Chapter 6 - Security Architecture and Design Flashcards
A holistic Life Cycle for developing security architecture that begins with accessing business requirements and subsequently creating a “chain of traceability” through phases of strategy, concept, design, implementation and metrics is characteristic of which of the following frameworks?
A. Zachman
B. SABSA
C. ISO 27000
D. TOGAF
B. SABSA
Which of the following component of ITIL’s Service Portfolio is primarily focused on translating designs into operational services through a project management standard?
A. Service Strategy
B. Service Design
C. Service Transition
D, Service Operations
C. Service Transition
Which of the following can best be used to capture detailed security requirements?
A. Threat modeling, covert channels, and data classification
B. Data classification, risk assessments, and covert channels
C. Risk assessments, covert channels, and threat modeling
D. Threat modeling; data classification and risk assessments
D. Threat modeling; data classification and risk assessments
Which of the following security standards is internationally recogonized as sthe standards for sound security practice and is focused on the standardization and certification of an organization’s information security management system (ISMS)
A. ISO 15408
B. ISO 27001
C. ISO 9001
D. ISO 9146
B. ISO 27001
Which of the following describes the rules that need to be implemented to ensure that the security requirements are met?
A. Security Kernel
B. Security Policy
C. Security Model
D. Security Reference Monitor
B. Security Policy
A two dimensional grouping of individual subjects into groups or roles and granting access to groups to objects is an example of which of the following types of models?
A. Multi-level lattice
B. State Machine
C. Non-interference
D. Matrix based
D. Matrix based
Which of the following models ensures that a subject with clearance level of Secret has the ability to write only to objects classified as Secret or Top Secret but is prevented from writing information classified as Public?
A. Biba - Integrity
B. Clark-Wilson
C. Brewer-Nash
D. Bell-LaPadula
D. Bell-LaPadula
Which of the following is unique to Biba Integrity Model?
A. Simple Property
B. *(star) property
C. Invocation Property
D. Strong * Property
C. Invocation Property
Which of the following models is best considered in a shared data hosting environment so that they data of one customer is not disclosed to a competitor or other customers sharing that hosted environment?
A. Brewer Nash
B. Clark - Wilson
C. Bell-LaPadula
D. Lipner
A. Brewer Nash - Chinese Wall
Which of the following security models is primarily concerned with how the subjects and objects are created and how subjects assigned rights and privileges?
A. Bell-LaPadula
B. Biba-Integrity
C. Chinese Wall
D. Graham Denning
D. Graham Denning
Which of the following ISO standards provides the Evaluation Criteria that can be used to evaluate Security Requirments of different products with different functions?
A. ISO 15408
B. ISO 27000
C. ISO 9100
D. ISO 27002
A. ISO 15408
In the common criteria the common set of functional and assurance requirements for a category of vendor producs deployed ina particular type of environment are known as:
A. Protection Profiles
B. Security Target
C. Trusted Computing Base
D. Ring Protection
A. Protection Profiles
Which of the following evaluation assurance level that is formally verified, designed, and tested is expected for a high risk situation?
A. EAL1
B. EAL3
C. EAL5
D. EAL7
D. EAL7
Formal acceptance of an evaluated system by management is known as:
A. Certification
B. Accreditation
C. Validation
D. Verification
B. Accreditation
Which stage of the Capability Maturity Model (CMM) is characterized by having organizational processes that are proactive?
A. Initial
B. Managed
C. Defined
D. OPtimizing
C. Defined
Which of the following best provides a method of quantifying risks associated with information technology when validating the abilities of new security controls and countermeasures to address the identified risks?
A. Threat/Risk Assessment
B. Penetration Testing
C. Vulenrability Assessment
D. Data Classification
A. Threat/Risk Assessment
The use of proxies to protect more trusted assests from less sensitive ones is an example of which of the following types of security services?
A. Access Control
B. Boundary Control
C. Integrity
D. Audit and Monitoring
B. Boundary Control
Which of the following is the main reason for security concerns in mobile computing devices?
A. The 3G protocol is inherently insecure
B. Lower Processing Power
C. Hackers are targeting mobile devices
D. The lack of anti-virus software
B. Lower Processing Power
In decentralized environments device drivers that enable the OS to control and communicate with hardware need to be securely designed, developed and deployed because they are
A. typically installed by end users granted access to the supervisor state
B. typically installed by administrators and granted access to user mode state
C. typically installed by software without human interaction
D. integrated as part of the operating system
A. typically installed by end users granted access to the supervisor state
A system administrator grants rights to a group of individuals called Accounting instead of granting rights to each individual. This is an example of whilch of the following security mechanisms?
A. Layering
B. Data hiding
C. Cryptographic protections
D. Abstraction
D. Abstraction
4 Main components Processors, storage, peripherals, and the OS
CPU, motherboard and memory operate together -4 main tasks - fetching, decoding, executing and storing
multitasking system
switches from one process to another to quickly speed up processing
threads
series of instructions, multithreading is a process where the OS time slices the threads and gives one thread some time on the CPU and then switches to another thread
primary storage
memory, cache or registers - high probablity of being requested by the CPU - RAM (Volatile) SDRAM CACHE (high speed RAM)
secondary storage
holds data not being used by the CPU
firmware
storage of programs or instructions in ROM (Non-volatile)
system kernal
core of OS - provides access to system resources
Enterprise Security Architecture
implements the building blocks of information security across the entire organization - long term strategy
Boundary Control Services
how and whether information is allowed to flow from one set of systems to another, or from one state to another - firewalls, border routers, proxies. Intended to enforce security zones of control by isolating entry points
Access Control Service
identification, authentication, authorization of subject entities
Integrity services
antivirus, content filtering, file integrity, whitelisting, and intrustion prevention systems - automated checking to detect and correct corruption
Cryptography Services
PKI - hashing and encryption, common services that can be deployed and reused by a variety of systems
Audit and Monitoring Services
secure collection, storage, and analysis of audited events through centralized logging through intrustion detection systems
Security Zones
used to group together entities with similar security requirments
architecture frameworks
method for designing a target state as an integrated set of systems.
Zachman
logical structure for identifying and organizing the models that are important in the management of enterprises
Sherwood Applied Business Security Architecture (SABSA) Framework
holistic life cycle - creating chain of traceability through phases of strategy, concept, design, implementation and metrics
The Open Group Architecture Framework (TOGAF)
Common set of terms, architecture development method, and architecture content framework and numerous reference models
ITIL - IT Infrastructure Library
defines organizational structure and skill requirements, operational procedures and practices 5 main books
Service Strategy
addresses new buisness needs by describing the range of services that are or will be deployed
Service Design
focuses on creating the services described within service portfolio
Service transition
translates designs into operational services through standard project management structure
Continual Service Improvement
metrics used as key input
State Machine Model
describes a system at a point in time - then describes the behavior as it moves between one state and another, from one moment to another. Role of time is very important
Multilevel Lattice Models
strict layers of subjects and objects and defines clear rules that allow or disallow interactions between them based on the layers the are in. Hierarchial - lesser/greater privilieges - clearance of subject compared with classification of data
Noninterference models
a type of multi level model that severly limits and higher-classified information from being shared with lower privileged subjects - also deals with covert channels - maintains activities at different security levels. Complete separation between security levels
Matrix based models
focus on one to one relationships between subjects and objects - access control matrix - represent capabiliteis - may be put into roles
Information Flow Models
how information is allowed or not allowed between individual objects - may identify covert channels, unintended information flow between compartments, used to determine if information is being properly protected throughout a given process.
Bell-LaPadula Confidentiality Model
inspired by DoD - need to improve confidentiality, primary goal is to prevent diclosure as the model moves from one state to another. Subjects active, objects passive. Subjects assigned clearance levels for modes of access (Read, Write) to use with objects assigned a classification level. Use labels with set of rules. Simple security property subject can read but not right. Can read at their level or below but can’t read higher. * Property - To prevent disclosure subjects could write at their level or higher but cant write lower. The strong star property - restricted read/write to their level only.
Biba Integrity Model
lattice based model with multiple levels. Same modes of access and interactions with subjects and objects. An itegrity model. Information maintained by preventing corruption. Simple Integrity property - can’t read from less accurate objects but can read from objects that are more accurate. * property - Subjects can not write to objects that are more accurate, but can write down Invocation property - getting a more priviliged subject to work on their behalf - this must be prevented or corruption could occur
Clark Wilson Integrity model
Integirty at transaction level in a commercial environment. Prevent unauthorized, undesireable changes and behave consistently. constant mediation between every subject and every object for integrity to be maintained. Subject does not have direct access to the object - done through a program following a set of rules. Prevent undesireable changes by atuthorized subjects -separation of duties. Well-formed transactions - set of steps within any transaction would need to be carefully designed and enforced.
Lipner model
combines Bell-LaPadula and Biba with the idea of job functions for both confidentiality and integrity. First to separate objects into data and programs
Brewer-Nash (Chinese Wall) Model
focus on preventing conflict of interest when subject has access to objects with sensitive information associated with two competing parties. can not access confidential information for a client organization and one or more of its competitors - can’t get to one side of wall once on the other side
Graham-Dennin Model
concerned how subjects and objects are created, assigned privilieges and how ownership is managed. Subjects - process and domain
Harrison-Ruzzo
generic rights and a finite set of commands
A formal security model
describes and verifies the ability to enforce security policy in mathematical or measurable terms
3 Evaluation Criteria
TCSEC, ITSEC, Common Criteria
Certification
System tested to see whether it meets documented requirements
Accreditation
Management evaluates the capacity of the system and decides whether they will formally accept the evaluated system
TCSEC - Trusted Computer System Evaluation Criteria
Orange Book 1983 DoD - Used to evaluate, classify, and select computer systems being considered for the processing, storage and retrieval of sensitive or classified information. Focused on confidentiality.
Trusted Computing Base (TCB) - are the fundamental controls implemented in a given system
C Level to B Level moves from DAC to MAC
A - Verified Protection
A1 - verified Design - Highest Trust
B - Mandatory Protection
B3 Security Domains; satisfy reference monitor, exclude non-essential code; minimize complexity; Security Administrator, Audits all, Automated IDS, Trusted Sytem Recovery, Covert timing
B2 Structurted Protection; configuration managment, DAC & MAC over all, clear security policy, covert storage, objects structured, more testing, hardened authentication, separate operator and administrator
B1 Labeled Security Protection - MAC over some, informal security policy, data sensitivity labels, flaws must be removed or mitigated
C - Discretionary
C2 Controlled Access - improved DAC login process and audit trails
C1 Discretionary Security - DAC
D - Minimal
Lowest
ITSEC - information technology security evaluation
provides functional and assurance levels - integrity and availability; E Levels, targets of evaluation, higher E levels provide customers with higher degree of assurance
Common Criteria - CC - ISO/IEC 15408
Supercede all other criteria, standardizes general approach to product evaluation
Protection Profiles - function and assurance requirements for a category of vendor products in a particular environment
EAL Levels - Common Evaluation Methodology
EAL1 - Functionally Tested
EAL2 - Structurally Tested
EAL3 - Methodically Tested and Checked
EAL4 - Methodically Designed, Tested and Reviewed
EAL5 - Semi-Formal Designed and Tested
EAL6 - Semi-Formal Verified Design and Tested
EAL7 - Formal Verified Design and Tested
ISO 2700:2005
Standardization and Certification of an organization’s information security management system (ISMS)
Five key areas:
- General Requirements of the ISMS
- Management Responsibility
- Internal ISMS Audits
- Management Review of the ISMS
- ISMS Improvement
ISO 27002
Code of Practice for Information Security Management which lists security control objectivevs and recommends a range of specific security controls according to industry best practice - more of a guideline
11 focus areas:
- Security Policy 2. Organization and information Security 3. Asset Management 4. Human Resources Security 5. Physical and Environmental Security 6. COmmunications and Operations Management 7. Access Control 8. Information System Acquisition, Development and Maintenance 9. Information Secuirty Incident Management 10. Business Contuity Mnagement 11. Compliance
Control Objects for Information and Related Technology
Framework for IT Management - set of generally accepted processes to assist in maximizing the benefits derived using info technology and developing appropriated IT governance
Payment Card Industry Data Security Standard (PCI-DSS)
Specifications to ensure safe processing, storing and transmission of the card holder’s information
Complete Mediation
When no subject can gain access to any object without authorization
Processor
Supervisor state (Kernel mode) - operating at highest priviliege - allowed to access any system resources
Layering
Organization of programming into separate functional components that interact in some sequential and hierarchial way.
Ring Protection
inner ring - lowest number, most priviliege (OS Kernel)
Outer ring - highest number, lowest privilege - end user application
Tempest
set of standards designed to shield buildings and equipment to protect them against eavesdropping and passive emanations gathering attempts
State attack - ‘Race conditions’
atempt to take advantage of how a system handles multiple requests
Covert Channels
mechanism hidden from access controls - use irregular methods of communication such as free space or timing to transmit information
Storage - communicate via a stored object
Timing - modify timing of events relative to each other
Eliminate thru design
XML
Extensible Markup Language - structuring data in a text file
SAML
Security Assertion Markup Language - exchange authentication and authorization information
OWASP
OPen Web Application Security Project - focus on improving securiy of software
