P. 1
SSCP 57 Success Secrets - 57 Most Asked Questions On SSCP - What You Need To Know

SSCP 57 Success Secrets - 57 Most Asked Questions On SSCP - What You Need To Know

|Views: 131|Likes:
Published by Emereo Publishing
There has never been a SSCP Guide like this. SSCP 57 Success Secrets is not about the ins and outs of SSCP. Instead, it answers the top 57 questions that we are asked and those we come across in our forums, consultancy and education programs.

It tells you exactly how to deal with those questions, with tips that have never before been offered in print. Get the information you need--fast! This comprehensive guide offers a thorough view of key knowledge and detailed insight. This Guide introduces everything you want to know to be successful with SSCP.

A quick look inside of the subjects covered: What is Kerberos? Describe briefly. - Systems Security Certified Practitioner (SSCP), What is PKI? - Systems Security Certified Practitioner (SSCP), Describe several forms of cryptanalysis. - Systems Security Certified Practitioner (SSCP), What are important measures for quantitative risk management? - Systems Security Certified Practitioner (SSCP), What types of attacks can be experienced supporting organization? - Systems Security Certified Practitioner (SSCP), What are the components of a PKI? - Systems Security Certified Practitioner (SSCP), What is data classification? - Systems Security Certified Practitioner (SSCP), What types of encryption are available? - Systems Security Certified Practitioner (SSCP), Briefly describe the available system security modes. - Systems Security Certified Practitioner (SSCP), What is due diligence and due care? - Systems Security Certified Practitioner (SSCP), How to create security awareness - Systems Security Certified Practitioner (SSCP), What methods are used to test Disaster Recovery Plans (DRP)? - Systems Security Certified Practitioner (SSCP), What is CAAT and how does it need CLF as part of the process? - Systems Security Certified Practitioner (SSCP), What do you mean by OTP authentication mechanism? - Systems Security Certified Practitioner (SSCP), What are the categories for security controlling? - Systems Security Certified Practitioner (SSCP), What are the key concepts regarding the TCB? - Systems Security Certified Practitioner (SSCP), What are the most common SSO products? What are the advantages using those? - Systems Security Certified Practitioner (SSCP), What are the layers of the OSI Reference Model? - Systems Security Certified Practitioner (SSCP), What are the methods of auditing? - Systems Security Certified Practitioner (SSCP), From where can an auditor collect data? - Systems Security Certified Practitioner (SSCP), What steps are expected during the investigation of an incident? - Systems Security Certified Practitioner (SSCP), and much more...

There has never been a SSCP Guide like this. SSCP 57 Success Secrets is not about the ins and outs of SSCP. Instead, it answers the top 57 questions that we are asked and those we come across in our forums, consultancy and education programs.

It tells you exactly how to deal with those questions, with tips that have never before been offered in print. Get the information you need--fast! This comprehensive guide offers a thorough view of key knowledge and detailed insight. This Guide introduces everything you want to know to be successful with SSCP.

A quick look inside of the subjects covered: What is Kerberos? Describe briefly. - Systems Security Certified Practitioner (SSCP), What is PKI? - Systems Security Certified Practitioner (SSCP), Describe several forms of cryptanalysis. - Systems Security Certified Practitioner (SSCP), What are important measures for quantitative risk management? - Systems Security Certified Practitioner (SSCP), What types of attacks can be experienced supporting organization? - Systems Security Certified Practitioner (SSCP), What are the components of a PKI? - Systems Security Certified Practitioner (SSCP), What is data classification? - Systems Security Certified Practitioner (SSCP), What types of encryption are available? - Systems Security Certified Practitioner (SSCP), Briefly describe the available system security modes. - Systems Security Certified Practitioner (SSCP), What is due diligence and due care? - Systems Security Certified Practitioner (SSCP), How to create security awareness - Systems Security Certified Practitioner (SSCP), What methods are used to test Disaster Recovery Plans (DRP)? - Systems Security Certified Practitioner (SSCP), What is CAAT and how does it need CLF as part of the process? - Systems Security Certified Practitioner (SSCP), What do you mean by OTP authentication mechanism? - Systems Security Certified Practitioner (SSCP), What are the categories for security controlling? - Systems Security Certified Practitioner (SSCP), What are the key concepts regarding the TCB? - Systems Security Certified Practitioner (SSCP), What are the most common SSO products? What are the advantages using those? - Systems Security Certified Practitioner (SSCP), What are the layers of the OSI Reference Model? - Systems Security Certified Practitioner (SSCP), What are the methods of auditing? - Systems Security Certified Practitioner (SSCP), From where can an auditor collect data? - Systems Security Certified Practitioner (SSCP), What steps are expected during the investigation of an incident? - Systems Security Certified Practitioner (SSCP), and much more...

More info:

Publish date: Jul 14, 2013
Added to Scribd: Jul 14, 2013
Copyright:Traditional Copyright: All rights reservedISBN:9781488520969
List Price: $24.99

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
This book can be read on up to 6 mobile devices.
Buy the full version from:Amazon
Full version available to members
See more
See less

02/05/2016

23

9781488520969

SSCP 57 Success Secrets Copyright © by Christina Curtis

Notice of rights All rights reserved. No part of this book may be reproduced or transmitted in any form by any means, electronic, mechanical, photocopying, recording, or otherwise, without the prior written permission of the publisher. Notice of Liability The information in this book is distributed on an “As Is” basis without warranty. While every precaution has been taken in the preparation of he book, neither the author nor the publisher shall have any liability to any person or entity with respect to any loss or damage caused or alleged to be caused directly or indirectly by the instructions contained in this book or by the products described in it. Trademarks Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in this book, and the publisher was aware of a trademark claim, the designations appear as requested by the owner of the trademark. All other product names and services identified throughout this book are used in editorial fashion only and for the benefit of such companies with no intention of infringement of the trademark. No such use, or the use of any trade name, is intended to convey endorsement or other affiliation with this book.

1

Systems Security Certified Practitioner (SSCP) 12 What are the principles for security administration? .Systems Security Certified Practitioner (SSCP) 10 What are the methods of auditing? .Systems Security Certified Practitioner (SSCP) 8 What do you mean by OTP authentication mechanism? .Systems Security Certified Practitioner (SSCP) 7 What is due diligence and due care? .Systems Security Certified Practitioner (SSCP) 5 What types of attacks can be experienced supporting organization? .Systems Security Certified Practitioner (SSCP) 7 What types of encryption are available? .Systems Security Certified Practitioner (SSCP) 10 What steps are expected during the investigation of an incident? .Systems Security Certified Practitioner (SSCP) 12 Which protocols are utilized by E-mail encryption? .Contents What is Kerberos? Describe briefly.Systems Security Certified Practitioner (SSCP) 6 What is data classification? .Systems Security Certified Practitioner (SSCP) 11 What processes are used to conduct the NIST Risk Assessments? .Systems Security Certified Practitioner (SSCP) 9 What are the categories for security controlling? .Systems Security Certified Practitioner (SSCP)  7 Briefly describe the available system security modes.Systems Security Certified Practitioner (SSCP) 8 What is CAAT and how does it need CLF as part of the process? .Systems Security Certified Practitioner (SSCP) 7 How to create security awareness . .Systems Security Certified Practitioner (SSCP) 10 From where can an auditor collect data? .Systems Security Certified Practitioner (SSCP) 12 What are the types of access control policies? .Systems Security Certified Practitioner (SSCP) 6 What are the components of a PKI? .Systems Security Certified Practitioner (SSCP) 5 What is PKI? .Systems Security Certified Practitioner (SSCP) 8 What methods are used to test Disaster Recovery Plans (DRP)? .Systems Security Certified Practitioner (SSCP) 5 Describe several forms of cryptanalysis.Systems Security Certified Practitioner (SSCP) 9 What are the most common SSO products? What are the advantages using those? Systems Security Certified Practitioner (SSCP) 10 What are the layers of the OSI Reference Model? .Systems Security Certified Practitioner (SSCP) 5 What are important measures for quantitative risk management? .Systems Security Certified Practitioner (SSCP) 13 2 .Systems Security Certified Practitioner (SSCP) 9 What are the key concepts regarding the TCB? . .Systems Security Certified Practitioner (SSCP) 11 What are the key concepts of Risk Management? . .

Systems Security Certified Practitioner (SSCP) 18 What are the key concepts of Cryptography? .Systems Security Certified Practitioner (SSCP) 20 Shortly describe the available access control models.Systems Security Certified Practitioner (SSCP) 14 What are the activities of the access control administration? .Systems Security Certified Practitioner (SSCP) 13 What is BCP? .Systems Security Certified 3 .Systems Security Certified Practitioner (SSCP)  18 What types of transmission signals are available? .Systems Security Certified Practitioner (SSCP) 14 What is the Diffie-Hellmann Algorithm? . .Systems Security Certified Practitioner (SSCP) 17 What are the risk analysis tools? .Systems Security Certified Practitioner (SSCP) 21 What types of attack can an organization experience? .Systems Security Certified Practitioner (SSCP) 14 What are the types of evidence? .Systems Security Certified Practitioner (SSCP) 13 What are Hash Algorithms? .What are the authentication types for access control? . .Systems Security Certified Practitioner (SSCP) 19 Which types of storage may be utilized to accommodate information or data needs? Systems Security Certified Practitioner (SSCP) 19 What forms of monitoring methods are performed by any organization? .Systems Security Certified Practitioner (SSCP) 17 What are the common malicious codes? .Systems Security Certified Practitioner (SSCP) 15 What auditing process is proposed by DoD? .Systems Security Certified Practitioner (SSCP) 18 Describe the TCP/IP and UDP protocols .Systems Security Certified Practitioner (SSCP) 13 What is password administration? .Systems Security Certified Practitioner (SSCP) 17 What are Asymmetric Ciphers? .Systems Security Certified Practitioner (SSCP) 16 What are the available document elements? .Systems Security Certified Practitioner (SSCP)14 What is incident response? What are the objectives of the incident response? .Systems Security Certified Practitioner (SSCP) 20 What roles are needed to implement the security system? .Systems Security Certified Practitioner (SSCP) 20 Briefly describe Symmetric Ciphers .Systems Security Certified Practitioner (SSCP) 15 How to develop a security policy? .Systems Security Certified Practitioner (SSCP) 16 Which protocols are used to secure Internet functions? .Systems Security Certified Practitioner (SSCP) 16 What types of networks are available? .Systems Security Certified Practitioner (SSCP)16 What do you mean by the IDEA algorithm? .Systems Security Certified Practitioner (SSCP) 17 How many life cycle phases are available for a system? .Systems Security Certified Practitioner (SSCP) 21 What are the firewall types? .Systems Security Certified Practitioner (SSCP)  18 What is RSA encryption? .Systems Security Certified Practitioner (SSCP) 21 Briefly describe the access control techniques.

Systems Security Certified Practitioner (SSCP) 22 4 .Practitioner (SSCP) 22 What are the types of security audits? .

  Certificate authorities adhere to X.509 standards.attempts to gather several pieces of ciphertext and looks for patterns or statistical data Known plaintext .  It uses symmetric-key authentication and authentication tokens.uses coercion. Describe several forms of cryptanalysis. which is responsible for authenticating each client.Part of the KDC is the Authentication Server (AS).  During this authentication.   All the systems within the realm have their clocks synchronized. to drive the system.  The overall structure of control is called a realm.  Each user must register with the directory service.  Each user has a certificate. .Systems Security Certified Practitioner (SSCP) This risk analysis shows the quantity of risk in terms of cost (value). a trusted public directory of keys can be created.  Each Kerberos system has a private key and the Kerberos server has copies of all these keys.  Time stamping the tickets ensures that they are not compromised.  A certificate sent from a certificate authority will be signed by the digital signature of the certificate authority and be able to be verified by the recipients. public key certificates can be used. What is PKI? .  A secure communication path is created between the user and the directory allowing keys to be changed.What is Kerberos? Describe briefly. allowing for cross-platform authentication. To create confidence in the use of public keys. bribery.access to the encryption algorithm is available and tested using several plaintext message to determine the key Chosen ciphertext .  However. public keys are still public and therefore questionable. or tickets.Systems Security Certified Practitioner (SSCP) Cryptanalysis is used to perform attacks to discover and break the encryption methods used. the Ticket Granting Service (TGS) makes the tickets and distributes to the clients. .  There are several forms of cryptanalysis: Ciphertext-only .  The quantity is derived in terms the 5 .  The directory can publish and maintain a list of all active keys and delete or revoke keys that are no longer trusted.Systems Security Certified Practitioner (SSCP) Kerberos is a network authentication protocol providing strong authentication for client/server applications.Similar to the plaintext attack using the decryption device or software and ciphertext Social engineering . To increase the level of trust.  These certificates are exchanged directly with other users or through a certificate authority.access to the cipher-text and the plaintext of the same message are available which are used to find the cryptographic key Chosen plaintext .A Key Distribution Center (KDC) holds all the keys and provides a centralized authentication service.Systems Security Certified Practitioner (SSCP) Asymmetric cryptography has allowed the use of symmetric cryptography to be more effective. or befriending people to gain access to systems Brute force -  attempts all possible keys to decrypt the ciphertext What are important measures for quantitative risk management? .

Brute Force Attack . ROI (Return on Investment) .the loss to the asset in terms of cost.the percentage of asset loss caused by a potential attack. What are the components of a PKI? .A Certificate Authority (CA) is an organization tasked with maintaining and issuing public key certificates. ALE (Annualized Loss Expectancy) . such as a Trojan horse.the value of a specific asset. numbers.  This is an explicit attack characterized by: flooding the network disrupting connections between two machines preventing an individual or group from access disrupting service to a specific system or person Distributed Denial of Service (DDoS) .  They can also revoke certificates by publishing to the Certificate Revocation List.uses a flat text file containing dictionary words and other common words to systematically identify a users password.  Calculated by subtracting the annual cost of implementing a control and the ALE after implementation from the ALE before the implementation.the annualized costs of countermeasures. and symbols to systematically identity a users password.Systems Security Certified Practitioner (SSCP) Digital certificates are electronic files issued by a trusted third party for the purposes of establishing the credentials of an individual.  Two types of digital certificates exist:  server and personal. ARO (Annualized Rate of Occurrence) .Cross-certification is an act or process where two CAs certify a public 6 .  Calculated by multiplying the asset value by the exposure factor.Systems Security Certified Practitioner (SSCP) Several types of attacks may be experienced supporting an organization: Dictionary Attack .Any circumstance which prevents the system from performing as intended or allowing legitimate users from access the system. What types of attacks can be experienced supporting organization? .  Calculated by multiplying the SEL by ARO.  The process is called risk modeling and is based on probabilities.The attacker uses other systems to launch a DoS attack. Cost/Benefit Analysis . SLE (Single Loss Expectancy) .Some important measures for quantitative risk analysis are: AV (Asset Value) .the annual loss to an asset. Denial of Service (DoS) .The intruder pretends to be another system and gather data and communication intended for the original system. Spoofing .the estimated frequency that a threat will occur in a given year.amount of damage that can happen and the cost of countermeasures required.  They validate the identify of a user or system with a digital signature. EF (Exposure Factor) .compares the cost of a control to the benefits.Uses every possible combination of letters.

 Each level of data required has greater consequences if the data is lost. which require an organization to engage in good business practices within their related industry.  The system is secured with user data classification and Mandatory Access Control (MAC). Due Diligence is an effort to ensure that the correct policies.Systems Security Certified Practitioner (SSCP) Due Diligence and Due Care are concepts.  All users must have security clearance to authorize access to the system. end-to-end encryption works at the application layer. .  In many cases.Systems Security Certified Practitioner (SSCP) An analysis of the information is preferred to determine the value of the information and system resources to determine the level of protection and how much is required.  A strict documentation process is usually in place to track the access given to each user and the individual granting the access.  In the commercial section. due diligence is mandated by various legal requirements from the organizations industry or for compliance 7 .compartment Mode .End-to-end encryption will only encrypt the data. Briefly describe the available system security modes.  This is a continuous effort. including the header.  The levels of information classification are clearly labeled to make clear the access requirements.  Where link encryption works within the physical layer of the OSI model.  The data stays encrypted throughout the entire communication from one system to the last. Multilevel Secure Mode (MLS) . a common set of classifications include: Confidential Private Sensitive Public What types of encryption are available? . trailers and routing data.requires proper clearance for the highest level of information on the system.  Processes from a lower security level are not allowed to access processes at higher levels. What is data classification? .Systems Security Certified Practitioner (SSCP) Two forms of encryptions are common: Link encryption End-to-end encryptionLink encryption is a process for encrypting all the data along a specific communication path. procedures.  The processes and data are controlled.  All users must have security clearance to authorize access to the system. the cost of replacing this information and the embarrassment or loss of reputation due to the loss.  Each application or user has a different key allow a greater granularity of encryption.  Each packet is decrypted and encrypted at each hop.  Users who have access must have a security clearance that authorizes their access.  The entire packet is encrypted.  This protects the data from packet sniffers and eavesdropping.  Access to the information is based on an individuals need to know. and standards are in place and followed.key of the other allowing users that are certified under different CAs to be validated under the local CA.The value of the information is defined by identifying the impact to the business when the data is lost or disclosed to unauthorized individuals.requires proper clearance for all information on the system.Systems Security Certified Practitioner (SSCP) Three common modes are used to control access to systems storing classified information: System High Mode . What is due diligence and due care? .requires proper clearance for all information on the system.

The plan is distributed to management and participants for review. Parallel Tests a complete live-test without affecting the operational systems.Business management review the plan in cooperation and together. The advantage of using CAAT is the automation of manual tasks.with governmental regulatory standards.a complete live-test shutting down operational systems. What is CAAT and how does it need CLF as part of the process? . Clean-desk spot checks should be performed regularly.Systems Security Certified Practitioner (SSCP) The users are typically the weakest link in any security system.All support personnel meet in a practice execution session.Systems Security Certified Practitioner (SSCP) Several methods are used to test Disaster Recovery Plans: Checklist Tests . requiring the need for awareness training to the users on what security means to the organization and the impact each user has on the process. Simulation Tests . Some of the key concepts promoted through the education usually are: Security should be a part of every hiring process. Everyone should lead by example.The purpose of the central logging facility (CLF) is to ensure that audit and system logs are sent to a secure. 8 .Due Care refers to the effort taken to ensure security within an organizations. Structured Walkthrough Tests . Full-Integration Tests . trusted location separate from the devices being monitored.Systems Security Certified Practitioner (SSCP) Any software or hardware used to perform audit process is considered a CAAT. detect fraud. identify improvements in processes and detect abnormalities in data. Upper management support a vital stakeholder in security and must support its implementation.  They are used to ding errors. though can be used erroneously when replacing human intuition and observation.  There are many activities that can comprise due care. An advantage of a CLF is its ability to collect and integrate data from disparate systems and use data correlation to determine a pattern of attack. What methods are used to test Disaster Recovery Plans (DRP)? . How to create security awareness .

Corrective .  Sometimes referred to as countermeasures.an abstract machine that mediates all access between subjects and objects to protect unauthorized access. but token-based (Type 2).  They are considered the most secure form of password possible when implemented properly.What do you mean by OTP authentication mechanism? . and firmware.  It performs this effort by comparing access levels to data classification. Preventative .the resources that are outside of the TCB that enable communication between trusted and untrusted components.  If the user does not type in the password correctly. software. Recovery . Security kernel .set by management or administrators to ensure that required actions are taken to maintain policies or system integrity.inhibits persons or processes from initiating actions that potentially violate a security policy. including the hardware.  The kernel is at the core of the TCB and the most common approach of building trusted systems. These passwords are not knowledge-based.  The security kernel is always isolated from the reference monitor for greater security. The one-time password is based on randomly generated passwords. which violate a policy and are triggers for corrective control.acts within any situation where a policy has been violated with the intent to restore the system or processes top their original state. software. and firmware within the TCB that implements and enforces the reference monitor.Systems Security Certified Practitioner (SSCP) A one-time password (OTP) can only be attempted once before it becomes invalid or expires.  Some of the key concepts are: Security perimeter . 9 . corrective controls provided a automated response to inhibit the particular action that is violating the policy preventing it from having a greater impact on the organization. What are the key concepts regarding the TCB? Systems Security Certified Practitioner (SSCP) A trusted computer base (TCB) represents the total combination of protection mechanisms within a computer system.identifies those actions from any source. Reference monitor .  The confidential information is controlled to ensure that it doesnt flow in an undesired direction. Detective . What are the categories for security controlling? Systems Security Certified Practitioner (SSCP) Security Controls fall into several categories: Directive .The hardware.acts within any situation where a policy has been violated. the password still becomes invalid and another password must be obtained.

a set of standard questions used for a wide range of organizational types.Systems Security Certified Practitioner (SSCP) Any auditing method that used by an organization should be well documented and reconstructible if required. and handling of information What are the methods of auditing? .a proactive security audit with the intent of testing security controls through a simulated attack on the system or environment. there are two types of security audits: Penetration testing . lists of potential attacks are used to manage the performance of the test. flow control and error detection and correction Layer 5 (Session) deals with the handshaking between applications Layer 6 (Presentation) handles the presentation of the information Layer 7 (Application) defines the structure.What are the most common SSO products? What are the advantages using those? . The administrative effort for forgotten passwords is reduced.  Generally.  The importance and type of audit will determine the frequency of review.  The result of penetration testing is to strengthen the security of the environment.  Penetration testing processes typically include: Host identification OS fingerprinting Vulnerability matrix building Vulnerability analysis Reporting weaknesses Preparing a road map Checklist audit . network interfaces and cabling Layer 2 (Data-link) describes the data transfer between machines Layer 3 (Network) describes the data transfer between networks Layer 4 (Transport) describes the data transfer between applications.  A security audit report should provide all the finding and recommended when required.  The objectivity of the information source should always be considered. interpretation.Systems Security Certified Practitioner (SSCP) The purpose of Single Sign On (SSO) is enable user authentication once and pass that authentication on to each subsequent systems that user attempts to access. From where can an auditor collect data? .Several sources are available to the auditor: Organizational charts Network topology diagrams Business processes Hardware and software inventories Infor10 . Generally. What are the layers of the OSI Reference Model? Systems Security Certified Practitioner (SSCP) Defined in 1984 and published as the international standard. ISO/IEC 7498-1.  The model consisted of seven layers: Layer 1 (Physical) handles the networking hardware.  The purpose of the checklist to aid the auditor in managing the work as he/she verifies related details based on observations unique to the environment. The experience of the user is improved.  The most common SSO products are: Kerberos SESAME NetSP Kryptoknight SnareworksThe advantages of SSO are: Access to systems can be quickly and efficiently enabled or disabled.Systems Security Certified Practitioner (SSCP) Audit sources are where audit data can be gathered for evaluation and analysis.

 The steps typically expected during the investigation of an incident are: Contact the senior management team and Incident Response Team. Do not open any files. Document all running processes.controls that provide some protection to assets. which is harmful to an information system. Controls . measuring. Assets . Some key concepts of risk management are . or transfer risk.mechanisms in place to reduce. Risk .a weakness in the information system that can be potentially exploited by a threat.a potential danger. Exposure . software. 11 .the business resources attributed to the system. documentation. Countermeasures -controls developed through risk analysis to reduce vulnerabilities.the likelihood that a threat will take advantage of vulnerability. Make a detailed image of the physical disk. Save the contents of any system or application logs. Threat .the instance when losses are exposed due to a threat. Do not power down or reboot the system.Systems Security Certified Practitioner (SSCP) A chain of custody establishes where a piece of evidence is at any given time and who was responsible for it. whether intentional or accidental. Safeguards . and controlling risk. and error messages.Risk Assessment is the process for identifying the threats and vulnerability as they related to the existing controls as well as the impact if the threats become real. mitigate. including hardware.mal interviews What steps are expected during the investigation of an incident? . What are the key concepts of Risk Management? Systems Security Certified Practitioner (SSCP) Risk Management involves the processes for identifying. Disconnect the system from the network. and data. Save the contents of memory or page files. personnel.Vulnerability . open files. if possible.

Data classification . integrity. Pretty Good Privacy (PGP) .an attribute of communication to prevent false denial of involvement by either party and drives the element of trust particular in e-business transactions.Risk mitigation .  The process ensures that the data is protected in the most costeffective manner. and availability required for each type of information included in the system.Any user should be given enough access to enable the performance of their duties as required by them.identifies the level of confidentiality.A subject using a system is tracked within the system and held responsible for their actions.  Typically. Accountability .A process where the identity of an object is determined using some form of authentication.messages are signed and encrypted. 12 .  Elevations of privileges should be granted only when they are required. Pass-phrases are used to encrypt the users hashing algorithm.an effort to select and implement controls with the purpose to reduce risk to acceptable levels. What processes are used to conduct the NIST Risk Assessments? . Non-repudiation .  Hashing functions are performed. Identification and Authentication . which is stored on the hard drive. including: Authorization .RSA public key encryption for key management used.Systems Security Certified Practitioner (SSCP) The processes used to conduct NIST Risk Assessments are: Identify System Characteristics Identify Threats Identify Vulnerabilities Analyze Control Determine Likelihood of Occurrence Analyze Impact Determine Risk recommend Controls Document Results What are the principles for security administration? Systems Security Certified Practitioner (SSCP) Several principles drive the procedural elements of security administration. Which protocols are utilized by E-mail encryption? Systems Security Certified Practitioner (SSCP) E-mail encryption utilizes several protocols. including: Message Security Protocol (MSP) .the process where an access control subject is authenticated and identified. the subject is authorized to have a specific level or type of access to a particular object.  Digital signatures are used. as well as an IDEA symmetric cipher for bulk encryptions. Least privileges .

Detective .Systems Security Certified Practitioner (SSCP) The selection.comprised of passwords.Keys. signatures.  Identification requires some form of authentication to determine the identity of an object and subject. smart cards and the like. identification tokens. Authentication is the process of proving a claimed identity. eye and facial characteristics. and personal information.RSA used for encrypting and digitally signing messages that contain attachments. specifically resetting the password or expiration of the password. Something you are .Systems Security Certified Practitioner (SSCP) Identification is a process of representation by a person or system as a valid participant with the intent of accessing a secured environment.fingerprints. management and auditing of passwords occur through automated or administrative methods.  They are used to guide the procedures used for automated access control systems and physical. password expiration and reuse  and other policy driven concerns related to passwords. personal identification numbers. What is password administration? .Password management concerns itself with the the life cycle of the password and everything that could potentially impact it. Corrective .describes the policies preventing vulnerabilities from being exposed. There are generally three types of access control policies: Preventive . certificates.Systems Security Certified Practitioner (SSCP) 13 . Something you have .Password selection refers to the production of passwords specifying the password length. character usage.Secure Multipurpose Internet Mail Extension (S/MIME) . badges.describes the policies identifying when an attack occurs. What is BCP? . There are three types of authentication that may be found: Something you know . What are the types of access control policies? Systems Security Certified Practitioner (SSCP) Access control policies are used to control and mitigate security risks. security methods. passphrases.describes the policies used to manage and address any breaches in security. What are the authentication types for access control? . voiceprints and other biometrics.

system. What is the Diffie-Hellmann Algorithm? . but no secret key is used.  The public keys would be exchanged and computer a common session key. What are Hash Algorithms? . documenting and implementing process and procedures with the intent to respond to a disaster such that critical business functions continue with minimal impact.  BCP continues until normal facilities are restored.  It uses discrete logarithms based on finding the primitive root of a prime number.Business Continuity Planning (BCP) is the process of proactively developing.Incident response refers to all activities per14 .  This is typically done through an assessment and documentation of requirements called a business impact analysis (BIA).  Each round consists of 16 steps.Once complete. and service accounts used within the access control system is the scope of access control administration.MD5 was developed by Ron Rivest at MIT in 1992 and is the most widely used hashing algorithm. the critical business functions must be identified.  The result is referred to as hash code or message digest.Systems Security Certified Practitioner (SSCP) A key exchange algorithm used to enable two suers to negotiate of exchange a secret symmetric key used for future encryption. What are the activities of the access control administration? .Systems Security Certified Practitioner (SSCP) The administration of all user.  The hash is generated by using an algorithm.The activities of access control administration include: Creation of rights and permissions Maintenance of accounts Renaming or deleting accountsThe access rights and permissions for a specific account is typically managed by the owner of the data that is being accessed.Simple hash functions will break the message down into fixed-size blocks.Private and public keys are still used.For the success of BCP to be realized. which are then XORed.Systems Security Certified Practitioner (SSCP) Hash functions accept input messages of any length and generate a fixed-length output. What is incident response? What are the objectives of the incident response? .  The two hosts would calculate the private key and a public key individually.  The message is processed in 512-bit blocks and four rounds. the two parties could encrypt their data using a symmetric key.Systems Security Certified Practitioner (SSCP) An incident is any violation of an explicit or implied policy.  It is typically the responsibility of each department to define the required functions needed to continue their operations.  The private key is randomly selected and must be less than the prime number.  A 128-bit message digest is generated.  The principle of least privilege is often used to grant all the rights and permissions required to an account to perform the necessary duties without providing to more access than required.

Corroborative .override all other evidence. Direct .formed to counteract any incident that has the potential for adverse effect on the system or organization. Real . Investigating Incidents What are the types of evidence? .policy is presented to the approving body.Systems Security Certified Practitioner (SSCP) The common steps to creating a security policy are: Initial and Evaluation .evidence that supports an idea or point. To prevent similar incidents.printed business records and manuals. The objectives of incident response are: To control and manage the incident.falls into two categories:  expert opinion can be provided based on personal expertise and facts. illustrations and other visual aids.inference of information from other relevant facts. Development .tangible or physical evidence.oral testimony that process or disproves a specific act based on information from the witnesses perceptions.Systems Security Certified Practitioner (SSCP) During an investigation. To notify management about the incident. Documentary .writing a proposal to management stating the objectives of the policy.second-hand evidence. Circumstantial . several forms of evidence can be gathered: Best Evidence . To investigate and assess the severity of the incident in a timely basis. How to develop a security policy? .a copy of the evidence or oral description of its contents.charts. Opinion . not based on personal first-hand knowledge. To recover or bypass an incident to resume normal operations in a timely basis. while nonexpert can only testify on the facts. Demonstrative . 15 .original or primary evidence Secondary . Conclusive . Hearsay . Approval .drafting and writing of policy with agreed objectives.

Wide Area Networks are simply a number of LANs connected over a distance using telephone lines. What types of networks are available? .Systems Security Certified Practitioner (SSCP) International Data Encryption Algorithm (IDEA) is meant to be a replacement for DES and works off a 128-bit key within a 64-bit operation. What do you mean by the IDEA algorithm? . radio waves.  Eight rounds of transposition and substitution are performed using modular addition and multiplication and bitwise XOR.  It is only used when an individual message must be encrypted.the policy is regularly reviewed for currency to the organization. Which protocols are used to secure Internet functions? . Metropolitan Area Networks (MAN) are similar to WAN providing high-speed communication lines and equipment for metropolitan areas.Systems Security Certified Practitioner (SSCP) Several protocols are used to secure Internet functions: Secure Hypertext Transport Protocol (S-HTTP) messages are encrypted with session keys to provide integrity and authentication capabilities. What auditing process is proposed by DoD? Systems Security Certified Practitioner (SSCP) The process for auditing an IT environment has been proposed by the Department of Defense (DoD): Plan the Audit Determine the existing controls and risk profile Conduct compliance testing Conduct substantive testing Determine the relevant impact of the weaknesses found Present findings.  SSL will provide data encryption. Maintenance .  Xuejai Lai and James Massey developed IDEA in 1991. or fiber.objectives of the policy are executed and enforced.Systems Security Certified Practitioner (SSCP) Local Area Networks (LAN) covers a small geographical area typically confined to a single building or a small group of buildings.  Used when all the communication between two systems must be encrypted.  Leased lines or point-to-point network can be used to create high-speed dedicated networks. Implementation .  LANs either are wired or wireless. HTTPS .Publication . server authentication.  The communication path will remain open until one-end 16 .uses a public key for key exchange and certification-based authentication and private key for traffic encryption.  Each computer is connected to the network using a Network Interface Card (NIC).uses SSL and HTTP to protect the communication path between two computers. and message integrity and client authentication. Secure Socket Layer (SSL) .policy is published and distributed within the organization.

  One-half of the key pair would remain secret known only to the key holder.Security policies are a general statement written by senior management that provides the type of role security will play within the organization. or elements.Systems Security Certified Practitioner (SSCP) Drs.Systems Security Certified Practitioner (SSCP) Several options are available to perform risk analysis: DELPHI . How many life cycle phases are available for a system? .These concepts were the introduction to public key cryptography. and Vulnerability Evaluation) .requests to end the session using TCP.  Typically.Systems Security Certified Practitioner 17 . Whit Diffie and Martin Hellman introduced the idea behind asymmetric algorithms in 1976.Standards provide how hardware and software products are to be used. parameters. Asset. COBRA (Collective.  Each expert measures and prioritizes the risk and the results are combined into a consensus.  A transaction is conducted and verified using combinations of digital certificates and digital signatures to ensure privacy and confidentiality.used to secure financial transactions on the Internet by using a tunneling mechanism that emulates terminal access to computers.  Operates at the Transport layer of the OSI model. The idea utilizes two different keys link mathematically to perform cryptographic operations. as well as the scope and direction for future implementations of security. while the other is used to decrypt. called the private key. a person would need to generate a key pair.a group of experts are used to independently rate and rank business risk for a business process or organization. Secure Electronic Transaction (SET) . create the compilation of documents used to support security measures for an organization. What are the risk analysis tools? .  The other half of the key pair could be presented to anyone who wanted a copy. ensuring that specific technologies. Objective. and procedures are implemented and worked with uniformity. What are the available document elements? Systems Security Certified Practitioner (SSCP) Several document types. and Bi-Functional Risk Analysis) . OCTAVE (Operationally Critical Threat. called the public key. What are Asymmetric Ciphers? .  To use a asymmetric algorithm. applications.a risk-based strategic assessment and planning technique for security.A questionnaire system based on system principles and extensive knowledge to evaluate the relative importance of all threats and vulnerabilities. one key is used to encrypt.

n}.  The integer e is relatively prime to (n) which is (p-1)(q-1)The private key is {d. What are the common malicious codes? .  It is a connectionless protocol.ties to a particular date. which splits the transport layer.(SSCP) There are seven life cycle phases for a system: Project Initiation Project Definition.  de=10(n)+1 Describe the TCP/IP and UDP protocols . Design and Analysis System Design Specification Software Development Implementing. connection-oriented protocol for delivering packets to a destination computer. two prime numbers are multiplied together:                  n = pqThe public key is {e. Evaluation and Testing Maintenance Revision or DisposalThe phases apply to all new developments and system improvements or maintenance for the purpose of ensuring that security concerns are considered for each phase. Adi Shamir.malicious code that spreads from system to system based on intervention fro the user worms . holiday.  If the packet is lost during transmission. and Len Adleman in 1978. time.During a TCP handshake: Host sends a SYN packet The receiver answers with w SYN/ACL packet Host sends an ACK packetInternet Protocol (IP) supports inter-network addressing and packet routing and forwarding.malicious code is hidden within legitimate programs with the intention of having the user execute it and run in the background logic bombs .Systems Security Certified Practitioner (SSCP) The most widely used form of public key encryption is RSA.  Protocols stacked between layers 4 and 5 include: real-time protocol (RTP) real-time control protocol (RTCP) Mbone reliable UDP (RUDP) stream control transmission protocol (SCTP) What types of transmission signals are available? Systems Security Certified Practitioner (SSCP) Transmission signals fall into two categories: Digital (Baseband) Analog (Broadband)Digital signals use 18 .  The integer d is calculated using Euclids algorithm. and effort taken during the entire lifecycle. The formula used is:                  C = Pe mod n for encryption                  P = Cd mod n for encryptionTo calculate RSA key pairs. or system to wait until the event occurs to deliver the payload What is RSA encryption? . TCP will resend the packet. time.User Datagram Protocol (UDP) provides lightweight service for connectionless data transfer. RSA is based on factoring the product of two large prime numbers.  Technical developments have required the definition of protocols on top of UDP.similar to viruses without the requirement of use intervention trojan horses .  Addressing security concerns at the beginning of development lowers the cost.Systems Security Certified Practitioner (SSCP) Transmission Control Protocol (TCP) is a reliable.n}.Systems Security Certified Practitioner (SSCP) The most common malicious code includes: viruses .  Developed by Ron Rivest.

Decipher/Decryption .  The types of storage. Cryptology .Any hardware or software implementation of cryptography. Which types of storage may be utilized to accommodate information or data needs? .Same uses as PROM but data can be erased by exposure to ultraviolet light. EEPROM (Electronically Erasable PROM) .  The chip cannot be cleaned of data and reused for other data. repeaters are often used. Key or Cryptovariable . or memory. 19 . PROM (Programmable Read Only Memory) .Can be erased by exposure to an electronic charge.pulses to carry binary code that create the data. Secondary .  Only one channel can be carried over a cable.  The signals can be electrical or light. floppy disks.Systems Security Certified Practitioner (SSCP) Several means of storage may be utilized to accommodate information or data needs. ROM (Read Only Memory) .the study of both cryptography and cryptoanalysis Ciphertext . RAM (Random Access Memory) . include: Primary . The key concepts of cryptography are . or CDs. typically providing information for starting a computer.A memory chip where a program can be stared.  Several channels can be carried over the cable.converting date to unreadable format. What are the key concepts of Cryptography? Systems Security Certified Practitioner (SSCP) Cryptography is the science of secret writing in order to store and transmit data in a form available only to intended individuals. which transforms a message to ciphertext and back to plaintext. EPROM (Erasable Programmable Read Only Memory) .Retains data when the computer is off and attributed to mass storage drives. Cryptoanalysis .can read and write data.secret sequence of bits for encrypting or decrypting.  To extend the distance of the signal.The practice of hiding a message within a different medium.the ability to recover plaintext from ciphertext without a key or breaking the encryption.converting data into readable format.can only read data.encrypted or unreadable data Encipher/Encryption .Cryptosystem .accessible directly by the CPU is this the main memory of the system and typically is volatile and looses any value during a power outage. Steganography .Analog signals used waves over a range of frequencies.  Repeaters are used to reco0nstruct the packet and passed along the destination. such as harddrives.  The waves of the signal can be optical or electromagnetic.

Systems Security Certified Practitioner (SSCP) Several formal models are recognized and implemented for access control.  The result is extensive focus on key management. ad-hoc. Keystroke Monitoring . or axioms: Simple integrity axiom a subject with a specific integrity level can only read objects that the same of higher level integrity level. Closed Circuit Television (CCTV) .provides alerts and notifications whenever a violation in policy is detected.data captured over the network wiring is recorded in readable format for action. or passive monitoring. Event Monitoring . the key is often sent separate from the message itself. Briefly describe Symmetric Ciphers .  This requires not only the generation of the key but also the secure transmission of the key to both the sender and receiver of the message. The * (star) integrity axiom . Hardware Monitoring . usually tracking the decrease of increase of compliance to policy over time. The basic intent of the monitoring is to keep the system security up to date.monitors the physical activity of people. by providing three primary rules.detects faults in hardware devices Software Monitoring .What forms of monitoring methods are performed by any organization? .a subject with a specific integrity level can only write to objects with the same or lower integrity level.keystrokes entered by the computer user and the computers response during a session can be viewed or recorded by the system administrator.will enforce adherence to acceptable usage policy and their legal liability adding to the process of legal requirements when prosecuting malicious activities.detects the illegal installation of software on the system.  This encryption process comes in many names: single key same key shared key secret key private keyThe last two names represent the key factor in using symmetrical algorithms: securing the cryptographic key. 20 .  IT can be done automatically or manually. . Trend Analysis .creates inferences based on historical data.Systems Security Certified Practitioner (SSCP) Symmetric ciphers utilize an algorithm that is operate on a single cryptographic key that is used to encrypt and decrypt the message. called out-of-band distribution.  To ensure security.  Different forms of monitoring include: Warning Banners . Traffic Analysis .Systems Security Certified Practitioner (SSCP) Organization can perform real-time.Riba models address integrity of the data. Shortly describe the available access control models.

responsible for the security of the organization and the protection of its assets. Mandatory Access Control (MAC) places the decision of access control on a classification. the data owner is responsible for the data classification. Systems Security Certified Practitioner (SSCP) The techniques of access control are comprised of theories and concepts behind how access is managed within a secured computing environment.responsible for the functional execution of security in the organization and follows the directives of the senior manager.  Decides upon the classification of data and typically will delegate the day-to-day maintenance of the data to a data custodian. task.Systems Security 21 .routinely uses the data for work-related tasks requiring the necessary level of access to the data.The Clark/Wilson model also addresses protecting the integrity of the data. but divides the task between two or more people.Three techniques of access control exist: Discretionary Access Control (DAC) places the decision for access control on the data owner.  Though a central administrator controls the permissions set.A subject at a given integrity level can only involve a subject at the same or lower integrity level. Security Professional .  A central set of administrated controls are used to define how subjects and objects interact. What roles are needed to implement the security system? . of the data.  The model requires that all objects have a minimum-security level assigned so that subjects with a security level lower than the object are unable to access the object.  This prevents people from committing fraud.  They define the relationship and interactions between subjects and objects.  It uses policies for the separation of duties which prevents a single person from performing a task from beginning to end. or sensitivity label.Systems Security Certified Practitioner (SSCP) Implementations of security require the filling of several roles including: Senior Manager . Data custodian . Data Owner .The Bell/LaPadula focuses on confidentiality.The Orange Book refers to the color-coded Department of Defense Trusted Computer System Evaluation Criteria (TCSEC). or subject. User . by focusing on preventing authorized users from making unauthorized changes to the data. What are the firewall types? . Briefly describe the access control techniques.Typically a member of management and responsible for the protection and use of specific data.  The Bell/LaPadula model is a basis for the MAC model and the Orange Book.has the responsibility of maintaining and protecting the data. Role-based Access Control (RBAC) places the decision of access control on the roles fulfilled by a user.

SYN Attack -buffer space during a TCP session initialization handshake is exploited by sending multiple connection requests Teardrop Attack -length and fragmentation offset fields of sequential IP packets are modified creating contradictory instructions for the system.uses a packet filter firewall and application proxy (Bastion) host. What are the types of security audits? . Screened Subnet . 22 . TCP Sequence Number Attack -communication session between target and trusted host is exploited tricks target into thinking it is communicating with trusted host. Application Proxy . IP Spoofing Attack .disguises TCP packets from IP filtering devices. Screened Host .inspects all packets at the application layer to filter any specific commands.External auditors are often hired to address specific regulatory requirements.Systems Security Certified Practitioner (SSCP) An organization may experience several different types of attack: Buffer Overflow -when a process or system receives more data to process than expected. Internal auditors are employees of the organization where the audit is being performed.Systems Security Certified Practitioner (SSCP) Security audits are performed by internal or external organizations to the department responsible for compliance. Smurf Attack -target network is saturated with traffic using a combination of IP spoofing and ICMP.uses two packet filter firewalls and a bastion host. What types of attack can an organization experience? .Certified Practitioner (SSCP) Firewalls are devices designed to prevent unauthorized access and can be implemented using hardware or software. IP Fragmentation Attacks .The types of firewalls include: Packet Filter .  Their responsibility is to examine the existing internal control structure for compliance to polices and assist management in meeting objectives through governance. Stateful Inspection .the most common type of firewall placed between a trusted and untested network.packets are altered at the TCP level to contain an IP source address of a trusted host in order to provide access to the intruder.monitors packets for the purpose of filtering but also monitors the status of connections.  All packets going through the firewall are examined using a set of predefined rules. control and risk mitigation.

23 .

You're Reading a Free Preview

Download
scribd