CISSP DOMAIN 1 Flashcards
git r done
Security and Risk Management
Security terminology and Principles, Protection Control Types, Frameworks, Models, Standards, and best practices, Laws and Crimes, Intellectual Property, Data Breaches, Risk Management, Threat Modeling, Business Continuity, Disaster Recovery, Personnel Security, Security Governance
Two Key Concepts
Security and Risk
AIC Triad
Availability
Integrity
Confidentiality
Security Objectives
Availability
Confidentiality
Integrity
Protect Integrity
Access Controls
Intrusion Detection
Hashing
Availability
Reliability and timely access
Integrity
Assurance of the accuracy and reliability of information systems
Confidentiality
Necessary level of secrecy
Threats to Confidentiality
Network monitoring
Shoulder surfing
stealing password files
breaking encryption schemes
social engineering
How to maintain Confidentiality
Encryption
strict access control
data classification
training personnel
Availability Controls
RAID Clustering Load Balancing Redundant power and data line Colocation and offsite rollback Fail over
Integrity Controls
Hashing
Configuration Management
Change Control, Access Control
Software Digital Signing
Transmission cyclic redundancy check (CRC)
Confidentiality Controls
Encryption for data at rest
Whole Disk Encryption
Encryption for data in transit, (IPSEC, TLS, PPTP, SSH,)
Access Control
Encryption for data in transit
IPec
TLS
SSH,
Types of Access Control
Physical and Technical
Transmission CRC
Cyclic Redundancy Check
Vulnerability
Weakness in a system that allows a threat to compromise security
Threat
Potential Danger that can exploit a vulnerability
Threat agent
Person, Process, or employee
Risk definition
Likelihood of a threat source exploiting a vulnerability
Risk function
Ties vulnerability, threat, and likelihood of exploitation
Exposure
instance of being exposed to losses
Control or Countermeasure
Mitigates potential risk
Control functions
Reduce risk an organization faces
Control types
Administrative
Technical
Physical
Administrative Control Types
Security documentation
risk management
personnel security
training
Technical Controls
(also called logical controls) software or hardware components Firewalls IDS encryption identification authentication mechanisms
Physical controls
Security guards
locks
fencing
lighting
Controls must
Must map to threats
Functionalities of Controls
Preventive detective corrective deterrent recovery compensating
Preventive control
Intended to avoid and incident from occurring
Detective Control
Helps identify an incident’s activity and potentially an intruder
Corrective
Fixes components or systems after an incident
Deterrent
Intended to discourage a potential attacker
Recovery
Intended to bring the environment back to regular operations
Compensating controls
Provide alternative measure of control
Preventive Administrative controls
Policies and procedures Effective hiring practices Pre employment background checks Controlled termination processes data classification and labeling Security awareness
Preventive: Physical controls
Badges swipe cards Guards dogs fences locks man traps
Preventive: Technical
Passwords biometrics smart cards encryption protocols, call-back systems, database views constrained user interfaces Antimalware software access control lists firewalls, intrusion prevention system,
A security program is
A framework made up of many entities;
logical, administrative, and physical
ISO/IEC 27000 series
International standards on how to develop and maintain an ISMS. British standard 7799 (BS7799)
7799
British standard for ISMS, 27000 series is based on this
BS 7799
developing standard to provide guidance on how to design, implement policies,processes and technologies to manage risks
BS7799 Part 1
Outlined control objectives and a range of controls to meet those objectives
BS 7799 Part 2
Baselines for organizations could be certified against
ISO/IEC 27000
Overview and vocabulary
ISO/IEC 27001
ISMS requirements
ISO/IEC 27002
Code of practice for information security management
ISO/IEC 27003
ISMS implementation
ISO/IEC 27004
ISMS measurement
ISO/IEC 27005
Risk management
ISO/IEC 27006
Certification body requirements
ISO/IEC 27007
ISMS auditing
ISO/IEC 27008
Guidance for auditors
ISO/IEC 27011
Telecommunication organizations
ISO/IEC 27014
Information Security governance
ISO/IEC 27015
Financial Sector
ISO/IEC 27031
Business Continuity
ISO/IEC 27032
Cybersecurity
ISO/IEC 27033
Network Security
ISO/IEC 27034
Application Security
ISO/IEC 27035
Incident Management
ISO/IEC 27037
Digital collection and preservation
ISO/IEC 27799
Health organizations
Framework
Guideline on how to build an architecture
When developing an architecture
stakeholders first, Views next,
Security through obscurity
Confusion
A security program is
a framework
Clinger-Cohen Act
Requires IT organizations to improve their IT expenditures
Zachman Architecture Framework 6 elements
Two dimensional model 6 elements;
What, How, Where, Who, When, Why
Zachman goal
look at the same organization from different viewpoints
The Open Group Architecture Framework (TOGAF)
Understand the enterprise from 4 different views Business Data Application Technology Is iterative and cyclic
Defense Architecture Framework (DoDAF
Focuses on Command, Control, Communications, computers, intelligence, surveillance, reconnaissance, and processes
Ministry of Defense Architecture Framework (MODAF)
To get data in the right format to the right people as soon as possible
Sherwood Applied Business Security Architecture (SABSA)
Layered Framework What are you trying to do? Why are you doing it? How are you trying to do it? Who is involved? Where are you doing it? When are you doing it? Strategic alignment
Business Enablement means
The core business processes are integrated into the security operating model
Security Effectiveness
deals with metrics meeting Service level agreements achieving ROI meeting set baselines providing management with a dashboard or balanced scorecard
Difference between enterprise and system architectures
Enterprise is the structure of the organization.
System is the structure of the software and computing components
Control Objectives for Information and related Technologies (COBIT) key principles
- Meeting Stakeholder needs
- Covering the enterprise end to end
3, Applying a single integrated framework - Enabling a wholistic approach
- Separating governance from management
Everything in COBIT is linked to
stakeholders through a series of goals.
At any point, we should be able to ask,
“why are we doing this?”
NIST 800-53
Security and privacy controls for Federal information systems
NIST 800-53 control categories
management
operational
technical
COSO Committee on Sponsoring Organizations
Model for corporate governance
Sarbane-Oxley Act
Sends executives to jail for reporting fraudulent accounting.
ITIL
De facto standard for best practices
Six Sigma
Process improvement
Capability Maturity Model Integration CMMI
Level 0 = Nonexistant Level 1 = Unpredictable Processes Level 2 = Repeatable processes Level 3 = Defined Processes Level 4 = Managed processes Level 5 = Optimized processes
Process Life Cycle
Plan and Organize
Implement
Operate and maintain
Monitor and evaluate
Zombies, Bots, Botnets
Compromised system,
Software installed
Multiple systems
Botnets can
carry out DDOS attacks,
transfer spam
Advanced Persistent Threat
Focused and motivated to penetrate a network
Custom developed for a target.
APT activity
Phishing and zero day attack
Back door
Lateral movement
Data gathering
ex-filtrate
Organization for Economic Co-operation and Development (OECD)
Protection of privacy and trans-border flows of personal data.
Organization for Economic Co-operation and Development
OECD principles
Collection Limitation Principle Data Quality Principle Purpose Specification Principle User limitation principle Openness Principle Individualization Principle Accountability Principle
OECD Collection Limitation Principle
Personal data should be limited, obtained lawfully and fair, with the knowledge of the subject
OECD Data Quality Principle
Personal data should be kept complete and current
OECD Purpose specification Principle
Subjects should be notified of the reason for collection
OECD User limitation Principle
Disclosure only by consent of the subject
OECD Security Safeguard Principle
Reasonable protection of data
OECD Openness Principle
Subjects should be able to easily establish existence and nature of the personal data
OECD Accountability Principle
Organizations accountable for complying with other principles
European Union Principles on Privacy
Addresses using and transmitting private information
EU Data Protection Directive
All states in Europe must abide by prionciples to be in compliance
Safe Harbor
Outlines how US based companies can comply with EU principles
Wassenaar Arrangement
Export comtrols for conventional arms and dual use goods and technologies
Civil Code Law System
Used in continental Europe Different from England's Common law Rule based not precedent based Not civil (tort) Most widespread system in the world
Common Law System
Developed in England
Based on previous judgments
Reflects community’s morals and expectations
Led to creation of lawyers
Criminal Law
Based on common law or statutory law
Addresses behavior considered harmful to society
Punishment is loss of freedom or incarceration
Prosecution beyond a reasonable doubt
Civil (tort)
offshoot of criminal law
defendant owes a legal duty to victim
Civil law types
Intentional Wrongs against property Wrongs against a person Negligence Nuisance Dignitary wrongs Economic wrongs Strict labiliy
Administrative Law
Created by administrative agencies.
Customary Law system
Deals with personal conduct and patterns of behavior
Based on rules of the region
Religious Law system
Covers all aspects of life
Mixed law system
Two or more legal sysstems
Trade Secret
Violation of a resource that provides value
Something that is proprietary and important to survival and profitability
Copyright
Protects the right of a creator of original works to control publication and distribution
Covers categories of work
Includes Computer programs and manuals
People are covered for their lifetime plus 70 years
Trademark
Used to protect a word, name, symbol sound, shape or color
Patent
Given to grant legal ownership to an individual or company to exclude others from using or copying
Good for 20 years from date of approval
Patent is the strongest form of intellectual property protection
Software piracy
when intellectual or creative work of an author is used without permission
Freeware
Publicly available software available free of charge.
Can be copied, studied,modified
Shareware
User can try out software then buy it
Commercial software
Sold commercially
academic software
provided at reduced cost
Personal Identifiable Information
data that can uniquely identify contact, or locate a single person
HIPPA
Framework and guidelines to ensure security, integrity, , and privacy
Health Information Technology and Clinical Health Act (HITECH)
Expands HIPPA
USA Patriot Act
Reduces restrictions on law enforcement agencies
Graham-Leach-Bliley ACT GLBA
Financial Privacy Rule
Safeguards Rule
Pretexting Protection
Personal Information Protection and Electronic Documents Act
Canadian law protects personal information
Payment Card Industry Data Security Standard PCI-DSS
Credit card industry program
12 requirements
Use firewalls, Do not use vendor defaults, Protect stored cardholder data, Encrypt,
Employee privacy
Employee must be aware of monitoring, Monitoring must be work related, Must be explained to employee by policy and constantly reminded, Signed Acceptable Use Policy.
Reasonable Expectation of Privacy
Employees must be informed of monitoring or privacy rights will be violated
Data Breach
The opposite of privacy
Security Policy
Overall general statement by senior management.
Must be technology independent
Regulatory Policy
Detailed and specific industry regulations
Standards
Mandatory activities actions or rules
Baseline
Comparison for future changes
Guidelines
Recommended actions and operational guides
Risk Management
Process of identifying and assessing risk, reducing it to an acceptable level, and ensuring it remains at that level
Risk categories
Physical, Human interaction, Equipment malfunction, Inside/outside attacks, misuse of data, Loss of data, application error
NIST SP 800-39 tiers to risk management
Organizational, Business Process, Information Systems,
NIST 800-39 four components of risk management
Frame Risk
Assess Risk
Respond to Risk
Monitor Risk
Threat Modeling
Process of describing feasible adverse effects on our assets caused by threat sources
Interested in vulnerabilities in our systems that could lead to compromise
Who would want to exploit this vulnerability and why
Determine whether a given threat source has the means to attack
The weakest link in security
People
Social Engineering
Process of getting a person to violate a security procedure or policy
Attack Tree
Vulnerability-threat-attack triad
Risk Assessment
method of identifying vulnerabilities and threats
Risk Analysis
Used to ensure that security is cost effective, relevant, timely, and responsive to threats
Four goals of Risk Analysis
Identify assets
Identify vulnerabilities and threats
Quantify the probability and business impact of the threat and cost of the countermeasure
Risk Analysis provides
a cost/benefit comparison
Business and Security objectives must be
Aligned
Purpose and scope are determined by
Senior Management
Cascading errors
Errors passed on to other processes
Loss potential
What would be lost if a threat agent exploited a vulnerability
Delayed loss
Secondary in nature like reputation, market share, late penalties, civil suits, delayed collection of funds
NIST 800-30
Guide for conducting Risk Assessments
NIST 800 30 Risk Assessment steps
Prepare for the assessment
Conduct the assessment
Communicate results
Maintain assessment
FRAP
Facilitated risk analysis process.
Qualitative methodology
only focused on systems that really need assessing
Used to analyze one system, application, or business process at a time
Operationally Critical Threat, Asset, and vulnerability evaluation (Octave)
Created by Canegie Mellon
Places people who work in the areas in decision making positions
Used to assess all systems
AS/NZS 4360
Focused on the health of a company
ISO 27005
International Standard for risk management ISMS
Failure Mode Effect Analysis (FMEA)
Determines functions, identifies functional failures, and assesses the causes of failure
Frequently used in product development and operational environments
Identifies single point of failure
FMEA Steps
Start with a block diagram
Consider what happens if each block fails
Draw a table with failures paired with effect
Correct the design of the system
Have several engineers review
CRAMM Central computing and telecom Agency Risk Analysis and Management Method
Works in stages
Define objectives
Assess Risks
identify countermeasures
Two approaches to risk analysis
Qualitative and Quantitative
Quantitative Risk Analysis
Assign monetary and numeric values to all elements
Qualitative Analysis
Assigns subjective ratings to risk as in Red, Yellow, and Green
Single Loss Expectancy SLE
Dollar amount assigned to a single event
Asset Value x Exposure Factor =
SLE
Exposure Factor EF
percentage of loss a realized threat could have on an asset
SLE x Annualized Rate of Occurrence =
Annualized Loss Expectancy ALE
Qualitative Risk Analysis
Walk through different scenarios of risk possibilitoes and rank the seriousness of the threats
Qualitative Risk Analysis includes
judgement, best practices, intuition, and experience
To gather qualitative data
Delphi, Brainstorming, story-boarding, focus groups, surveys, questionnaires, checklists, one-on-one meetings, and interviews
Value of a safeguard to the company =
(ALE before implementing a safeguard) - (ALE after a safeguard) - (Annual cost of a safeguard)
Residual Risk =
threats x vulnerability x asset value = total risk (threats x vulnerability x asset value) x controls gap = residual risk
or
Total Risk - countermeasure = residual risk
Risk can be dealt with in 4 ways
Transfer
avoid
reduce
accept
Transfer risk
insurance
Risk avoidance
Discontinue risk behavior
Accepts the Risk
Acknowledge the risk and decides to live with it without countermeasures
SAS 70
an internal controls audit carried out by a third party auditing organization
NIST RMF (SP 800-37r1)
US government system life-cycle approach to Risk management
ISO 31000-2009
Risk management framework
ISACA
Working group of academic and corporate risk professionals
COSO Enterprise Risk Management
Generic. Not IT centric
NIST RMF 800-37 six step process
- Categorize information system
- Select Security controls
3 Implement security controls
4 Assess security controls
5 Authorize information system
6 Monitor security controls
Goal of disaster recovery
Minimize the effects of a disaster or disruption
Continuity planning
provides methods and procedures for dealing with long term outages and disasters
NIST 800-34
Continuity Planning Guide for Federal Information Systems
Steps
- Develop the continuity planning policy statement
- Conduct the business impact analysis
3, Identify preventive controls - Create contingency strategies
5 Develop an information system contingency plan
6 Ensure plan testing, training and exercises
7 Develop plan maintenance
SWOT
Strengths
Weaknesses
Opportunities
Threats
Due Diligence
Doing everything in one’s power to prevent a bad thing from happening by setting appropriate policies researching the threats and incorporating them into a risk management plan
Due Care
Taking precautions that a reasonable and competent person would take.
Prudent man rule
Business Impact Analysis
Functional analysis.
BIA Risk Assessment =
Threat x Impact x Probability + time`
Threats can be
Man made, natural, or technical
BIA Steps
- Select individuals to interview for data gathering
- Create Data gathering techniques (surveys, questionnaires, qualitative and quantitative approaches
- Identify company’s critical functions
- Identify the resources these functions depend upon
- Calculate how long these functions can survive without these resources
- Identify vulnerabilities and threats to functions
- Calculate the risk for each different business function
- Document findings and report to management
Maximum Tolerable Downtime (MTD)
Outage time that can be endured
MTD estimates for each business function and asset
Critical = minutes to hours Urgent = 24 hours Important = 72 hours Normal = 7 days Nonessential = 30 days
Separation of Duties
One individual cannot complete a critical task alone.
Is a preventive administrative control to reduce fraud
Collusion
at least 2 people are working together to cause description or fraud
Two variations of separation of duties
Split knowledge and dual control
Split knowledge
No one has all the details
Dual control
Two people work together
Rotation of duties
administrative detective control
Put in place to uncover fraud
Mandatory vacations
Someone else discovers fraudulent errors or activities
Non Disclosure Agreements
Protect the company and information
Security Awareness
What
Security Training
How
Security Education
Why
ISO/IEC 27004
Used to assess the effectiveness of an ISMS and controls
ISC2 Code of Ethics
Protect society, the common good, necessary public trust and confidence, and the infrastructure
Act honorably, honestly, justly, responsibly and legallly
Provide diligent and competent service to principals
Advance and protect the profession
Internet Architecture Board
Depends on availability and accessibility
IAB unethical and unacceptable behavior
Purposely seeking unauthorized access to internet resources Disrupting the intended use of the internet Wasting resources (people, capacity, and computers) Destroying the integrity of computer based information Compromising the privacy of others Conducting internet wide experiments in a negligent manner
Asset
Includes people, partners, equipment, facilities,reputation, and information
Asset life cycle stages
Acquisition
Use
Archival
Disposal
Data Backup
Copy of data currently in use
Data Archive
Copy of data no longer in use, but kept
Usually removed from its original location
Rationale behind assigning values to data (Classification)
To gauge the amount of funds and resources that should go to protecting the data
Purpose of Data Classification
Indicate the level of Confidentiality, Integrity, Availability
Commercial Classifications
Public
Sensitive
Private
Confidential
Government Classifications
Confidential
Unclassified
Sensitive but unclassified
Secret
Top Secret
Public classification
Disclosure not welcome.
No adverse impact if disclosed
Sensitive Classification
Requires special precautions.
Higher than normal protection
Private Classification
Personal information for company use
Government Classifications
Confidential Unclassified Sensitive but unclassified Secret Top Secret
Always carries the ultimate responsibility for the organization
Senior Management
Has day to day management responsibilities of an organization
CEO
Responsible for a corporation’s accounting and financial activities
CFO
Responsible for strategic use and management of information systems
CIO
Ensuring that customer, company, and employee data are kept safe
Chief Privacy Officer
The amount of control an individual should be able to have and expect
Privacy
Mechanisms that can be put into place to provide
Privacy
Responsible for understanding the risks the company faces and for mitigating risks to an acceptable level
Chief security officer
Member of management who is in charge of a specific business unit. Ultimately responsible for a sub set of information. Decides on data classification.
Data Owner
Responsible for maintaining and protecting data
Data Custodian
Responsible for systems that may hold data owned by different data systems
System owner
Responsible for implementing and maintaining specific network security devices and software in the enterprise. May include creating new accounts implementing new security software and issuing passwords
Security Administrator
User Manager responsible for user actions
Supervisor
Responsible for approving or rejecting requests to change systems
Change control Analyst
Ensures data is stored in a way that makes most sense
Data Analyst
Any individual who routinely uses data for work related tasks
User
Periodically checks that everyone is doing what they are supposed to be doing
Auditor
Data Retention policy should include
What data do we keep
How long do we keep it
Where do we keep the data
Taxonomy
Scheme for classifying data
Classification
Sensitivity will determine controls
Normalization
Tagging schema to keep data searchable
Indexing
Makes data searchable
Electronic Discovery Reference Model (EDRM) steps
- Identification of data = data required by the order
- Preservation
- Collection
- Processing
5 Review - Analysis
- Production
- Presentation
Data Processors
Must understand acceptable use.
Key issues are training and auditing
Data Remanence 4 approaches
Overwriting
Dequassing
Encryption
Physical Destruction
NIST SP 800-88
Guidelines for media sanitation
Data at Rest
Resides in external or auxillary devices like
hard drives
SSDs
optical disks
tape
Data in motion
moving between computer nodes should be encrypted by TLS 1,1 and later, or IPSEC.
Weaknesses are in backward compatibility,
TLS relies on
digital certificates to certify one or both endpoints.
Server uses a certificate. but the client doesn’t
Man in the middle attack
attacker intercepts one way authentication between server and client
Virtual Private Networks
used to provide secure connections between remote users and corporate resources by trusted channels
Data in use
data residing in primary storage devices such as volatile memory. Data in memory is not encrypted
Side channel attack
information leaked by a cryptosystem.
Cryptosystem
Connects 2 channels. A plaintext channel and an encrypted channel
Side channel
by product of a plaintext channel connecting with an encrypted channel
Heartbleed
2014 demonstrated unchecked boundaries could expose information from one process to other processes running on the same system
When media is erased or cleared it is
sanitized
Clearing media is acceptable when
media will be used in the same environment for the same purposes
Media not susceptible to degassing
Optical media, and overwriting may not be effective when dealing with solid state drives
Guiding principle for method and cost of data erasure
Recovery must cost more than the value of the data
Media management tasks
Tracking
Effectively implementing access controls
Tracking the number and location of backup versions
Documenting the history of changes to media
Ensuring environmental conditions do not endanger media
Ensuring media integrity
Inventory the media on a scheduled basis
Carrying out secure disposal activities
Internal and external labeling
Internal and external labeling includes
Date created Retention period Classification level Who created it Date to be destroyed Name and version
Most common cause of breach
Negligence. Lack of awareness and discipline among employees
Data loss
do not know where data is
Data leak
Confidentiality has been comprised
Risk at data life cycles
When data moves from one stage to another
Misuse cases describe
threat actors and tasks they want to perform on a system
Use cases
used by system analysts to document tasks that authorized actors perform on a system
Resiliency
ability to deal with challenges
Network DLP
applies to protection policies to data in motion
Drawback of Network DLP
will not protect data on devices not on the network.
Endpoint DLP
Applies policies to data at rest and data in use
Main drawback of EDLP
complexity
Hybrid DLP
deploy both NDLP and EDLP
A subject is
The active element in a security relationship such as users, programs and computer
A subject acts upon or against
an object
Access control is
Management of the relationship between subjects and objects
Attacks on confidentiality
Capturing network traffic stealing password files social engineering port scanning shoulder surfing eavesdropping sniffing escalation of privileges
Results of human error
oversite ineptitude failing to properly encrypt failing to fully authenticate a remote system accessing malicious sites misrouted faxes documents left on printers
Countermeasures to ensure confidentiality against threats
encryption network traffic padding strict access control rigorous authentication procedures data classification extensive personnel training
Aspects of confidentiality
Sensitivity Discretion Criticality Concealment Secrecy Privacy Seclusion Isolation Integrity
Confidentiality depends on
Integrity
Integrity is
protecting the reliability and correctness of data
Integrity protection
prevents unauthorized alteration of data
Attacks on integrity
viruses logic bombs unauthorized access errors in coding and applications malicious modification intentional replacement system back doors
Countermeasures to ensure integrity against possible threats
strict access control rigorous authentication procedures intrusion detection systems object/data encryption hash total verifications interface restrictions input function checks extensive personnel training
Nonrepudiation
subject who caused an event cannot deny the event occurred
Nonrepudiation can be established using
Digital certificates
session identifiers
transaction logs
transactional and access control mechanisms
Threats to availability
device failure software errors environmental issues DOS attacks object destruction communication disruptions
Countermeasures to ensure availability
Designing systems properly
Effective access control
Monitoring performance and network traffic
Using firewalls and routers to prevent DOS attacks
Redundancy for critical systems
Maintaining and testing backup systems
Eliminate single points of failure
Availability depends on
Both Confidentiality and Integrity
Aspects of availability include
Usability
Accessibility
Timeliness
AAA services
Authentication
Authorization
Accountability or Auditing
Identification
Claiming to be an identity when accessing a secured area or system
Authentication
Proving you are an identity
Authorization
Defining permissions
Auditing
Recording a log of events to check for compliance
Most common form of authentication
password
Types of Authentication
Something you know
Something you have
Something you are
Access control matrix
Compares the subject, the object,
and the intended activity
Authorization models of access control
Discretionary Access Control
Mandatory Access Control
Role Based Access Control
Auditing
Programmatic means by which a subject’s actions are tracked and recorded to hold a subject accountable
Accountability
Security policy can be enforced only if accountability is maintained.
Relies on the capability to prove a subject’s identity and track their activities
Layering
Defense in depth.
Multiple controls in a series
Abstraction
Used for efficiency
Similar elements are put in groups, classes, or roles that are assigned security controls, restrictions or permissions as a collective.
Abstraction simplifies security
by enabling you to assign security controls to a group of objects collected by type or function
Data Hiding
Preventing data from being discovered or accessed by a subject by positioning data in a logical storage compartment that is not seen by the subect
Security governance
Collection of practices related to supporting, defining, and directing security efforts demonstrate a business
Business Case
Demonstrate a business specific need to alter an existing process or business task
Security plans are useless without
Senior Management
3 types of security plans
Strategic
Tactical
Operational
Strategic Plan
Long term plan that is stable.
Defines the organization’s purpose
Helps to understand security functions and align with the organization’s objectives
Useful for about 5 years
Tactical plan
Mid Term plan
More details on the Strategic Plan
Useful for about a year
Prescribes and schedules tasks necessary to accomplish goals
Operational plans
Short term, highly detailed plan based on strategic and tactical plans
Updated often monthly or quarterly
Acquisition and merger risks
Inappropriate information disclosure
data loss
downtime
failure to achieve sufficient return on investment
Divestiture risks
Assets need to be sanitized to prevent data leakage
Storage media removed and destroyed
Employees released should be debriefed
Change control/management involves
planning testing logging auditing monitoring
Goal of change management
ensure any change does not lead to reduced or compromised security
Change management is responsible for
Making it possible to roll back
Change management requirements`
Implement changes in a monitored and orderly manner
Formalized testing
Changed can be reversed
Users are informed
Effects of change are systematically analyzed
Negative impact minimized
Changes reviewed
Data Classification
Determines how much effort, money, and resources are allocated to protect the data and control access to it
Declassification
Required once an asset no longer warrants or needs the protection necessary
Five levels of government/military classification
Top Secret Secret Confidential Sensitive but unclassified Unclassified
Top Secret
unauthorized disclosure of top secret data will have drastic effects and cause grave damage to national security. Top secret data is compartmentalized on a need to know basis
Secret
Data of a restrictive nature. Unauthorized disclosure will have significant effects and cause critical damage to national security
Confidential (government)
Used for data of a sensitive, proprietary, or highly valuable nature
Disclosure would have noticeable effects and cause serious damage to national security
Sensitive but unclassified
For internal use only. Used to protect information that could violate the privacy of individuals
Unclassified
Neither sensitive nor classified
Classified
Used without specifying Sensitive, Confidential, Secret, or top secret.
Commercial Classifications
Confidential
Private
Sensitive
Public
Confidential (commercial)
Highest level of classification
May be called Proprietary
Private
Commercial data private or personal nature
Sensitive
A negative impact could occur if disclosed
Public
All data that does not fit other classifications
Ownership
Formal assignment of responsibility to an individual or group
Security professional
Not decision makers
Data Owner
Responsible for classifying information for placement and protection within the security solution
Delegates to custodian
Data Custodian
Tasked with implementing protection defined by security policy and senior management
Fuzz testing
Provides many different types of inputs to software to stress its limits
STRIDE
Spoofing Tampering Repudiation Information Disclosure Denial of Service Elevation of privilege
PASTA
Process for Attack Simulation and Threat Analysis
Seven Steps of PASTA
Stage 1 Definition of Objectives (DO) for the analysis of risk
Stage 2 Definition of technical scope (DTS)
Stage 3 Application Decomposition and Analysis (ADA)
Stage 4 Threat Analysis (TA)
Stage 5 Weakness and Vulnerability Analysis (WVA)
Stage 6 Attack Modeling and Simulation (AMS)
Stage 7 Risk Analysis and Management (RAM)
DREAD rating system
Damage potential Reproducibility Exploitability Affected Users Discoverability
SOC 1
focuses on a description of security machanisms to assess suitability
SOC 2
audit focuses on implemented security controls in relation to Availability, security, integrity, and confidentiality
NIST 800-122
Guide to protecting Personally Identifiable Information
Health information means any information tha
(A) is created or received by a provider, health authority, employer, life insurer, school or university
(B) Relates to past, present, or future medical or mental health or condition
Proprietary data
Any data that helps an organization maintain a competitive edge
Data classification identifies
The value of the data to the organization
Confidential or proprietory commercial
refers to the highest level of classified data
Goal of managing sensitive data
prevent data breaches
If media classification is to be downgraded,
it must be sanitized
Handling sensitive data starts with
Labeling systems and media
NIST SP 800-88
Guidelines for media sanitation
Best method of sanitizing SSDs
Destruction
Clearing is also known as
Overwriting
Purging
Prepares media for reuse in less secure environments
Media labeled top secret
Will remain top secret until destroyed
Deguassing does not effect
Optical CDs, DVDs, or SSDs
Encryption converts
cleartext data into scrambled ciphertext
Advanced Encryption Standard (AES)
Most popular symmetric algorithym
NIST selected to replace DES
AES supports key sizes of
128, 192, and 256
Triple DES
Developed as possible replacement for DES
First implemented with 56 bit keys
Newer implementations uses 112 bit or 168 bit keys
Triple DES is used by
Master Card, Visa, and Europay standard
These are smart cards that include a chip and require users to enter a pin
Blowfish
Bruce Schneier developed as an alternative to DES
Key sizes 32 to 448 bits
Bcrypt
Used by Linux
Based on blowfish
adds 128 bits as a salt to protect against
rainbow table attacks
Transport encryption methods encrypt
data before it is transmitted
Primary risk of sending data over a network is
a sniffing attack
Almost all HTTPS transmissions use
(TLS ) Transport Layer Security 1.1 as the underlying protocol
Port 443
Secure Sockets Layer (SSL)
was the precurser to TLS
Netscape created SSL
SSL is susceptible to
POODLE attack (Padding Oracle On Downgraded Legacy Encryption.
POODLE
Padding Oracle On Downgraded Oracle Legacy Encryption
Organizations no longer use SSL because of POODLE
VPNs use encryption such as
TLS and IPSEC
IPSEC is often combined with
Layer 2 Tunneling Protocol (L2TP) for VPNs
L2TP transmits in clear text
L2TP/IPSEC encrypts data and sends in tunnel mode
IPSEC includes AH
Authentication Header
Provides Authentication and Integrity
IPSEC includes ESP
Encapsulating Security Payload to provide Confidentiality
IPSEC and Secure Shell (SSH)
Used to protect data in transit on internal networks
SSH, Secure Shell is used by
other protocols Secure Copy (SCP) and Secure File Transfer Protocol (SFTP) to transfer encrypted files over a network
SSH is used by administrators to
Administer remote servers
SSH encrypts all traffic, including passwords
NIST 800-18 Responsibilities for information data owner
Establish rules for appropriate use and protection of data/information
(rules of behavior) =Acceptable use policy
Provides input to information systems owners regarding the security requirements and security controls where the data resides
Decides who has access to the information system and with what types of privileges or access rights
Assists in the identification and assessment of the common security controls where the data resides
Asset owners
person who owns the asset or system that processes sensitive data
- Develops a system security plan in coordination with information owners, system administrator, and functional end users
- Maintains the sytem security plan and ensures the system is deployed and operated according yo agreed upon requirements
- Ensures that system users and support personel receive training and instruction on rules of behavior (AUP)
- Updates system security plan whenever a change occurs
- Assists in the identification, implementation, and assessment of common security controls
Safe harbor replaced by
EU US privacy shield
Privacy shield principles
Notice: must inform individuals about the purpose of retained data
Choice: An organization must offer individuals opportunity to opt out
Accountabiity for onward transfer
Security
Data Integrity and purpose limitation
Access: individuals must have access to the ino
Recourse, Enforcemement, and liability
Pseudonymization
Alias. Replacing data with artificial identifiers
Tokenization
Like pseudonymization
Anonymization
Removes all identifiable information
Data masking
replaces data
Administrators
Responsible for granting rights
Custodian
protect security and integrity of data
Baselines
Establish a minimum
GDPR
General Data Protection Regulation
Architecture
tool used to conceptually understand the structure and behavior of a complex entity through different views
Architecture description
formal description and representation of a system
System architecture
describes the major components of the system and how they interact with each other, the users, and other systems
Development
refers to the entire life cycle of a system.
Including planning, analysis, design, building, testing, deployment, maintenance, and retirement phases.
System
Can be an individual computer, application, a set of sub systems, a set of computers, or a set of networks
ISO/IEC/IEEE 42010
System and software engineering–Architecture description
Goal is to internationally standardize how system architecture takes place so developers aren’t just winging it.
42010 shared vocabulary
Architecture is fundamental organization of a system
Architecture description documents to formalize architecture
Stakeholder is an individual or team with interests in, or concerns related to, a system
View is representation of a whole system from the perspective of concerns
Viewpoint is template from which to develop views
Stakeholder
Individual, team, or organization with interests or concerns in a system
View
Representation of a whole system from the perspective of a related set of concerns
Central Processing unit
the brain of the computer
fetches instructions from memory and executes them,
contains millions of transisters
contains registers that point to memory locations
Register
is a temporary storage location
execution of instructions is done by the
Arithmetic logic unit (ALU)
Arithmetic logic unit is
the brain of the CPU and the cpu is the brain of the computer
Control unit
Manages and synchronizes the system
Control unit is the component that fetches code, interprets code, and oversees the execution of different instruction sets
Control unit does not actually process data
It directs
Multitasking in reality
is executing instructions serially, one at a time
General registers are used
to hold variables and temporary results as the ALU works through its execution steps
General registers are the ALUs scratch pad
Program counter register
contains the memory address of the next instruction to be fetched
Program Status Word (PSW)
hold different condition bits
one bit indicates whether the CPU should be working in user mode (problem state) or privileged mode (also called kernal or supervisor mode
Symmetric mode
work is handed to processors as needed
load balancing
Assynchronous mode
when a processor is dedicated
Dynamic RAM
Must be continuously refreshed
DRAM is ___________ than static RAM
Slower
Static RAM does not require
continuous refreshing
rical to system performance
Memory type and amount
Memory addressing
Bus speeds
Synchronous DRAM (SDRAM)
Synchronizes itself with the system’s CPU
Coordinates activities with the CPU clock
Increases speed of transmitting and executing data.
Extended Data Out DRAM (EDO DRAM)
Faster than DRAM because DRAM can only access Cone block of data at a time.
It is a “look ahead” feature that speeds the process
Burst EDO DRAM (BEDO DRAM)
Can send more data at once
Double Data Rate SDRAM (DDR SDRAM)
Caries out read operations on the rising and falling of clock pulse
Hardware segmentation
Systems of a high trust level may need to segment memory physically instead of just logically
Read only Memory
Nonvolatile memory
When power is turned off, data is still held within memory chips.
Data cannot be altered
Software stored in ROM is firmware
Erasable Programmable Read Only Memory (EPROM)
Can be erased, modified, and upgraded.
Holds data that can be electrically erased or written to
UV light device requires to erase
Electrically Erasible Programmable Read Only Memory
EEPROM
Can be erased electronically
Flash memory
used in digital cameras, bios chips, memory cards, and video game consoles.
Cache Memory
Used for high-speed writing and reading activities.
Can be accessed more quickly than data in other types
Types of cache
L1 is fastest.. L2 is slower, L3 is slowest
CPU accesses memory
Dire
has physical wires connected to memory chips within the computer
Uses physical addresses instead of pointers (logical addresses)
Physical Addresses
Used by CPU
Not by software
Software addressing is
Logical pointed to memory addresses
Accessing memory indirectly provides an access control layer
When a program attempts to access memory
its access rights are verified
Absolute Addresses
The physical memory addresses used by the CPU
Logical Addresses
used by software
Relative addresses are
based on a known address with an offset value applied
Buffer oveflow
takes place when too much data is accepted as input to a specific process
Buffer
a small bucket.
When the bucket overflows, data goes into other bucke
Buffer overflow causes
Not validating user’s input
make a function call
We use an insecure function (strcopy)
Data Execution Prevention
Implemented via hardware or software (operating system)
Helps ensure that executable code does not function in dangerous memory segments
Two countermeasures against memory leaks
1 Developing better code
2 Garbage collector used to identify unused committed memory
Address Space Layout Randomization
Memory segmentation
Changes memory addresses constantly
Multoprogramming
More than one program, or process, can be loaded into memory
Only means that more than one application can be loaded into memory at one time
Multiprogramming was replaced by multitasking
Multiprogramming is a legacy term
Multitasking
More than one application can be in memory at th same time. Operating systems can deal with different applications simultaneously
Operating systems started out
cooperative and then evolved into preemptive multitasking
Cooperative multitasking and preemptive multitasking
Cooperative used by Windows 3.1. Preemptive used by Win 95
Process States
Running state CPU executing instruction and data
Ready state Waiting to send application data to the CPU
Blocked state waiting for user input
Process table
Kept by operating system which has one entry for each processes stat, stack pointer, memory allocation,program counter, and status of open files
How a process knows it can communicate with the CPU
Interupts
Categories of interupts
maskable interupt is not important
unmaskable can never be over ridden
Software deadlock
2 processes in the same interupt
Process Isolation methods
Encapsulation of objects
Time multiplexing of shared resources
Naming distinctions
Virtual memory mapping
When a process is encapsulated
no other process understands or interacts with its code
Encapsulation provides
data hiding
Time multiplexing
Resource sharing
Goals of memory management
- Provide abstraction level for programmers
- Maximize performance with limited amount of memory available
- Protect the operating system and applications loaded into memory
Abstraction means
the details of something are hidden
Memory hierarchy
Small amounts of memory very fast and expensive (registers and cache)
Larger amounts of memory are slower and less expensive (RAM, hard drive)
Memory Manager responsibilities
Relocation Swap contents from RAM to the hard drive as needed Provide pointers for applications Protection Sharing Logical organization Physical organization
Virtual memory
When RAM and secondary storage are combined
Monolithic architecture
all of the operating systems work in kernal mode
Layered Operating system architecture
separates system functionality into hierarchical layers
trusted shell
someone working in a shell cannot bust out of it
Security Perimeter
a boundary that divides the trusted from the untrusted
Reference Monitor
An abstract machine that mediates all access subjects have to objects
Security Kernal
Made up of software, hardware, and firmware that fall within the TCB and implements and enforces the reference monitor
A security policy
outlines goals without regard to how they will be accomplished
A security model
is a framework that gives the policy form and solves security access problems for particular situations
Bell Lapadula Model
enforces confidentiality aspects of access control
was the first mathematical model of a multilevel security policy
called a multilevel security system because users with difference clearances use the system, and the systems processes data at different classification levels
Bell LaPadula model was developed to make sure
secrets stay secret
Provides and addresses confidentiality only
Bell LaPadula Simple Security rule
subject at a given security level cannot read data that resides at a higher security level
No read up
Bell LaPadula * property rule states that a
subject in a given security level cannot write information to a lower level.of the data within the system
No write down
Biba Model
addresses the integrity
Not concerned with security levels and confidentiality
Prevents data at any integrity level from flowing to a higher integrity level
Biba star integrity axiom
Subject cannot write data to a higher integrity level
No write up
Biba Simple integrity axiom
Subject cannot read data from a lower integrity level
No read down
Biba Invocation property
Subject cannot request service (invoke) at a higher integrity level
Information flow models are most concerned about
data flows
In Bell LaPadula and Biba simple means
Reading
In Bell LaPadula and Biba Star is about
Writing
Clark Wilson Model
developed after Biba
Protects the integrity of information
Elements of Clark Wilson
Users: Active agents
Transformational Procedures (TPs) Programmed abstract operations, such as read, write and modify
Constrained data items (CDIs) Con be manipulated only by TPs
Unconstrained data items (UDIs) Can be manipulated by users via primitive read and write operations
Integrity verification procedures (IVPs) Check the consistency of CDIs with external reality
Distinctive features of Clark Wilson focuses on
Well formed transactions and separation of duties
Clark Wilson well formed transactions
series of operations that transform a data item from one consistent state to another
Clark Wilson model Contrained data item
separates data into one subset that requires a high level of protection and one level that does not require a high level of protection
The unconstrained data item. UDI
Users cannot directly modify CDI
Non interference model
Multi level security model
Covert channel
a way for an entity to receive information in an unauthorized manner.
2 types of covert channels
storage and timing
Covert storage channel
processes are able to communicate through some type of storage space on the system
Covert timing channel
one process related information to another by modulating system resources
Brewer and Nash model
also called the Chinese wall
subject can write to an object if, and only if, the subject cannot read another object that is in a different dataset.
access controls can change dynamically depending on previous actions
Goal of Brewer Nash Chinese Wall model
protect against conflicts of interest
Graham=Deming Model
defines a set of basic rights in terms of commands that a specific a subject can execute on and object
Graham Deming functionalities
How to securely create an object
How to securely create a subject
How to securely delete a subject
How to securely provide read access rights
How to securely provide the grant access rights
How to securely provide transfer access rights
Harrison-Ruzzo-Ullman Model
Shows how a finite set of procedures can b e available to edit the access rights of a subject
Common Criteria
A framework where users specify their security requirements and vendors make claims about how they satisfy those requirements and independent labs can verify those claims
Common Criteria 7 assurance levels
EAL 1 Functionally tested
EAL 2 Structurally tested
EAL 3 Methodically tested and checked
EAL 4 Methodically designed, tested, and reviewed
EAL 5 Semi formally verified design and tested
EAL 6 Semiformally verified design and tested
EAL 7 Formally verified design and tested
ISO/IEC 15408
is the international standard that is used as the basis for the evaluation of security properties of products
ISO/IEC 15408 1 Introduction and general model
2 Security functional requirements
3 Security assurance components
Certification
technical evaluation of the security components and compliance for the purpose of accreditation
Purpose is to ensure a system, product, or network is right for customer’s purpose
Accreditation
formal acceptance of the adequacy of a systems overall security and functionality by management
Certification information is presented to management for review and decisions.
Certification is technical review
Accreditation is management review
Open vs closed systems
developed to integrate easily with other systems = open
Closed is proprietary
Distributed system
is one in which multiple computers work together to do something.
Cloud computing
the user of shared, remote computing devices for the purpose of providing improved efficiencies
Software As A Service
user is allowed to use a specific application that executes in the provider’s environment
Platform as a service
user gets access to a computing platform that is typically built on a server operating system
Service provider is normally responsible for configuring and securing the platform
Infrastructure as a service
full, unfettered access and responsibility
Service provider has no responsibility
Parrallel Computing is
simultaneous use of multiple computers to solve a specific task by dividing it among the available computers
Aggregation
act of combining information from separate sources
Inference
the intended result of aggregation
Content dependent access control
based on the sensitivity of data. The smaller the subset of individuals who can gain access
Context dependent access control
software understands what actions should be allowed
Common attempts to prevent inference
cell suppression
partitioning the database
noise
perturbation
Cell suppression
hide specific cells
Partitioning
dividing the database into different parts
Noise and perturbation
technique of inserting bogus information
Industrial Control Systems (ICS)
information technology that is specifically designed to control physical devices in industrial processes
Maintaining efficiency is key
Programmable Logic Controllers (PLC)
designed to control electro mechanical processes such
as assembly lines, elevators, roller coasters, and nuclear centrifuges
Distributed Control System (DCS)
network of control devices within fairly close proximity
Supervisory Control and Data Acquisition (SCADA)
Developed to control large scale physical processing involving nodes separated by significant distances
Maintenance hooks
back door
Time of Check/ time of user TOC
deals with the sequence of steps a systems uses to complete a task
Known as an asynchronous attack
Race condition
When processes get out of sequence
Substitution cipher
each character is replaced with another character
polyalphabetic substitution cipher
uses multiple alphabets
Cipher is another term for
algorithm
Scytale cipher
Spartans encrypted using a sheet of papyrus wrapped around a staff
Vgenere table or algorithm
27 shift alphabets
Plaintext and ciphertext
Plaintext is readable encrypted text is ciphertext
Enigma machine
German box with rotors
Lucifer
developed by IBM
introduced complex mathematical equations and functions to establish DES
Cryptoanalysis
science of studying and breaking the secrecy of encryption processes, compromising authentication schemes, and reverse engineering algorithms and keys
Cryptosystem
system or product that provides encryption
A cryptosystem is made up of
Software
Protocols
Algorithms
Keys
Kerchkhoffs Principle
Only secret in a cryptographic system would be the key
Strength of encryption comes from
the algorithm the secrecy of the key length of the key initialization vectors and how the all work together
Strength of an encryption method correlates
with the amount of necessary processing power, resources, and time required to break it
Goal in designing an encryption method
is to make compromising it too expensive or time consuming. aka work factor
Services of cryptosystems
Confidentiality Integrity Authentication Authorization Nonrepudiation
One time pad
perfect encryption scheme
by Gilbert Vernam = the Vernam cipher
Uses exclusive OR
XOR
If both values are the same the result is 0
If different, XOR is 1
One time pad requirements
Pad must be used only one time
Pad must be as long as the message
pad much be securely distributed and protected at its distribution
Pad must be made up of truly random values
A number generator is used to create random values
by seeding an initial value Initialization vector
Running key cipher
non electronic algorithm.
could be a set of books
Concealment cipher
a message within a cipher
null cipher steganography
Steganography
method of hiding data in another media type
Transposition Ciphers
values are scrambled
Symmetric Cryptography
two instances of the same key for encryption and decryption
also called secret keys
Symmetric equation
N(N-1) /2
Symmetric strengths
Much faster than asymmetric systems
Hard to break if using a large key size
Symmetric weaknesses
Requires a secure mechani
Each pair of users needs a unique key
Symmetric Encryption provides
Confidentiality but not authenticity or non-repudiation
List of symmetric algorithms
Data Encryption Standard (DES) Triple DES (3 DES) Blowfish International Data Encryption Algorithm RC4, RC5, RC6
Secure Message format
If confidentiality is the most important to a sender, encrypt with receiver’s public key
Open Message Format
If authentication is the most important security for the sender, use sender’s private key
As symmetric encryption provides
authentication and non-repudiation
Public Key Cryptography is
Public Key Cryptography
Strengths of Public Key Asymmetric
Better key distribution than symmetric systems
Better scalability than symmetric systems
Can provide authentication and non-repudiation
Weaknesses of Public Key Asymmetric Cryptography
Works much more slowly than symmetric systems
Mathematically intensive tasks
Examples of Asymmetric Algorithms
Rivest- Shamir-Adleman (RSA) Elliptic Curve Cryptosystem (ECC) Diffie Hellman El Gamal Digital Signature Algorithm (DSA)
Strong ciphers attributes
Confusion and diffusion
Confusion is substitution
Diffusion is transposition
Strong ciphers attributes
Confusion and diffusion
Confusion is substitution
Diffusion is transposition
Diffusion takes place
when bits of a block are scrambled
Avalanche Effect
A small change completely changes the cipher
Block Algorithms use 4 bit blocks called
S Boxes with lookup tables
S Boxes
Used in symmetric algorithms to scramble and substitute plaintext into ciphers
Stream ciphers
treats the message as a stream of bits and performs mathematical functions on each bit
Stream ciphers use
keystream generators that produce a stream of bits that are XORed with plaintext to make a cipher
Stream Ciphers vs one time pads
provide same protection
Initialization vectors
Random values to prohibit patterns in encryption
Hybrid Encryption
Asymmetric key is used to encypt symmetric key that encrypts the message
Sesion key is
a single use symmetric key
Data Encryption Standard
Key size of 64 bits with 8 bits of parity so 56 bit
DEA is the algorithm
that fulfills DES
DES Modes
Electronic Code Book (ECB) Cipher Block Chaining ((CBC) Cipher FeedBack (CFB) Output Feedback (OF) Counter (CTR)
DES Electronic Codebook (ECB)
64 bit data block with a key and a block of ciphertext
ECB incorporates padding
Code book provides substitutions and permutations
DES Cipher Block Chaining (CBC)
A block of plain text and a key will always give the same cipher text
Does not reveal patterns because each block is based on the previous
DES CipherFeedback Mode (CF)
Shorter streams
DES Output feedback Mode (OFM)
Block cipher that emulates a stream
DES Counter Mode (CTR)
Nothing is chained
Triple DES
Quick fix for DES
48 rounds in its computation
Advanced Encryption Standard
Symmetric block cipher key sizes of 128, 192, 256
Finalists to replace DES
MARS By IBM team that created lucifer RC6 Developed by RSA Laboratories Serpent Two Fish Rijndael
Rijndael supports
128, 192, 256 keys
International Data Encryption Algorithm
64 bit block divided into 16 smaller blocks
Blowfish
Block cipher
key size from 32 up to 448 bits and 16 rounds of functions
RC 4
Most commonly implemented stream ciphers
Used in SSL
Asymmetric Diffie Hellman
Secure key transfer
Uses digital signatures
RSA is an asymmetric
Most popular public key algorithm
Factors large numbers by using prime numbers
One way function
El Gamal
public key algorithm can be used for digital signatures
Elliptic curve Cryptosystems
Like RSA digital signatures, secure key distribution, and encryption
Very efficient. Used in devices with limited processing capacity, storage, power supply, and bandwidth.
Knapsack
Developed by Merkle-Helman
Discovered to be insecure
Zero Knowledge Proof
Only the owner of a private key can prove possession
One Way Hash
Takes a variable length string and produces a fixed length value
Hash is not secret.
Takes place without the use of keys
Message Authenticaiton Code
authentication scheme derived by applying a secret key to a message in some f
3 types of Message Authentication Code (MAC))
Hash MAC (HMAC) CBC-MAC, and CMACA
Hash MAC
Symmetric key is concatenated with the message
CBC MAC
Cipher Block Chaining Message Authentication Code
Message is encrypted with symmetric block cipher
Weakest form of authentication because it is not bound to a user, just to a computer or device
SHA
used with the Digital Signature Standard
SHA produces a 160 bit hash value or Message Digest
Birthday Attack
against a one-way hash
Collision
When 2 different messages produce the same hash.
Digital Signature
is a hash value with a private key,
Security Services of Cryptology
A message encrypted provides confidentiality
A message hashed provides integrity
A message digitally signed provides Authentication, nonrepudiation and integrity
A message encrypted and digitally signed provides confidentiality with authentication, nonrepudiation, and integrity
Certificate Authority
Used in digital signatures
CRL Certificate Revocation List
Mechanism for the CA to check on a certificate
Online certificate status protocol OCSP
Replaces the CRL
Key Management
most challenging part of cryptography
Passive attacks
Eavesdropping and sniffing data as it passes over a network
Because it does not affect the protocol, algorithm, key, or message
Active attacks
Altering messages, modifying system files, and masquerading as another individual or acts.
Common attack vectors in cryptography
Key Algorithm implementation data People
Ciphertext Only Attacks
Attacker has 2 ciphertext messages
Each has been encrypted with same algorithm
Attacker gets the key to one
Known plaintext Attacks
Attacker has plaintext message and ciphertext
Goal is to discover the key
Chosen Plain Text attacks
attacker has plaintext and cipher text. Can choose plaintext and compare ciphertext.
Chosen cipher text attacks
attacker can choose ciphertext and has access to the resulting decrypted plaintext. Goal is to figure out the key
Attacker may need control of the system
Differential cryptanaysis
Takes 2 messages of plaintext and follows the changes as blocks go thought the different S boxes
Private vs Public algorithms
Public is better
government uses private
Linear Cryptoanalysis
functions to identify the highest probability of a specific key
Side channel attacks
Reverse engineering to uncover a key or data
Replay attacks
Captures data and resubmits it.
Timestamps and sequence numbers are 2 countermeasures
Algebraic Attacks
Analyze vulnerabilities in math used in an algorithm
Analytic attacks
identify algorithm structural weaknesses or flaws
Statistical Attacks
identify statistical weaknesses in algorithm design
Social Engineering Attacks
Trick people into providing cryptographic key or divulging sensitive information
Meet in the middle attacks
break a math problem from both ends
Physical threats
Natural environmental threats Supply system threats Manmade threats Politically motivated threats Protecting human life is always first
Layered defense models
Physical controls should work together in a tiered architecture
Vulnerability is
a weakness
Threat is
the potential someone will identify the weakness and use it
Threat agent
person or mechanism that exploits the vulnerability
Steps before a physical security program can be rolled out
1 Identify a team
2 Define the scope
3 Carry out risk analysis to identify vulnerabilities and threats
4 Identify legal and regulatory requirements
5 Work with management to define an acceptable risk level
6. Derive required performance baselines
7. create countermeasure and performance metrics
develop criteria
8 Develop criteria from results
9 identify and implement countermeasures
10 Continuously evaluate countermeasures
Categories of physical security
Deterrence Delaying Detection Assessment Response
(CPTED)
Crime prevention through Environmental Design
Design of a physical environment to reduce crime by affecting human behavior
Target hardening
focuses on denying access
Natural Access Control
Bollards, lights,
Online or standby USP
Active vs backup
A fire needs
Fuel
Oxygen
high temperatures
Fire classes
A common combustibles Wood paper, laminents water foam
B Liquid Petroleum and coolants
Gas Co2, foam, dry powders
C Electrical Electrical and wires
Gas, Co2, powders
D combustible metals
Magnesium, sodium, potassium Dry powder
Montreal Protocol
Banned Halon in 1987
Most effective replacement for halon
FM 200
Plenum areas
open space in ceilings, walls and floors
Sprinkler types
Wet pipe
Dry pipe
Preaction
Deluge
Caesar Cipher
uses a shift of the alphabet
Caesar Cipher is vulnerable to
Frequency analysis
4 cryptographic goals
Confidentiality
Integrity
Authentication
nonrepudiation
Keyspace
Range of values that are valid for use as a key for a specific algorithm
Keyspace is defined by
bit size
Kerckhoff’s principle
Cryptography system should be secure if everything about the system is known but the key
Nonce
Initialization Vector
Work funciton
How to measure the strength of a cryptography system
Work factor should exceed the value of the data
Cryptography should be cost effective
Code vs ciphers
code is communication
Ciphers should not
Transposition ciphers
Rearranges letters of a plaintext message
Substitution Ciphers
Algorithm to replace each character or bit of a plaintext message
Polyalphabetic substitution ciphers
Use multiple alphabets in the same message
Vigenere Cipher
Vigener Cipher
Uses a single encryption/decryption chart
One Time pads
uses a different substitution cipher for each letter of the plaintext message
Also known as Vernam ciphers
They are an unbreakable encryption scheme
One time pad is as long as the message itself
Pad must be used only once
Vernam ciphers
One time pads
Running Key Ciphers
Often chosen from a book
Block Ciphers
operate on chunks or blocks
Transposition ciphers are examples
Stream Ciphers
operate one character bit at a time
Ceaser Cipher is an example
One time pad is a stream cipher
two basic operations to obscure plaintext messages in Cryptpgraphy
Confusion and Diffusion
Confusion in Cryptography
Relationship between plaintext and key is so complicated that cryptoanalysis won’t work
Diffusion in Cryptography
change in plaintext results in multiple changes throughout the cipher text
Shared Secret key
Symmetric encryption
aka secret key or private key
Symmetric key weaknesses
Key distribution problem
Symmetric key does not cover non repudiation
Not scalable
Keys must be regenerated often
Symmetric encryption strength
very fast
Asymmetric key algorithms
aka public key algorithms
Each user has 2 keys Public and private
Provide support for digital signatures
Hashing algorithms
digital signature capability when used with a message digest
Message digest
summaries of a message’s content
Hashing collisions
2 messages create the same hash
Common Symmetric cryptosystems
Data Encryption Standard DES
Triple DES
International Data Encryption Algorithm IDEA
Blowfish
Skipjack
Advanced Encryption Standard AES
Data Encryption Standard DES
No longer secure
Superceded by AES
64 bit block
DES key is 56 bits long
DES 5 modes
Electronic Code Book ECB
Cipher Block Chaining CBC
Cipher Feedback CF
output feedback OFB
Counter CTR
Triple DES
Uses the same DES algorithm 3 times
Effective key length of 168 bits for DES EDE3
DES EEE2 uses 112 bits
DES EDE2 uses 112 bits
International Data Encryption algorithm IDEA
64 bit blocks begins operation on the 128 bit key 52 16 bit keys Uses same 5 modes used by DES ECB CBC CFB OFB CT
Blowfish
Bruce Schneiers alternate DES and IDEA
64 blocks of text
Variable length keys ranging from 32 bits to 448 bits
Skipjack
Approved for use by US government in FIPS
64 bit blocks
80 bit key
Supports key escrow
Rivest Cipher 5 RC 5
Symmetric algorithm patented by Rivest Shamir Adelman RSA
Variable block sizes of 32 64, 128
Subject to brute force cracking attempts
AES Advanced Encryption Standard
Rijndael block cipher chosen to replace DES
In 2001 NIST FIPS mandated AES for all sensitive but unclassified data
AES Key strengths
128
192
256
allows processing of 128 bit blocks
Two Fish
Developed by Bruce Schneier was a finalist
Prewhitening and postwhitening
Diffie Hellman
Message is encrypted with symmeric for speed
Key is encrypted with asymmetric
2 approaches to key escrow
Fair cryptosystems keys are divided in 2 or more pieces
Escrowed Encryption Standard provides government with a means to decrypt.
Basis of skipjack
Temporal Isolation
Restrict access to specific time periods
Incident Response Team should include
Senior Manager Network Admin Security Programmer Public Relations
MAU
Multi Station Access Unit
Central hub in a token ring