Security Procedures PDF

Summary

This document provides an overview of security procedures within an organization. It details security policies, procedures, and the importance of physical security measures. The document discusses various aspects of security, including identification and authentication policies, password policies, and incident handling.

Full Transcript

Security Procedures
Security procedures, which are built on the security policy of an
organization, are the detailed instructions and steps to follow to implement
and enforce security rules, as specified in the security policy.

Security Policy
A security policy is like a blueprint for a company’s security plan. It is a
plan that outlines the security objectives, goals, and rules established by
high-level management. The document is meant to establish the security
approach and attitude of an organization.

What Is a Security Policy?
A security policy is a set of security objectives that ensure the security of a
network, the data, and the computers in an organization. A security policy is
a constantly evolving document based on changes in technology, business,
and employee requirements.
A security policy is usually created by a committee consisting of
management and IT staff. The committee creates and manages a security
policy document that identifies the following:

Which assets require protection
What the possible threats are
What to do in the event of a security breach
What training will be in place to educate the end users

A security policy should consist of the following:

Identification and authentication policy
Password policy
Acceptable use policy
Remote access policy
Network maintenance policy
Incident handling policy
In addition, a security policy should include other items related specifically
to the operation of a particular organization. It is up to the IT staff to
implement security policy specifications in the network. For example, to
implement recommendations on a Windows host, IT staff could use the
Local Security Policy feature.

Security Policy Category
The typical items included in a security policy are as follows:

Identification and authentication policy: Specifies authorized persons
who can have access to network resources and outlines verification
procedures.
Password policy: Specifies minimum requirements for passwords and
requires that passwords be changed regularly.
Acceptable use policy: Identifies network resources and usages that
are acceptable to the organization. It may also identify ramifications
for violation of this policy.
Remote access policy: Identifies how remote users can access a
network and what is accessible via remote connectivity.
Network maintenance policy: Specifies network device operating
systems and end-user application update procedures.
Incident handling policy: Describes how security incidents are
handled.

Securing Devices and Data
The goals of a security policy are to ensure a safe network environment and
to protect assets. An organization’s assets include data, employees, and
physical devices such as computers and network equipment.
A security policy should identify hardware and equipment that can be used
to prevent theft, vandalism, and data loss.

Protecting Physical Equipment
This section examines an often-overlooked aspect of information systems
security: physical security. Physical security—including security of
personnel, buildings, and equipment—is a vital part of any security plan
and foundational to the strength of all security efforts.

Physical Security
Physical security is as important as data security. For example, if a
computer is taken from an organization, the data is also stolen or, worse,
lost.
Physical security involves securing:
Access to an organization’s premises
Access to restricted areas
The computing and network infrastructure

The level of physical security implemented depends on the organization, as
some have higher physical security requirements than others.
For example, consider how data centers, airports, and military installations
are secured. These organizations use perimeter security including fences,
gates, and checkpoints with security guards posted. Entrance to a building’s
premises and restricted areas is secured using one or more locking
mechanism. Building doors typically use self-closing and self-locking
mechanisms. The type of locking mechanism required varies based on the
level of security required. A visitor accessing a secure building may have to
pass through a security checkpoint staffed by security guards. The guards
may scan a visitor and their belongings and may have the visitor sign an
entry control roster when entering the building and sign out when leaving.
Higher-security organizations have all employees wear identification
badges with photographs. A badge could be a smart card containing the user
information and security clearance to access restricted areas. For additional
security requirements, RFID badges can also be used with proximity badge
readers to monitor the location of an individual.

Types of Secure Locks
There are many different types of secure locks, including:

Conventional lock: This type of lock is unlocked by entering the
required key into the door handle mechanism (see Figure 13-6).
Figure 13-6 Conventional Lock
Deadbolt lock: This type of lock is unlocked by entering the required
key into a lock separate from the door handle mechanism (see Figure
13-7).

Figure 13-7 Deadbolt Lock
Electronic lock: This type of lock is unlocked by entering a
combination code or PIN into the keypad (see Figure 13-8).
Figure 13-8 Electronic Lock

Token-based lock: This type of lock is unlocked by swiping a secure
card or by using a proximity reader to detect a smart card or wireless
key fob (see Figure 13-9).

Figure 13-9 Token-Based Lock
 Biometric lock: This type of lock is unlocked using a biometric
scanner such as a fingerprint reader (see Figure 13-10). Other
biometric scanners include voice print and retina scanners.

Figure 13-10 Biometric Lock

Multifactor lock: This type of lock uses a combination of mechanisms.
For example, a user must enter a PIN and then scan their thumb (see
Figure 13-11).

Figure 13-11 Multifactor Lock
Mantraps
In high-security environments, mantraps are often used to limit access to
restricted areas and to prevent tailgating. A mantrap is a small room with
two doors, one of which must be closed before the other can be opened.
Typically, a person enters the mantrap by unlocking one door. Once inside
the mantrap, the first door closes, and then the user must unlock the second
door to enter the restricted area.
Figure 13-12 illustrates how a mantrap is used to secure access to a
restricted area.
In the figure, the person must enter the building using a smart card to open
the locked door to the mantrap. Once the person successfully enters the
mantrap, the first door locks, and they must now unlock the next door by
using the biometric reader. The person must have their thumbprint scanned
to unlock the locked door to the secure internal area.

Figure 13-12 Mantrap
Securing Computers and Network Hardware
Organizations must protect their computing and network infrastructure,
including cabling, telecommunication equipment, and network devices.
There are several methods of physically protecting computer and
networking equipment:

Use webcams with motion-detection and surveillance software.
Install physical alarms triggered by motion-detection sensors.
Label and install RFID sensors on equipment.
Use locking cabinets or security cages around equipment.
Fit equipment with security screws.
Keep telecommunication rooms locked.
Use cable locks with equipment.

Network equipment should be installed only in secured areas. In addition,
all cabling should be enclosed within conduits or routed inside walls to
prevent unauthorized access or tampering. Conduit is a casing that protects
the infrastructure media from damage and unauthorized access.
To restrict access to physical switch ports and switch hardware to
authorized personnel, an organization can use a secure server room and lock
hardware cabinets. To prevent the attachment of rogue or unauthorized
client devices, switch ports should be disabled through the switch
management software.
Factors that determine the most effective security equipment to use to
secure equipment and data include:

How the equipment is used
Where the computer equipment is located
What type of user access to data is required

For instance, a computer in a busy public place, such as a library, requires
extra protection from theft and vandalism. In a busy call center, a server
might need to be secured in a locked equipment room. Server locks can
provide physical chassis security by preventing access to power switches,
removable drives, and USB ports. Where it is necessary to use a laptop
computer in a public place, a security dongle and key fob ensure that the
computer locks if the user and laptop are separated. Another tool for
physical security is a USB lock, which is locked into place in a USB port
and requires a key for removal.
Security policies can be applied to mobile devices in a corporate network
through enterprise mobility management (EMM) software. Mobile device
management (MDM) software can be used to manage corporate-owned
devices and devices used in an environment that has a bring your own
device (BYOD) policy. The EMM or MDM software logs use of devices on
the network and determines if a particular device should be allowed to
connect, through a process known as onboarding, based on administrative
policies. MDM software sets policies for connectivity, authentication, and
the use of features such as the microphone and camera on a device. Mobile
application management (MAM) involves setting policies for the
applications that are allowed to be used on a device. It keeps corporate data
secure and away from applications that are not allowed to process it.
Protecting Data
One of the most important goals of information security is to protect data. It
is critical that the data being stored, processed, and transported be
safeguarded. Programs can be reinstalled if damaged, but user data is
unique and not easily replaced.

Data—Your Greatest Asset
Data is likely to be an organization’s most valuable asset. Organizational
data can include research and development data, sales data, financial data,
human resources and legal data, employee data, contractor data, and
customer data.
Data can be lost or damaged due to theft, equipment failure, or disaster.
Data loss and data exfiltration are terms used to describe data being
intentionally or unintentionally lost, stolen, or leaked to the outside world.
Data loss can negatively affect an organization in multiple ways:

Brand damage and loss of reputation
Loss of competitive advantage
Loss of customers
Loss of revenue
Legal action resulting in fines and civil penalties
Significant cost and effort to notify affected parties
Significant cost and effort to recover from the breach

Losing data, regardless of circumstances, can be detrimental or even
catastrophic to an organization.
Data can be protected from data loss using data backups, file and folder
encryption, and file and folder permissions.
Data loss prevention (DLP) is the process of preventing data loss or
leakage. DLP software uses a dictionary database or an algorithm to
identify confidential data and block the transfer of that data to removable
media or email if such a transfer does not conform to predefined policy.
Data Backups
Backing up data is one of the most effective ways of protecting against data
loss. A data backup stores a copy of the information on a computer to
removable backup media that can be kept in a safe place. If the computer
hardware fails, the data can be restored from the backup to functional
hardware.
Data backups should be performed on a regular basis, as identified in the
security policy. Data backups are usually stored offsite to protect the backup
media in the event that something happens to the main facility. Windows
hosts have a backup and restore utility. This is useful for users to back up
their data to another drive or to a cloud-based storage provider. macOS
includes the Time Machine utility to perform backup and restore functions.
A number of considerations related to data backup are important:
Frequency: Perform backups on a regular basis, as identified in the
security policy. Full backups can be time-consuming, so you might
want to perform monthly or weekly full backups with frequent partial
backups of changed files.
Storage: Transport backups to an approved offsite storage location on
a daily, weekly, or monthly rotation, as required by the security policy.
Security: Protect backups by using strong passwords that are required
to restore data.
Validation: Always validate backups to ensure the integrity of the data
and validate the file restoration procedures.
File and Folder Permissions
Permissions are rules you configure to limit folder or file access for an
individual or for a group of users. The following permissions are available
for files and folders in a Windows environment:

Full Control: This permission enables the user to see the content of a
file or folder, change and delete existing files and folders, create new
files and folders, and run programs in a folder.
Modify: This permission enables the user to change and delete existing
files and folders but does not allow the user to create new files or
folders.
Read and Execute: This permission enables the user to see the
contents of existing files or folders and run programs in a folder.
 Read: This permission enables the user to see the contents of a folder
and open files and folders.
Write: This permission enables the user to create new files and folders
and make changes to existing files and folders.

To configure file- or folder-level permissions in all versions of Windows,
right-click the file or folder and select Properties > Security > Edit.
Users should have their permissions limited to only the resources they need
in a computer or on a network. For example, they should not be able to
access all files on a server if they only need access to a single folder. It may
be easier to provide users access to the entire drive, but it is more secure to
limit access to only the folder the user needs to perform the job. This is
known as the principle of least privilege. Limiting access to resources also
prevents malicious programs from accessing those resources if the user’s
computer becomes infected.
Folder redirection allows a user with administrative privileges to redirect
the path of a local folder to a folder on a network share. This makes the
folder’s data available to the user when they log into any computer on the
network where the network share is located. With user data redirected from
local to network storage, administrators can back up the user data when the
network data folders are backed up.
File and network share permissions can be granted to individuals or through
membership in a group. These share permissions are different from file- and
folder-level NTFS permissions. If an individual or a group is denied
permissions to a network share, this denial overrides any other permissions
given. For example, if you deny someone permission to a network share,
the user cannot access that share, even if the user is the administrator or part
of the Administrators group. The local security policy must outline which
resources and the type of access allowed for each user and group.
When the permissions of a folder are changed, you are given the option to
apply the same permissions to all subfolders. This is known as permission
propagation. Permission propagation allows you to apply permissions to
many files and folders quickly. After parent folder permissions have been
set, folders and files that are created inside the parent folder inherit the
permissions of the parent folder.
Also, the location of the data and the action performed on the data
determine how the permissions are propagated:
 When data is moved to the same volume, it keeps the original
permissions.
When data is copied to the same volume, it inherits new permissions.
When data is moved to a different volume, it inherits new permissions.
When data is copied to a different volume, it inherits new permissions.
File and Folder Encryption
Encryption is often used to protect data. With encryption, data is
transformed using a complicated algorithm that makes the data unreadable.
A special key must be used to return the unreadable information back into
readable data. Software programs are used to encrypt files, folders, and
even entire drives.
Encrypting File System (EFS) is a Windows feature that can encrypt data.
EFS is directly linked to a specific user account. Only the user who
encrypted the data can access it after it has been encrypted using EFS. To
encrypt data using EFS in all Windows versions, follow these steps:
Step 1. Select one or more files or folders.
Step 2. Right-click the selected data and select Properties.
Step 3. Click Advanced.
Step 4. Select the Encrypt Contents to Secure Data check box and click
OK. Windows displays an informational message stating that it is
applying attributes.
Files and folders that have been encrypted with EFS are displayed in green,
as shown in Figure 13-13.

Figure 13-13 Encrypting a File System

Windows BitLocker and BitLocker To Go
You can choose to encrypt an entire hard drive by using BitLocker. To use
BitLocker, at least two volumes must be present on a hard disk. A system
volume is left unencrypted and must be at least 100 MB. This volume holds
the files that Windows needs in order to boot.

Note
BitLocker is built into the Windows Enterprise editions, Windows 7
Ultimate, Windows 8 Pro, and Windows 10 Professional.
Before you can use BitLocker, Trusted Platform Module (TPM) must be
enabled in BIOS. TPM is a specialized chip installed on the motherboard. It
stores information specific to the host computer, such as encryption keys,
digital certificates, and passwords. Applications such as BitLocker that use
encryption can make use of the TPM chip. These are the steps to enable
TPM on a Lenovo laptop:
Step 1. Start the computer and enter the BIOS configuration.
Step 2. Look for the TPM option in the BIOS configuration screens.
Consult the manual for your motherboard to locate the correct
screen.
Step 3. Choose Enable or Activate for the chip security.
Step 4. Save the changes to the BIOS configuration.
Step 5. Reboot the computer.
To turn on BitLocker full disk encryption in all versions of Windows,
follow these steps:
Step 1. Click Control Panel > BitLocker Drive Encryption.
Step 2. On the BitLocker Drive Encryption page, click Turn On
BitLocker on the operating system volume. (If TPM is not
 initialized, follow the instructions provided by the wizard to
initialize TPM.)
Step 3. On the Save the Recovery Password page, choose whether to save
the password to a USB drive or to a network drive or another
location or to print the password. After saving the recovery
password, click Next.
Step 4. On the Encrypt the Selected Disk Volume page, select the Run
BitLocker System Check check box and click Continue.
Step 5. Click Restart Now.
When these steps are complete, the Encryption in Progress status bar is
displayed. After the computer reboots, you can verify that BitLocker is
active, as shown in Figure 13-14.
Figure 13-14 Verifying That BitLocker Is Active

You can click TPM Administration to view the TPM details, as shown in
Figure 13-15.

Figure 13-15 Viewing TPM Details

BitLocker To Go makes BitLocker encryption available on removable
drives. BitLocker To Go does not use a TPM chip but still provides
encryption for the data and requires a password.