Check out these great features at www.cramsession.
com > Discussion Boards
Study Resource for Technical Certifications
Written by experts. The most popular study guides on the web.
In Versatile PDF file format
> Info Center
> CramChallenge Questions
> Discounts & Freebies
Certified Information Systems Security Professional
Notice: While every precaution has been taken in the preparation of this material, neither the author nor Cramsession.com assumes any liability in the event of loss or damage directly or indirectly caused by any inaccuracies or incompleteness of the material contained in this document. The information in this document is provided and distributed "as-is", without any expressed or implied warranty. Your use of the information in this document is solely at your own risk, and Cramsession.com cannot be held liable for any damages incurred through the use of this material. The use of product names in this work is for information purposes only, and does not constitute an endorsement by, or affiliation with Cramsession.com. Product names used in this work may be registered trademarks of their manufacturers. This document is protected under US and international copyright laws and is intended for individual, personal use only. For more details, visit our legal page.
Certified Information Systems Security Professional
Certified Information Systems Security Professional
This study guide will help you prepare for the International Information Systems Security Certifications Consortium, Inc. (ISC2) exam, Certified Information Systems Security Professional (CISSP). This exam consists of 250 multiple-choice questions. Candidates have up to 6 hours to complete the examination. Ten CISSP information systems security test domains are covered in the examination pertaining to the Common Body of Knowledge.
Find even more help here:
© 2002 All Rights Reserved – BrainBuzz.com 01/03/02 1
Certified Information Systems Security Professional
CBK #1: Access Control Systems .................................................................... 3 CBK #2: Telecommunications and Network Security........................................... 8 CBK #3: Security Management Practices .........................................................13 CBK #4: Applications and Systems Development ...............................................16 CBK #5: Cryptography .................................................................................19 CBK #6: Security Architecture and Models .......................................................20 CBK #7: Operational Security ........................................................................24 CBK #8: Business Continuity Planning and Disaster Recovery Planning ................25 CBK #9: Law, Investigation, and Ethics...........................................................27 CBK #10: Physical Security ...........................................................................28 Additional Material ........................................................................................30 Types of Attacks ........................................................................................30 PKI ..........................................................................................................31 Security Assessment ..................................................................................31 Orange Book .............................................................................................32 TCP/IP .....................................................................................................32 Glossary ...................................................................................................32
© 2002 All Rights Reserved – BrainBuzz.com 01/03/02 2
biometrics. Orange Book B-level. the control could be either physical or logical Three types of access rules: o Mandatory access control (MAC): Authorization of subject’s access to an object depends on labels (sensitivity levels). database views. and transmission protocols (e. systems. passive entities). Depending on how implemented. protection of cables. and Physical controls Constrained User Interface – Menus and shells. Kerberos. Controls can relate to subjects (entities or individuals. or other resources. and grant or deny access based on preestablished rules and policies Access Control List (“ACL”): An ACL is a register of (1) users who have been given permission to use an object and (2) the types of access they have been permitted Controls: Can be used to mitigate risks. Access depends on rules and not by the identity of the subjects or objects alone. and the classification or sensitivity of the relevant object. or corrective. Can’t copy a labeled file into another file with a different label. active entity) or objects (files.g. record access attempts. and job rotation o Logical or technical controls: Restrict access to systems and the protection of information.Certified Information Systems Security Professional
CBK #1: Access Control Systems
• Definition: Access Control is the set of procedures (hardware. labels cannot ordinarily be changed. Output must be labeled as to sensitivity level. IPSec) o Physical controls: Guards and building security. file backups Mnemonic: ALP = Administrative. Controls can be preventive. disaster recovery plans. software. awareness training. detective. background checks. review of vacation history. separation of duties. and physically constrained user interfaces (limited number of buttons – ATM machine). These can be implemented by: o Administrative controls: Policies and procedures. biometric access restrictions. Logical. anti-virus software. security reviews and audits. Every object is assigned a sensitivity level/label and only users authorized up to that particular level can access the object.. smart cards. audit trails. and administrators) used to monitor access to systems. log files. Encryption. Only an administrator (not owners) may change the category of a resource. which indicate a subject’s clearance.com 01/03/02 3
. identify users requesting access. ACLs. Unlike permission bits or ACLs. Rule based AC
© 2002 All Rights Reserved – BrainBuzz.
Clipping level of three can be set for reporting failed workstation logon attempts. Three or fewer won’t result in a reported security violation • Authentication: Identification and authentication are keystones in access control. which determines whether a user is permitted to perform some action or access a resource. Network-Based IDS will be combined with HostBased IDS to provide a more complete approach to protection o Clipping Level: Setting thresholds on a reported activity. Authentication establishes an identity of a subject. Very common in commercial context because of flexibility. Relies on object owner to control access.Certified Information Systems Security Professional Discretionary Access Control (DAC): Subject has authority. Monitors network traffic in real time.g. use of ACL). Efficacy is limited by lack of completeness of most host audit log capabilities. Orange Book C level. Compare authorization. Only should change when updates are installed. Detects attacks by two major mechanisms: signature –based ID (Knowledge-Based) or statistical anomaly-based ID (Behavior-based) o Two general types of IDS: Network-Based IDS: Doesn’t consume network or host resources. Resident on centralized hosts o In many instances. May be based on individual’s role in the organization (Role-Based) or the subject’s responsibilities or duties (Task-Based) • Check summing. within certain limits. Use to find changes made by Superzap • Intrusion Detection Systems (IDS): o To monitor network traffic or to monitor host audit logs to detect violations of security policy. Authentication and authorization are two separate processes o Three possible factors for authentication: Something you have (token. key to lock) Something you know (username and password) Something you are (biometrics) o Two factor authentication refers to the use of two of the three factors listed above o
© 2002 All Rights Reserved – BrainBuzz. Identity Based AC o Non-Discretionary Access Control: Administrator determines which subjects can have access to certain objects based on organization’s security policy. to specify what objects can be accessible (e. Have checksum of program files to see if they have been altered. User-directed means a user has discretion. Won’t detect attacks against a host by a user logged in at the host’s terminal (only the network is monitored) Host-Based IDS: Reviews system and event logs to detect attack on host.com 01/03/02 4
.. Identity-based means discretionary access control is based on the subject’s identity. Reviews packets and headers. but does not guarantee authorization.
system confirms password and username are correct and entered during allowed time interval
© 2002 All Rights Reserved – BrainBuzz. distribution. dynamic passwords (changes with each login). movie. transmission. throughput rate should be 6-10 subjects per minute. too high of a FAR Crossover Error Rate (CER): % at which FRR=FAR. lifetime. entry. anonymous Problems with passwords: repudiable. Not sensitive enough. Too sensitive. Four kinds of smart cards: Static Password Tokens: Owner authenticates himself to the token and token authenticates owner to the system Synchronous Dynamic Password Token: Token generates a new unique password at fixed time intervals. one-time passwords. users enters unique password and username into system. Three factors in evaluating a biometric access system: average enrollment time for users must be less than 2 minutes per user. easily broken Password Management (composition. invasiveness. and acceptability (privacy. System with CER of 2% is more accurate than CER of 5% Types of passwords: static passwords. source. Tokens can be in the form of a credit card like device.509 certificate. Biometric file sizes range from 9 bytes 10. length. transmission of disease). vegetable Biometrics: No common Application Programming Interface (“API”). too high of a FRR False Acceptance Rate (FAR) or Type II Error: % of invalid subjects falsely accepted. smart cards. can be used to detect health problems. storage. Favorite color.com 01/03/02 5
o o o
.000 bytes. insecure. ownership. Pass Phrase – converted by system into a virtual password Tokens – Two types: memory (no processing) or smart cards. Three main performance measurements of biometric systems: False Rejection Rate (FRR) or Type I Error: % valid subjects rejected. biometrics. a calculator-like device. Tokens may be used to generate static and dynamic passwords. or a dongle attached to a USB port on a workstation. x.Certified Information Systems Security Professional Methods of authentication: user name and password. and authentication period): Configure system to use string passwords Set password time and length limits Limit unsuccessful logins Limit concurrent connections Enable auditing Use last login dates in banners Cognitive Passwords: Fact-based cognitive data for user authentication.
administrator. owner enters string into token along with proper PIN.com 01/03/02 6
. and by issuing temporary symmetric session keys for communications between the client and KDC. Software used in a network to establish user’s identity. and no more. and NetSP can provide SSO Kerberos. system) should have only the least privileges the object needs to perform its assigned task. Uses symmetric key encryption. Dog in Greek mythology guarding gates of hell. the server and the KDC. Users/systems are given tickets that can be used to identify themselves to other systems and secret crypto keys are provisioned for secure communications. IBM developed. provides authentication. and key distribution services Rule of Least Privilege: Any object (user. Single point of potential failure. Authentication Service (AS) exchange. susceptible to replay attacks during allotted time window. Ability to use log files and other accounting mechanisms to track users and their activities
© 2002 All Rights Reserved – BrainBuzz. and Ticket granting Service (TGS) exchange. Authorization creep occurs when someone continues to retain access privileges associated with a former position.Certified Information Systems Security Professional Asynchronous Dynamic Password Token: Same as synchronous except no time dependency Challenge-Response Token: System or workstation generates random number challenge. Four basic steps: KDC knows secret keys of all clients and servers on network KDC initially exchanges information with the client and server by using the secret keys Kerberos authenticates a client to a requested service on a server through the TGS. Three components: Key Distribution Center (KDC). valet key versus overall key to car. SSO. Users should be re-authorized after each position change Accountability is also important to access control. and the client and server Communication then takes place between client and server using those temporary session keys SESAME. Addresses weaknesses in Kerberos by using public key cryptography for distribution of secret keys KryptoKnight. AC system grants user only those rights necessary for them to perform their work. KryptoKnight. Example. SESAME. program. Secure European System for Applications in a Multivendor Environment. token generates a response that is entered into the system Single Sign-On (SSO): Kerberos.
Graphics. TACACS is unencrypted Decentralized/Distributed Access Control: Use of databases to control access to information in a decentralized environment. Primary key is chosen from set of candidate keys. With “attributes” (columns). A domain of a relation is the set of allowable values that an attribute can take on. having permissible values. Description of the database is called a schema. specific attribute is “key” with unique values. Cardinality is the number of rows in the table. There is also the hybrid. Security is provided through views. video. For networked applications.com 01/03/02 7
. Relational is used for information in text form. Relational database models have three parts: (1) data structures called tables or relations. (2) integrity rules on allowable values and value combinations in the tables. which is defined by the Data Description Language (DDL). occurring in “instances” or tuples (rows). this attribute is called a foreign key. Callback can be used in RADIUS (beware of hackers using callforwarding). The database management system (DBMS) is the software that maintains and provides access to the database. Primary key is unique identifier in table that points to a tuple. the Terminal Access Controller Access Control System (TACACS) employs a user ID and a static password for network access. subset of candidate keys. and (3) operators on the data in the tables. Access control can be divided into two categories: Centralized Access Control: For dial-up users. and multimedia are more suited to an Object-Oriented Data Base (OODB). If attribute in one relation has values that match primary key in another relation. the Remote Authentication Dial-in User Service (RADIUS) is used. called the Object-Relational DB
© 2002 All Rights Reserved – BrainBuzz. Candidate key is an attribute that is a unique identifier within a given table. Fundamental entity is the relation (table or set of columns in table). Degree is the number of columns in the table.Certified Information Systems Security Professional Methods of compensating for access control violations: Backups RAID Fault Tolerance Business Continuity Planning Insurance Access Control Methodologies. Challenge Handshake Authentication Protocol (CHAP) is also used.
resolution and postincident follow-up. STP used in Token Rings.Certified Information Systems Security Professional
CBK #2: Telecommunications and Network Security
• IDS: Not a preventive function o Network Based – Usually consist of network appliance with Network Interface Card (“NIC”) operating in promiscuous mode to intercept packets in real time o Host Based – Small programs (agents) reside on host and monitor OS. Category 5 is for fast Ethernet of 100 Mbps. SC connector LAN Transmission Methods: Unicast. multicast. Three classifications of RAID. Link user support and incident handling Redundant Array of Independent (Inexpensive) Disks (“RAID”): Can be implemented in hardware or software. resource intensive (continually update knowledge base). RAID 1 does disk mirroring. all are online and working) Cabling: Exceeding effective length is a common problem o Coaxial. There are ten levels of RAID. stripes data and parity information Port Protection Device: Protects port from unauthorized use. Write log files and trigger alarms. only detects activity on host – not the network o Knowledge-Based (Signature) – Most common system. RAID 0 stripes only data. 100BaseT is 100Mbps
• • •
• • •
© 2002 All Rights Reserved – BrainBuzz. response to incident. high incidence of false alarms Computer Incident Response Team (“CIRT”): Analysis of event notification. Wires can be shielded (STP) or unshielded (UTP). Most resistant to interference. only Failure Resistant Disk Systems (FRDS) have been implemented. which is the most popular implementation. RJ 45 connector o Fiber Optic. Tree. Star. and Mesh Ethernet: 10BaseT is 10Mbps. Ring. escalation path.com 01/03/02 8
. Categories – the higher the category the more tightly wound the wire. Baseband carries only one channel. Broadband carries several channels. 50 ohm and 75 ohm. Uses DES one-time PW challenge Redundant Servers (mirroring) versus Server Clustering (servers are managed as single system. broadcast LAN Topologies: Bus. and RAID level 5. new or original attacks go unnoticed o Behavior Based (Statistical anomaly) – Dynamically adapts to new vulnerabilities. Low false alarms. BNC connector o Twisted pair. giving greater protection from interference.
TACACS. mainframe). standard authentication method. Systems are “standards-based” meaning they are interoperable with other systems of the same type. passwords. password and username sent in the clear) and CHAP.com 01/03/02 9
. TACACS+ (two factor ID). 50 feet Remote Node Security Protocols: Password Authentication Protocol (PAP. RADIUS cannot provide two-way authentication Data encapsulation is process in which information from one packet is wrapped around or attached to the data of another packet. user profiles that can be accessed by remote access equipment on the network. leased line. no error correction). Frame Relay (fastest WAN protocol.Certified Information Systems Security Professional
Specification 10BaseT 10Base2 10Base5 10BaseF •
Cable Type UTP Thin Coax (Thinnet) Thick Coax (Thicknet) Fiber
Max Length 100 meters 185 meters 500 meters 2000 meters
• • •
Network topologies o Ethernet o Token Ring o Fiber Distributed Data Interface (FDDI) – token ring passing media with dual rings Trivial File Transfer Protocol (TFTP): use for saving setups and configuration files on routers and other devices Trusted Network Interpretation (TNI) – Department of Defense Red Book. More cost effective than dedicated circuits because they can create virtual circuits. Asynchronous Transfer Mode (ATM) (data travels in fixed sizes called cells). SLIP. Extended the Orange Book to networks Wide Area Network (WAN) o Private Circuit Technologies: dedicated line. High Level Data Link Control (HDLC.25. ISDN. Short distance. Layer 2 of OSI model. and RADIUS provide central database. In OSI model each layer encapsulates the layer immediately above it
© 2002 All Rights Reserved – BrainBuzz. serial link). DSL o Packet Switched technologies: X. which are used as needed o Protocols: High-level Data Link Control (HDLC). PPP. Uses frames High Speed Serial Interface (HSSI). High Speed Serial Interface (HSSI). which maintains user lists. Synchronous Data Link Control (SDLC.
Protocols: FTP.com 01/03/02 10
. data integrity.2. TFTP. ICMP Security: confidentiality. hubs. RARP. think in terms of what security. routers. ARP. Technology: bridges.21 and HSSI
Layer 6 Layer 5 Layer 4
Presentation Session Transport
Memory Aid. Protocols: HDLC. RARP. switch. and protocols each offers. Technology: ISDN. L2F. Protocols: IP and IPSec. Token ring and Ethernet. Technology: gateways. SSL and SSH-2 Security: confidentiality. and ICMP
© 2002 All Rights Reserved – BrainBuzz. Protocols: TCP and UDP. DNS. SMTP. PPP and SLIP Security: confidentiality. Protocols: IEEE 802 and 802. Although it is not entirely correct to group the capabilities of the various layers in this way. technology. S-HTTP Security: confidentiality. Technology: virtual circuits. SNMP. it makes memorizing them much easier
• DOD or TCP/IP Model Layer 4 Application Layer Layer 3 Layer 2 Layer 1 Host-to-Host Internet Network Access (Link) TCP and UDP IP. ARP. integrity. authentication. PPTP. authentication. data integrity. Technology: gateways. Protocols: RPC and SQL Security: confidentiality. Technology: gateway Security: None.Certified Information Systems Security Professional • Open Systems Interconnect (OSI) Model from International Standards Organization (ISO): Application Security: confidentiality. repeaters. and L2TP. When learning the features of each OSI layer. encryption. authentication. Technology: gateways. NFS. nonrepudiation. authentication. X.
Creates secure communications link using a secret encapsulation method. Mostly used for UDP. Not limited to IP packets o Layer 2 Forwarding (L2F). Single computer with two NICs. Reduces network performance. Primarily a dial-in protocol. Can be used to track connectionless protocols like UDP o Dynamic Packet Filtering Firewalls. Circuit level firewall is a variation. User Datagram Protocol (“UDP”): UDP Unacknowledged Subsequence Connectionless Unreliable Low overhead (faster)
TCP Acknowledged Sequenced Connection-oriented Reliable High overhead •
Firewalls Types: Basic default should be to deny all traffic unless expressly permitted o Packet Filtering (screening router). Provides both network layer packet filtering and application layer proxy services o Dual Homed Host Firewalls. because encryption may or may not be used. Second generation.com 01/03/02 11
. Two packet filtering routers and a bastion host. Third generation. Not limited to IP packets
© 2002 All Rights Reserved – BrainBuzz. Fourth generation Firewall Architectures o Packet filtering routers o Screened host systems. Examines source and destination address of IP packet. Packets are captured by an inspection engine. Data link layer (Layer 2). more accurately an encapsulated tunnel. Based on PPP. Based on Point-to-Point Protocol (“PPP”). First generation firewall. Provides Demilitarized Zone (“DMZ”) Virtual Private Network (“VPN”). Link is called a secure encrypted channel. Can deny access to specific applications or services based on ACL. application layer gateway). Protocols: o Point to point tunneling protocol (PPTP). Operates at network or transport layer o Application Level Firewall (proxy server. Uses packet filtering router and a bastion host. creates virtual circuit between client and server o Stateful Inspection Firewall. one connected to trusted network and other connected to Internet (or untrusted network) o Screened Subnet Firewalls. Dial in.Certified Information Systems Security Professional • Transmission Control Protocol (“TCP”) v. Data link layer (Layer 2).
Used LAN to LAN. Switch sends data to specific port where destination Media Access Control (“MAC”) address is located. hub. Router • CAN – Campus Area Network • Network Abuse Classes: o Class A – Unauthorized access of restricted resources by circumvention of access controls o Class B – Unauthorized use for non-business purposes o Class C -. IPSec devices have two modes: Tunnel mode – entire data packet is encrypted and encased in an IPSec packet Transport mode – only the datagram is encrypted. fiber. Dial in. not the header • Network requirements: NIC.g. IETF wants L2TP to be standard.com 01/03/02 12
. switch) • Repeater. Ethernet MAC address to IP address • Backup Concepts (must ensure physical security of backups): o Full o Incremental – only copies files that have been added or changed that day o Differential – only files that have been changed since last backup • Tape Formats Propertie Digital Quarter Inch 8mm Digital Linear s Audio Tape Cartridge (QIC) Tape Tape (DLT) (DAT) drives Capacity 4GB/12GB 13 GB 20GB 20/35GB Max 1MBps 1..5MBps 3MBps 5MBps transfer rate Cost Medium low Medium High o
© 2002 All Rights Reserved – BrainBuzz. Based on PPP. Bridge forwards data to all other network segments. wireless).Certified Information Systems Security Professional Layer 2 Tunneling Protocol (L2TP). bridge. Hub (concentrator). Limited to IP packets. Network Layer (Layer 3). Data link layer (Layer 2). transmission medium (copper.Probing • Local Area Network (“LAN”) o Address Resolution Protocol (ARP). and a LAN device to physically connect the computers (e. Resolves 32 bit IP address to 48 bit MAC Ethernet address o Reverse Address Resolution Protocol (RARP).Eavesdropping o Class D – Denial of service or other service interruptions o Class E – Network Intrusion o Class F -. router. Not limited to IP packets o IPSec. Network Operating System (“NOS”).
Integrity. reconstruction of events. the probability that a threat will materialize. Risk Analysis (RA). mitigate risk).e. Audit trails (must be secured) and log files o Authorization – Rights and permissions granted to a user or process. and problem analysis. understanding. training (deeper: how. and education (deepest: why. o Identifying risks: Actual threat Possible consequences if threat is realized Probable frequency of occurrence of threat Confidence threat will happen o Key Terms
• • •
© 2002 All Rights Reserved – BrainBuzz. ACL o Privacy – Level of confidentiality and privacy protection of a user Audit trails: user accountability. Most important question to ask in evaluating access control security is how much it is going to cost to not protect the valuable information. backups Secondary Concepts o Identification – Means by which users identify themselves to the system o Authentication – Testing or reconciliation of evidence of user’s identity o Accountability – System ability to determine actions of user within the system and to identify the user.. set up as write once.com 01/03/02 13
. and (iii) rotation of duties. recognition. insight). skill.Certified Information Systems Security Professional
CBK #3: Security Management Practices
• Primary Concepts: CIA – Confidentiality. Security Awareness Training: Awareness (Light: what. information). Audit records: keystroke monitoring/logging and event-oriented logs. Risk Management (RM): Prime objective of security controls is to reduce effects of threats and vulnerabilities to a level that is tolerable (i. A “risk” is a potential harm or loss to a system. Use software for rapid analysis. Protect integrity by requiring digital signatures to access. Opposite is DAD – Destruction. and Availability. Types of integrity: Modifications made by unauthorized personnel or processes Unauthorized modifications by authorized personnel or processes Internal and external consistency of data o Availability – fault tolerance. intrusion detection. knowledge). and Disclosure o Confidentiality o Integrity: Three principles to establish integrity controls: (i) granting access on need-to-know basis. Alteration. (ii) separation of duties.
personnel. support. Value to organization of safeguard = ALE (Annualized Loss Expectancy before implementation) – ALE (after implementation) – Annualized safeguard cost. and vulnerability Safeguard – control or countermeasure to reduce risk associated with a threat. Range from 0 (never) to a large number (minor threats. lost intellectual property if disclosed. criminal. risk transference (transferring cost of loss to another party. info warfare. Absence of safeguard creates a vulnerability. application. Safeguard must include ability to audit. operational Vulnerability – Absence of safeguard constitutes vulnerability. Data classification. license. considered costs. process..com 01/03/02 14
. and ownership values. system. development. product. Threat – Any event that causes undesirable impact on organization. etc. replacement. SLE = Asset Value($) x EF Annualized Rate of Occurrence (ARO) – Estimated frequency in which a threat is expected to occur. insurance company). public credibility. no security loss or increase in exposure.Certified Information Systems Security Professional Asset – resource. Include impact on organization of implementing safeguard. i. no covert channel access to or through control. RM triple: Asset. threat. and risk acceptance
© 2002 All Rights Reserved – BrainBuzz.e. Look at cost/benefit analysis of deploying safeguard. Hardware failure on critical system may result in 100% loss Single Loss Expectancy (SLE) – Loss from a single threat. During or after activation or reset: no asset destruction. and defaults to state that does not enable any operator access or rights until controls fully operational Exposure Factor (EF) – Percentage loss a realized threat would have on an asset. Value is composed of cost of creation. such as misspellings) Annualized Loss Expectancy (ALE) – ALE = SLE x ARO Elements of RA Quantitative RA – Assigns objective dollar cost Qualitative RA – intangible values of data loss and other issues that are not pure hard costs Asset Valuation Process Safeguard Selection RA Steps Identify Assets: Estimate potential losses to assets by determining their values Identify Threats: Analyze potential threats to assets Calculate risk: Define ALE Remedies: Risk reduction.
confidential. Age. and End User (uses info as part of job) Policies (senior management. advisory. identifies most sensitive info. Personally Identifiable o Procedures: Identify administrator/custodian Specify classification criteria Classify by owner Specify exceptions to classification policy Specify controls for each classification level Specify procedures for declassifying or transferring custody to another entity Enterprise awareness program re classification controls o Information Roles: Owner (officer or manager). Enforces lattice principle. which specifies that subjects are allowed write access to objects at the same or higher level as the subject. Useful Life.Certified Information Systems Security Professional
Information Classification o Prevent unauthorized disclosure and failure of confidentiality. Mnemonic: PSGP
© 2002 All Rights Reserved – BrainBuzz. Relationships are described in terms of a subject’s assigned level of access or privilege (security clearance) and the object’s level of sensitivity (security classification). and read/write access to only those objects at the same level as the subject. but unclassified o Lattice model: Every resource and user is associated with one of an ordered set of classes. Defines relationships between objects and subjects. Demonstrates due diligence. etc. read access to objects at the same or lower level. and procedures (steps to perform a specific task in compliance with a mandatory standard). Custodian (day-today responsibility for data protection. Example of MAC o DOD information classifications levels: Unclassified. regulatory. SBU: Sensitive. but are not compulsory). regulatory compliance. IT person). Resources of a particular class may only be accessed by those whose associated class is as high or higher than that of the resource o Bell-LaPadula Model (Orange Book): Most common model. guidelines (recommend actions. standards (use of specific technologies in a uniform way). informative). secret.com 01/03/02 15
. top secret o Classification criteria for information: Value.
Method is the code that defines the actions an object performs in response to a message. Implementation (integration of software into hardware environment). risk analysis).com 01/03/02 16
. Installation (experimentation on prototype). Message is a communication to an object. Class is collection of common objects. and Spiral (four quadrants: requirements. thus any object denoted by this name is able to respond to some common set of operations in a different way. objective. Polyinstantiation is development of a detailed version of an object from another object using different values in the new object. The programmers should not do testing Maintenance phase: Request control. Radial dimension is cumulative cost of project. Waterfall (limited to one stage of re-work). Spiral – Angular dimension is progress made in completing project.Certified Information Systems Security Professional
CBK #4: Applications and Systems Development
• Software development models: Simplistic. To avoid inference. Delegation is forwarding a request from one object to another. A configuration item is a component whose state is to be recorded and against which changes are to be progressed. change control. Live data may not exercise all functions. Polymorphism is objects of many different classes that are related by some common superclass. and release control Configuration Management: British Standards Institute 7799: tracking and issue of new versions. systems will allow same id# for lower class and the DBMS would manage to permit same
• • •
© 2002 All Rights Reserved – BrainBuzz. Inheritance – methods from a class are inherited by members of its subclasses. Barry Boehm developed development models. Using live data is not appropriate. planning. Configuration control controls changes to the configuration items and issues versions of the items from the software library. Two goals: (1) ensuring changes to system do not unintentionally or unknowingly effect security. Objects are encapsulated – only accessed through messages sent to them to request performance of their desired operations. and (2) ensuring changes to system are reflected in documentation Software cycle: o Verification: Evaluate product in development against the specification o Validation: Evaluate against real-world requirements and concepts Software Capability Maturity Model (CMM): Quality software is a function of the quality of its associated software development and maintenance process Software Development Life Cycle: Investigation (Requirements Specification). and Review Object Oriented Systems: More reliable and capable of reducing propagation of change errors. Behavior is the results exhibited by an object on receipt of a message. Dynamic objects are created during program execution. Substitution property: objects with compatible operations can be substituted for each other. including out of range and other invalid types. Analysis and General Design. Modified Waterfall (development phases end on milestones).
.” Data warehouse and mining can be applied to audit logs and other info to find system anomalies Data Dictionary: Database for developers. Inference engine + knowledge base = expert system. Training develops the weights Database security issues. One summing node is called a single-layer network. records all the data structures used in an application Accreditation: Formal acceptance of security adequacy. Granularity of the access to objects in DB refers to fineness with which access can be controlled or limited. Polyinstantiation prevents inference violations Database security threats: Aggregation and inference Objects can be made available to users through Object Request Brokers (ORBs). signals are exchanged among neurons through electrical pulses traveling along an axon. Fuzzy logic used to address uncertainty o Neural Networks: Neurons.com 01/03/02 17
• • • • •
. ORBs are middleware because they reside between two other entities. Object is to find relationships that were unknown up until now among data in warehouse. Aggregation is act of obtaining info of a higher sensitivity and combining it with lower levels of sensitivity. but is instead stored in a highly protected “data mart. Output = Input1*Weight1 + Input2*Weight2 . audits. authorization for operation and acceptance of existing risk Certification: Formal testing of security safeguards Operational assurance: Verification that system is operating to its security requirements. Builds knowledge base (in the form of If-Then statements) of the domain to be addressed in the form of rules and an inferencing mechanism to determine if the rules have been satisfied by system input.Certified Information Systems Security Professional primary key for two different units. Correlations or data about data is called metadata. Not a proxy. . Agents are surrogate programs or process performing services in one environment on behalf of a principal in another environment. Summation of inputs with dynamic weights assigned to them. Multiple summing nodes make up a multi-layer network. which hides identity
© 2002 All Rights Reserved – BrainBuzz. A link that enables an inference to occur is called an inference channel Data Warehouse and mining: Data warehouse is a repository of info from heterogeneous databases. Electrical pulse arrives at a neuron at points called synapses. Common Object Request Broker Architecture (CORBA) defines standard that enables programs written in different languages and using different platforms and operating systems to interface and communicate Artificial Intelligence (AI): o Expert Systems: Acts like a human expert. and system monitoring Distributed environments permit agents. InputN*WeightN. Look at policies. This searching for data is called data mining. Metadata is not stored in data warehouse. Inference is ability of users to infer or deduce info about data at sensitivity levels for which they do not have access.
passwords. checkpoint restarts Security Firewalls. Compiled language. validity checks Hash controls. forms. Compiled code poses greater security risk since it may contain destructive code that can’t easily be detected Applets in Web browsers called mobile code. called run-time binding. Java runs in constrained memory space (sandbox) for security Security measures: Configure firewalls to screen applets. cyclic redundancy checks Backups. permit applets only from trusted parties.com 01/03/02 18
. encryption. MultiState Machines can process two or more security levels at the same time Interpreted language executes each instruction in real-time.Certified Information Systems Security Professional • Distributed systems should include: o Interoperability o Portability. Software at source code level can be moved from system to system with different vendors o Transparency. custom screens. programming standards Comparison controls. System must be able to adapt to various management policies and allow introduction of new resources to manage Single state machines can only process one security level at a time. Ability to keep application and its processes invisible to the end user o Extensibility. binding occurs at compile time. relationship tests Program comments and database controls
Application control type Preventive
© 2002 All Rights Reserved – BrainBuzz. test environments IDS and audit trails Emergency response and reference monitor Consistency Data dictionary. provide training to users re mobile code Accuracy Data checks. sensitivity labels. configure browsers to restrict or prevent downloading applets.
Advanced Encryption Standard (AES) is replacement. Blocks of identical plaintext have identical ciphertext.Certified Information Systems Security Professional
CBK #5: Cryptography
• • • • • • • • • • Cryptology is cryptography and cryptanalysis. decrypt with second key. Public key encryption algorithm developed in 1976. Factors large numbers Modular arithmetic – subtract modulo. plus 8 parity bits. XOR generally used. not the algorithm Block code cipher: Message broken into blocks and each block encrypted separately. 64 bit block). and Elliptic Curve. National Institute of Standards and Technology (NIST). XOR key stream and message. has variable block and key length (128.com 01/03/02 19
. Data encryption algorithm (DEA).000 or more times faster than public key Public key: message encrypted with one of keys can be decrypted with other. Never approved for national security applications. AES is Rijndael Block Cipher RSA: Rivest. Key split in two and held by to escrows
• • • •
• • • • •
© 2002 All Rights Reserved – BrainBuzz. and storage. XOR encrypted output with key stream a second time to decode Process of establishing a session key is called key exchange. encrypt with first key. 0+1 = 1. Cryptography: science of codes. and Adleman. 64 bit block size. 1+1=0 One time pad is usually implemented as a stream cipher using XOR function Work function (factor): Difficulty in recovering plaintext from the ciphertext Link encryption – individual application of encryption to data on each link of a network End-to-end encryption – encryption of data from source system to end system (https) Security of cryptosytem should only depend on security of keys. 27 mod26 = 1 Time stamps can be used to prevent replay attacks Elliptic curve encryption – best bandwidth. 1+0=1. 256). RSA. negotiation. DES is block cipher Block chaining – parts of previous block are inserted into current block. Shamir. Used in wireless applications Key escrow: Clipper chip with Skipjack algorithm (80 bit key. computation. 56 bit key. 1792 – 112) Data Encryption Standard (“DES”): Symmetric algorithm. Replay and substitution attacks easier. Triple DES – encrypt with first key. or distribution Private key: 1. 192. Cryptanalysis is science of breaking codes XOR: 0+0 = 0. El Gamal. Diffie-Hellman. Requires larger keys than symmetric (512 – 64. Makes replay and substitution attacks harder Stream cipher – message broken into characters or bits and enciphered with a key stream (random and independent of message stream).
I/O. and system file management Multiprocessing: Means multiple processors IT Architecture: Logical (functional) and technical (physical) components Closed security environment: (i) application developers have sufficient clearances and authorizations to provide acceptable presumption that they will not introduce malicious logic and (ii) configuration control provides protection from introduction of malicious logic prior to and during the operation of systems. Certificate revocation list. and wait state Programming languages.com 01/03/02 20
. Provides non-repudiation. This is done by encrypting the message digest with the sender’s private key and attaching to the message o Message and attached message digest sent to recipient Digital Signature Standard (DSS): uses secure hash algorithm. Both use Secure Hash Algorithm (SHA-1). Two files cannot have same hash. memory management.509 provides format for digital certificates
• • • •
CBK #6: Security Architecture and Models
• • • • OS components: Process management. assembly (2GL). Key size 512-1024. keyboard and printer) CPU operating states: Ready state. but with different keys (cryptovariables) Certificate Authority (CA): Binds public key to person. 160 bits. Steps: o Hash message o Digest is fed into digital signature algorithm that generates signature.Certified Information Systems Security Professional • Digital Signature: Used to detect unauthorized modifications and authenticate sender. 160 bit message digest (length of message is number of bits in message. and high-level (3-5GL) o Assembler – translates from assembly language to machine language o Disassembler – translates machine language to assembly o Compiler – translates high-level language to machine code
• • •
© 2002 All Rights Reserved – BrainBuzz. problem state. Can’t create file from hash. uses blocks of 512 Message Authentication Code (MAC): General term to describe digital signatures Clustering: Plaintext message generates identical ciphertext using the same transformation algorithm. padding bits added if necessary) Hash: Output is message digest. MD5 – 128 bit digest. NIST standard. X. Three types: machine (1GL). supervisory state. Open security environment does not have the foregoing protections Types of I/O: Block devices (write blocks of data. Enables RSA or Digital Signature Algorithm (DSA). hard disk) and character devices (not addressable. need multiple of 512.
Quality Circles are team of voluntary employees that get together to discuss quality issues. QA focuses on assuring quality throughout production and service process. Sequential Memory – information must be obtained sequentially searching from the beginning (tape) Instruction Cycles: Two phases – fetch and execute. software. multi-phase clock signals) and SRAM (single-phase clock. Users only permitted access to subset of instruction set. Quality Assurance typically focuses on the quality of the end-product. multitasking. Group does not meet as a whole. filling position. Under TQM. training hired person Delphi Technique. Security perimeter is boundary separating TCB from remainder of system. Run or operating state. Collectively “Programmed I/O” Protection Domain: Execution and memory space assigned to each process Trusted computer base (TCB): Total combination of protection mechanisms within a system. Secondary (hard disk). Provides baseline for TQM Benchmarking: o Internal o Competitive o Industry o Best-in-Class Dynamic RAM (DRAM. firmware. multiprocessing I/O: memory mapped and isolated. Reference monitor is a system component that enforces access controls on an object. through (3) the full and active involvement of the entire workforce.Certified Information Systems Security Professional Decompiler – translates machine language into high level language Interpreter – translates high level language one command at time to machine code Staffing: Define position. TCB must be tamperproof and non-compromisable Security Kernel is hardware. Quality Council is management ISO 9000: Addresses quality of system processes. Subset is non-privileged instructions. Reference monitor o o
© 2002 All Rights Reserved – BrainBuzz. Computer is in supervisory state when executing privileged instructions Pipelining: overlaps steps of instructions Scalar processor – executes one instruction at a time Multiprogramming. Application or problem state. determine sensitivity of position. Individual members submit anonymous comments Causes of economic loss: 65% errors and omissions Total Quality Management (TQM): (1) pursuit of complete customer satisfaction. not product performance to specifications.com 01/03/02 21
• • • •
• • • •
• • • • • • •
. requires refresh) Programmable Logic Device (PLD): IC with connections or internal logic gates that can be programmed Memory: Real or Primary (RAM). (2) continuously improve products and services. elements of TCB that implement the reference monitor concept.
identification of individuals.com 01/03/02 22
. Must be verified correct Security Modes of Operation: o Dedicated Security Mode: Each subject must have clearance for all information on system and valid need to know for all information o System high Security Mode: Each subject must have clearance for all information on system and valid need to know some of the information. and 4) Verified Protection (A1). marking (use of labels for AC). Fault-tolerant continues to function despite failure. Startup should occur in maintenance mode that permits access only by privileged users from privileged terminals. selected. Focuses on security functionality and degree of assurance that functionality works as documented. Five aspects of security: system security policy. operational and lifecycle assurance of system’s security. Each subject has need to know all information to which they will have access Recovery procedures: System should restart in secure mode. and B3) – B1 labels for AC. 3) Mandatory Protection (B1. accountability mechanisms on the system. Orange book There are four types of protection: 1) Minimal Protection – system tested and failed.Certified Information Systems Security Professional concept is an abstract machine that mediates all access of subject to objects. not integrity. 2) Discretionary Protection (C1 and C2). Fail soft or resilient system. switches to hot backup Assurance – degree of confidence in satisfaction of security requirements o Evaluation criteria: Trusted Computer Security Evaluation Criteria (TCSEC): Addresses confidentiality. non-critical processing is terminated when failure occurs. and the documentation developed and maintained about system security. B2 addresses covert channels and includes trusted facility management. Limited to the OS. B3 TCB design directed to minimizing complexity. configuration management. Fail safe system. configuration management. A1 configuration management
© 2002 All Rights Reserved – BrainBuzz. B2. All users may not have need to know o Compartmented Security Mode: Each subject must have clearance for most restricted information on system and valid need to know that information o Multilevel Mode: Some subjects do not have clearance for all information. use of security administrator and auditing. Failover. Functionality and assurance requirements are combined in TCSEC ratings. program execution is terminated and system protected from compromise when hardware or software failure occurs.
A Trusted Subject can violate the *property. which combines functionality and assurances into a single set of classes TCSEC. phase 4 post accreditation o National Assurance Certification and Accreditation Process (NIACAP) Information Security Models: Access control. which identifies the object and specifies the access rights to be allowed to the accessor (subject) who possesses the capability Take-Grant Model. Addresses confidentiality. Red book.
© 2002 All Rights Reserved – BrainBuzz.Certified Information Systems Security Professional Trusted Network Interpretation (TNI): Addresses confidentiality and integrity. F1 is comparable to C1 of Orange Book. 3) Discretionary Security Property.com 01/03/02 23
. E6 is highest). What rights can be transferred by a subject Bell-Lapadula Model. 2) The * star Security Property: Writing info by subject at higher level of sensitivity to an object at lower sensitivity is not permitted (no write down). Four methods: Access Matrix – Columns are ACLs and rows are capability lists. integrity. Secure state can have three properties: 1) Simple Security Property (ss Property): Reading info by a subject at a lower sensitivity level from an object at a higher sensitivity level is not permitted (no read up). and information flow o Access Control Model. integrity. Compare TCSEC. Only addresses confidentiality. Two levels for each system: “F” for functionality (F1 – F10) and “E” for European Assurance (E0 – E6. Focuses on functionality and assurance. Target of Evaluation (TOE) is product or system to be evaluated. ITSEC. Does not address client/server model . phase 2 verification. and availability. and the Canadian Trusted Computer Product Evaluation Criteria (CTCPEC) have evolved into one evaluation criteria: Common Criteria Certification: Establish extent in which a particular design and implementation meets the set of specified security requirements Accreditation: Formal declaration by Designated Approving Authority that system is approved to operate in a particular security mode using a prescribed set of safeguards at an acceptable level of risk o Defense Information Technology Security Certification and Accreditation Process (DITSCAP): Phase 1 definition. Includes DAC. Applies Orange Book in the network context European Information Technology Security Evaluation Criteria (ITSEC). Capability list: used to implement capabilities. phase 3 validation. not integrity or availability. Uses an access matrix to specify DAC. Functionality and assurance are evaluated independently under ITSEC.
com 01/03/02 24
. and enhanced operator function.Certified Information Systems Security Professional Integrity Model Biba Integrity Model (similar to Bell-Lapadula) Clark-Wilson Integrity Model. Trusted Computer Security Evaluation Criteria. Recovery to secure state is automatic when resolving single failure – intervention for other failures. trusted recovery Trusted facility management: Assignment of specific individual to administer security of system. Data recovery o Recovery. 3) Automated Recovery without Undue Loss
© 2002 All Rights Reserved – BrainBuzz. Required only for B3 and A1 levels in Orange Book Common Criteria for recovery: 1) Manual Recovery. Two elements: well formed transaction and separation of duties Information Flow Model – each object and subject is assigned security class and value. Track unauthorized transactions and lessen errors by detecting quickly o Corrective. Help rebuild system. Two types of assurance: o Operational Assurance. In highly secure systems have three administrative roles: system administrator. Mandatory taking of vacations Trusted recovery: Ensures security is not breached when system crashes or has other failures. security administrator. Basic features and architecture of system. and review for duplications o Detective. Rotation of duties. prenumbered forms. don’t have system administrator and security administrator as same person. System integrity. info is constrained to flow in directions that are permitted by the security policy
CBK #7: Operational Security
• Types: o Preventive. 2) Automated Recovery. Sys admin intervention to return system to secure state after failure. covert channel analysis (storage and timing). Two-man control means each reviews and approves the work of the other. Separation of duties. Data validation. Dual control requires both operators to complete a task. Designed to lower amount and impact of unintentional errors entering the system and to prevent unauthorized intruders from internally or externally accessing the system. or network after security incident • Orange Book. application.
Certified Information Systems Security Professional Live cycle assurance. downtime estimation. Plans and framework to ensure business can continue in an emergency. Includes execution of vulnerability assessment. Four elements of BCP process: o Scope and Plan Initiation o Business Impact Assessment (BIA).com 01/03/02 25
. resource requirements. 3) Scheduling the change. Configuration management monitors and protects changes to a system’s resources. 4) Implementing the change. and A1
Five procedures: 1) Applying to introduce a change. Must identify which business units are critical to continuing acceptable level of operations Vulnerability assessment involves conducting a loss impact analysis. and destruction. Identify “critical support areas” that are required to sustain continuity of business o Business Continuity Plan Development o Plan Approval and Implementation
© 2002 All Rights Reserved – BrainBuzz. Two elements: financial assessment (quantitative) and operational assessment (qualitative). Identify what impact a disruptive event would have on the business. Impact may be financial (quantitative) or operational (qualitative). access control. storage. and proper disposal. Minimize cost associated with disruptive event and mitigate risk. Problem management goals: o Reduce failures to a manageable level o Prevent occurrence or re-occurrence of a problem o Mitigate negative impact of problems Initial Program Load vulnerabilities
CBK #8: Business Continuity Planning and Disaster Recovery Planning
• Business Continuity Planning (BCP). Sanitization includes overwriting. and 5) Reporting the change to appropriate parties Media security controls. Required only for B2. Foreign Corrupt Practices Act of 1977 imposes civil and criminal penalties if publicly held companies fail to maintain adequate controls over their info systems. BIA has three goals: criticality prioritization. 2) Cataloging the change. degaussing. Security testing Configuration change management (covers entire lifecycle of system/software). handling. B3. Controls needed for building and maintaining system. Media viability controls: marking. Logging.
Plan from top down. Primary objective: capability to move critical processes to an alternate site and return to the primary site and normal processing within a time frame that minimizing loss to the organization.Certified Information Systems Security Professional • Disaster Recovery Planning (DRP). Quickly recovering from an emergency with minimum of impact on business. Done batch over telecom lines to alternate location. Testing is used to find weaknesses in plan: o Checklist – Copies of plan are distributed for management to review o Structure walk through – Business unit management meets to review plan o Simulation – Support personnel meet in a practice execution session o Parallel – Critical systems run at an alternate site o Full-Interruption – Normal production shut down. and cold site. but creates even more redundancy by duplicating the database sets to multiple servers o Data recovery plan maintenance. during. and 3) Database Shadowing – uses the live processing of remote journaling.com 01/03/02 26
. Telecom line transmits live data as it occurs. 2) Remote Journaling – parallel processing of transactions to an alternate site. Number one priority is people. Keeping plan up to date Disaster Recovery Plan Testing – five types of testing (don’t disrupt normal business functions). Plan of action for before. recovery. Two steps in DRP planning process: o Data processing continuity planning Mutual aid agreements Subscription services: Hot site. Includes three parts: emergency response. Provides alternatives for those chance events that could impact normal operations. and after a disruptive event. Two essentials for contingency planning: information backup and management commitment. with real disaster recovery processes Recovery process: o Recovery team o Salvage team o Normal operations resume – least critical work done first o Other recovery issues Contingency Planning. warm site. and resumption
© 2002 All Rights Reserved – BrainBuzz. Most common alternative Multiple centers Service bureaus Other data center alternatives For example transaction redundancy implementations: 1) Electronic Vaulting – transfer of backup data to an offsite location.
physical infrastructure. and wiretapping are frequently used Federal Sentencing Guidelines hold senior corporate officers personally liable if their organizations violate the law Evidence life cycle: Collection and identification. crimes of embezzlement. and return to victim/owner Kennedy-Kassenbaum Act is Health Insurance Portability and Accountability Act (“HIPAA”)
• • • •
© 2002 All Rights Reserved – BrainBuzz. Software that dynamically manages storage and retrieval of electronic information from storage media that varies in speed and cost Six resource categories that support critical business functions: Human resources. protection. computer-based services. and Ethics
• Two types of evidence: o The following are types of evidence that may be reviewed in connection with an audit: Physical examination Confirmation (response from third party) Documentation Observation Inquiry Mechanical accuracy Analytical procedures (using comparisons and ratios) o The following are types of evidence relevant to legal proceedings Best Evidence Secondary Direct Circumstantial Conclusive Corroborative Opinion Hearsay Standards for evidence: the evidence must be sufficient.com 01/03/02 27
. competent. and documents
CBK #9: Law. analysis. If C<L and the business does not implement the safeguard. storage. and relevant Criteria for evaluating legal requirements for implementing safeguards is to evaluate cost (C) of instituting protection versus estimated loss (L) resulting from exploitation of vulnerability.Certified Information Systems Security Professional • • Hierarchical Storage Management (HSM). Investigation. automated applications and data. presentation in court. transportation. fraud. processing capability. the business could face liability Because development of technology may outpace law.
Certified Information Systems Security Professional • • • • • • • • • The extension of property to include electronic information has been key to the development of computer crime laws in some countries FBI and Secret Service are responsible for computer crimes Computer Incident Response Team (CIRT) Federal Computer Security Act of 1987: First to require government agencies to do security training and adopt security plan MOM: Motive. and legal conduct o Not commit unlawful or unethical act that would negatively impact professional reputation or reputation of profession o Report unlawful activity and cooperate in investigation o Support efforts to promote prudent info security measures o Provide competent service. opportunity and means Typical computer felon holds a position of trust with the company Privacy Act of 1974: Fed agencies must protect information of private individuals in their databases Ethics code does not include “control” as a behavior ISC2 Code of Ethics: o Conduct in highest standards of moral. maintain confidentiality Internet Activities Board (IAB): Unethical to: o Seek unauthorized access to Internet resource o Destroy integrity of information o Disrupt Internet use o Waste resources o Compromise privacy of users o Negligence in Internet experiments
CBK #10: Physical Security
• • Five threats: Interruptions in computing services. post-employment procedures.com 01/03/02 28
. ethical. physical damage. policy implementation. and physical theft Three types of controls (same as AC): o Administrative Controls: proper emergency procedures. on-going employee checks. pre-employment screening. Audit trails and access logs are detective. facility security management (audit trails and emergency procedures). unauthorized disclosure of information. loss of control of system integrity. not preventative Environmental controls:
© 2002 All Rights Reserved – BrainBuzz. avoid conflicts of interest o Execute responsibilities to highest standards of profession o Not misuse information they come in contact with.
Halon 1211 (portable extinguishers) and Halon 1301 (flooding systems). Fire Detectors: Heat sensing. use power line conditioning. <40% increases likelihood of static electricity. blackout is prolonged. EPO – Emergency Power Off. surge is prolonged. flame sensing. Fire extinguishing systems: Wet pipe (water all the time). dry pipe (water only when activated). flame actuated. and heaters. and fuel. backup power sources 2) Fire detection and suppression: Three elements – oxygen. RFI). limit fire to building Class A B C Description Common combustibles Liquid Electrical Suppression Medium Water or soda acid CO2. CO2 (lethal if removes all O2) reduces oxygen. proper grounding. Use in >900 degrees creates toxic gas. Gas discharge systems employ pressurized inert gas usually from under raised floor. FM-200 is good replacement. heat. Three methods to protect power: UPS. Soda acid reduces fuel. Halon CO2 or Halon
© 2002 All Rights Reserved – BrainBuzz. Air conditioning should have separate EPO. water. CO2 and Halon. HVAC to control humidity. Power loss: fault is momentary. automatic dial-up.com 01/03/02 29
. brownout is prolonged. antistatic flooring. Humidity range should be 40-60%. proper grounding. Halon now listed as danger to environment and is being phased out. Preaction (dry until heat. smoke actuated. Fire contaminants: smoke. most recommended for computers). Power excess: spike is momentary. Deluge. Halon not safe above 10% concentration. >60% increases condensation. heat. limiting exposure to magnets. Sprinklers protect lives. Water suppresses temperature. suppression medium contamination (CO2 or Halon) 3) Sprinklers do not cause water damage – fire does. power line conditioning. Power Degradation: sag is momentary. reduce fire damage. soda acid. cable shielding. Use Hygrometer to measure humidity. anti-static table or floor mats.Certified Information Systems Security Professional 1) Electrical Power: Noise (EMI. then loads water. Static electricity controls: anti-static sprays. electric motors.
biometric devices.4 meters) o o Technical Controls: Proximity readers. or donation Destruction: Completely destroying media. Alarms must be audible for at least 400 feet. 2) Damaged sectors may not be overwritten by format utility. such as resale. Power supply backups must last at least 24 hours Object reuse: Reusing data storage media after initial use Data remanence: Residual info remaining on media after erasure. and Air Conditioning (HVAC) Physical Controls Fences 3’ to 4’ (1 meter) Deters casual trespasser 6’ to 7’ (2 meters) Too hard to climb easily 8’ with 3 strands of barbed wire Deters intruders (2. Orange Book requires magnetic media be formatted seven times before discard or reuse Common problems with media erasure: 1) Deleting does not actually remove data. motion detectors.Certified Information Systems Security Professional 4) Heating. which may be restored. and 3) Improper use or equipment failure of degausser Clearing: Overwriting data on media for reuse within same secured environment (i.. use in unsecured environment.com 01/03/02 30
. Smurf – IP Ping with forged return address of target Viruses Trojan Horses IP spoofing: Impersonation of a computer from a trusted network
© 2002 All Rights Reserved – BrainBuzz. Ventilation. Need degaussing. file allocation table.e. not used in a lesser security environment) Purging: Degaussing or overwriting media to be removed from monitored environment. intrusion detectors and alarms. Good practice to purge media before submitting for destruction
Types of Attacks • • • • • • • Denial of Service (DoS) Distributed Denial of Service (DDoS) SYN – DOS.
and procedures for the CA Certification is process of binding a public key to a specific person. Covert timing channel
PKI • • • • • Can be open (third party trusted CA for many organizations and individuals) or closed (CA and members are part of single organization) CA – Certificate Authority. server room access. encrypt o Incident response policy/team o User Training o Customer/Partner Training
© 2002 All Rights Reserved – BrainBuzz. Certification Practice Statement (CPS). PKCS#1 is RSA standard. time to restore. entity. dictates legal responsibilities. media.com 01/03/02 31
. backups. PKCS#13 is elliptic curve crypto
Security Assessment • • Two parts: Physical and Logical Areas of Review o Physical access: Access zones. Covert storage channel. test restores. computers (laptops). RA – Registration Authority. CRL – Certificate Revocation List. or system Key recovery – key escrow Public Key Cryptography Standards (PKCS).Certified Information Systems Security Professional • • • Network Packed Sniffers: Software that uses a NIC in “promiscuous mode” to review packets sent across the network Port Scanning Covert Channel: Unapproved communications link between one application and another. policies. network access o Network o Software o Messaging o Acceptable Use o Application Security o Data security/classification according to sensitivity or worth o Encryption o Change Control Systems o Disaster Recovery: Storage of media. roles.
Not adapted to client/server model. If draft is accepted. SMTP is port 25. but failed
TCP/IP • IP is protocol to transport packets between computers. modify. create. and B3 o C – DAC. Takes a long time to certify (1-2 years).g. B2. Classes A. it is given the additional label of STD. rename CERT: Computer Emergency Response Team DNS: Domain Name System. If a specification is adopted as an Internet standard. Port 80 Web access. and internal CPU. it will be issued as a Request for Comments (RFC) document. switch. External CPU. execute. Based on the BellLapadula model.com Gap Appliance: Provides “air gap” between trusted and untrusted systems. and E
Glossary ACL: Types of access – read. Default is transmission in the clear IKE: Internet Key Exchange protocol IKMP: Internet Key Management protocol
© 2002 All Rights Reserved – BrainBuzz. o D – Minimal security. TCP packet uses the IP packet to find which computer it is addressed to. A1 o B – MAC.com 01/03/02 32
. B. TCP ports data to applications. TCP port numbers are divided into three ranges: well-known ports (0-1023). delete. Levels: o A – Verified Protection.. Both sending and receiving applications are assigned ports to identify them. D. C. registered ports (1024-49151).11 Wireless Standard: Wireless LAN standard. Distributed database of name-to-IP address mappings Domain: Collection of computers and user accounts managed by a central authority Footprinting: Process by which a hacker gains information about a target computer system FQDN: Fully Qualified Domain Name. Relates only to standalone systems. Systems evaluated. Address range for each octet is 0-255.Certified Information Systems Security Professional Orange Book • DOD Trusted Computer System Evaluation Criteria. B1. e. but keeps the RFC number IEEE 802. draft docs are valid for six months. write. Systems classified from A (most trusted) to D (least trusted). C1 and C2. They go through a screening process. IBM. and dynamic private ports (49152-65535) IP address is 32 bits. 4 Octets. Internal system never directly connected to the outside Gateway: Translators between networks using incompatible transport protocols IETF: When submitted to the IETF. NO NETWORKS. FTP is port 21.
authentication. Only confirms a company’s compliance with its own procedures. ESP provides encryption LDAP: Lightweight Directory Application Protocol. Not a security audit. All powerful. Can be used to store X. Symmetric key encrypted with public key cryptography. Novell and Sun.509 Pretty Good Privacy: Symmetric cipher IDEA (128 bit key. or buildings are shielded to limit EM radiation from computer equipment TLS: Transaction Layer Security. malicious act NIC: Network Interface Card Open View: Leaving confidential documents in public place (on desk) Privacy Enhanced E-mail (PEM): Proposed by IETF to comply with Public Key Cryptography Standards (PKCS) developed by Microsoft. facilitating the perpetration of an unauthorized. Those procedures may relate to security. Web of trust instead of CA RADIUS: Remote Authentication Dial-In User Service. Does not make any recommendations for improvement. LDAP is based on client-server model. authorization.509 Secure HTTP (S-HTTP): Alternative to SSL. Prime purpose is to audit controls in place to prevent or detect an error that would be significant to a financial audit. Primary security concerns are availability and integrity Logic Bomb: A logic bomb is a set of instructions in a computer program periodically executed in a computer system that determines conditions or states of the computer. Uses X.com 01/03/02 33
. Uses X. and accounting RPC: Remote Procedure Call. RSA is used for the symmetric key exchange and for digital signatures. rooms. Uses triple DES and RSA. Does not guarantee best practices.509
© 2002 All Rights Reserved – BrainBuzz.500. LDAP server will offer directory data via TCP/IP port 389 and SSL encrypted port 636.509 certificates for authentication. HTTPs SSO: Single Sign On Structured Programming: Using programming rules and procedures and preprogrammed modules Superzap: IBM mainframe utility used to install zaps or fixes to MVS OS or application program code. AICPA S/MIME: Secure Multipurpose Internet Mail Extensions. Subset of X. SSL applies to entire session. Use checksums to detect changes to programs TEMPEST: TEMPEST certified hardware. Simple mechanism for directory clients to query and manage a database of hierarchical entries. S-HTTP can be used to protect individual WWW documents SSL: Developed by Netscape. Two main protocols are Authentication Header (AH) and Encapsulating Security Payload (ESP). authentication and integrity above the transport layer and resides between the application and the TCP layer. Circumvents all security. Internet standard for remote-access authentication. 64 bit block) is used to encode the message. Confidentiality. AH provides integrity. SSL and TLS use X.Certified Information Systems Security Professional IPSec: IP security. and non-repudiation. Transport and application layer SAS70 Audit: Statement of Auditing Standards 70.
supports authentication of entries in an X. standards.500 database associated with a DN will have attributes and values X. public key.509 to be used in Internet technologies
© 2002 All Rights Reserved – BrainBuzz. International Telecommunication Union (ITU) provides telecom standards.509: Defines mechanism for certificates.com 01/03/02 34
. signature algorithm identifier (identifies algorithm used by CA to sign certificate).Certified Information Systems Security Professional Wireless Application Protocol (WAP): Used by wireless devices to access the Internet. Lookup is based on a unique Distinguished Name (DN). including X. Features include: Version. Each entry in X.500 directory.500: Directory protocol. Data must be unencrypted at gateway between wireless and wired network to be re-encrypted using SSL. Issuer Name (typically the CA). WTLS provides three classes of security: • Class 1 (Anonymous Authentication). subject name (DN). assigned by CA). The IETF has recognized X. validity period. Neither client or server is authenticated • Class 2 (Server Authentication) • Class 3 (Two way Client and Server Authentication) Worm: Eats up computer/network resources WORM: Write Once Read Many X. Serial Number (unique to certificate. Uses Wireless Transport Layer Security Protocol (WTLS).
com/. multi-media.. Europe. Overly for contributing this Cramsession. E-Mail. 1982). Electrical Engineering.
© 2002 All Rights Reserved – BrainBuzz.D. EPolicy: How to Develop Computer. Mr. e-commerce agreements. Michael R. and technology use policies.com 01/03/02 35
. B.S. 1984.net and his company’s website is at http://www.Certified Information Systems Security Professional
Special thanks to Michael R. Mr.. and Japan.S. His practice focuses on drafting and negotiating technology related agreements. Overly's numerous articles and books have been published in the United States. He counsels clients in the areas of information security. and Document Retention in The Electronic Workplace (Pike & Fisher 2001). outsourcing agreements. Korea. on-line law and privacy issues. Overly is a graduate of Loyola Law School (J. Overly may be the only practicing lawyer who has satisfied the rigorous requirements necessary to obtain the Certified Information Systems Security Professional (CISSP) certification. Author of Overly on Electronic Evidence (West Publishing 1998). Overly is a partner in e-Business & Information Technology Section in the law firm of Foley & Lardner.) and Texas A&M University (M. electronic commerce. Mr.foleylardner. information security agreements. He can be reached at moverly@earthlink. and Internet Guidelines to Protect Your Company and Its Assets (American Management Association 1998).