When the RTO is large, this is associated with: Critical applications A speedy alternative recovery strategy Sensitive or nonsensitive services An extensive restoration plan
Question When the RPO is very short, the best solution is: Cold site Data mirroring A detailed and efficient Disaster Recovery Plan An accurate Business Continuity Plan
Summary The main issue with Business Continuity is AVAILABILITY: How can an organization continue to operate without computers? BIA & BC Which services should be prioritized? Criticality Classification How much time/data can we afford to lose per service? RTO & RPO How does IT recover? Disaster Recovery Plan Techniques include: Cloud Recovery Sites Redundancy/High Availability Big Data Backup & Recovery Ensuring success: Planning Testing Measuring Insurance
Information Security Principles Need-to-know: Persons should have ability to access data sufficient to perform primary job and no more Least Privilege: Persons should have ability to do tasks sufficient to perform primary job and no more Segregation of Duties: Ensure that no person can assume two roles: Origination, Authorization, Distribution, Verification Privacy: Personal/private info is retained only when a true business need exists: Privacy is a liability • Retain records for short time Personnel office should change permissions as jobs change
Information Owneror Data Owner Is responsible for the data within business (mgr/director - not IS staff) Determines who can have access to data and may grant permissions directly OR Gives written permission for access directly to security administrator, to prevent mishandling or alteration Periodically reviews authorization to restrict authorization creep
Other Positions Data Custodian • IS (security or IT) employee who safeguards the data • Performs backup/restore • Verifies integrity of data • Documents activities • May be System Administrator Security Administrator • Allocates access to employees based on written documentation • Monitors access to terminals and applications • Monitors invalid login attempts • Prepares security reports
Criticality Classification Critical $$$$: Cannot be performed manually. Tolerance to interruption is very low Vital $$: Can be performed manually for very short time Sensitive $: Can be performed manually for a period of time, but may cost more in staff Nonsensitive ¢: Can be performed manually for an extended period of time with little additional cost and minimal recovery effort
Proprietary: Strategic Plan Confidential: Salary & Health Info Private: Product Plans Public Product Users Manual near Release Sensitivity Classification(Example) Internal
Permission types Read, inquiry, copy Create, write, update, append, delete Execute, check Access Matrix Model (HRU)
Information Asset Inventory Work book
Question The person responsible for deciding who should have access to a data file is: • Data custodian • Data owner • Security administrator • Security manager
Question Least Privilege dictates that: • Persons should have the ability to do tasks sufficient to perform their primary job and no more • Access rights and permissions shall be commensurate with a person’s position in the corporation: i.e., lower layers have fewer rights • Computer users should never have administrator passwords • Persons should have access permissions only for their security level: Confidential, Private or Sensitive
Question A concern with personal or private information is that: • Data is not kept longer than absolutely necessary • Data encryption makes the retention of personal information safe • Private information on disk should never be taken off-site • Personal data is always labeled and handled as critical or vital to the organization
Question The person responsible for restricting and monitoring permissions is the: • Data custodian • Data owner • Security administrator • Security manager
Security: Defense in Depth Border Router Perimeter firewall Internal firewall Intrusion Detection System Policies & Procedures & Audits Authentication Access Controls
Attacking the NetworkWhat ways do you see of getting in? Border Router/Firewall The Internet De-Militarized Zone Commercial Network Internal Firewall WLAN Private Network
Filters: Firewalls & Routers The good, the bad & the ugly… Filter The Good The bad & the ugly Route Filter: Verifies source/destination IP addresses Packet Filter: Scans headers of packets Content Filter: Scans contents of packet (e.g., IPS) Default Deny: Any packet not explicitly permitted is rejected Fail Safe or Fail Secure: If router fails, it fails shut
Packet Filter Firewall Web Response Illegal Dest IP Address Web Request Email Response SSH Connect Request DNS Request Web Response Ping Request Illegal Source IP Address Email Response FTP request Microsoft NetBIOS Name Service Email Connect Request Telnet Request
Informal Path of Logical Access Campus Login Students &Instructors Desire2Learn Library Register Public: Potential Students Graduates Lab Advisors & Registrars Students &Instructors Public Web Legend Staff Nurses Public Health Services PoS Private Confidential
Multi-Homed Firewall:Separate Zones Internet Screening Device: Router The router serves as a screen for the Firewall, preventing Denial of Service attacks to the Firewall. Private Payment Card Zone Screened Host Demilitarized Zone IPS E-Commerce External DNS Email Server Web Server Protected Internal Network Zone Database/File Servers IDS
Isolation & Compartmentalization • Compartmentalize network • by Sensitivity Class & Role • Segment Network into Regions = Zones • E.g., DMZ, wireless, Payment Card • Isolate Apps on Servers: • physical vs. virtual (e.g. VMware) • Virtual Servers combine onto one Physical server. • has own OS and limited section of disk. • Hypervisor software is interface between virtual system’s OS and real computer’s OS.
Draw the Network Diagram Internet Router Demilitarized Zone External DNS Public Web Server E-Commerce Email Firewall Zone 3:Student Data Student Scholastic Student Billing Student History Zone 1: Student Labs & Files Zone 2: Faculty Labs & Files Student Records Student Billing Transcripts
Network Security Summary Step 1: Determine Services: What, Who, Where? Who accesses which services from where? Step 2: Determine Sensitivity of Services Compartmentalizationor Separationpartitions services across physical or virtual servers to provide protection between them Step 3: Allocate Network Zones Compartmentalizationpartitions a network to provide protection Step 4: Define Controls Confidentiality, authenticity, integrity, non-repudiation controls Anti-hacker controls Step 5: Draw the Network Diagram
