CISSP Flashcards
ISC2 Code of Ethics: Preamble
The safety and welfare of society and the common good, duty to our principals, and duty to each other requires that we adhere, and be seen to adhere, to the highest ethical standards of behavior.
Therefore, strict adherence to this Code is a condition of certification.
ISC2 Code of Ethics: Canons
1) Protect society, the common good, necessary public trust and confidence, and the infrastructure.
2) Act honorably, honestly, justly, responsibly, and legally.
3) Provide diligent and competent service to principals.
4) Advance and protect the profession.
OSI Layers
7 Application
6 Presentation
5 Sessions
4 Transport
3 Network
2 Data Link
1 Physical
OSI: Application
Network Process to Application
Application Firewall
HTTP/S
DNS
SSH
SNMP
FTP
OSI: Presentation
Data representation and encryption.
XML
JPEG
ANSI
OSI: Session
Interhost communication and session management
OSI: Transport
End-to-end connection with error correction and detection
TCP/UDP
iSCSI (SAN
Uses segments.
OSI: Network
Local addressing, routing and delivery of packets.
Routers
Packet Filtering Firewalls
IP Addresses
ICMP
NAT
Uses Bits.
OSI: Data Link
Physical addressing and reliable point-to-point connection.
Switches
Bridges
MAC Addresses
Point-to-Point Protocol (PPP)
Point-to-Point Protocol over Ethernet (PPPoE)
ARP
Uses Frames.
OSI: Physical
Media, Signal and Binary Transmission
Uses Bits.
TCP/IP Model
Application
Transport
Internet
Link
Incident Response
Preparation
Detection
Response
Mitigation
Reporting
Recovery
Remediation
Lessons Learned
Cyber Kill Chain: Recon
Identify vulnerabilities
Cyber Kill Chain
Recon
Weaponization
Delivery
Exploit
Installation
Command & Control (C&C)
Actions
Cyber Kill Chain: Weaponization
Create Malware
Cyber Kill Chain: Delivery
Transmits weapon
Cyber Kill Chain: Exploit
Exploit vulnerability
Cyber Kill Chain: Installation
Installs persistent access point
Cyber Kill Chain: C&C
Persistent access
Cyber Kill Chain: Actions
Achieve goal, exfiltrate data, ransomware, etc.
IR: Preparation
Developing IR process, team members, etc.
IR: Detection
Triage
Identify an adverse event - an incident - and begin dealing with it.
IR: Response
Triage
IR Team is activated and begin impact assessment.
IR: Mitigation (Containment)
Action/Investigation
Minimize damage or impact from the incident.
IR: Reporting
Action/Investigation
Happens throughout incident response.
IR: Recovery
Recovery
Return to normal
Getting back to business as usual.
Remediation
Recovery
Prevention methods such as implementing fixes and improvements to systems, processes to prevent similar incidents.
IR: Lessons Learned
Recovery
Improve processes and try to prevent future incidents.
Layer / Lattice-based Models
Bell-LaPadula
Biba
Bell-LaPadula
Confidentiality
Simple security property, “no read up”.
Star (*) property, “no write down”.
Strong star property: read and write.
Biba
Integrity
Simple integrity property: “no read down”
Star (*) integrity property: “no write up”
Invocation property: can’t send information to someone that is rated at a higher layer.
Rule-Based Models
Information Flow
Clark-Wilson
Brewer-Nash (Chinese Wall)
Graham-Denning
Harrison-Ruzzo-Ullman
Information Flow Model
Help address unintentional covert channels.
Clark-Wilson Model
Integrity
Rules of Integrity
Well-Formed Transactions: Good, consistent, validated data.
Separation of Duties
Access Triple: Subject | Program | Object
Brewer-Nash (The Chinese Wall) Model
Preventing conflicts of interest.
Graham-Denning
Integrity
Specific rules for allowing subjects to access objects.
ISO 27001
Provides best practice recommendations for a functional security department.
Organizations can be certified against ISO 27001
Harrison-Ruzzo-Ullman Model
Integrity
Adds Generic Rights, rights applied to everyone universally.
ISO 27002
Implementation guidance for ISO 27001
ISO 27001 - Annex A
Where the domains and controls are listed.
Symmetric Cryptography Advantages
Fast/Efficient
Strong
Symmetric Cryptography Disadvantages
Key Distribution
Scalability
No authenticity, integrity, or nonrepudiation
Symmetric Cryptography
Same key has to be at both ends to decrypt and encrypt.
Asymmetric Cryptography
Different keys that decrypt and encrypt at both ends.
DES
Weak
Symmetric
key: 56
Block 64
IDEA
Strong
Key: 128
Block: 64
3DES
Strong
Key: 168=112
Block: 64
Susceptible to meet in the middle attack.
AES
Very Strong
Key: 128, 192, 256
Block: 128
Asymmetric Advantages
Solves key exchange problem
Enables digital signatures and other services, like authenticity (proof of origin), confidentiality, and access control
Solves scalability
Asymmetric Disadvantages
Significantly slower
Requires large key sizes
RSA
Math: Factoring
Ellipitic Curve (ECC)
Math: Discrete logarithm
ECC uses shorter keys than RSA for same level of security.
Diffie-Hellman
Math: Discrete Logs
Only used for Key Exchange.
ElGamal
Asymmetric key encryption algorithm for public-key cryptography which is based on Diffie-Hellman key exchange.
DSA (Digital Signature Algorithm)
Uses a different algorithm for signing and encryption than RSA, yet provides the same level of security. Key generation has two phases.
FTP
Port 20/21
Secure Shell (SSH)
Port 22
SMTP
Port 25
Port 587 is secure via TLS
NTP (Time)
Port 37
DNS
Port 53
TFTP
Port 69
HTTP
Port 80
SNMP
Port 161
SNMP Trap
Port 162
Border Gateway Protocol (BGP)
Port 179
