chap 4 - Security architecture and engineering Flashcards
Security engineering : what are the technical processes
- business & mission analysis process -> the scope
- Stakeholder need & requirement definition process -> security requirements
- system requirements definition process -> translate sec requirements to system requirements
- Architecture definition process -> security view of system architecture
- design definition process -> security-related data and information about system
- system analysis process -> essential data & info for tech understanding of the security aspects
- implementation process
- integration process
verification process
technical management process
- project planning
- project assessment & control
- decision mgmt
- risk mgmt
- configuration mgmt
- information mgmt
- measurement
- quality assurance
what are the enabling process
- lifecycle model mgmt
- infrastructure mgmt
- portfolio mgmt
- human resources mgmt
- quality mgmt
- knowledge mgmt
what are the agreement process
- acquisition
- supply
what are the 4 key security models (architecture)
- state machine model
- information flow model
- non-interference model
- ring model
what is the security ring model
Ring 0 -> OS & security kernel
Ring 1 -> device driver
Ring 2 -> system utilities -> admin
Ring 3 -> Applications -> users
Security architecture for establish a secure system
- privileged mode instructions
- processor states
- memory mgmt
- abstraction layers
- data & code space isolation & code & data segregation
- file system attribute
- security kernel
what are the key extensions to basic security architecture
- access control
- virtual machine
- sandbox environment
- cryptographic systems
what is the fundamental building block of info system architecture
Service model
what are the types of service models (systems)
- client based system
- server based system
- Database system
- Industrial control system (ICS)
- embedded systems
- Internet of things IoT)
- distributed systems
- Virtualized systems
- cloud based system
five essential characteristics of cloud computing
- on-demand self-service
- broad network access
- resource pooling
- rapid elasticity
- measured services
(6. multi-tenancy)
what are the main cloud services models
- software as a service (SaaS)
- Platform as a Service (PaaS)
- Infrastructure as a Service (IaaS)
- Network as a Service (NaaS)
what are the cloud deployments models
- private cloud
- community cloud
- public cloud
- hybrid cloud
what are cloud vulnerabilities & mitigations
vulnerabilities:
- exposure to external communication & access
- misconfiguration
- becoming outdated
mitigation:
- stron SLA
what are microservices vulnerabilities & mitigations
vulnerabilities:
- authorization
- quality of service
- denial of service
mitigation:
- IAM
- containers
- API gateway
containerization vulnerabilities & mitigations
vulnerability
- insecure image
- excessive privilege
- unrestricted comms
- rogue malicious process
- improper isolation
mitigation
- image mgmt
- immutable infra
- granular sec
- micro segmentation
- proper config
Serverless architecture vulnerabilities & mitigations
vulnerability:
- malicious injection into function
- insecure conf.
- cross execution’s data persistency
mitigation
- train staff for conf
- secure coding practices
High performance computing sys vulnerabilities & mitigations
vulnerabilities:
- latency constraints
- improper workload
mitigation
- proper architecture design
- monitoring & log practices
edge & Fog computing vulnerabilities & mitigations
vulnerability
- network compromise
- increase attack surface
mitigation
- network monitoring
- incident response
- asset inventory
accountability
industrial control system vulnerabilities & mitigations
vulnerabilities:
- limited functions
- limited protection
- long service life
- misconf & misuse
- susceptible DoS
- attack have physical effect
- remote/unattended locations
mitigation
- isolated network infra
- access control & monitoring
- high segmentation & microsegmentation
- protect comms chanels
- configuration controls
type of industrial control systems
- supervisory control & data acquisition (SCADA)
- Distributed control system (DCSs)
- Programmable logical controllers (PLCs)
embedded system vulnerabilities & mitigations
vulnerabilities
- programming errors
- web-based vulnerability
- weak access control
- poor crypto
- reverse engineering
- malware
- eavesdropping
mitigations
- risk assessment
- patching & updating
- secure coding technique
- implementing 3rd party risk mgmt
IoT vulnerabilities & mitigations
vulnerabilities
- DoS
- Device security
- crypto security
distributed system vulnerabilities & mitigations
vulnerabilities
- lack of monitoring
- lack of access control
mitigation
- IAM
- IDS/IPS
virtualized system vulnerabilities & mitigations
vulnerabilities
- image mgmt (VM sprawl)
- VW escape
- underlying hardware weakness
- knowledge gap
mitigation
- IAM
- change mgmt
why is cryptography critical to security
confidentiality
integrity
authenticity
availability
non-repudiation
access control
what is “work factor” in cryptography
the cost of breaking the code must be higher than the reward
key challenge of cryptography
key managment
type of cryptography
- symmetric
- asymmetric
what are the cryptosystem components (steps)
- plaintext
- encryption algorithm –> using an encryption Key
- ciphertext
what are the critical properties of Key strengh
- No collisions
- difficult to invert
- large key space -> minimal or no key space clumping
- deterministic decrytion
what is the difference between block VS. Stream processing
Stream mode encryption: encrypt one symbol of the plaintext input at a time
block mode encryption: process fixed length groups of symbols (block size measure in 8 bites)
Asymmetric encryption
uses 2 keys (public & private)
advantage: digital signature & no key exchange
issue: slower & longer Key
type of encryption:
- RSA 2048
- Elgamal
- ECC (ecliptic)
- Diffie helmann
Symmetric encryption
uses a single key
advantage: faster & shorter key
issue: key exchange
type of encryption:
- DES (56) -> not secured anymore
- 3DES (168)
- AES (128/ 192 / 256)
- Rijindal
- RC 5 / RC 6 -> RC 4 is stream encryption
- Blowfish
- twofis
- IDEA
- CAST
- SAFER
Hashing
it is a 1 way math process
- variable inputs
- fixed length outputs
- unique inputs generate a unique output
advantage: no key required
use case: concealment and integrity (check)
types of hashing:
- MD-5 (128) -> 32 character
- SHA1 (160) -> 40 character
- SHA2 (224/512)
- SHA3 (512)
- HAVAL
- RIPEMD 160
what are the key requirements of Hashing
- uniformly distributed
- collision resistant
- impossible to invert
- computed on full message
- deterministic
what is a distributed ledger (blockchain)
decentralized register of transactions that is protected by and graph-linked together with cryptographic controls –> rely on asymmetric crypto
what is the Kerckoff’s principle about encryption
if everything is known except the encryption key, then the cipher must be safe
on which mathematical concept is RSA algorithm build on
prime number factoring
what is a public Key infrastructure (PKI)
system, software, protocol required to use, manage & control public Key cryptography
what type of encryption does PKI use
Diffie-Hellman-Merkle key negotiation algorithm
what is a message digest
hash representation of a plaintext used to verify integrity of the message
what is the Key management lifecycle
- generating
- recording
- transcribing
- distributing
- installing
- storing
- changing
- using
what is Key recovery
a backup mechanism that ensures an organization can have continued access to its own encrypted information if the key are lost/damaged
key methods of key recovery
- Key escrow
- key registration
- digital wallet
main issues regarding key creation
- random & pseudorandom number generator
- symmetric key generation, storage, distribution and management
- asymmetric key length
what can be a solution to symmetric key distribution
Key wrapping and key encrypting keys (KEKs)
use a special purpose long-term use Key called Key encrypting Keys (KEK) to distribute symmetrics keys
KEKs is currently used in TLS / PGP / S/MIME sessions
what are the methods to protect stored Keys
- trusted, tamperproof hardware security module (HSM)
- passphrase-protected smart cards
- key wrapping using a long term KEKs
- splitting cipher keys and storing in physically seperated storage location
- protecting key using strong password, passphrase and key expiry & related policies
what are main cihertext-based attacks
- brute force
- known plaintext
- chosen plaintext
type of attack on encryption (algorithm attack)
- brute force
- pass the hash attack -> capture authentic hash and re-use it
- man-in-the-middle attack (MITM)
- side channel attack -> use time, frequency
- fault analysis –> make error and check result for clue
- probing -> analyze the circuitry surrounding the crypto module
- replay -> resent of repeated files to host
- rainbow table -> look-up table of sorted hash outputs (good for password)
- algebraic -> math structure
- frequency analysis
- birthday attack –> percentage of collision
- factoring attack –> RSA
- dictionary attack-> dictionary of words
- attacking the random number -> hybrid
- fault injection
- temporary files –> find in RAM, SWAP, Hyberfiles.sys
what is the best language to support a federated identity management system?
Security Assertion Markup Language SAML
If a system’s security goal is that no subject can gain access to any object without authorizations what should be implemented?
The security kernel implementing the reference monitor concept
When a company is considering adopting a biometric systems which is the LEAST important consideration?
Technology type.
In a SAML 2.0 systems when a user across the internet is attempting to access a web services what happens?
The web server uses a federated login system to authenticate the user
What type of encryption would be appropriate for HIPAA documents in transit?
TLS
Which attack helped drive vendors to move away from SSL toward TLS-only by default?
POODLE
Ed has been asked to send data that his organization classifies as confidential and proprietary via email. What encryption technology would be appropriate to ensure that the contents of the files attached to the email remain confidential as they traverse the Internet?
PGP
PGP, or Pretty Good Privacy (or its open-source alternative, GPG) provide strong encryption of files, which can then be sent via email.
Harry would like to retrieve a lost encryption key from a database that uses m of n control with m = 4 and n = 8. What is the minimum number of escrow agents required to retrieve the key?
4
In an m of n control system, at least m of n possible escrow agents must collaborate to retrieve an encryption key from the escrow database
Bob is a security administrator with the federal government and wishes to choose a digital signature approach that is an approved part of the federal Digital Signature Standard under FIPS 186-4. Which one of the following encryption algorithms is not an acceptable choice for use in digital signatures?
HAVAL
HAVAL is a hash function, not an encryption algorithm
If Alice wishes to send Bob an encrypted message, what key does she use to encrypt the message?
Bob’s public key
When Bob receives the encrypted message from Alice, what key does he use to decrypt the message?
Bob’s private key
Alice would also like to digitally sign the message that she sends to Bob. What key should she use to create the digital signature?
Alice’s private key
Alice creates the digital signature using her own private key. Then Bob, or any other user, can verify the digital signature using Alice’s public key.
James is working with a Department of Defense system that is authorized to simultaneously handle information classified at the Secret and Top Secret levels. What type of system is he using?
Multistate
Which one of the following terms accurately describes the Caesar cipher?
Shift cipher
Sherry conducted an inventory of the cryptographic technologies in use within her organization and found the following algorithms and protocols in use. Which one of these technologies should she replace because it is no longer considered secure?
MD5
The MD5 hash algorithm has known collisions and, as of 2005, is no longer considered secure for use in modern environments.
What standard governs the creation and validation of digital certificates for use in a public key infrastructure?
X.509
In a Software as a Service cloud computing environment, who is normally responsible for ensuring that appropriate firewall controls are in place?
Vendor
