Ch 11 Questions

1. According to SGP, system management is divided into two areas: system configuration and
system maintenance. The objective of system configuration is to develop and enforce consistent
system configuration policies that can cope with current and protected workloads and protect
systems and the information they process and store against malfunction, cyber attack,
unauthorized disclosure, and loss. The objective of system maintenance is to provide guidelines
for the management of the security of systems by performing backups of essential information
and software, applying a rigorous change management process, and monitoring performance
against agreed service level agreements.

2. NIST SP 800-123 mentions the following common security threats to servers:

■ Malicious entities may exploit software bugs in the server or its underlying operating
system to gain unauthorized access to the server. Further, they may attack other entities
after compromising a server. These attacks can be launched directly (for example, from
the compromised host against an external server) or indirectly (for example, placing
malicious content on the compromised server that attempts to exploit vulnerabilities in
the clients of users accessing the server).
■ Denial-of-service (DoS) attacks may be directed to the server or its supporting network
infrastructure, denying or hindering valid users from making use of its services.
■ Sensitive information on the server may be read by unauthorized individuals or changed
in an unauthorized manner.
■ Sensitive information transmitted unencrypted or weakly encrypted between the server
and the client may be intercepted.
■ Malicious entities may gain unauthorized access to resources elsewhere in the
organization’s network via a successful attack on the server.

3. The SANS Institute describes the following general requirements for server security:
■ All internal servers deployed at the organization must be owned by an operational group
that is responsible for system administration.
■ Approved server confi guration guides must be established and maintained by each
operational group, based on business needs and approved by the CISO.
■ Operational groups should monitor confi guration compliance and implement an exception
policy tailored to their environment. Each operational group must establish a process for
changing the confi guration guides, which includes review and approval by the CISO.
Specifi cally, the following items must be met:
■ Servers must be registered within the corporate enterprise management system. At
a minimum, the following information is required to positively identify the point of
contact:
■ Server contact(s) and location and a backup contact
■ Hardware and operating system/version
■ Main functions and applications, if applicable
■ Information in the corporate enterprise management system must be kept
up-to-date.
■ Configuration changes for production servers must follow the appropriate change
management procedures.
4. Virtualization is the process of creating a non-real (or virtual) representation of an entity. It is
a technology that provides an abstraction of the computing resources used by some software,
which thus runs in a simulated environment called a virtual machine (VM). Virtualization
improves efficiency in the use of the physical system resources compared to what is typically
seen using a single operating system instance. Virtualization can also provide support for
multiple distinct operating systems and associated applications on the one physical system.
It can be a very cost-effective solution to a firm that wants to launch its product in a short time
and on a small budget.

5. A hypervisor is software that runs on top of hardware and gives services to the VMs by acting
as a resource broker. It allows multiple VMs to safely coexist on a single physical server host
and share that host’s resources. The virtualizing software provides abstraction of all physical
resources (such as processor, memory, network, and storage) and thus enables multiple
computing stacks, called virtual machines, to be run on a single physical host. Principal
functions of hypervisor are as follows:
■ Execution management of VMs—This includes scheduling VMs for execution, virtual
memory management to ensure VM isolation from other VMs, and context switching
between various processor states. It also includes isolation of VMs to prevent confl icts in
resource usage and emulation of timer and interrupt mechanisms.
■ Device emulation and access control—This is all about emulating all network and
storage (block) devices that different native drivers in VMs are expecting, mediating
access to physical devices by different VMs.
■ Execution of privileged operations by hypervisor for guest VMs—In certain cases,
operations are invoked by guest operating systems, instead of being executed directly by
the host hardware, and they may have to be executed by the hypervisor because of their
privileged nature.
■ Management of VMs (also called VM life cycle management) —This is about
confi guring guest VMs and controlling VM states (for example, start, pause, stop).
■ Administration of hypervisor platform and hypervisor software—This involves
setting parameters for user interactions with the hypervisor host as well as hypervisor
software.

6. There are two types of hypervisors based on the presence of the operating system between the
hypervisor and the host. A type 1 hypervisor is loaded as a software layer directly onto a physical
server; this is referred to as native virtualization. The type 1 hypervisor can directly control
the physical resources of the host. A type 2 hypervisor exploits the resources and functions of
a host operating system and runs as a software module on top of the operating system; this is
referred to as hosted virtualization. It relies on the operating system to handle all the hardware
interactions on the hypervisor’s behalf.

7. In container virtualization, a software piece known as a virtualization container runs on top of

the host operating system kernel and provides an isolated execution environment for
applications.
Unlike hypervisor-based VMs, containers do not aim to emulate physical servers. Instead,
all containerized applications on a host share a common operating system kernel. This eliminates
the need for resources to run a separate operating system for each application and can
greatly reduce overhead. For containers, only a small container engine is required as support for
the containers. The container engine sets up each container as an isolated instance by requesting
dedicated resources from the operating system for each container. Each container app then
directly uses the resources of the host operating system.

8. The three categories of network storage systems are as follows:

■ Direct attached storage (DAS)—This is internal server hard drives that are generally
captive to the attached server.
■ Storage area network (SAN)—A SAN is a dedicated network that provides access to
various types of storage devices, including tape libraries, optical jukeboxes, and disk
arrays. To servers and other devices in the network, a SAN’s storage devices look like
locally attached devices.
■ Network attached storage (NAS)—NAS systems are networked appliances that contain
one or more hard drives that can be shared with multiple, heterogeneous computers. Their
specialized role in networks is to store and serve fi les. NAS disk drives typically support
built-in data protection mechanisms, including redundant storage containers or redundant
arrays of independent disks (RAID). NAS enables fi le-serving responsibilities to be
separated from other servers on the network and typically provides faster data access than
traditional fi le servers.

9. A service level agreement (SLA) is a contract between a service provider and its internal or
external customers that documents what services the provider will furnish and defines the
performance standards the provider is obligated to meet. SLAs are output based, with the
sole purpose of specifically defining what service the customer will receive. Companies that
establish SLAs include IT service providers, managed service providers, and cloud computing
service providers. Three important types of SLAs are as follows:
■ Network provider SLA—A network SLA is a contract between a network provider and
a customer that defi nes specifi c aspects of the service that is to be provided.
■ Computer security incident team SLA—A computer security incident response team
(CSIRT) SLA typically describes the response to an incident, preventive actions to stop
such incidents, and steps takes to beef up security of the system.
■ Cloud service provider SLA—An SLA for a cloud service provider should include
security guarantees such as data confi dentiality, integrity guarantees, and availability
guarantees for cloud services and data.

10. An organization can ensure effective backup by following these policies:

■ Backups of all records and software must be retained such that computer operating
systems and applications are fully recoverable. The frequency of backups is determined
by the volatility of data; the retention period for backup copies is determined by the
criticality of the data. At a minimum, backup copies must be retained for 30 days.
■ Tri level or, better, N level redundancy must be maintained at the server level.
■ At a minimum, one fully recoverable version of all data must be stored in a secure offsite
location. An offsite location may be in a secure space in a separate building or with an
approved offsite storage vendor.
■ Derived data should be backed up only if restoration is more efficient than re-creation in
the event of failure.
■ All data information accessed from workstations, laptops, or other portable devices
should be stored on networked fi le server drives to allow for backup. Data located directly
on workstations, laptops, or other portable devices should be backed up to networked fi le
server drives.
■ Required backup documentation includes identifi cation of all critical data, programs,
documentation, and support items that would be necessary to perform essential tasks
during a recovery period. Documentation of the restoration process must include
procedures for the recovery from single-system or application failures, as well as for a
total data center disaster scenario, if applicable.
■ Backup and recovery documentation must be reviewed and updated regularly to account for
new technology, business changes, and migration of applications to alternative platforms.
■ Recovery procedures must be tested on an annual basis.

11. FIPS 199 describes three types of sites for backup:

■ Cold site—This is a backup facility that has the necessary electrical and physical
components of a computer facility but does not have the computer equipment in place.
The site is ready to receive the necessary replacement computer equipment in the event
that the user has to move from the main computing location to an alternate site
■ Warm site—This is an environmentally conditioned workspace that is partially equipped
with information systems and telecommunications equipment to support relocated
operations in the event of a significant disruption.
■ Hot site—This constitutes a fully operational offsite data processing facility, equipped
with hardware and software, with prime use in the event of an information system
disruption.

12. The following are some useful guidelines for developing a change management strategy:
■ Communication—Adequate advance notice should be given, especially if a response is
expected and a proper response matrix with contact details is known.
■ Maintenance window—A maintenance window is a defi ned period of time during
which maintenance, such as patching software or upgrading hardware components, can
be performed. Clearly defi ning a regular maintenance window can be advantageous as it
provides a time when users should expect service disruptions
■ Change committee—The change committee reviews change requests and determine
whether the changes should be made. In addition, it may determine that certain changes
to the proposed plan for implementing the change must be made in order for it to be
acceptable.
■ Critical changes—There must be provision to accommodate critical changes that are
needed to be rushed into production, creating an unscheduled change.
■ Plan the change—All aspects associated with the change (who what, when, and so on)
must be carefully planned.
■ Document change requests—A change request form provides detailed information
about the change and is appropriate for changes affecting data classifi ed as confi dential
(highest, most sensitive) where protection is required by law and where the asset risk is
high and involves information that provides access to resources, physical or virtual.
■ Test the change—The change should be tested prior to implementation.
■ Execute the change—The change should be properly executed.
■ Keep a record of the change—A log or other record of all changes should be kept to
supplement the change request document.