Domain 7: Security Operations
Study Notes
If you don't have physical security, then every other security measure does not really matter. You can implement that most advanced firewall, but if there isn't a security guard or a lock on the door, someone can just unplug it.
​
Click here to learn more about How to Pick the Right Type of Glass
Types of Threats to Physical Security
-
Natural
-
Tornadoes​
-
Fire
-
Floods
-
Hurricanes
-
Asteroids
-
-
Human
-
Sabotage​
-
Malicious code execution
-
Mistakes
-
Unauthorized disclosure
-
Theft
-
Terrorism
-
Environmental damage
-
-
Technological
-
Software error​
-
Power failures
-
ISP Outage
-
Short system MTBF
-
Deterrent Security Controls
-
CCTV
-
Logs
-
Security Guards
-
Dogs
-
Fence
-
Barriers
Detective Security Controls
-
Job Rotation
-
Separation of Duties
-
Intrusion Detection System
-
Smoke & Fire & Motion detectors
-
CCTV
-
FBI Involvement
Crime Prevention Through Environmental Design
(CPTED)
-
Choose sites that are in low crime areas
-
Try to avoid facilities that have joint tenants
-
Police, fire, and ambulatory services should be close
-
Pick a site with a low risk of natural disasters
-
Highways and Airports
-
Advantage: Easy access to transportation​
-
Disadvantage: Lot more people around site
-
-
Trees
-
Can be used by intruders to hide​
-
Buildings can use trees as cover
-
-
Keep building markings to a minimum (nondescript)
Check Your Privileges!
Indicators of Privilege Escalation
-
User accounts being created/deleted
-
Audit logs being erased or exported
-
NTP settings changed
-
Increased or unknown SSH sessions
-
Device rebooting randomly
-
Default gateway changed
-
Custom cron jobs
-
Changing routes
-
Interrupting data backups
-
Removing security controls i.e. passwords, ACLs, VPN access
-
High CPU usage
-
Large amounts of data exfiltration
-
Outgoing botnet traffic
-
Covert channel manipulation
-
Systems administrators, security engineers, network engineers are given elevated privileges to system and devices in order to operate them
-
Compromised elevated privileges can impact confidentiality, integrity, and availability