Domain 3 Flashcards
Security Design
Security must be incorporated and addressed from the initial planning and design phases through disposal of the system.
- Without proper attention to security , an organization’s information technology can become a source of significant risk
- With careful planning from the earliest stages, however, security becomes an enabler to achieve the organizations mission.
NIST SP 800-160
System Security Engineering: Considerations for a Multidisciplinary approach in the engineering of Trustworthy Secure Systems.
SP 800-16 addresses the engineering-driven actions necessary to develop more defensible and survivable systems - including the components that compose and the services that depend on those systems.
DevOps
The DevOps development methodology is built on the premise that collaboration between developers and the operations team is essential.
Secure DevOps
Instead of security operating as a isolated discipline, Secure DevOps aims to integrate security into the development processes from inception.
- The Secure DevOps approach enables developers to learn more about how that they are developing and can be exploited.
- Secure DevOps proactively focused on survivability by providing reliable software with reduced attach surface.
Business Alignment
Business Alignment mandates that secure design principles are supported thorough the entire organization and incorporates various viewpoints.
Business Alignment Framework
- Zachman Framework
- Sherwood Applied Business Security Architecture.
Zachman Framework
The Zachman Framework provides a context for understanding a complex environment by intersecting views and viewpoints.
- Views: What, how, where, who, and when.
- Viewpoints: developer, systems, engineer, security, officer, application administrator, and end user.
Sherwood Applied Business Security Architecture. (SABSA)
The Sherwood Applied Business Security Architecture. (SABSA) provides a context for understanding a complex environment by intersecting views and life-cycle layers.
- Views: What, why, how, where, who, and when.
- Life-cycle Layers: Contextual, conceptual, logical, physical, component, and operational.
Information Security Models
Information Security Models focus on interactions and provide structure and rules to be followed to accomplish a specific objective (e.g. confidentiality, integrity, and availability)
Foundational Information Security Models
Foundational (lower level) model include State Machine, Non Inference, and Information Flow.
Relationship Information Security Models
Relationship (higher level) models include Bell-LaPadula, Biba, Clark -Wilson, Harrison-Ruzzo Ullman (HRU) and Brewer Nash.
Relationship security models address the interaction between subjects and objects.
State Machine Model
Conceptual model that ensures no matter what activity is taking place within a system, it is always trustworthy/
Non-inference model (multilevel)
Whatever happens at one security level does not directly or indirectly affect the security environment of other levels.
Information Flow model (multilevel)
Information will flow only in ways that do not violate the security policy of the system.
Subjects
Subjects are active entities, generally in the form of a person, process, or device that causes information to flow among objects or changes the system state.
Objects
Objects are passive entities that contain or receive information or instructions
Bell-Lapadula
The goal the Bell-Lapadula model is confidentiality.
- Simple (read) confidentiality rule: A subject cannot read data at a higher security level (no read up) as secrets may be revealed to them.
- Star {*} (write) confidentiality rule. A subject cannot write information to a lower security level (no write down) as secrets may be revealed to others.
Biba
The goal of the Biba model is integrity.
- Simple (read) integrity rule: A subject cannot read data at a lower security level (no read down) as they might be misled.
- Star [*] (write) integrity rule: A subject cannot write information to a higher security level (no write up) as they might mislead others.
Clark-Wilson
The goal of the Clark-Wilson model is data integrity.
- Prevent unauthorized users from making modifications.
- Prevent authorized users from making improper modifications.
- Maintain internal and external consistency.
Clark-Wilson (Access Triple)
The Clark-Wilson users a three-part relationship (subject/program/object) known as access control triple.
Well formed transactions ensure that a user cannot alter data arbitrarily. Instead, data can be altered only in a specified way in order to preserve its internal consistency (access triple).
- Users cannot access and manipulate objects directly but must access information through a program.
Harrison-Ruzzo-Ullman Model (HRU)
The goal of Harrison-Ruzzo-Ullman Model (HRU) is integrity.
- A finite set of operations can be performed on an object to ensure integrity.
- Enforced by access permissions.
Brewer-Nash (Chinese Wall)
Brewer-Nash is a context-oriented commercial model designed to defend against conflict of interest.
- Access controls change dynamically depending upon a user’s previous actions.
Trusted System
A Trusted System has undergone sufficient benchmark testing, verification, and validation (by an independent third party) to ensure that the product meets the user requirements.
Functionality
Functionality is verification that a security control exists and that it works correctly at least once.
Assurance
Assurance is a degree of confidence that the system will act in a correct and predictable manner in every computing situation (trustworthy computing)
Security Evaluation Objectives
A security evaluation process assesses products against defined security requirements in a consistent and repeatable manner. Third-party labs rely on standard evaluation criteria.
TCSEC
Developed in 1983, Trusted Computing System Evaluation Criteria (TCSEC) was used to evaluate, classify, and select systems for the DoD based upon confidentiality requirements, Superseded by the Common Criteria.
Original publication as the “Orange Book”. Expanded to 20+ books known as the rainbow series.
ITSEC
Developed in 1991 by a consortium of European nations, IT Security Evaluation Criteria (ITSEC) is used to evaluate the functionality and assurance of a computer system based upon a vendor-defined set of requirements.
Functionality and assurance evaluated independently and separately.
Common Criteria
Developed in 1993 by the ISO, the Common Criteria provides a universal structure and language for expressing product and system requirements. the Common Criteria evaluates products against a protection profile and results are published.
- Common Criteria ratings categories are functional and assurance.
Protection Profile
A protection profile is a specific set of functional and assurance requirements for a category of products. A protection profile can be written by several different groups including vendors, customers, and accreditation agencies.
Security Target
A security Target is written by a product vendor, developer that explains the specifications of the product including functionality and assurance. requirements.
Target of Evaluation (TOE)
The Target of Evaluation (TOE) is the product or system that will be rated.
Certification
Certification is the process of evaluation, testing, and examining security controls. The evaluation compares the current system’s security posture with specific standards.
Accreditation
Accreditation is the process of an authority (management) granting approval to operate a system for a specified period of time with the understanding of the residual risks identified during the certification.
Trusted Computing Base
Trusted Computing Base is the combination of all the security mechanisms within a computer including hardware, software, and firmware.
BIOS
BIOS (Basic Input Output System) is non-volatile firmware used to perform hardware initialization during the booting process, and to provide run-time services for operating systems and programs.
UEFI
Unified Extensible Firmware Interface (UEFI) is an open standard interface layer between the firmware and the operating system that requires firmware updates to be digitally signed.
- Designed as a replacement for traditional PC BIOS.
- Additional functionality includes support for Secure Boot, network authentication, and universal graphics drivers.
- Protects against BIOS malware attacks including rootkits.
Secure Boot Attestation
Secure Boot Attestation that all boot loader components (e.g. OS Kernel, drivers) attest to their identity (digital signature) and the attestation is compared to the trusted list.
TPM
TPM A trusted platform module (TPM) is a special hardware chip installed on a computer’s motherboard that is responsible for protecting passwords, symmetric and asymmetric keys, hashes, and digital certificates are specific to that system hardware.
- The chip contains an RSA key used for encryption and authentication.
- TPMs are compatible with most operating systems.
HSM
Hardware Security Model (HSM) is a physical device whose function is secure cryptoprocessing.
- HSM take the form of an adapter cards,m USBs, or appliances.
- Fast, scalable, and expensive.
CPU Protection Rings
CPU Protection Rings are conceptual boundaries that control how processes are executed. A process is a set of instructions and assigned resources.
CPU Protection Rings
CPU Protection Rings are conceptual boundaries that control how processes are executed. A process is a set of instructions and assigned resources.
- Each process has a PID (Process ID) and a level of trust (ring number) assigned to it.
- The level of trust determines the level of access to system resources, drivers, and data.
CPU Protection Rings Levels
- Ring 0: OS Kernel and device Drivers.
- Ring 1 Operating System
- Ring 2: OS Utilities.
- Ring 3: Applications.
Set of CPU instructions and assigned resources.
Process.
Centralized Systems
In a centralized computing environment, processing occurs within mainframe or terminal host and clients, (terminals, thin clients) are limited to simple interaction and emulation.
- Security advantage is controls can be implemented and tightly controlled.
- Security disadvantage is that configuration errors and unaddressed vulnerabilities can impact all clienteles systems.
Client | Server Environments
In a heterogeneous client-server environment, processing is distributed and there is a inherent trust, which makes every endpoint a potential target and every connection a potential conduit.
Security Considerations:
- Privileged use.
- Outdated operating systems and applications.
- Malware distribution.
- Unauthorized remote access.
Distributed Systems
In a distributed system environment, there is no central Authority.
Security Considerations:
- Each node is responsible for its own security.
- Distributed ownership and management.
- Local data stores
- Peer-to-Peer (P2P) access.
- Malware Distribution.
Large-scale Parallel Systems
Large-scale Parallel Systems are disparate systems working in concert. Examples include cluster computing, grid computing, and cloud computing. Security Considerations:
- Distributed ownership and management.
- Dependencies (SPOF)
- Force multiplier effect (dramatic increased efficiency and/or capability.
- Big data aggregation.
Grid Computing
Grid Computing is a sharing of CPU and other resources across a network, in a way that all machines function as one large computer. Grid participants can be heterogeneous and multitasking. Security Considerations:
- Transmission between nodes.
- Authentication controls.
- Activity isolation
Industrial Control Systems (ICS)
Industrial Control Systems (ICS) are computer-based systems that monitor and control industrial processes that exists in the physical world. ICS are either data-driven or operated remotely.
Well-known industrial control systems include:
- Distributed control systems (DCS).
- Programmable logic controllers (PLC).
- Supervisory control and data acquisition (SCADA)
SCADA
SCADA usually refers to centralized systems which monitor and control entire sites, or complexes of systems spread out over large areas (e.g. electrical, grid, oil, and gas pipelines). Security Considerations:
- Weak Authentication.
- Use of outdated OS.
- Inability to patch systems.
- Unauthorized remote access.
Cloud Computing
Cloud Computing is a model for enabling ubiquitous, convenient, on-demand, network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.
Cloud Competing Service Models
- SaaS
- PaaS
- IaaS
Cloud Computing Deployment models
- Private Cloud
- Community Cloud
- Public Cloud
- Hybrid Cloud
Public Cloud
Provisioned for public use. Considerations:
- Location
- Multi-tenancy.
Community cloud
Provisioned for the exclusive use by a well-defined group. Considerations:
- Multi-tenancy
Private Cloud
Provisioned for exclusive of single organization. Considerations:
- Scalability.
Hybrid Cloud
The public and private cloud infrastructures communicate over an encrypted connection, using technology that allows for the portability of data and applications.
Cloud Access Security Brokers
Cloud Access Security Brokers (CASBs) are security policy points (software or appliance) placed between ‘the cloud’ and enterprise users.
- Security policies are interjected as cloud-based resources are accessed. for example, authentication, encryption, visibility, and DLP
Security as a Service (SecaaS)
Security as a Service (SecaaS) is the delivery of managed security services for public, private, and hybrid cloud environments.
- SeccaS relieves the burden of relying on the SaaS, PassS, or IaaS vendor for security protection and enforcement.
- Services include encryption, activity monitoring, DLP, malware detection, filtering, firewall, policy enforcement, email security, intrusion detection, authentication, and more.
Injection Attack
Tricking an application into including unintended commands in the data sent to an interpreter (e.g. OS, LDAP, SQL)
- Flaw: Improper input/output validation.
- Impact: Can result in unauthorized access, data exfiltration, and data corruption.
- Mitigation: Use of ‘safe’ API, positive ‘whitelist’ input output validation.
Broken Authentication
The attacker uses flaws in the authentication or session management Functions to impersonate users> Privileged accounts are frequently targeted.
Bluejacking
Bluejacking is injecting a unsolicited message.
Bluesnarfing
Bluesnarfing is unauthorized device pairing.
Blueborne
Blueborne exploits protocol weakness to take over the device
Embedded Systems Defined
An embedded system is an electronic product that contains a microprocessor and software designed to perform a specific task. An embedded system can either be fixed or programmable.
- The devices are designed for functionality and convenience - not security.
Embedded System components.
- System on a chip (SOC)
- Real-time OS (RTOS)
- APP
Internet of Things (IoT)
“The internet of things is the network of physical objects or ‘things’ embedded with electronics, software, sensors, and connectivity to enable it to achieve greater value and service by exchanging data with the manufacturer, operator, and/or other connected devices. Each thing is uniquely identifiable through its embedded computing system but is able to interoperate within the existing Internet infrastructure.
Fog Computing
Architecture that uses collaborative edge computing devices for local resource pooling.
Term that describes the use of IT solutions that are managed outside of and without the knowledge of the IT department
ShadowIT
Cryptography Use Cases
- Confidentiality (encryption)
- Integrity (Hashing)
- Non-repudiation (digital signatures)
- Authentication (digital certificates)
Plaintext (clear-text)
Human readable.
Ciphertext
Encrypted and/or human unreadable text.
Cipher
A technique that transforms plaintext into ciphertext and back to clear-text.
Algorithm
A cryptographic algorithm is a mathematically complex modern cipher.
Stream Cypher
Algorithm that works with one bit at a time.
Example: RC4
Block Cypher
Algorithm that works with blocks of data.
Examples: DES, 3DES, AES, BLOWFISH, TWOFISH, IDEA
Cryptographic Key / Cryptovariable
Secret used with an algorithm.
- The key dictates what parts of the algorithm will be used, in what order, and with what values.
