top of page

Domain 7: Security Operations

Study Notes

If you don't have physical security, then every other security measure does not really matter.  You can implement that most advanced firewall, but if there isn't a security guard or a lock on the door, someone can just unplug it.

​

Click here to learn more about How to Pick the Right Type of Glass

Types of Threats to Physical Security

  • Natural

    • Tornadoes​

    • Fire

    • Floods

    • Hurricanes

    • Asteroids

  • Human

    • Sabotage​

    • Malicious code execution

    • Mistakes

    • Unauthorized disclosure

    • Theft

    • Terrorism

    • Environmental damage

  • Technological

    • Software error​

    • Power failures

    • ISP Outage

    • Short system MTBF

Deterrent Security Controls

  • CCTV

  • Logs

  • Security Guards

  • Dogs

  • Fence 

  • Barriers

Detective Security Controls

  • Job Rotation

  • Separation of Duties

  • Intrusion Detection System

  • Smoke & Fire & Motion detectors

  • CCTV

  • FBI Involvement

Crime Prevention Through Environmental Design

(CPTED)

  • Choose sites that are in low crime areas

  • Try to avoid facilities that have joint tenants

  • Police, fire, and ambulatory services should be close

  • Pick a site with a low risk of natural disasters

  • Highways and Airports

    • Advantage: Easy access to transportation​

    • Disadvantage: Lot more people around site

  • Trees

    • Can be used by intruders to hide​

    • Buildings can use trees as cover

  • Keep building markings to a minimum (nondescript)

Check Your Privileges! 
Indicators of Privilege Escalation

  • User accounts being created/deleted

  • Audit logs being erased or exported

  • NTP settings changed

  • Increased or unknown SSH sessions 

  • Device rebooting randomly

  • Default gateway changed

  • Custom cron jobs

  • Changing routes 

  • Interrupting data backups

  • Removing security controls i.e. passwords, ACLs, VPN access

  • High CPU usage 

  • Large amounts of data exfiltration

  • Outgoing botnet traffic 

  • Covert channel manipulation

  • Systems administrators, security engineers, network engineers are given elevated privileges to system and devices in order to operate them
     

  • Compromised elevated privileges can impact confidentiality, integrity, and availability 

bottom of page