Contents Overview 1 Lesson: Analyzing Risks to Ongoing Network Operations 2 Lesson: Designing a Framework for Ongoing Network Operations 6 A ppendix C: Designing an Operations Framework to Manage Security Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.  2002 Microsoft Corporation. All rights reserved. Microsoft, MS-DOS, Windows, Windows NT, Active Directory, ActiveX, BizTalk, PowerPoint, Visio, and Windows Media are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. Appendix C: Designing an Operations Framework to Manage Security 1 Overview ***************************** ILLEGAL FOR NON-TRAINER USE****************************** In this appendix, you will learn how to help ensure the management of ongoing security operations. To maintain the security of network operations, you must ensure proper management of the security design and design a change management framework to meet changing security needs and conditions. After completing this appendix, you will be able to:  Analyze risks to ongoing network operations.  Design a framework for ensuring secure network operations. Introduction Ob j ectives 2 Appendix C: Designing an Operations Framework to Manage Security Lesson: Analyzing Risks to Ongoing Network Operations ***************************** ILLEGAL FOR NON-TRAINER USE****************************** Ongoing network operations are the everyday administration and management of your network. The actions performed to maintain the network may conflict with security policy or introduce vulnerabilities that your design did not anticipate. After completing this lesson, you will be able to:  Explain the concept of ongoing management of network operations.  Explain why securing network operations is important.  List common vulnerabilities to network operations. Introduction Lesson ob j ectives Appendix C: Designing an Operations Framework to Manage Security 3 Management of Ongoing Network Operations ***************************** ILLEGAL FOR NON-TRAINER USE****************************** The Microsoft Operations Framework (MOF) is a comprehensive suite of operational guidance materials that encompass people, processes, and technologies. MOF provides a framework for effectively managing production systems within information technology (IT) environments, including network security. For more information on MOF, see the white paper, Process Model for Operations, under Additional Reading on the Web page on the Student Materials CD. Key points Additional readin g 4 Appendix C: Designing an Operations Framework to Manage Security Why Security of Network Operations Is Important ***************************** ILLEGAL FOR NON-TRAINER USE****************************** A software company releases a new security update that secures a recently discovered vulnerability. Because the organization lacks policies for managing the deployment of updates, an attacker is able to exploit the vulnerability on the network before administrators apply the patch to all computers. An administrator notices a potential security compromise but is unsure how to report it. The administrator decides to remove the corporate network from the Internet, causing the company to lose productivity and revenue from their e- commerce Web site. External attacker scenario Internal attacker scenario Appendix C: Designing an Operations Framework to Manage Security 5 Common Vulnerabilities to Network Operations ***************************** ILLEGAL FOR NON-TRAINER USE****************************** The ongoing operation of a network can introduce vulnerabilities into the security of a network, even if you have a security design in place. Planning for ongoing network operations during the design of network security can help prevent vulnerabilities from subverting your security policy. Key points 6 Appendix C: Designing an Operations Framework to Manage Security Lesson: Designing a Framework for Ongoing Network Operations ***************************** ILLEGAL FOR NON-TRAINER USE****************************** By planning for ongoing operations in your security design, you can help ensure that changes to the network as a result of daily operations do not adversely affect network security. Ongoing operations also involve support of the policies and procedures that you design, and ensure that service level agreements (SLAs) exist to maintain network operations. After completing this lesson, you will be able to:  Describe steps for planning a framework for secure operations.  Describe guidelines for: • Change management. • Daily security operations. • Supporting security policies. • Using SLAs. • Optimizing security policies. Introduction Lesson objectives Appendix C: Designing an Operations Framework to Manage Security 7 Steps for Planning a Security Operations Framework ***************************** ILLEGAL FOR NON-TRAINER USE****************************** To design a security operations framework: 1. Design a change management process for security. Managing change on your network ensures that the security of your network is maintained when you make changes to the network. 2. Design plan for daily security operations. By designing a plan for daily security operations, you can ensure that all routine tasks related to security are completed. 3. Design a plan for security support. A security support plan ensures that users can escalate security related issues in an orderly and responsive manner. 4. Create service level agreements for IT operations and support. SLAs for IT operations and support ensure that all parties know what to expect from each other. 5. Design a structure for optimizing security policies and procedures. Like change management, optimization refers to changes that your security policy may require; however, it is based less on physical changes to your network and more on improving the overall design. Key points 8 Appendix C: Designing an Operations Framework to Manage Security Guidelines for Change Management ***************************** ILLEGAL FOR NON-TRAINER USE****************************** Change management describes how you manage changes to your network so that you ensure consistency and manageability. The objective of the change process is to introduce new technologies, systems, applications, hardware, tools, and processes, as well as changes in roles and responsibilities, into the IT environment quickly and with minimal disruption to service. Change management includes changes to all aspects of your network that are relevant to the running, support, and maintenance of systems in the managed environment. Change management includes hardware, communications equipment, system software, applications software, processes, procedures, roles, responsibilities, and documentation. A change management plan has four phases:  Identify. Defines condition that initiates the change management plan.  Review. Defines the process for evaluating change.  Approve. Defines how the decision is made to act on the change.  Implement. Defines how the change will be implemented. Key points [...].. .Appendix C: Designing an Operations Framework to Manage Security 9 Guidelines for Daily Security Operations *****************************ILLEGAL FOR NON-TRAINER USE****************************** Key points Managing security on a network can be an overwhelming task for many IT staffs To ensure completion of daily operations tasks, define who will complete each... itsolutions/idc/oag/oagc15.asp 12 Appendix C: Designing an Operations Framework to Manage Security Guidelines for Optimizing Security Policies and Procedures *****************************ILLEGAL FOR NON-TRAINER USE****************************** Key points The goal of optimizing your organization’s security policies and procedures is to lower cost and improve performance, capacity, and availability in the delivery... organization’s security policies and procedures may result in the security policies and procedures quickly becoming obsolete and ineffective Appendix C: Designing an Operations Framework to Manage Security 13 Security Policy Checklist *****************************ILLEGAL FOR NON-TRAINER USE****************************** Checklist Use the following checklist to guide your security design for ongoing network operations. .. typically handled by security specialists and network engineers who work closely with IT management Appendix C: Designing an Operations Framework to Manage Security 11 Guidelines for Using Service Level Agreements *****************************ILLEGAL FOR NON-TRAINER USE****************************** Key points SLAs define support levels for policies and procedures Organizations typically use SLAs to provide... Details Planning Model threats STRIDE (spoofing, tampering, repudiation, information disclosure, denial of service and elevation of privilege) and life cycle threat models Manage risks Qualitative and quantitative risk analysis Phase Task Details Building Create policies and procedures for: Designing a change management plan Performing daily security operations Supporting security issues Optimizing and revising... the Operations Guide for the Internet Data Center Microsoft System Architecture Guide, at: http://www.microsoft.com/ technet/itsolutions/idc/oag/oagc08.asp 10 Appendix C: Designing an Operations Framework to Manage Security Guidelines for Supporting Security Policies and Procedures *****************************ILLEGAL FOR NON-TRAINER USE****************************** Key points To ensure that security. .. your security operations design, you can help ensure that your organization’s security policies and procedures will benefit from lessons learned during ongoing support Ideally, your organization will be able to better prevent interruptions to network services, recover from security incidents more quickly, and develop more effective security policies and procedures Failure to optimize your organization’s... information that is required to escalate the support issue Incident management Resolves most security issues, including routine requests such as account management and authorization requests At this stage, security administrators or network administrators typically resolve support requests Problem management Resolves all issues not resolved in earlier phases, including complex issues and security incidents Support... issues are escalated and resolved properly and in a timely manner, create processes for supporting network security There are three main phases to supporting network security: Support request management Acts as the first point of contact for users regarding security issues Support requests are typically handled by first level support administrators, such as help desk administrators, who can gather the information... departments in order to ensure business continuity You can also use SLAs to justify the use of resources such as hardware, software, and personnel Many organizations use SLAs to award salary bonuses to departments based on the department’s performance as measured against its SLA Additional reading For more information on creating SLAs, see “Chapter 15: Service Level Management” in the Operations Guide . Lesson objectives Appendix C: Designing an Operations Framework to Manage Security 7 Steps for Planning a Security Operations Framework ***************************** ILLEGAL. proper management of the security design and design a change management framework to meet changing security needs and conditions. After completing this appendix,