U.S. Flag Official website of the Department of Homeland Security

Note: This page is part of the us-cert.gov archive.This document is part of the US-CERT website archive. These documents are no longer updated and may contain outdated information. Links may also no longer function. Please contact info@us-cert.gov if you have any questions about the US-CERT website archive.

TLP:WHITE

Deploying and Operating Secure Systems

Published: November 01, 2006 | Last revised: May 14, 2013

Author(s): Julia H. Allen Maturity Levels and Audience Indicators: L4  / E L M  SDLC Life Cycles: Deployment Copyright: Copyright © Carnegie Mellon University 2005-2012.

Abstract

This article provides a brief overview of deployment and operations security issues, notes to the reader to set expectations, and a recommended order for using the practices described in this content area.

Challenges that Organizations Face

Most organizations that are deploying and operating systems for customers and for themselves (including their own computing infrastructures) do not fully understand the discipline needed to ensure adequate software, computer, and information security (availability, confidentiality, integrity). Current trends indicate that IT operations departments are expending increasing effort to sustain existing system and security capabilities, making it exceedingly difficult to improve performance and add new features, services, products, and technologies.

Some of the factors contributing to this challenge include

  • marketplace pressures for increased effectiveness, efficiency, and security that require more agile, timely, and responsive solutions for applications and systems.
  • worldwide market factors such as globalization (including offshoring, outsourcing, unknown software provenance (who developed the software and where it was developed), and global supply chains)
  • customer-driven requirements that are emergent based on use and their changing needs
  • the increasing need for organizations to interconnect with their partners, customers, suppliers, and service providers
  • rapidly evolving technology platforms, tools, and other solutions that must be integrated into the operational environment
  • lack of education on what it takes to deploy and operate secure software, particularly more secure, web-based applicationsRefer to efforts of the Open Web Application Security Project (http://www.owasp.org/) and the Web Application Security Consortium (http://www.webappsec.org/) for more on this subject.

Physical security, authentication, and firewalls defend against external threats, but employees and contractors are authorized to bypass these measures. Current and former employees and contractors who have or had authorized access to their organization's system and networks are familiar with internal policies, procedures, and technology and can exploit that knowledge to facilitate attacks and even collude with external attackers. External and insider threatsResearch conducted by CERT since 2001 has focused on gathering data about actual malicious insider acts, including sabotage, fraud, theft of confidential or proprietary information, and potential threats to our nation's critical infrastructure. CERT's insider threat research is based on actual compromises and focuses on attack methods and tools, precursor activity, and how the insiders were detected and identified, including during the SDLC [CERT 08a]. need to be mitigated during deployment and operations.

The policies, procedures, processes, controls, and performance measures selected, enforced, and continuously improved during deployment and operation of systems often determine whether software and systems will function in a secure and survivable manner.

Notes to the Reader

Practices specific to the deployment and operations of software and systems that have been developed using a secure development life cycle approach are not well documented, given that this is a relatively new venture for most development organizations. A great deal is known about how to develop secure software (the Build Security In web site being a case in point) but sufficient time has not passed for the broad adoption of secure development practices or to capture and analyze how systems behave when they have been developed with security in mind.

Thus, this set of articles focuses on the current state of practice, which is providing an environment within which systems and software are more likely to operate securely. It is encouraging to note that many accepted standards, frameworks, and guidelines for providing a secure operating environment (described here) are now including practices for secure acquisition and development.

How to Use the Articles in this Content Area

Articles 1 through 4 present a recommended order of practices to tackle. Of course, like every improvement life cycle, this recommended progression is iterative and can start with a small scope that expands over time:

Articles 1, 2, and 5 include extensive tables at the end of each article that provide supporting details and sources for the recommendations made in these articles. The tables are placed at the end to make the articles easier to read and follow.


Back to Top