CISSP (Domain 7 - Operations Security) Flashcards
Operational Assurance
Achieved by performing daily tasks and evaluating their effectiveness through testing
4 Steps to Operational Assurance
PI/PE/AH/TR
- Protect Information
+CIA
+Balance (Functional Vs. Secure)
+Enforce Compliance - Privileged Entities (Administrators)
- Control Access to Hardware
+Logical
+Physical - Trusted Recovery
+Bring up security controls first
10 Administrative Controls
DC/DD/SD/JR/MV/NK/LP/AL/SC/HF
- Due Care
- Due Diligence
- Separation of duties
- Job rotation
- Mandatory vacations
- Need-to-know
- Least privilege
- Invokes authorization levels
- Management software configuration
- Personnel hiring and firing
Service Level Agreement (SLA)
The unit of time a vendor will repair a faulty product
Mean Time Between Failure (MTBF)
- Expected lifetime of component
- Used to calculate risk of utility failure
Mean Time To Repair (MTTR)
Amount of time to get device back into production
Redundant Array of Inexpensive Disks (RAID)
Technology used for redundancy and performance improvement
RAID Levels
- *Level 0: Striping, written to all drives, no fault tolerance, high performance
- *Level 1: Mirroring
- Level 2: Data striping over all drives at the bit level
- Level 3 Byte level parity
- Level 4: Byte level parity
- *Level 5: Interleave parity - data and parity over all disks
2 Advantages of RAID 5
- If one drive fails you still have access to all the data, reconstruction can occur on new drive
- New drive will be rebuilt with parity data (Based on XOR
4 Backup Types
- Full backup
- Incremental backup
- Differential backup
- Copy backup
Full Backup
- Archive Bit is reset after backup (all bits)
Incremental Backup
- Backs up files that have been modified since last backup
- Archive bit is reset (takes 1 and set to 0)
Differential Backup
- Backs up files that have been modified since last full backup
- Archive bit is not reset (makes copies of archive bit)
Copy Backup
- Archive bit is not reset
- Use before upgrades/system maintenance
Network-Based IDS
- Monitors traffic on a network segment
- Computer or network device with NIC in promiscuous mode
- Sensors communication with central management console
Host-base IDS
- Small agent program that resides on individual computers
- Detects suspicious activity on one system, not network segment
3 IDS Components with Examples
S/AE/MC
- Sensors: Collect raw data and reports data
- Analysis engine: Analyzes for malicious software, reports
- Management console: Alerted about intrusion
Signature Based IDS
Contains a database of signatures that continually have to be updated. Cant identify new attacks
Behavior Based IDS
Maintains a profile of normal behavior for a better defense against new attacks. Creates many false positives
Pattern Matching (Analysis Engine Method) (RB/SB/KB)
- Rule-based intrusion detection
- Signature-based intrusion detection
- Knowledge-based intrusion detection
Profile Comparison (Analysis Engine Method) (SB/AB/BB)
- Statistically-based intrusion detection
- Anomaly-based intrusion detection
- Behavior-based intrusion detection
5 IDS Response Options
- Page or e-mail administrator
- Log event
- Send reset packets to the attacker’s connections
- Change a firewall or router ACL to block an IP address or range
- Reconfigure router or firewall to block protocol being used for attack
5 IDS Issues
- May not be able to process all packets on large networks (missing packets)
- Cant analyze encrypted data
- Switch-based networks make it harder to pick up traffic
- A lot of false alarms
- Not an answer to all security issues
Honeypot
Loophole added to system on purpose to trap intruders
3 Basic Requirements to Penetration Testing
- Defined goal, clearly documented
- Limited timeline outlined
- Approved by senior management
Purpose of configuration management
Identifying, controlling, accounting for and auditing changes made to the baseline TCB
