Domain 3 Flashcards
Characteristics of Biba Model
All about Integrity Write down, read up STAR Integrity Simple Integrity Property Invocation Property
Characteristics of Bell Lapadula Model
All about Confidentiality Write up, read down Star Property Simple Property Strong STAR
Types of Fire Extinguishers
Class A. Common Combustible B. Liquid C. Electrical D. Metal
What is the State Machine Security Model
Based on Finite State Machine
Map out the finite possible operational outcomes
verify that all
Common Security Models
MATRIX - (Access Control) Bell - Lapadula (Confidential control) Biba (Integrity Control) Information Flow Model Clark Wilson (Integrity Model) Multi Level Lattice
Information Flow Model
Extends The State Machine Model
Finite State Machine; you specify well defined paths for information to flow on those paths
Uses lots of reference monitors
Non-Interference Model
Make sure objects and subjects are not affected on the level you’re at
Mandates that there is a hierarchy of levels
MATRIX Model
Provides Access rights
Matrix to match users to privileges
Clark Wilson Model
Integrity Model
Invented “Triple Security” which is now know as reference modeling
Very Commercial
Dictates
-Separation of Duties
- subjects access DTA through arbiter app
- Heavy Auditing Requiring
Brewer Nash (Chinese Wall)
Stopping conflicts of internet problems
poster child of where BN should have been used in Arthur Anderson in Houston
Graham Denning
Integrity and Confidentiality
Assigns
Cloud Types
Public (AWS or AZURE)
Private (Data Center)
Community (Group of students sharing a space)
Hybrid (Hosting your website to public on private cloud
Deployment Models
IaaS (provide your own software)
PaaS (cloud provider uses software and your software)
SaaS ( All software is Cloud providers)
Traits of Cloud
Rapid Elasticity On Demand Self Service Metered Service Broad Network Access Resource Pooling
Cloud Security Issues
Lose controls over security implementation
All security actions must be documented and put in contract BEFORE signing
Who is cloud provider, need to trusted
Limited authentication capabilities
Lack of Access to logs
Cryptography Goals
P.A.I.N.
Privacy (confidentiality)
Authentication
Integrity
Non-repudiation
Types of Security Models
State Machine Models Multi Lattice Models Matrix Models noninterference Models Information Flow Models Confinement Data in Use
List the 7 EAL levels
Common Criteria Assurance Level
EAL 1 Functionally tested
EAL 2 Structurally tested
EAL 3 Methodically tested and checked
EAL 4 Methodically designed, tested and reviewed
EAL 5 Semi-formally designed and tested
EAL 6 Semi-formally verified design and tested
EAL 7 Formally verified design and tested
Define Certification
evaluation of security and technical/non-technical features meet requirement (verify it does what it says it does)
Define Accreditation
Declare that an IT system is approved to operate in predefined conditions (verify it is right for out system, network)
Use of Cryptography
Confidentiality Integrity Proof of Origin Non-repudiation Protect Data at Rest Protect Data in Motion
What is the Orange Book
Collection of criteria based on the Bell-Lapadula Model used to grade or rate the security offered by a computer system product.
Trusted Computer System Evaluation (TCSEC)
Evaluates OS, application and system.
What is Green Book
Password Management
What is Red Book
Similar to Orange book, but addresses network Security
Chain of Custody
Important to Maintain to prove integrity of evidence to be admissible in court
Interview Notes (Evidence collection)
Discoverable Evidence
State Only Facts, No opinions
Core competencies of Forensics
Media Analysis
Network Analysis
Software Analysis
Embedded Devices
Criminal Court Types of Verdicts
Guilty or Not Guilty Beyond a reasonable Doubt
Civil Court Types of Verdicts
Liable or NOT liable
Preponderance of the evidence (There can be some doubt, however, the evidence leans a certain direction)
Do you call immediately call law enforcement when a crime has happened
Follow what Policy and Senior Management dictate
Symmetric Algorithms
DES - (Broken) 3DES AES Skip Jack Blowfish Twofish RC4 IDEA CAST
Asymmetric Algothrims
Diffie-Hellman
RSA
Elgamal (terrible, subject to cipher text attack)
Elliptical
Parole Evidence Rule
Whatever is in written agreement is what will win in court. Cant have a written contract, then a verbal agreement later
Two Kinds of Failure Modes
Physical Security Failure Mode
Logical Security Failure Mode
Logical Failure Modes
Fail Open - Availability is main concern
Fail Closed - Main concern is confidentiality and/or Integrity
Fail Secure - “Fail into a consistent state” fails to desired state
Fail Soft - “fail in to a diminished operating capacity”; essentially Hibernate mode
Fail Safe - “When I fail, I take nothing else with me”
Physical Failure Modes
Fail Secure - Locks Doors both ways (no in or out)
Fail Safe - Locks Doors one way (get out but not in)
Fail Open - Does not lock (can get in and out)
Physical Failure Modes
Fail Secure - Locks Doors both ways (no in or out)
Fail Safe - Locks Doors one way (get out but not in)
Fail Open - Does not lock (can get in and out)
Incident Response Steps
1. Triage
Detect
Assess
Communicate
*React
2. Corrective/Investigation
Containment
Eradication
Root Cause Analysis
3. Recovery
Getting back to pre incident production
4. Lessons Learned
Ask 3 questions
Could we have responded better?
Could we have prevented this incident completely
Are we sure it was the root cause?Disaster Recovery Plan Testing Plans
- Desk Check
- Tabletop Exercise
- Structured Walkthrough
- Parallel
- Full scale
When is disaster considered over
Disaster is officially over when business is back at 100 percent operational to whatever designated site is to be used
Disaster recovery attributes
Recover Most critical First
Moving to hot site/temp location
Disaster restoration attributes
Recover least critical first
Moving from hot site/temp location back or to new permanent location
Types of Communications Plans
Hazard Communications plan
Personnel Communications plan
Crime Prevention through environmental Design (CPTED)
The ability to create land scaping that will identify boundaries, slow,
4 foot fence keeps out how many intruders
Casual intruders
6 foot fence keeps out what intruder
Most Intruders
8 foot fence keeps out what intruders
Determined Intruders
If a gate is in front of a residence, not matter the type
is considered a residential gate
Types of Commercial Gates
residential Gate (in front of homes) Vehicle Gate (controls flow of vehicles) Industrial Gate (controls flow of people) Penitentiary Gate (chain link man trap)
Type of Security Lights
Sodium Light (yellow Hue) This is the best because it works in foggy environment
Window Security Best Practices
Steel Frames Not near doors first floor place landscaping in front to deter or prevent access Tempered glass laminate/wired mesh for tempered glass
How to Detect broken Windows
Capacitance (Low voltage around window. when broken circuit breaks)
Volume Metric
Acoustical
Five classes of fire
Class A. Paper, wood, conventional (ASH)
Class B. Flammable Liquids (Beverage) (don’t spray water on this)
Class C. Electrical Fire (turn off power) (Circuit)
Class D. Metals (Dent metal)
Class E.
Fire needs
Oxygen
Fuel
Heat
What does Fire Suppression try to stop or restrict during fire
Oxygen
Fuel
Heat
Types of Sprinkler System for fire suppression
Wet Pipe
Deluge (flooding)
Dry Pipe (Pressurized Air)
Halon (removes oxygen, dangerous for humans)
ARO-K (
FM200
ARGON ( Replace oxygen, suppresses fire, safe for humans)
Recommended Fire suppression systems in server environments
ARO-K (
FM200 (
ARGON (Replace oxygen, suppresses fire, safe for humans)
Types of alternative Sites
Cold Site (Location with no equipment, but have an alternate place available)
Warm Site (Various level of backup in between cold and hot site some equipment readiness in alternate site)
Hot Site (Equipment ready for use. Just restore latest backups and go, likely daily update)
Mirroring (Equipment ready, backups sent and restored offsite immediately)
Redundant Operations (most expensive as there are dual operations (least amount of down time or impact)
Alternatives to Alternative Sites
Mobile Site (business work trailer)
Reciprocal Agreements (Other company agrees to support and you support their company, bad idea, must rely on company)
Outsourcing (get other company to work my business_
Cloud
Hypervisor
What impacts Electric Performance
Voltage
Amperage
External Monitoring
Time domain reflectometry (TDR) - uses light to help detect intrusion.
Coaxial Strain sensitive Cable (CSSC) - Uses electricity
Microwave - emitter on one end, receiver on the other, if plane in broken by person, it will set it off. (can go through dry items, even concrete walls)
Guard (human can react to new situations)
What is external monitoring
Monitors intrusion and alerting people exactly where and how far away
Volume Metric
sets sound in room, if somethin enter room, it changes the metric and sets alarm
Motion Detector Technology
Volume Metric
Doppler Detection
RAID Types
RAID0 Striping RAID1 Mirroring RAID3 Parity RAID4 Parity RAID5 Parity RAID 10 striping and Mirroring RAID 15 Parity and Mirroring
https://www.prepressure.com/library/technology/raid
