Operations Security

Card Set Information

Author:
wathy64
ID:
21079
Filename:
Operations Security
Updated:
2010-05-28 17:55:27
Tags:
Operations Security
Folders:

Description:
cards for operations security zone
Show Answers:

Home > Flashcards > Print Preview

The flashcards below were created by user wathy64 on FreezingBlue Flashcards. What would you like to do?


  1. IPL
    Initial Program Load - loading the operating system's kernel into the computer's main memory.
  2. System reboot
    System shuts itself down in a controlled manner in response to a kernel (trusted computing base) failure
  3. emergency system restart
    system failure in an uncontrolled manner. Failure caused by a lower-privileged user - ex. attempting to access restricted memory segments
  4. system cold start
    An unexpected kernel or media failure happens and the regular recovery procedure cannot recover system to a more consistent state. Important that the system does not enter in an insecure state.
  5. Operations - Steps after a system crash
    • 1. enter into single mode - system will automatically boot up to a "single user mode" or must be manually booted to a "Recovery Console" These modes do not start services for users on the network. The administrator must be physically at the console or have a dial-in modem attached.
    • 2. Fix Issue, Recover file - the system administrator will attempt to identify the cause of the shutdown. May need to roll-back or roll-forward a database. May be automatic or manual actions that need to occur before applications and services return to normal state.
    • 3. Investigation of the problem suggest corruption (attack, user reconfiguration, hardware or software failure) - administrator needs to ensure that system files, and configuration files are consistent with their expected state. Administrator could look at cryptographic checksums of files (tripwire) or validate settings with documentation.
  6. Security Concerns of system shutdown
    • Bootup sequence - only allow authorized users to change boot sequence - don't want an attacker to boot from CD etc.
    • Bypass System logs - attacker would be able to change configuration and remove tracks in logs
    • System forced shutdown - should be limited to administrators
    • Diagnostics messages and logs - should not be able to be re-routed. Access to messages should be restricted to authorized users.

What would you like to do?

Home > Flashcards > Print Preview