Domain 3 - Security Architecture and Engineering Flashcards
1
Q
Principle of split knowledge
A
Split knowledge means that the information or privilege required to perform an operation is divided among multiple users. example: role separation
This ensures that no single person has sufficient privileges to compromise the security of the environment. M of N Control is an example of split knowledge used in key recovery and other sensitive tasks.
key escrow arrangement, M of N Control, a cryptographic key is stored with a third party for safekeeping, requires that a minimum number of agents ( M ) out of the total number of agents ( N ) work together to perform high-security tasks. So, implementing three of eight controls would require three people out of the eight with the assigned work task of key escrow recovery agent to work together to pull a single key out of the key escrow database
2
Q
Asymmetrics vs Symmetric Cryptographic System
A
Symmetric cryptosystems use a shared secret key available to all users of the cryptosystem.
Weakness: Key distribution is problem, not scalable, keys must be regenerated often, does not implement nonrepudiation
Asymmetric cryptosystems use individual combinations of public and private keys for each user of the system.
Weakness: Slow
3
Q
Types of Ciphers
A
Stream > Symmetric Key cipher, plaintext combined with pseudorandom digit stream
Block Ciphers > Encrypting text to block of data at once rather than to one bit
Substitution > is a random bit string (a nonce) that same length as block size that is XORed with the message, IVs are used to create unique chipher text every time the same message is encrypted with the same key
Transposition > rearrange the letters forming ciphertext
Initialization Vector (IV) is random bit string that is the same length as the block size that is XORed with the message.
Caesar, Vigenere, One time pad : similar stream cipher, different is key length
Caesar: 1 key
Vigenere: word or sentence
One time pad: use same length as text
4
Q
One time pad success factors
A
> Key must be generated randomly without any known pattern
Pads must be protected against physical disclosure
Each pad must be used only one time then discarded
5
Q
What is zero knowledge proof?
A
is a communication concept, prove knowledge fact to another individual without revealing the fact itself
6
Q
What is work function/factors?
A
measure the strength of cryptography system by measuring the effort (cost/time).
The time and effort required to break protective measure
7
Q
5 basics operation on DES
A
DES : Data Encryption Standards is basic methods for encryption data
3DES : use DES 3 times with 2 or more different key
ECB : Electronic Codebook > Simple & Least Secure, processes 64-bit blocks, encrypt block with the chosen key, if same block encountered multiple time, same encrypted block is produces, making it easy to break
CBC : Cipher Block Chaining > Each block of unencrypted text is XORed with the block of ciphertext immediately preceeding, decrypting process simply decrypt ciphertext and reverses the XOR operation
CFB : Cipher Feedback > like CBC but in streaming mode
OFB : Output Feedback > No chaining function, XOR plaintext with seed value
CTR : Counter > uses a incrementing counter instead of seed.
8
Q
XOR Cipher
A
Exclusive OR, Method for flipping bit
1 1 > 0
1 0 > 1
0 1 > 1
0 0 > 0
9
Q
Key Clustering
A
A Weakness in cryptography where a plain-text message generates identical ciphertext mesages using same algorithm but using different keys, similar with collision
10
Q
Asymmetric Key Types
A
Public keys are shared among communicating parties
Private keys are kept secret
> Data
to encrypt using public key
to decrypt using private key
> Digital Signature, provide non-repudiation
to sign a message, use you own private key.
to valid a signature, use senders public key
11
Q
5 Requirements of good hash function
A
They must allow input of any length Provide fixed-length output Easy to compute the hash function for any input Provide one-way functionality Must be collision free
12
Q
Cryptographic Salts
A
to prevent rainbow tables attacks
a salt is random data that used as additional input in one way function.
rainbow tables : precomputed values to identify commonly used password
13
Q
Digital Signature Standard
A
DSS rely on public key cryptography and uses message digest function, must use SHA-2 hashing function as a standards
Work in conjuction with one of three encryption algorithms
DSA : Digital Signature Algorithm, specified in FIPS 186-4
RSA : Rivest Shamir Adleman Algorithm, specified in ANSI X9.31
ECDSA : Elliptic Curve DSA Algorithm, specified in ANSI X9.62
14
Q
What is Public Key Infrastructure?
A
PKI certificate authorities (CA) generate digital certificates containing the public keys of system users
users then distributes certificates to people with whom they want to communicate
Certificate recipients verify a certificate using the CA’s public key
15
Q
Security Traffic (data in motion)
A
Email : standards, using S/MIME protocol and PGP (Pretty Good Privacy)
Web : using HTTP over Transport Layer Security (TLS)
Network : using IPSec
IPSec > secure communitcation over IP. 2 secure channel, transport mode or tunnel mode. can be used to establish direct communication between computer or over a VPN connection.
2 protocol: Authentication Header (AH) > assurances of message integrity and nonrepudiation Encapsulating Security Payload (ESP) > provides confidentiality and integrity of packet contents. It provides encryption and limited authentication and prevents replay attacks.
16
Q
Common Cryptographic Attacks
A
Brute-force attacks - randomly find the correct cryptographic text
Meet in the middle attack, exploits protocol that use 2 rounds of encryption (ex, 2DES)
Man in the middle attack, fools both parties into communicating with the attacker instead of directly with each other
Birthday attack, attempt to find collisions in hash function
Replay attack, attempt to reuse authentication request (need to use mitm to intercept request)
17
Q
Digital Rights Management
A
Allow content owners to enforce restriction on the use of their content by others
18
Q
3 Major Asymmetric Cryptosystems
A
RSA > founded by 1977 depends on the difficulty of factoring the product of prime numbers
El Gamal > extension of Diffie-Hellman key exchange algorithm that depends on modular arithmetic (less common than RSA)
Elliptic Curve > more secure, depends on elliptic curve discrete logarithm
19
Q
What is Security Models? and list 7 security model
A
In information security, models provide a way to formalize security policies.
> Integrity Biba Clark-Wilson Goguen-Mesguer Sutherland
> Confidentiality
Bell-Lapadula
Take Grant
Brewer and Nash
> Secure creation and deletion of both subjects and objects
Graham–Denning Model, uses 8 primary protection
Harrison–Ruzzo–Ullman Model, assignment of object access rights to subjects as well as the resilience of those assigned rights
20
Q
What is Biba model?
A
focused on integrity, using Mandatory Access Control, Lattice-based model
Properties:
> The Simple Integrity Property states that a subject cannot read an object at a lower integrity level (no read-down).
> The * (star) Integrity Property states that a subject cannot modify an object at a higher integrity level (no write-up).
> Invocation Property : No Read or Write Up (subject can never access or alter data on higher level)
21
Q
What is Bell-Lapadula model?
A
state machine model enforce confidentiality, uses mandatory access control to enforce the DoD multilevel security policy.
prevents the leaking or transfer of classified information to less secure clearance levels
The Simple Security Property states (no read up) > subject cannot read data at a higher level of classification
The * (star) Security Property (no write down) > subject cannot write info to lower level of classification
Strong * Property > subjects can Only access data on their own level (No Read or Write UP and Down)
The Discretionary Security Property > states that the system uses an access matrix to enforce discretionary access control. restricting access to objects based on the identity of subjects and/or groups to which they belong
22
Q
What is Brewer-Nash Model?
A
Chinese Wall, focused on confidentiality, restrict users access based on activity, prevent conflict of interest (COI). For example, once consultant access data belonging Acme Cola, they may no longer access data belonging Acme Cola competitors.
23
Q
When is fire detected though technology?
A
Incipient stage During such hey stage air ionization takes place and specialize incipient at fire detection systems can identify the changes early
24
Q
What is Confinement
A
Technique to ensuring CIA, Software designers use process confinement to restrict the actions of a program. Simply put, process confinement allows a process to read from and write to only certain memory locations and resources. This is also known as sandboxing
The goal of confinement is to prevent data leakage to unauthorized programs, users, or systems.
25
What is Bounds?
Each process that runs on a system is assigned an authority level, enforce confinement, there may be only two authority levels: user and kernel
26
What is Isolation?
When a process is confined through enforcing access bounds, that process runs in isolation
27
What is Trust and Assurance?
Trust is the presence of a security mechanism, function, or capability, on the other hand Assurance is the degree of confidence in satisfaction of security needs
28
What is Maintenance Hook
When developer give feature to bypass normal security function, if not removed on production environment, this really risky if attacker find a way to use maintenance hook
29
List Industrial Control Systems (ICS)
An industrial control system (ICS) is a form of computer-management device that controls industrial processes and machines, also known as operational technology (OT)
> distributed control systems (DCS) : used to interconnect several PLCs, but within a limited physical range, in order to gain centralized control, management, and oversight through networking
> programmable logic controllers (PLC) : used to control a single device in a standalone manner
> supervisory control and data acquisition (SCADA) : expanded control to large-scale physical areas to interconnect multiple DCSs and individual PLCs. For example, a PLC can control a single transformer, a DCS can manage a power station, and SCADA can oversee a power grid.
30
Principle of Keep it simple
is the encouragement to avoid overcomplicating the environment, organization, or product design
31
What is Trusted Computing Base?
design principle is the combination of hardware, software, and controls that work together to form a trusted base to enforce your security policy
security perimeter is an imaginary boundary that separates the TCB from the rest of the systems
For the TCB to communicate with the rest of the system, it must create secure channels, also called trusted paths. A trusted path is a channel established with strict standards to allow necessary communication to occur without exposing the TCB to security exploitations. A trusted shell allows a subject to perform command-line operations without risk to the TCB or the subject
reference monitor is the access control enforcer for the TCB.
The collection of components in the TCB that work together to implement reference monitor functions is called the security kernel
32
What is Trusted Platform Module (TPM)?
Trusted Platform Module (TPM) is both a specification for a cryptoprocessor chip on a mainboard and the general name for implementation of the specification
A TPM is an example of a hardware security module (HSM). An HSM is a cryptoprocessor used to manage and store digital encryption keys, accelerate crypto operations, support faster digital signatures, and improve authentication.
33
What is A constrained interface?
is implemented within an application to restrict what users can do or see based on their privileges
34
Principle of Zero Trust
Zero trust is a security concept where nothing inside the organization is automatically trusted
35
Principle of Privacy by Design (PbD)
guideline to integrate privacy protections into products during the early design phase rather than attempting to tack it on at the end of development
7 Foundational Principles:
1. Proactive not reactive; preventive not remedial
2. Privacy as the default
3. Privacy embedded into design
4. Full functionality – positive-sum, not zero-sum
5. End-to-end security – full lifecycle protection
6. Visibility and transparency
7. Respect for user privacy
36
Purpose of Common Criteria?
defines various levels of testing and confirmation of systems' security capabilities, and the number of the level indicates what kind of testing and confirmation has been performed. a subjective security function evaluation tool that uses protection profiles (PPs) and security targets (STs) and assigns an Evaluation Assurance Level (EAL).
The Common Criteria process is based on two key elements:
> Protection profiles (PPs) specify for a product that is to be evaluated (the TOE) the security requirements and protections, which are considered the security desires, or the “I want,” from a customer.
> Security targets (STs) specify the claims of security from the vendor that are built into a TOE. STs are considered the implemented security measures, or the “I will provide,” from the vendor
37
Kerckhoff's Principle on Cryptography
All cryptography relies on algorithms, a concept that makes algorithms known and public, allowing anyone to examine and test them
38
What is Clark-Wilson Model?
focused on integrity
Separates end users from the backend data through 'Well-formed transactions' and 'separation of duties'
like Biba but added Invocation Property: prohibits subject at one level of integrity from invoking a subject at higher level of integrity
protect integrity using the access control triplet, three-part relationship of subject/program/object
Separation of duties:
> the certifier of a transaction and the implementer are different entities
> the person making purchase orders should not be paying the invoice
Well-formed transaction: series of operations that transition a system from one consistent state to another consistent state
39
What is Take-Grant Model?
focused on confidentiality, support 4 basic operation take, grant, create, and revoke
example, a subject (X) with the grant right can grant another subject (Y) or another object (Z) any right that subject (X) possesses
40
What is Goguen-Meseguer Model
focused on integrity
foundation of noninterference conceptual theories
When similar users are grouped into their own domain (that is, collective), the members of one subject domain cannot interfere with the members of another subject domain. Thus, subjects are unable to interfere with each other's activities.
41
What is Sutherland?
focused on integrity
preventing interference in support of integrity.
use to prevent a covert channel from being used to influence the outcome of a process or activity
42
What is Graham-Denning Model?
focused on the secure creation and deletion of both subjects and objects
uses 8 primary protection
1. securely create an object
2. securely create an subject
3. securely delete an object
4. securely delete an subject
5. securely provide the read access right
6. securely provide the grant access right
7. securely provide the delete access right
8. securely provide the transfer access right
43
What is Harrison–Ruzzo–Ullman Model?
extension of Graham-Denning Model, but focuses on the assignment of object access rights to subjects as well as the resilience of those assigned rights
```
6 primitive operation:
> create object
> create subject
> destroy object
> destroy subject
> enter right into access matrix
> delete right into access matrix
```
44
What is open and closed systems
Open systems are designed using industry standards and are usually easy to integrate with other open systems. Closed systems are generally proprietary hardware and/or software. Their specifications are not normally published, and they are usually harder to integrate with other systems.
45
Principle of secure default
Never assume that the default settings of any product are secure
46
What is Fail Securely?
form of Error handling, programmer codes in mechanisms to anticipate and defend against errors in order to avoid the termination of execution
47
Difference between confinement, bounds, and isolation
Confinement restricts a process to reading from and writing to certain memory locations. Bounds are the limits of memory a process cannot exceed when reading or writing. Isolation is the mode a process runs in when it is confined through the use of memory bounds.
48
What is state machine model, information flow model, and noninterference model?
> The state machine model ensures that all instances of subjects accessing objects are secure.
> The information flow model is based on SMM, designed to prevent unauthorized, insecure, or restricted information flow.
> The noninterference model prevents the actions of one subject from affecting the system state or actions of another subject.
49
What is Authorization to Operate?
Authorization to Operate (ATO) (from the RMF) is a formal approval to operate IT/IS based on an acceptable risk level based on the implementation of an agreed-on set of security and privacy controls.
50
4 Security Mode
can be MAC or DAC,
Signed NDA, Proper clearance, Formal access approval and need to know
> Dedicated Mode
All users can access ALL data.
> System High Mode
All users can access SOME data, based on their need to know.
> Compartmented Mode
All users can access SOME data, based on their need to know and formal access approval.
> Multilevel Mode
All users can access SOME data, based on their need to know, clearance and formal access approval
51
What is Reference Monitor and Security Kernel?
Reference Monitor : enforce access control, logical part of TCB that confirm whether a subject has the right to use a resource prior to granting access
Security Kernel : Implement Access Control, collection of TCB component that implement the functionality of reference monitor
52
What is TCSEC and ITSEC?
predecessor of Common Criteria,
TCSEC (trusted computer system evaluation criteria) : set of criteria for evaluating computer security
ITSEC (Information Technology Security Evaluation Criteria) : initial attempt to create security evaluation criteria in Europe
53
What is covert channel?
a method that is used to pass information over path that is not normally used for communication
> may not be protected by system's normal security control
Covert Timing : conveys information by altering the performance of a system component or modifying a resource's timing in a predictable manner
> Blinking a light visible outside the building so that if a reading is taken every two seconds when the light is on count it as a 1 and when the light is off count it as a 0. With an external camera linked to a recording system, a slow transmission of binary data can occur.
Covert Storage : conveys information by writing data to a common storage area where another process can read it. When assessing the security of software, be diligent for any process that writes to any area of memory that another process can read.
> Writing data directly into a bad sector of an HDD or a bad block on an SSD
54
What is mandatory access control?
Enforces an access policy that is determined by the system, not the object owner, relies on classification tables
> every object and every subject has one or more labels, these labels is predefined and system determines access based on assigned labels
Requirement rule
Hierarchical environment
various classification labels are assigned in an ordered structure from low security to medium security to high security
Compartmentalized environment
requires specific security clearances over compartments or domains instead of object
Hybrid environemnt
Contains levels with compartments that are isolated from the rest of the security domain. Combines both hierarchical and compatrtmentalized environment so that security levels have subcompartments
55
What is Layering?
creates different realms of security within process and limits communication between them
56
What is Discretionary Access Control?
permits the owner or creator of an object to control and define its accessibility, because the owner has full control by default
57
What is non-discretionary Access Control?
enables the enforcement of system-wide restriction that override object-specific access control
58
What is rule-based access control?
Defines specific function for access to requested objects, commonly found in firewall systems
59
What is role-based access control?
uses well defined collection of named job roles, to endow each one with specific permission
60
What is Certification, Verification, Validation and Accreditation
Certification: Technical Evaluation of each part of computer system to access its agreement and alignment with security standards
Accreditation: The process of formal acceptance of certified configuration from designated authority
Verification - checking to make sure a system meets the stated requirements (did we build the thing right?)
Validation - checking to make sure the system (or whatever is being validated, security control, etc.) meets the original needs that it was intended to meet. (Did we build the right thing).
61
Multitasking, multithreading, multiprocessing, and multiprogramming
Multitasking : simultaneous execution of more than one application on a computer and is managed by the operating system
Multithreading : permits multiple concurrent tasks to be performed within single process
Multiprocessing : the use of more than one process to increase computing power
Multiprogramming : multitasking for mainframe, requires specific programming
62
Singlestate and multistate
single-state processor are capable of operating at only one security level at a time, whereas multistate can simultaneously operate at multiple security levels
63
2 type processor operating mode
user mode : applications operate in a limited instruction set enviroment known as user mode
privileged : controlled operations are performed in privileged mode, also known as system mode, kernel mode, and supervisory mode
64
List Memory Types
> ROM : Read-only, contents burned at factory
> RAM : Static Ram (SRAM) uses flip-flops and Dynamic Ram (DRAM), DRAM uses capacitors
> PROM : Programmable chip, similar to ROM but not burned on factory
> EPROM/UVEPROM, : Have a small window that, when illuminated with special ultraviolet light, erases content of chip
> EEPROM : uses electric voltages delivered to the pins of the chip to force erasure.
> Flash Memory : Derivative concept from EEPROM, non-volatile, can be electronically erased and rewritten
65
Primary vs Secondary Storage
Primary memory is the RAM that a computer uses to keep necessary information readily available to the CPU while the computer is running. Secondary memory (or secondary storage) includes all the familiar long-term storage devices that you use every day. Secondary storage consists of magnetic and optical media such as HDDs, SSDs, flash drives, magnetic tapes, CDs, DVDs, and flash memory cards.
66
Random vs Sequential Device
Random: allow an OS to read (and sometimes write) immediately from any point within the device by using some type of addressing system. Almost all primary storage devices are random access devices.
Sequential: do not provide this flexibility. They require that you read (or speed past) all the data physically stored prior to the desired location. Example, magnetic tape drive.
67
3 main security issues on secondary storage device
1. Removable media can be used to steal data
2. Access controls and encryption must be applied to protect data
3. Data can remain on the media even after file deletion or media formatting
68
Security Risk of I/O Devices
eavesdroping and tapping, used to smuggle data out of an organization, create insecure points of entry into organization systems and networks
69
Purpose of Firmware
software stored on ROM chip, contains basic instruction needed to start a computer and peripheral devices
70
Protection Rings in OS
Ring 0: OS Kernel/Memory
Ring 1: other OS component
Ring 2: Drivers, protocol, etc
Ring 3: user-level application/programs
0-2 runs in supervisory and privileged mode
3 runs in user mode
70
What is process isolation?
Process isolation requires that the OS provide separate memory spaces for each process's instructions and data. It also requires that the OS enforce those boundaries, preventing one process from reading or writing data that belongs to another process. example, virtual machine
prevent unauthorized access, provide integrity
> Hardware segmentation, similar to process isolation but the uses physical hardware controls
71
What is Abstraction?
creates black box interfaces for programmers to use without requiring knowledge of an algorithm or device inner working, example, object-oriented programming
72
What is data hiding?
prevents information from being read from a different security level. Hardware segmentation enforces process isolation with physical control
73
The role of security policy
to inform and guide the design, development, implementation, testing, and maintenance of some particular system
74
What is Cloud Computing?
the concept of computing where processing and storage are performed elsewhere over a network connection rather than locally, example, azure, gcp, aws
sensitive & confidential data can be at risk IF the cloud provider and their personnel might not adhere to the same security standards as your organization
75
What is Hypervisors?
virtual machine monitor (VMM), is the component of virtualization that creates, manages, and operates the virtual machine (VMs)
Type I hypervisor
A native or bare-metal hypervisor. In this configuration, there is no host OS; instead; the hypervisor installs directly onto the hardware where the host OS would normally reside (vmware vsphere, esxi, microsoft hyper-v) Type 1 hypervisors are often used to support server virtualization
Type II hypervisor
A hosted hypervisor. In this configuration, a standard regular OS is present on the hardware, and the hypervisor is then installed as another software application
76
What is Cloud Access Security Broker?
CASB, is a security policy enforcement solution that may be installed on-permises or in the cloud
77
What is Security-aaS?
a cloud provider concept in which security is provided to an organization through or by an online entity
78
What is Internet of Things?
A class of devices connected to the internet in order to provide automation, remote control, or AI processing in a home or business setting.
79
Features ensure mobile device security
```
> Full device encryption
> remote wiping
> Lockout
> Screen locks
> GPS tracking
> Application Control
```
Mobile Device Management : software solution to the challenging task of managing the myriad mobile devices that employees use to access company resources, The goals of MDM are to improve security, provide monitoring, enable remote management, and support troubleshooting
> using VDI or VMI
80
What is BYOD Policy?
Bring your own device policy allows employees to use their own personal mobile devices to work to access business information and resources, improve employee morale but increase security risks
81
What is Embedded System?
is typically designed around a limited set of specific function in relation to the larger product of which it's a component
Static environment : are applications, OSs, hardware sets, or network that are configured for specific need, capability, or function, and then set to remain unaltered
```
Ensuring security:
> network segmentation
> manual updates
> application firewalls
> security layers
```
82
What is separation of privilege?
increases the granularity of secure operation, example, role separation
principle of least privilege : ensure that only a minimum number of processes are authorized to run in supervisory mode
Accountability : ensure audit trails exists to trace operations back to their source
83
What is Buffer overflow?
occurs when the programmer fails to check the size of input data prior to writing the data into a specific memory location
countermeasure: parameter checking, use stack protector
84
What is TOCTTOU attack?
file-based race condition, that occurs when a resource is checked for a particular value (time of check), such as whether a file exists or not, and that value then changes before the resource is used(time of use), invalidating the results of the check. example, replay attack: no check, only use
85
6 Functional Order of Security Control
1. Deterrence: Security controls should be deployed so that initial attempts to access physical assets are deterred (boundary restrictions accomplish this).
2. Denial : If deterrence fails, then direct access to physical assets should be denied (for example, locked vault doors)
3. Detection: If denial fails, your system needs to detect intrusion (for example, using motion sensors)
4. Delay: If the breach is successful, then the intruder should be delayed sufficiently in their access attempts to enable authorities to respond (for example, a cable lock on the asset)
5. Determine: Security staff or legal authorities should determine the cause of the incident or assess the situation to understand what is occurring
6. Decide: based on that assessment, they should decide on the response to implement, such as apprehending the intruder or collecting evidence for further investigation.
86
Facility Security Controls
> Administrative (Management Control), implement policies and procedures, example, site management, personnel controls, awareness training, emergency response and procedures
> Logical (Technical Control), implemented using technology, such as access control, intrusion detection, alarms, cctv, HVAC, fire detection
> Physical, use physical means to protect object, fencing, lighting, locks, construction materials, mantraps, turnstile, dogs, guards
>> Fence.
3-4 ft : deter casual trespasser
6-7 ft : too hard to climb easily
8 (w/ barbed wire) - will deter intruder
87
Control Environment for Security
Humidity: 40%-60% ideal, 20 and 80 percent. Too much humidity can cause corrosion. Too little humidity causes static electricity, low humidity can generate 20k volt static discharge.
Temperature: Rooms containing primarily computers should be kept at 59 to 89.6 degrees Fahrenheit (15 to 32 degrees Celsius)
88
What is CPTED (Crime Prevention Through Environmental Design)?
is based on the idea to structure the physical environment and surroundings to influence individual decisions that potential offenders make before committing any criminal acts.
> Keep planters under 2.5 feet tall—this prevents them from being used to hide behind or as a step to reach a window.
> Keep decorative elements small or far away from the building.
> Locate the data center at the core of the building.
> Provide benches and tables to encourage people to sit and look around; they provide a type of automatic surveillance.
> Mount cameras in full view to act as a deterrent.
> Keep entrances open and clear (i.e., without obstacles like trees or columns) so that visibility can be maintained.
> Keep the number of entrances to a minimum and close off doorways during evenings or weekends when fewer workers are present.
> Provide parking for visitors near the entrance.
> Make delivery access driveways and entrances less visible or noticeable to the public—for example, by positioning them on the back of the building and requiring the use of an alternate road.
89
List KPI on Physical Security
Key performance indicators (KPIs) of physical security should be determined, monitored, recorded, and evaluated. KPIs are metrics or measurements of the operation of or the failure of various aspects of physical security.
```
> Number of successful intrusions
> Number of successful crimes
> Number of successful incidents
> Number of successful disruptions
> Number of unsuccessful intrusions
> Number of unsuccessful crimes
> Number of unsuccessful incidents
> Number of unsuccessful disruptions
> Time to detect incidents
> Time to assess incidents
> Time to respond to incidents
> Time to recover from incidents
> Time to restore normal conditions after incident
> Level of organizational impact of incidents
> Number of false positives (i.e., false detection alerts/alarms)
```
90
Type of Electrical Impacts
```
Blackout: prolonged loss of power
Brownout: prolonged low voltage
Fault: short loss of power
Surge: prolonged high voltage
Spike: temporary high voltage
Sag: temporary low voltage
```
to avoid damage use UPS (uninterruptable power supply) , supply consistent, clean power to sensitive equipment, supply power for hours (depending on its size)
other terms:
Inrush: An initial surge of power usually associated with connecting to a power source, whether primary or alternate/secondary
Ground: The wire in an electrical circuit that provides an alternate pathway for electricity to flow to the earth (i.e., the ground)
91
What is noise on Electronic?
Noise is the interference of power through some form of disturbance, interruption, or fluctuation. Noise that is not consistent is labeled as transient noise
```
Electromagnetic interference (EMI): common mode and traverse mode. Common mode noise is generated by a difference in power between the hot and ground wires of a power source or operating electrical equipment.
Traverse mode noise is generated by a difference in power between the hot and neutral wires of a power source or operating electrical equipment.
```
Protection: sufficient power conditioning, establishing proper grounding, using shielded cables, running cables through shielding conduits, switching to fiber-optic cables for networking, and limiting copper cable exposure to EMI and RFI (Radio-frequency interference) sources.
example RFI: fluorescent lights, electrical cables, electric space heaters, computers, elevators, motors, and electric magnets
92
Function Lights for physical security
to discourage casual intruders, trespassers, prowlers, or would-be thieves who would rather perform their misdeeds, such as vandalism, theft, and loitering, in the dark
provides for easy identification of personnel and makes it easier to notice intrusions.
recommendation: 8 ft high with 2 ft candle power
93
Ensuring security for wiring closets
> Never use the wiring closet as a general storage area.
> Have adequate locks, which might include biometric elements.
> Keep the area tidy.
> Do not store flammable items in the area.
> Set up video surveillance to monitor activity inside the wiring closet.
> Use a door open sensor to log entries.
> Do not give keys to anyone except the authorized administrator.
> Perform regular physical inspections of the wiring closet's security and contents.
> Include the wiring closet in the organization's environmental management and monitoring in order to ensure appropriate environmental control and monitoring, as well as to detect damaging conditions such as flooding or fire.
94
Fire suppression techniques
Stage 1: The Incipient Stage, At this stage, there is only air ionization and no smoke.
Stage 2: The Smoke Stage, In Stage 2, smoke is visible from the point of ignition.
Stage 3: The Flame Stage, This is when a flame can be seen with the naked eye.
Stage 4: The Heat Stage, At Stage 4, the fire is considerably further down the timescale to the point where there is an intense heat buildup and everything in the area burns.
Suppression:
> Water suppresses the temperature.
> Soda acid and other dry powders suppress the fuel supply.
> Carbon dioxide (CO2) suppresses the oxygen supply.
> Halon substitutes and other nonflammable gases interfere with the chemistry of combustion and/or suppress the oxygen supply.
Gas Discharge System : more effective than water (dont use on areas with people) because it removes oxygen
95
Fire Detection Systems
> Rate-of-rise detection systems, trigger suppression when the speed at which the temperature changes reaches a specific level
> Flame-actuated systems trigger suppression based on the infrared energy of flames. This mechanism is fast and reliable but often fairly expensive.
> Smoke-actuated systems, use photoelectric or radioactive ionization sensors as triggers. Either method monitors for light or radiation obstruction or reduction across an air gap caused by particles in the air. It is intended to be triggered by smoke, but dust and steam can sometimes trigger the alarm
> Incipient smoke detection systems, also known as aspirating sensors, are able to detect the chemicals typically associated with the very early stages of combustion before a fire is otherwise detectible via other means.
96
4 main types of water suppression
> A wet pipe system : full of water, Water discharges immediately when suppression is triggered.
> A dry pipe system : contains compressed inert gas. Once suppression is triggered, the inert gas is released, opening a water valve.
> A preaction system (good for areas with people and computer), is a variation of the dry pipe system that uses a two-stage detection and release mechanism. The system exists as a dry pipe until the initial stages of a fire (smoke, heat, and so on) are detected, and then the pipes are allowed to fill with water (Stage 1). The water is released only after the sprinkler head activation triggers are triggered by sufficient heat (Stage 2).
> A deluge system, is a system that uses larger pipes and therefore delivers a significantly larger volume of water. Also, when one sprinkler head opens, they all open to fully deluge the area with suppressant. Deluge systems are inappropriate for environments that contain electronics and computers.
97
Fire extinguisher classes
> Class A (ASH) fires are common combustibles, such as wood, paper > water or soda acid
> Class B (BOIL) fires are burning alcohol, oil and other petroleum products > gas or soda acid (never use water)
> Class C (CONDUCTIVE) fires are electrical fires > gas
> Class D (DILYTHIUM) fires are burning metal > dry powder
> Class K (KITCHEN) fires are kitchen fires, such as burning oil or grease > wet chemical, alkaline mixtures
98
What is MTTF, MTTR, and MTBF?
> Mean time to failure (MTTF) is the expected typical functional lifetime of the device given a specific operating environment.
> Mean time to repair (MTTR) is the average length of time required to perform a repair on the device.
> Mean time between failures (MTBF) is an estimation of the time between the first and any subsequent failures.
99
Damage from fire and fire suppression
> Smoke is damaging to most storage devices
> Heat can damage any electronic or computer component
> Suppression mediums can cause short circuits, initiate corrosion
100
Type of Locks
Electronic Combination Locks (Cipher lock): something you know
Key card systems : something you have
Biometric System: something you are
Conventional Locks are easily picked/bumped & keys easily duplicated
Pick-and-bump resistant locks are expensive, harder to pick and keys not easily duplicated
101
Key elements on site selection and facility design
```
Site Selection:
> Visibility
> Composition of the surrounding area
> Area accesibility
> Effect of natural disasters
```
Facility Design:
> Level security neeeded by organization and planning for it before construction begins
> Critical path analysis is a systematic effort to identify relationships between mission-critical applications, processes, and operations and all the necessary supporting elements. For example, an online store relies on internet access, computer hardware, electricity, temperature control, storage facilities, and so on.
102
Designing secure work areas
> no equal access to all location within facility, areas with high-value assets require restricted access
> valuable and confidential assets should be located in the center of protection provided by a facility
> computer room need not be human compatible
103
Threats to physical access control
> Abuses of physical access control include propping open secured doors and bypassing locks or access control
> Masquerading, using someone else security ID to gain entry to a facility
> Piggybacking, following someone through a secured gate or doorway without being identified or authorized personally
104
Ways to handle visitors in secure facility
> escort is assigned to visitors and their access and activities are monitored closely
> Tracking actions, visitors log
105
What is media storage?
Room for securely store blank, reusable, and installation media
Concerns: theft, corruption, data remnant recovery
Protection: locked cabinets, assign custodian, check-in check-out process, media sanitization
Evidence Storage: used to retain logs, drive images, virtual machine snapshots, datasets for recovery, internal investigations and forensic investigation
Protection: same as media storage + isolated storage facilities, encryption, offline storage
106
Audit Trails and Access Logs
Audit trails and access logs are useful tools for managing for physical access control
Creation, may need to be created manually by security guards or may generated automatically with the right equipment (smartcards and certain proximity readers)
Monitoring, using CCTV, compare audit trails and access logs with visually recorded history of the events
107
Preparing for equipment failure
Equipment failure is a common cause of a loss of availability. When deciding on strategies to maintain availability, it is often important to understand the criticality of each asset and business process as well as the associated allowable interruption window (AIW), service delivery objective (SDO), and maximum tolerable downtime/outage (MTD/MTO)
Aging hardware should be scheduled for replacement and/or repair
108
Static Electricity Impact
40 V, Destruction of sensitive circuits and other electronic components
1,000 V, Scrambling of monitor displays
1,500 V, Destruction of data stored on hard drives
2,000 V, Abrupt system shutdown
4,000 V, Printer jam or component damage
17,000 V, Permanent circuit damage
109
What is proximity devices and reader?
A proximity device can be a passive device, a field-powered device, or a transponder. When it passes near a proximity reader, the reader device is able to determine who the bearer is and whether they have authorized access.
> passive proximity : no active electronics; it is just a small magnet with specific properties
> field-powered : has electronics that activate when the device enters the EM field that the reader generates, example, RFID
> transponder : self-powered and transmits a signal received by the reader
110
What is IDS?
Intrusion detection systems (IDSs) or burglar alarms are systems, automated or manual, designed to detect an attempted intrusion, breach, or attack; the use of an unauthorized entry point; or the occurrence of some specific event at an unauthorized or abnormal time.
111
What is shared responsibility?
is the security design principle indicating that organizations do not operate in isolation. It is because we participate in shared responsibility that we must research, implement, and manage engineering processes using secure design principles.
112
the difference between address space and memory space
Address space is how operating system keep track of memory given to each program.
Memory space is the actual physical memory from the heap .
Address space maps to the memory space, when program terminates, the memory space is released back to the heap.
Address space is virtual and also known as virtual memory.
Virtual memory gives an impression that the computer memory is large, but it keeps reusing memory space.
113
List Process states
various forms of execution in which a process may run
> Ready : process is ready to resume or begin processing as soon as it is scheduled for execution
> Running : is when a process executes on the CPU and keeps going until it finishes, its time slice expires, or it is blocked for some reason (usually because it has generated an interrupt for I/O)
> Waiting : when a process is ready for continued execution but is waiting for I/O to be serviced before it can continue processing. Once I/O is complete, then the process typically returns to the ready state, where it waits in the process queue to be assigned time again on the CPU for further processing.
> Supervisory : when the process must perform an action that requires privileges that are greater than the problem state's set of privileges, including modifying system configuration, installing device drivers, or modifying security settings. Basically, any function not occurring in the user mode (ring 3) or problem state takes place in the supervisory mode
> Stopped : When a process finishes or must be terminated (because an error occurs, a required resource is not available, or a resource request can't be met), it goes into a stopped state. At this point, the OS can recover all memory and other resources allocated to the process and reuse them for other processes as needed.
114
5 Common Memory Addressing Schemes
> Register Addressing , When the CPU needs information from one of its registers to complete an operation, it uses a register address (for example, “register 1”) to access its contents.
> Immediate Addressing, a way of referring to data that is supplied to the CPU as part of an instruction, CPU being told to no need to retrieve that value from a memory location, usually constant value, example command, adds 2 value to register 1
> Direct Addressing, CPU is provided with an actual address of the memory location to access. The address must be located on the same memory page as the instruction being executed. Direct addressing is more flexible than immediate addressing since the contents of the memory location can be changed more readily than reprogramming the immediate addressing's hard-coded data.
> Indirect Addressing, uses a scheme similar to direct addressing. However, the memory address supplied to the CPU as part of the instruction doesn't contain the actual value that the CPU is to use as an operand. Instead, the memory address contains another memory address. The CPU reads the indirect address to learn the address where the desired data resides and then retrieves the actual operand from that address.
> Base+Offset Addressing, uses a value stored in one of the CPU's registers or pointers as the base location from which to begin counting. The CPU then adds the offset supplied with the instruction to that base address and retrieves the operand from that computed memory location.
115
security issue on primary storage (memory)
memory data retention issues:
> cold boot attack : freezes memory chips to delay the decay of resident data when the system is turned off or the RAM is pulled out of the motherboard
> memory dump : can extract encryption key on memory
access control on multiuser issue
116
ensure emanation security
Many electrical devices emanate electrical signals or radiation that can be intercepted by unauthorized individuals. These signals may contain confidential, sensitive, or private data
The types of countermeasures and safeguards used to protect against emanation attacks are known as TEMPEST countermeasures
Van Eck phreaking : allows the electronic emanations that devices produce (known as Van Eck radiation) to be read from a distance
> Faraday Cage : a box, mobile room, or entire building designed with an external metal skin, often a wire mesh that fully surrounds an area on all sides. can be designed to block specific frequencies while allowing others—for example, blocking Wi-Fi while allowing walkie talkies and mobile phones.
> White Noise : broadcasting false traffic to mask and hide the presence of real emanations. White noise can consist of a real signal from another source that is not confidential
> Control Zone : implementation of both a Faraday cage and white noise generation to protect a specific area in an environment; A control zone can be a room, a floor, or an entire building.
> Shielding of cables (networking and otherwise) may be sufficient to reduce or block emanation access
117
List Large-scale parallel data systems
Systems designed to perform numerous calculations simultaneously include SMP, AMP, and MPP
- symmetric multiprocessing (SMP), single computer contains multiple processors that are treated equally and controlled by a single OS, processors share not only a common OS but also a common data bus and memory resources
- asymmetric multiprocessing (AMP), the processors are often operating independently of one another. Usually, each processor has its own OS and/or task instruction set, as well as a dedicated data bus and memory resources
- massive parallel processing (MPP), variation of AMP where numerous AMP systems are linked together in order to work on a single primary task across multiple processes in multiple linked systems
> Grid Computing : form of parallel distributed processing that loosely groups a significant number of processing nodes to work toward a specific processing goal. security concern with grid computing is that the content of each work packet is potentially exposed to the world. Many grid computing projects are open to the world, so there is no restriction on who can run the local processing application and participate in the grid's project
> Peer to Peer : are networking and distributed application solutions that share tasks and workloads among peers. This is similar to grid computing; the primary differences are that there is no central management system and the services are usually provided in real time rather than as a collection of computational power. example VoIP Service, Bittorrent
118
What is distributed systems?
also called distributed computing environment (DCE) is a collection of individual systems that work together to support a resource or provide a service. The primary security concern is the interconnectedness of the components.
119
What is blockchain?
a collection or ledger of records, transactions, operations, or other events that are verified using hashing, timestamps, and transaction data.
120
Data sovereignty Concepts
once information has been converted into a binary form and stored as digital files, it is subject to the laws of the country within which the storage device resides.
121
What is IoT and IIoT?
Internet of Things (IoT) is a class of devices that are internet-connected in order to provide automation, remote control, or AI processing to appliances or devices. The security issues related to IoT often relate to access and encryption.
Industrial Internet of Things (IIoT) is a derivative of IoT that focuses on industrial, engineering, manufacturing, or infrastructure level oversight, automation, management, and sensing. IIoT is an evolution of ICS and DCS that integrates cloud services to perform data collection, analysis, optimization, and automation.
122
What is specialized devices
Specialized equipment is anything designed for one specific purpose, to be used by a specific type of organization, or to perform a specific function. It may be considered a type of DCS, IoT, smart device, endpoint device, or edge computing system. Some common examples of specialized devices are medical equipment, smart vehicles, autonomous aircraft, and smart meters.
123
What is service-oriented architecture?
Service-oriented architecture (SOA) constructs new applications or functions out of existing but separate and distinct software services. The resulting application is often new; thus, its security issues are unknown, untested, and unprotected. A derivative of SOA is microservices.
124
What is microservice?
A microservice is simply one element, feature, capability, business logic, or function of a web application that can be called upon or used by other web applications. It is the conversion or transformation of a capability of one web application into a microservice that can be called upon by numerous other web applications. It allows large complex solutions to be broken into smaller self-contained functions.
125
What is Infrastructure as code (IaC) ?
Infrastructure as code (IaC) is a change in how hardware management is perceived and handled. Instead of seeing hardware configuration as a manual, direct hands-on, one-on-one administration hassle, it is viewed as just another collection of elements to be managed in the same way that software and code are managed under DevSecOps (development, security, and operations).
126
What is VM escaping?
VM escaping occurs when software within a guest OS is able to breach the isolation protection provided by the hypervisor in order to violate the container of other guest OSs or to infiltrate a host OS.
127
What is virtual software?
A virtual application or virtual software is a software product deployed in such a way that it is fooled into believing it is interacting with a full host OS. A virtual (or virtualized) application has been packaged or encapsulated so that it can execute but operate without full access to the host OS
128
What is virtual networking?
virtualized network or network virtualization is the combination of hardware and software networking components into a single integrated entity. The resulting solution allows for software control over all network functions: management, traffic shaping, address assignment, and so on.
129
What is Software-defined everything (SDx)?
Software-defined everything (SDx) refers to a trend of replacing hardware with software using virtualization. SDx includes virtualization, virtualized software, virtual networking, containerization, serverless architecture, infrastructure as code, SDN, VSAN, software-defined storage (SDS), VDI, VMI, SDV, and software-defined data center (SDDC).
130
What is VDI and VMI?
Virtual desktop infrastructure (VDI) is a means to reduce the security risk and performance requirements of end devices by hosting desktop/workstation OS virtual machines on central servers that are remotely accessed by users. Virtual mobile infrastructure (VMI) is where the OS of a mobile device is virtualized on a central server.
131
What is Software-defined visibility (SDV) ?
Software-defined visibility (SDV) is a framework to automate the processes of network monitoring and response. The goal is to enable the analysis of every packet and make deep intelligence-based decisions on forwarding, dropping, or otherwise responding to threats.
132
What is Software-defined data center (SDDC) ?
Software-defined data center (SDDC) or virtual data center (VDC) is the concept of replacing physical IT elements with solutions provided virtually, and often by an external third party, such as a cloud service provider (CSP).
133
What is Anything as a service (XaaS)?
Anything as a service (XaaS) is the catchall term to refer to any type of computing service or capability that can be provided to customers through or over a cloud solution. Examples are SECaaS, IPaaS, FaaS, ITaaS, and MaaS.
134
What is containerization?
is based on the concept of eliminating the duplication of OS elements in a virtual machine. Each application is placed into a container that includes only the actual resources needed to support the enclosed application, and the common or shared OS elements are then part of the hypervisor.
135
What is serverless architecture?
Serverless architecture is a cloud computing concept where code is managed by the customer and the platform (i.e., supporting hardware and software) or server is managed by the cloud service provider (CSP). There is always a physical server running the code, but this execution model allows the software designer/architect/programmer/developer to focus on the logic of their code and not have to be concerned about the parameters or limitations of a specific server. This is also known as function as a service (FaaS).
136
What is embedded systems?
is typically designed around a limited set of specific functions in relation to the larger product to which it is attached.
137
What is microcontroller?
is similar to but less complex than a system on a chip (SoC). A microcontroller may be a component of an SoC. A microcontroller is a small computer consisting of a CPU (with one or more cores), memory, various input/output capabilities, RAM, and often nonvolatile storage in the form of flash or ROM/PROM/EEPROM. Examples include Raspberry Pi, Arduino, and FPGA.
138
What is static systems/environments?
Static systems/environments are applications, OSs, hardware sets, or networks that are configured for a specific need, capability, or function, and then set to remain unaltered.
139
What is network-enabled devices?
Network-enabled devices are any type of portable or nonportable device that has native network capabilities. Network-enabled devices may be embedded systems or used to create embedded systems. Network-enabled devices are also often static systems.
140
What is cyber-physical systems
Cyber-physical systems refer to devices that offer a computational means to control something in the physical world. In the past these might have been referred to as embedded systems, but the category of cyber-physical seems to focus more on the physical world results rather than the computational aspects.
141
security concerns on embedded systems and static environment
Static environments, embedded systems, network-enabled devices, cyber-physical systems, HPC systems, edge computing devices, fog computing devices, mobile devices, and other limited or single-purpose computing environments need security management. These techniques may include network segmentation, security layers, application firewalls, manual updates, firmware version control, wrappers, and control redundancy and diversity.
142
What is High-performance computing (HPC)?
systems are computing platforms designed to perform complex calculations or data manipulations at extremely high speeds. Supercomputers and MPP solutions are common examples of HPC systems.
143
What is RTOS (real-time operating system) ?
is designed to process or handle data as it arrives on the system with minimal latency or delay. An RTOS is usually stored on read-only memory (ROM) and is designed to operate in a hard real-time or soft real-time condition.
144
What is edge computing?
Edge computing is a philosophy of network design where data and the compute resources are located as close as possible in order to optimize bandwidth use while minimizing latency. In edge computing, the intelligence and processing are contained within each device. Thus, rather than having to send data off to a master processing entity, each device can process its own data locally.
145
What is Fog computing?
is another example of advanced computation architectures, which is also often used as an element in an IIoT deployment. Fog computing relies upon sensors, IoT devices, or even edge computing devices to collect data, and then transfer it back to a central location for processing. Thus, intelligence and processing is centralized.
146
What is rootkits?
A rootkit is malware that embeds itself deep within an OS. The term is a derivative of the concept of rooting and a utility kit of hacking tools. Rooting is gaining total or full control over a system.
147
What is incremental attacks?
Some forms of attack occur in slow, gradual increments rather than through obvious or recognizable attempts to compromise system security or integrity. Two such forms of attack are data diddling and the salami attack.
148
What is attribute based access control (ABAC)?
where access to object is granted based on subject, objects AND environmental conditions
149
Common Criteria EAL Levels
EAL1 - Functionally Tested
EAL2 - Structurally Tested
EAL3 - Methodically tested and checked
EAL4 - Methodically designed, tested and reviewed
EAL5 - Semi-formally designed and tested
EAL6 - Semi-formally verified design and tested
EAL7 - Formally verified design and tested
150
What is Zachman Framework
Provide six framework: What, Where, Who, When, Why, and How (5W+1H) and mapping those framework to rules for: example, planner, owner, designer, builder
