Security+ Series Part 9: Strategies to Reduce Risks

Hello and welcome back to the Security+ series. After a long awesome break we will jump straight into strategies that help reduce risks in our super secret enterprise enviroment. You will learn a bunch of new stuff about change management, user permissions, audits and other various tech controls that help keep 0100101100 secure and available. Lets get the ball rolling.

Music Recommendation for this article: Deftones – White pony

Change management

Imagine that you have a very dynamic environment where the rate of chages is huge. Server ops team is banging their heads implementing Heartbleed patch to Unix frontends, network security folks is migrating main Data Center ATM WAN links, and you are sharping your knife for next complex routing party which will change global traffic flow. Without a proper controls in place these actions carried out at same time could interfere with each other creating a mess.

Therefore there is a need to keep track of all planned changes. A change management code such as HP Service Manager helps with that. There can be multiple types of changes like easy cheese routine, normal and emergency change that need to be done asap, and the process of implement thoses changes will be different.

A typical change would go through process of planning and preparing the configuraiton scripts, scheduling the implementation date, assessing the possible risks, defining the configuration item – CI that this change will affect and other basic variables. Then you would pass it to your team mate for peer review. After that it would go through Technical Advisory Board – TAB and then Change Advisory Board – CAB. The more ciritical the environment is, the lenghtier the process is. Finally after all approval, you are allowed to carry out with the change. After succesfully implemting a change, a closure process follow. It will require information like actual implementation time, post change verification and closure comment.

HP Service Manager is what HP folks uses to plan the changes.

Incident Management

As the name implies incidement management describes the steps that are usually followed when we face a service outage. It defines how to log an incident, e.g. thorugh a service desk manually, or automatically through monitoring solution. Incidents are then assigned to a group or an individual that is trying to restore the affected service. A root cause analysist is perfomed and it determines what triggered this outage. This could be for example a power supply or module failure, or a software bug or misconfiguration after a unsuccessfull change.

To resolve future incidents quicker a lesson learned is tracked in database for teams to review and learn from them.

Incident Management Simply

User Rights and Permission Management

In a typical business there are many boring job roles, such as human resources, accounting, marketing, technical services and more. Each employee requires access to certain applications and services to perform his everyday tasks. This implies that there is some kind of separation of who can access what. I would not like your receptionist to have permission to change to core data center switches would you? No saying she would really care.

User rights help maintain the right level of permissions to resources. These controls can be found in every system that is out there. From user accounts in Windows domain, network infrastructure devices, remote access and so forth.

User Account Control makes itself heard

Routine audits

A regular security audits are mandatory everytime a company handles precious information such as health record or credit card numbers. It is carried out by internal or external team who perform a penetration testing against live system to determine if the company put enough security measures to keep the bad guys out. Audit can reveal configuration weaknesses or unpatched systems that could lead to data and reputation loss, giving a big advantage to your competition.

Me neither

Preventing Data Loss

There are many ways to prevent data loss. For example a solid rock organizationa policy could outline how the systems needs to be used securely. Technical measures such as configuration best practices and tight firewall rules can also help prevent data leaking out from our pipes. There are even technologies that specialize in this particular area. For example Checkpint has a firewall blade that can help mitigate accidential leakage of sensitive information.

And that my friends is the end of this short part of Security+ Series. If you are studying for the CompTia Security+ exam, you are one step closer to your goal.I hope you enjouyed reading it as much as I enjoyed writing it. In next one we will look what is Forensics all about and some basic terms and examples related to it.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s