Đang tải... (xem toàn văn)
Operational Security
Chapter 10: Operational SecuritySecurity+ Guide to Network Security Fundamentals Second Edition Objectives•Harden physical security with access controls•Minimize social engineering•Secure the physical environment•Define business continuity•Plan for disaster recovery Hardening Physical Security with Access Controls•Adequate physical security is one of the first lines of defense against attacks•Protects equipment and the infrastructure itself•Has one primary goal: to prevent unauthorized users from reaching equipment to use, steal, or vandalize Hardening Physical Security with Access Controls (continued)•Configure an operating system to enforce access controls through an access control list (ACL), a table that defines the access rights each subject has to a folder or file•Access control also refers to restricting physical access to computers or network devices Controlling Access with Physical Barriers•Most servers are rack-mounted servers •A rack-mounted server is 1.75 inches (445 cm) tall and can be stacked with up to 50 other servers in a closely confined area•Rack-mounted units are typically connected to a KVM (keyboard, video, mouse) switch, which in turn is connected to a single monitor, mouse, and keyboard Controlling Access with Physical Barriers (continued) Controlling Access with Physical Barriers (continued) Controlling Access with Physical Barriers (continued)•In addition to securing a device itself, you should also secure the room containing the device•Two basic types of door locks require a key:–A preset lock (key-in-knob lock) requires only a key for unlocking the door from the outside–A deadbolt lock extends a solid metal bar into the door frame for extra security•To achieve the most security when using door locks, observe the good practices listed on pages 345 and 346 of the text Controlling Access with Physical Barriers (continued)•Cipher locks are combination locks that use buttons you push in the proper sequence to open the door•Can be programmed to allow only the code of certain people to be valid on specific dates and times•Basic models can cost several hundred dollars each while advanced models can run much higher•Users must be careful to conceal which buttons they push to avoid someone seeing the combination (shoulder surfing) Controlling Access with Physical Barriers (continued)•Other physical vulnerabilities should be addressed, including:–Suspended ceilings–HVAC ducts–Exposed door hinges–Insufficient lighting–Dead-end corridors [...]... point – Substitute 802.11a for 802.11b – Add directional antenna – Reduce power – Cover the device – Modify the building Creating and Maintaining Backups (continued) Chapter 10: Operational Security Security+ Guide to Network Security Fundamentals Second Edition ... require a key: – A preset lock (key-in-knob lock) requires only a key for unlocking the door from the outside – A deadbolt lock extends a solid metal bar into the door frame for extra security • To achieve the most security when using door locks, observe the good practices listed on pages 345 and 346 of the text Limiting Wireless Signal Range • Use the following techniques to limit the wireless... run much higher • Users must be careful to conceal which buttons they push to avoid someone seeing the combination (shoulder surfing) Summary • Adequate physical security is one of the first lines of defense against attacks • Physical security involves restricting with access controls, minimizing social engineering attacks, and securing the environment and infrastructure • Business continuity is... that could cease operations for an extended period of time • Preparing for disaster recovery always involves having a plan in place Creating and Maintaining Backups (continued) Hardening Physical Security with Access Controls (continued) • Configure an operating system to enforce access controls through an access control list (ACL), a table that defines the access rights each subject has to... signals from a radio frequency (RF) transmitter, such as from a commercial radio or television transmitter Minimizing Social Engineering • The best defenses against social engineering are a strong security policy along with adequate training • An organization must establish clear and direct policies regarding what information can be given out and under what circumstances Identifying Secure Recovery . Chapter 10: Operational SecuritySecurity+ Guide to Network Security Fundamentals Second Edition Objectives•Harden physical security with access. continuity•Plan for disaster recovery Hardening Physical Security with Access Controls•Adequate physical security is one of the first lines of defense against