Professional Documents
Culture Documents
Identity Theft
Supervisory Structure
Phishing
Administrative Security-Awareness Training
Spoofing at logon Threats Testing
Wardialing
Brute force attacks Network Segregation
System-level events
Application-level events Accountability DAC - Data owners decide who has
User-level events access to resources and ACLs are used
to enforce security policy
MAC - Operating systems enforce the
system's security policy through the use of
Access Control Models security or sensitivity labels
Symmetric Key Encryption
RBAC - Access decisions are based on role
KDC - Kerberos-trusted Key Distribution Center
Lattice based - provides least access
TGS - Ticket Granting Service privileges of the access pair - Greatest
AS - Authentication Server lower bound and Lowest upper bound
KDC knows secret keys of client and server
KDC exchanges info with the client and
server using symmetric keys
Kerberos
Using TGS grants temporary symmetric key RADIUS - incorporates an AS and
SSO dynamic password
Client and server use temporary session key
TACACS - Terminal Access Controller
Replay is possible with time frame
Access Control System - for network
TGS and Auth server are vulnerable as they know all Centralized applications - static password
Weaknesses Access Control
Initial exchange passed on password authentication TACACS+ - supports tokens
Keys are vulnerable CHAP - supports encryption
Needham-Schroeder Protocol Operate and maintain
Supports MD5 and CRC32 Hashing SESAME Monitor and evaluate
row = tuple
Relational column = attribute
Hierarchical
Database Models
Network
Object Orientated
Smurf (ICMP) Object Relational
Fraggle (UDP)
SYN - TCP ACK
Attacks
DoS
Must implement access controls
D-DoS
Caution against data inferencing
Teardrop
Data definition language - DDL
Data manipulation language - DML
DBMS Query language - QL
1. Infrastructure Report generator
2. Research Views
3. Assess and Test Aggregation - combining information
Patch Management
4. Mitigation - Rollback Inference - deduce the full story
5. Deployment - Rollout
6. Validation, Reporting and Logging
1 - Initial
2 - Repeatable
Capability Maturity Model - CMM Waterfall
3 - Defined
I Regularly Drink My Orangejuice Spiral
4 - Managed
Joint Analysis Development - JAD
5 - Optimizing
Rapid Application Development - RAD
SDLC Methodologies
Cleanroom
Iterative
Reuse
Extreme
NIST Continuity Planning Guide
Personnel Safety is highest priority Understand the organization - Zachman Poster
Software escrow used to protect 1. Develop the continuity planning statement
investment in outsourced company Other
2. Conduct the business impact analysis - BIA
Salvage Team Business
Protect from looting Recovery Continuity 3. Identify preventative controls
Steps 4. Develop recovery strategies
5. Develop the contingency plan
6. Test the plan and conduct training and exercises
Full, Differential, Incremental
7. Maintain the plan
Disk duplexing
Electronic Vaulting
Backup
Tape Vaulting
Insurance 1. Select individuals to interview for data gathering
Full-Interruption Test
Fully configured
File and print services
Initiation Phase
Applications are installed
Activation Phase Hot site Workstations kept up to date
Recovery Phase Business Continuity Plan Available but expensive
Reconstruction Phase Security must be duplicated
Much slower than symmetric Link encryption takes place at the data link and physical layer
Mathematically intensive Weaknesses
Cryptography
Rivest-Shamir-Adleman - RSA Mike Smith
Elliptic Curve Cryptosystem - ECC 26/04/10 - Rev.31
Software
Diffie-Hellman
Protocols
El Gamal Examples Cryptosystem
Digital Signature Algorithm - DSA Algorithms - Kerckhoffs' Principle - Publicly known
DES-EEE3
DES-EDE3
Triple-DES (3DES) Examples
DES-EEE2 Confusion - carried out using substitution
DES-EDE2 Strong Cipher
Diffusion - carried out using transposition
Blowfish
International Data Encryption Algorithm - IDEA
RC4, RC5 and RC6
Rijndael Advanced Encryption Standard - AES
Administrative - Policies & Procedures
Diligence - Do Detect - Steps to identify risks using best practices Technical /Logical - Restricted Access
Due ... Physical - Locked doors
Care - Do Correct - Steps taken to correct identified risks to a minimum
Controls
Preventative - prevent harmful occurrence
Detective - detect after harmful occurrence
Corrective - restore after harmful occurrence
Standards - Specify use of technology in a
uniform way, compulsory
Guidelines - similar to standards but not Standards, Guidelines and
compulsory, more flexible
Procedures
Confidentiality - prevent disclosure of data
Procedures - Detailed steps, required, lowest level
Integrity - prevent modification of data
Baselines - minimum standard and/or point in time
C.I.A Availability - ensure reliable timely access
Government - Unclassified/Sensitive/Confidential/Secret/Top Secret
Classification Commercial - Public/Sensitive/Private/Confidential
1. Assign Value to Assets
2. Estimate Potential Loss per Threat
3. Perform a Threat Analysis
Steps
4. Derive the Overall Annual Loss Potential per Threat Asset - resource, product, data
5. Reduce, Transfer, Avoid or Accept the Risk Threat - action with a negative impact
ALE = SLE x ARO = AV x EF x ARO Vulnerability - absence of control
Total Risk = threats x vulnerability x asset value Safeguard - control or countermeasure
Residual Risk = total risk x control gap Exposure Factor (EF) = % of asset loss
Anonymous groupthink caused by threat
Risk Analysis Terms
Delphi Technique Risk Analysis Information Single Loss Expectancy (SLE) = Asset
Value x Exposure Factor
Subjective only Security and Risk
Eliminates $ amounts for cost benefit Management Annualized Rate of Occurrence (ARO) -
represents estimated frequency in which
Difficult to track Qualitative Mike Smith
threat will occur within one year
25/04/10 - Rev.20
Standards not available Annualized Loss Expectancy (ALE) - annually
Major project expected financial loss: ALE = SLE x ARO
Criminal jail
Wi-Fi Protected Access - WPA, WPA2 - uses TKIP Application - FTP, TFTP, SNMP, SMTP, Telnet, HTTP
Enable 802.11i e.g. WPA Presentation - ASCII, EBCDIC, TIFF, JPEG, MPEG, MIDI
Wireless
Change default SSID Session - NFS, NetBIOS, SQL, RPC
Disable broadcast SSID OSI Model Transport - TCP, UDP, SSL/TLS, SPX
Add RADIUS or Kerberos Network - IP, ICMP, IGMP, RIP, OSPF, IPX
Put AP at centre of building and in DMZ Best Practice
Data Link - ARP, RARP, PPP, SLIP
Implement VPN for wireless devices
Physical - HSSI, X.21, EIA/TIA-232, EIA/TIA-449
Configure AP to allow only known MAC addresses
Disable DHCP List of Protocols
WAP
i-Mode - Japan, Asia, Europe
Mobile Phones
Bluetooth - 802.15
Australian Trains Never Late
TCP - Stream
Application UDP - Message
Synchronous Data Link Control - SDLC UDP: Source, Destination, Length, Checksum, Data
Works at Network Layer Network Fractional = 1/24th x T1, 1 voice channel, 0.06Mbps
Can connect different networks Devices
T1 = 24 voice channels, 1.544Mbps
Uses routing protocols: RIP, BGP, OSPF Routers
Can filter based on IP address and protocols
T- Carriers T2 = 4 x T1, 96 voice channels, 6.312Mbps
T3 = 28 x T1, 672 voice channels, 44,736Mbps
Combine functionality of a repeater and bridge
T4 = 168 x T1, 4032 voice channels, 274,760Mbps
Can work at layer 3 and 4, can use tags = MPLS
Switches
Used to provide QoS
Other: VLANs, Gateways, PBXs
Packet Filtering & Dynamic Packet Filtering
Stateful
Proxy & Kernel Proxy
Firewalls
Dual-Homed
Screened Host & Screened Subnet
Separation of duties
Job rotation
Administrative Least privilege
POP
Operations New computers or applications installed
SMTP
Security Different configurations implemented
Mike Smith Change Control
IMAP - can leave on server E-mail
26/04/10 - Rev.26 Documentation New technologies integrated
Replaying - Often left enabled - SPAM redirection
etc.
Fax - use an encryptor
Purging
Disk shadowing
Zeroization
Redundant servers
Data remanence
RAID, MAIT, RAIT Media Controls
Degaussing generates a coercive magnetic force
Clustering
Physical destruction
Backups Contingency
Care with object reuse
Dual backbones
Direct Access Storage Device
Redundant power
Mesh network topology - not star Block diagram of system or control
Consider what happens if each block fails
Failure Modes and Effect
Tabulate failures and effects
Analysis - FMEA
Correct the design
Have engineers review
3 - 4 feet deter casual trespassers
6 - 7 feet too high to climb easily
8 feet - serious protection Fences
Natural environmental
Gauges 11, 9, 6 lower number = thicker
Supply system
Mesh 2", 1", 3/8" Threats
Manmade
Politically motivated
Beams of light
Sounds and vibration
Fences
Motion IDS
Warning signs
Different types of field Deterrence Security guards
Electrical circuit Dogs
Locks
Defense in depth measures
Delaying
Access Controls
Class I - Residential
Defense in Layers
Class II - Commercial External intruder sensors
Gates Detection Internal intruder sensors
Class III - Industrial, e.g. Warehouse
Security guard procedures
Class IV - Restricted, e.g. Prison
Assessment Communication structure
Response force
Emergency procedures
Response
Smoke activated Police, Fire, Medical
Heat activated
Plenum area - special cabling
Detection
4. Derive the Overall Annual Loss Potential per Threat Physical and
5. Reduce, Transfer, Avoid or Accept the Risk Environmental Limited entry points
A - Common combustibles - water or soda acid Security Force guests to front desk
Mike Smith Crime Prevention
B - Liquids - CO2, soda acid or Halon 26/04/10 - Rev.25 Through Reduce entry points after hours
C - Electrical - CO2 or Halon Fire Environmental Guard validates photo id
Class
D - Combustable metals - total immersion Design - CPTED
Guest sign in
K - Kitchens (commercial)
Question Strangers
Fuel - Soda acid - removes fuel
Oxygen - CO2 - Removes oxygen
Temperature - Water - reduces temperature
Suppression
Chemical - Gas Halon or FM-200 - Interferes Standard
Wet pipe, dry pipe, preaction, deluge Tempered
Acrylic
Windows Wired
Spike Laminated
Surge Excess Solar Window Film
Fault Security Film
Blackout Loss Power
Sag/dip
Brownout Degradation
Antistatic flooring
In-rush current
Ensure proper humidity 40 - 60%
Proper grounding
Static
Avoid carpeting
Grade 1 - 3, Commercial, Heavy Duty, Residential
Antistatic bands when working on hardware
Warded lock - Padlock
Temperature 50 - 80 F (10 - 26 C)
Tumbler lock Locks
Combination lock
Cipher lock
Arithmetic Logic Unit - ALU - Performs computation
Bus Interface Unit - BIU - I/O to CPU
Uses an Evaluation Assurance Level - EAL Control Unit - Coordinates other CPU components
EAL1 - Functionally Tested CPU Components Floating Point Unit - FPU
EAL2 - Structurally Tested Memory Management Unit - MMU
EAL3 - Methodically tested and checked Pre-Fetch Unit
Common Criteria
EAL4 - Methodically designed, tested and reviewed Protection Test Unit
EAL5 - Semi-formally designed and tested
EAL6 - Semi-formally verified design and tested
EAL7 - Formally verified design and tested
Operating (or Run)
Problem (or Application)
CPU States
Supervisory - Privileged Instruction
Evaluates on Functionality and Assurance Wait
Functionality rating F1 - F10 ITSEC
Assurance rating E0 - E6
Multiprogramming - can load more than one program in memory at one time
Multitasking - can handle requests from several different processes loaded
OS Terms into memory at the same time
Trusted Computer Systems Evaluation Criteria - TCSEC
Multithreading - can run multiple threads simultaneously
A1 - Verified Design
A - Verified Protection Multiprocessing - has more than one CPU
B1 - Labeled Security - Objects are classified
B2 - Structured Protection
B - Mandatory Protection
TCSEC
B3 - Secure Domains Orange Security
C1 - Discretionary Security
Book Architecture 1973 - First formal confidentiality model
Access Control - ability to permit or deny the use of an object by a subject Brewer and Nash Model - dynamically changing access controls
Reference Monitor - system component that enforces access controls on an object Terms Graham-Denning Model - How subjects and objects should be created and deleted - access rights
Mediate all accesses Confidentiality - Bell-LaPadula, Access Matrix and Take-Grant
Be protected from modification Security Kernel - hardware, firmware and software that Integrity - Biba and Clarke-Wilson
Be verified as correct implement the reference monitor concept
1. Prevent unauthorized modifications
2. Prevent authorized users from improper modifications
Three goals of integrity
3. Maintain internal and external consistency - well-formed transaction