Clipping Level CISSP

Clipping Level CISSP
Security Architecture & Design
Understand the fundamental concepts of security
models (e.g., Confidentiality, Integrity, and Multilevel
Models)
Multilevel Models
Latticebased
Matrixbased
Noninterference
Security Models
BellLaPadula (BLP)
Write Up Read Down
Confidentiality Focus
Biba Integrity Model
Write Down Read Up
Integrity Focus
Lipner Model
Mix of BLP & Biba
ClarkWilson Integrity Model
Information Integrity Focus
Brewer and Nash (Chinese Wall) Model
Separation to avoid conflict of
interests in company
GrahamDenning
Assigning Rights Focus
Subject & Object Creation
HarrisonRuzzonUllman
Integrity of Access Rights
Extension of GrahamDenning
Architecture Frameworks
Zachman Framework
Enterprise Architecture Focus
Sherwood Applied Business
Security Architecture (SABSA)
Enterprise Security Architecture Focus
The Open Group Architecture
Framework (TOGAF)
Iterative approach relying heavily on
modularization, standardization & proven
tech.
Information Technology
Infrastructure Library (ITIL)
Aligns IT to Business Needs
Understand the components of
information systems security evaluation
models
Product evaluation models (common criteria)
State Machine Model
Flow Model
Understand security capabilities of information
systems (memory protection, virtualization,
trusted platform module)
CPU
Processor Function (CPU)
Fetch
Decode
Execute
Store
Multitasking
Time windows to split up tasks
Protected Mode (Ring 3) User Mode
Privileged Mode (Ring 0) Kernel Mode
Multiprocessing
Many CPUs in a System
Multithreading
Applications usage of CPU times
Memory
Primary
CPU Registers
L1 & L2 Cache
Main Memory
Secondary
Disk Drives
Optical Media
USB Drives
Tape Drives
External NAS/SAN
Virtual Memory
Uses Secondary to emulate Primary
Firmware
Embedded hardware ROM (BIOS)
Storage
Storage Area Network (SAN)
Fibre Channel
iSCSI (IP Based)
Block Level
Network Attached Storage (NAS)
File Level Access
Multi protocol support
Redundant Array of Independent
Disk (RAID)
RAID 0
Striped Set
RAID 1
Disk Mirror
RAID 4
Disk Striping w/Parity Disk
RAID 5
Disk Striping w/Party spread
across disks
RAID 6
Disk Striping w/Two parity
blocks spread across disks
RAID 0+1
Mirrored Stripes (RAID 0 Striped
Disks Mirrored)
RAID 10
Striped mirrors (RAID 1 Mirrored
disks Striped)
Striping = Performances
Mirroring = Fault Tolerance
Virtualization
Gateway between OS & Hardware
Cost effeciency
Operational efficiencies
Resource efficiencies
Cloud Computing
Platform as a Service (PaaS)
Software as a Service (SaaS)
Infrastructure as a Service (IaaS)
Deployment Models
Private
Public
Community
Hybrid
Trusted Computing Base (TCB)
Process Activation
Domain switching (Changing
security Levels)
Memory Protection
I/O Operations
Reference Monitor
Manages access controls
between subject & object
Certification & Accreditation
Trusted Computer System
Evaluation Criteria (TCSEC)(Orange
Book)
Classes (A,B.C.D)
Criteria (A1, B3, B2, B1, C2, C1, D
Information Technology Security
Evaluation Criteria (ITSEC)
Assurance
E0E6
Functionality
FC1, FC2, FB1, FB2, FB3
Common Criteria (ISO/IEC 15408)
Protection Profile (PP)
Target of Evaluation (TOE)
Security Target (ST)
Evaluation Assurance Levels (EAL)
Database Security
Hierarchiacal DataBase
Management System (DBMS)
Parent <> Child Hierarchy/Relationship
Single Tree
Single Table
Network DBMS
Stored as related objects
Many to many relationships
Relational DBMS
Structured in tables for relationships
Most Common (Oracle,
Sybase, MySQL, MSSQL)
Terminology
Structured Query Language (SQL)
Open Database Connectivity (ODBC)
Extensible Markup Language (XML)
Object Linking and Embedding (OLE)
Active X Data Object (ADO)
Polyinstantiation
Normalization
Views
Data warehouse
DB <> Warehouse collection
Data mining
User <> Warehouse formatting
Understand the vulnerabilities of
security architectures
System
Emanations
TEMPEST
State Attacks
Time Of Check, Time Of Use (TOCTOU)
Vulnerabilities of transitions
between states
Covert Channels
Maintenance communications
Technology and process integration
(single point of failure, service oriented
architecture)
Operations Security
Understand security operations concepts
Needtoknow/least privilege
Separation of duties and responsibilities
Monitor special privileges
Job rotation
Marking, handling, storing and
destroying of sensitive
information
Record retention
Employ resource protection
Media management
Asset management
Implement and support
patch and vulnerability
management
Implement preventative
measures against attacks
Understand change and
configuration management
Understand system resilience
and fault tolerance
requirements
Manage incident response
Detection
Response
Reporting
Recovery
Remediation and review
Business Continuity &
Disaster Recovery Planning
Understand business continuity requirements
Develop and document project
scope and plan
Obtain leadership buyin
Standards
BS 25999
BS 22301
ISO 27001 Annex A
NIST SP 80034
Conduct business impact analysis
Identify and prioritize critical
business functions
Determine maximum tolerable
downtime and other criteria
Recovery Time Objective (RTO)
Mean Time To Recovery (MTTR)
Mean Time Between Failures (MTBF)
Maximum Tolerable Period of
Downtime (MTPD)
Maximum Tolerable Downtime (MTD)
Assess exposure to outages
Local
Regional
Global
Define recovery objectives
Recovery Point Objectives (RPO)
Backup Strategies
Cold
Hot
Full
Differential
Incremental
Develop a recovery strategy
Implement a backup storage strategy
Offline Storage
Electronic Vaulting
Tape Rotation
Recovery site strategies
Dual Data Center
Hot
Warm
Cold
Mobile
Understand disaster recovery process
Response
Personnel
Communications
Assessment
Restoration
Provide training
Exercise, assess and maintain the plan
Version Control
Update plans annually at a minimum
Distribution
Assessment Types
Full Interruption
Shutdown & Relocate
Parallel Testing
Recreation of Work
Simulation
Functional Test/War Game
Walk Through
Tabletop
Desk Check
Review Plan
Legal, Regulations,
Investigations & Compliance
# [Legal, Regulations, Investigations & Compliance](https://mm.tt/1621204551)
Understand legal issues that
pertain to information security
internationally
Computer crime
Any illegal action where data on a
computer is accessed without
permission.
Identity theft
Investment fraud
Employment faud
Intellectual property
Patent
Strongest Form
Trademark
Associated with words, symbols, colors
Copyright
Trade secrets
Must provide some benefit
Reasonable protection must be applied
Licensing
Software categories
Commercial
Academic
Shareware
Freeware
Master Agreements
EndUser Licensing Agreements (EULA)
Import/Export
Transborder data flow
World Intellectual Property
Organization (WIPO)
Organization for Economic
Cooperation and Development
(OECD)
Wassenaar Arrangement
Council of Europe Convention of
Cybercrime
Privacy
Personally Identifiable Information (PII)
Varies based on organization & country
Payment Card Industry Data
Security Standard (PCI DSS)
US Health Insurance Portability
and Accountability Act (HIPAA)
Personal Information Protection
and Electronic Documents Act
(PIPEDA)
Federal Information Security
Management Act (FISMA)
UK Data Protection Act (DPA)
European Union (EU) Data
Protection Directive
Understand professional ethics
(ISC)² Code of Professional Ethics
CISSP Expectation
Set the example
Encourage adoption
Support organization's code of ethics
RFC 1807
Internet Architecture Board (IAB)
Formal Ethic Theory
Teleology (Utilitarian)
Deontology (Obligation)
Understand and support investigations
Policy, roles and responsibilities (e.g.,
rules of engagement, authorization,
scope)
Incident handling and response
Five Stages
1. Triage
2. Investigate
3. Containment
4. Analysis & Tracking
5. Recovery
Evidence collection and handling
Aspects of Investigations
Acquisition
Authentication
Analysis
Suspect Identification
Means, Opportunity, Motive (MOM)
Locard's Principle of Exchange
Criminals leave something behind
Digital Forensics
Indentification
Collect & Preserve
Examine
Present Findings
Chain of Custody
Who
What
When
Where
How
Authenticity
Reporting and documenting
Understand forensic procedures
Media analysis
Network analysis
Software analysis
Hardware/embedded device analysis
Types of Evidence
Direct
Provided by witness
Real
Something physical
Documentary
Contracts & Legal Papers
Demonstrative
Expert Testimony
Hearsay
Second Hand
Criteria Required
Authentic
Accurate
Complete
Convincing
Admissible
Understand compliance
requirements and procedures
Regulatory environment
HIPAA
SOX
US GrammLeechBliley
Financial Services Modernization
Act (GLBA)
BASEL II
PCI DSS
Audits
Reporting
Ensure security in contractual agreements and
procurement processes (e.g., cloud computing,
outsourcing, vendor governance)
Legal Systems
Common
Components
Legal Precedent
Customs
Societal Tradition
Adversarial Litigation
Reasonable Doubt
Criminal
Loss of freedom
Tort
Deals with Civil Matters
Administrative
Regulations & Control of power
Civil
Relies on legislation & written rules
Codebased
Napoleonic
Religious
Customary
Mixed
Maritime
Legal Concepts
Jusrisdiction
Sovereignty
Liability
Negligence
Due Care
Due Diligence
Obligation
Physical (Environmental) Security
Understand site and facility
design considerations
Crime Prevention Through
Environmental Design (CPTED)
Physical Layout
Monitoring
Hardening
Power Faults
Blackout
Brownout
Sag
Fault
Spike
Surge
Noise
Transient
InRush
Support the implementation and operation of
perimeter security (e.g., physical access control
and monitoring, audit trails/access logs)
Fences
Heights
1 Meter
2 Meters
2.5 Meters
Guage (Smaller = Thicker)
6
9
11
12
Bollards
Natural
Trees
Berms
Gullies
Walls
Doors
Fail Safe
Fail Secure
Tailgating/Piggybacking
CCTV
5 footcandles (fc) for proper crit areas
2 fc for normal operations
Windows
Plate
Tempered
Acrylic Polycarbonate
Laminate
Embedded Wire
Lighting
Fluorescent
LED
Mercury Vapor
Sodium Vapor
Quartz
Support the implementation and
operation of internal security
Escort Requirements
Visitor Control
Keys & Locks
Locks
Key
Combination
Biometric
Electronic
Radio Frequency
Magnetic Stripe
Shear Point
Support the implementation and operation of
facilities security (e.g., technology
convergence)
Communications and server rooms
Restricted and work area security
Data center security
Intrusion Detection
Active Infrared
Watches for breaks in beam
Passive Infrared
Detects heat signatures
Utilities and Heating, Ventilation and
Air Conditioning
(HVAC)considerations
Volume
Size of facility considerations
Humidity Levels
Equipment requirements
Temperature
Consistent
Quality
Dust & Contaminant Removal
Water issues
Leakage
Flooding
Fire
Prevention
Detection
Suppression
Requirements
Oxygen
Heat
Fuel
Oxygen
Types
Class A
Combustibles Common
ASH
Class B
Combustible Fluid
BOIL
Class C
Electrical
CURRENT
Class D
Metals
DRIVE
Class K
Cooking
KITCHEN
Combustible, Fluids, Excite, Me, K?
Support the protection and
securing of equipment
Understand personnel privacy and
safety (e.g., duress, travel, monitoring)
Goals
Deter
Signs, Fences
Delay
Locks
Detect
Sensors, Cameras
Assess
Weather Emergency Process
Respond
Reaction Team
Recover
Data Restoration
Life, Health & Safety take precedence.
Telecommunications & Network Security
Understand secure network
architecture and design
OSI and TCP/IP models
Open Systems Interconnect (OSI) Model
Layer 7: Application
Layer 6: Presentation
Layer 5: Session
Layer 4: Transport
Layer 3: Network
TCP (Connection Oriented)
UDP (Connectionless)
Layer 2: Data Link
Frame Check Sequence (FCS)
Layer 1: Physical
Media
Copper
100m
Fiber
MultiMode Fiber (2 km)
SingleMode Fiber (100s km)
Wireless
Service Set IDentifier (SSID)
Access Point (AP)
802.11g
2.4 Ghz
54Mbps
802.11a
5 Ghz
54Mbps
802.11n
2.4 & 5 Ghz
300+ Mbps
802.11ac
800+ Mbps
5 Ghz
WiFi Protected Access (WPA)
802.11i (WPA2)
Wired Equivalent Privacy (WEP)
Temporal Key Integrity Protocol (TKIP)
Topologies
Bus
Star
Ring
Mesh
TCP/IP
Application
Transport
Internetwork
Network Access
IP networking
VLANs
Encapsulation
Adds header information to payload
Deencapsulation
Removes header information
from payload
Routing Protocols
RIP
RFC 1058
Distance Vector Algorithm
15 Hop Maximum
OSPF
RFC 1131
LinkState Algorithm
BGP
RFC 1654
Implications of multilayer protocols
Supervisory Control And Data
Acquisition (SCADA)
Modbus
Fieldbus
Distributed Network Protocol (DNP)
Securing network components
Hardware
Modems
Switches
Routers
Wireless Access Points
Transmission media
Wired
Wireless
Fiber
Network access control devices
Firewalls
Proxies
Endpoint security
Establish secure
communication channels
Voice
POTS
PBX
VoIP
Multimedia collaboration
Remote Meetings
Instant Messaging
Remote access
Screen Scraping
Virtual Desktops
Telecommuting
VPN
Point to Point Tunnelling
Protocol (PPTP)
Layer 2 Tunneling Protocol (L2TP)
Data communications
SSL
TLS
MultiProtocol Label Switching (MPLS)
QoS
Packet Switched
Segmentation
WAN
T1, T3
E1, E3
OC1, OC12
Asynchronous Transfer Mode (ATM)
Frame Relay
xDSL
Integrated Services Digital
Network (ISDN)
Bearer (B) Channel
Data (D) Channel
IPSec
Authentication Header (AH)
Encapsulating Security Payload (ESP)
Transport Mode
Host to Host
Tunnel Mode
Network to Network
Security Association (SA)
Negotiated Algorithms & Keys
Methods
Manual Keying
Internet Key Exchange (IKE)
Auth'd by X.509 Certs
DiffieHellman Key Exchange
Creates session keys
Two required for each direction
Understand network attacks
DDoS
Spoofing
Host Based IDS (HIDS)
Network Based IDS (NIDS)
Access Control
Control access by applying the
following
concepts/methodologies/techniques
Policies
Types of controls (preventive,
detective, corrective)
Before Event
Directive
Preventive
Deterrent
During Event
Detective
After Event
Compensating
Recovery
Corrective
Techniques (nondiscretionary,
discretionary and mandatory)
Identification and Authentication
Factors
Type 1: Know
Type 2: Have
Type 3: Are
False Rejection Rate (FRR)
False Acceptance Rate (FAR)
Crossover Error Rate (CER)
Systems
Single Sign On (SSO)
Kerberos
Key Distribution Center (KDC)
Realm
Ticket Granting Service (TGS)
Ticket Granting Ticket (TGT)
Authentication Service (AS)
Secure European System for Application
in a Multivendor Environment
(SESAME)
Web Access Management (WAM)
Identity Management (IdM)
Federation/Trust
Directory Services
Lightweight Directory Access
Protocol (LDAP)
Organization
Organizational Unit
Person
Device
Group
Domain Name System (DNS)
Active Directory
Centralized access control
Extensible Authentication Protocol (EAP)
Remote Authentication DialIn
User Service (RADIUS)
Challengeresponse
Diameter
Terminal Access Controller
Access Control System
(TACACS+)
Remote Access Service (RAS)
Password Authentication Protocol (PAP)
Challenge Handshake
Authentication Protocol (CHAP)
802.1X
Decentralized/distributed access
control techniques
Authorization mechanisms
Authorization
Privileges
Access
Rights
Discretionary Access Control (DAC)
Access Control List (ACL)
Mandatory Access Control (MAC)
Security Labels
Rolebased Access Control (RBAC)
Rulebased Access Control
Logging and monitoring
Clipping Level
Intrusion Detection (IDS)
Signature Based
Anomaly Based
Intrusion Protection (IPS)
NIPS/HIPS
Understand access control attacks
Threat modeling
Asset valuation
Vulnerability analysis
Access aggregation
Assess effectiveness of access controls
User entitlement
Access review & audit
Identity and access provisioning
lifecycle (provisioning, review,
revocation)
38