Domain 3 Security Architecture and Engineering Flashcards
Security Models
Security models form the theoretical backbone of security architecture, providing a framework for implementing security policies and defining how a system enforces these policies. Understanding various security models is essential for designing and maintaining secure systems.
Security clearance
Security clearance is not a security model but a status granted to individuals, allowing them access to classified information or restricted areas within an organization.
Reading down
“Reading down” means a user with a higher security clearance can read data classified at a lower level
Writing up
“writing up” means a user can write data to a higher or equal security level.
Bell-LaPadula model
The Bell-LaPadula model is a confidentiality-centric security model that enforces the “no read up, no write down” principles using security labels and access control rules. The model helps to ensure that sensitive information is accessible only to users with appropriate security clearance.
Lattice-based access controls
Lattice-based access control (LBAC) is a security model representing user permissions and object classifications in a lattice structure. LBAC enforces the “least upper bound” and “greatest lower bound” rules to manage resource access based on user security clearances and object classifications.
The Biba Model
The Biba model and the Clark-
Wilson model are examples of integrity models. The Biba model enforces the “no write up, no read down” principles.
Clark-Wilson Model
The Biba model and the Clark-
Wilson model are examples of integrity models. The Clark-Wilson model enforces access controls and separation of duties to ensure data integrity.
Chinese Wall model
The Chinese Wall model, the Brewer-Nash model, is designed to prevent conflicts of interest in commercial environments. This model restricts access to sensitive information based on a user’s prior access to related data. The model helps to maintain data confidentiality and prevent the misuse of insider information.
Access control matrix
An access control matrix is a table that represents the relationships between subjects (users or processes) and objects (resources). Each cell in the matrix contains a subject’s permissions over an object. This model is useful for visualizing and managing access control policies but can be inefficient for large systems.
System Security Architecture
System security architecture is a comprehensive approach to designing and implementing secure systems that align with industry best practices and comply with relevant standards, such as ISO 27001 and NIST frameworks. It involves strategically integrating hardware, software, and policies to protect against potential threats.
Secure boot process
This ensures the system boots securely using trusted hardware and software components. It verifies the integrity of the booting process, preventing unauthorized or malicious code from executing during startup.
Trusted computing base (TCB)
TCB comprises the hardware, firmware, and software components forming a system’s trusted foundation. It’s the core of the system’s security and is responsible for enforcing security policies and maintaining its integrity.
Security perimeter
This is the boundary between the TCB and the rest of the system, where robust security controls should be in place. It acts as a barrier, controlling access and protecting the core components from potential threats.
Cryptography
Cryptography is vital in ensuring data confidentiality, integrity, and authenticity. It’s the science of encoding and decoding information to protect it from unauthorized access.
Symmetric cryptography
Symmetric cryptography uses the same key for both encryption (converting plaintext into unreadable text) and decryption (converting unreadable text back into plaintext).
Asymmetric cryptography
Asymmetric cryptography, or public key cryptography, uses two different keys: a public key for encryption and a corresponding private key for decryption.
Hash functions
Hash functions take an input (or “message”) and return a fixed-size string, which appears random. The same input will always produce the same output, but even a small change in the input produces a significant change in the output.
Digital signatures
Digital signatures use cryptographic techniques to verify the authenticity of digital documents or messages, ensuring that the content has not been altered.
Symmetric Encryption:
AES, DES, 3DES
Advanced encryption Standard (AES), known for strong security and performance.
Common Usage:
File encryption, Wi-Fi security (WPA2)
Data encryption Standard (DES), now considered less secure due to shorter key length.
Common Usage:
Legacy systems, replaced by AES
Triple DES (3DES), an enhancement of DES with increased security.
Common Usage:
Financial services, secure data transmission
Asymmetric Encryption:
RAS, ECC
RAS Uses two different keys for encryption and decryption, widely used in digital signatures
Common Usage:
Secure email, SSL/TLS certificates
Elliptic curve cryptography (ECC), known for strong security with shorter key lengths
Common Usage:
Mobile devices, smart cards
Hash Functions
SHA-256, MD5, SHA-1
SHA-256 is Part of the Sha-2 family, widely used for data integrity verification
Common Usage:
File integrity checks, digital signatures
Message Digest algorithm 5 (MD5), now considered less secure due to vulnerabilities
Common Usage:
Legacy systems, replaced by SHA-256
SHA-1 Predecessor to Sha-2, also considered less secure now.
Common Usage:
Legacy systems, replaced by SHA-256
Digital Signatures (DSA)
Digital Signature algorithm, used to verify the authenticity of digital documents or messages.
Common Usage:
Document signing, code signing
Network Security
Adequate network security involves implementing layers of protection to defend against potential threats. This multifaceted approach ensures that if one defense line fails, others are in place to thwart an attack.
Firewalls
Devices that control traffic between networks based on predefined rules. They act as barriers between trusted and untrusted networks, such as an internal corporate network and the Internet.
Intrusion detection systems (IDS) and intrusion prevention systems (IPS)
Monitor network traffic and detect or prevent potential attacks. IDS alerts administrators of suspicious activities, while IPS takes active measures to mitigate threats.
Virtual Private Networks (VPNs)
Secure communication channels that use encryption to protect data transmitted over the Internet. VPNs allow users to send and receive data as if their devices were directly connected to a private network.
Secure Socket Layer (SSL) and Transport Layer Security (TLS)
Protocols used to secure communications between client and server systems. They encrypt the data transmitted, ensuring confidentiality and integrity.
Network Protocols
Protocol => USE => Secure (Yes/No)
HTTP => Web browsing => No
HTTPS => Secure Web browsing => Yes
FTP => File transfer => No
SFTP => Secure File transfer => Yes
SNMP => Network management => No
SNMPv3 => Secure Network Management => YES
POP3 => Email retrieval => No
IMAP => Email retrieval with multiple device support => No
IMAPS => Secure email retrieval => Yes
SMTP => sending Email => No
SMTPS => Secure email sending => Yes
DNS => Domain name resolution => No
DNSSEC => Secure Domain Name Solution => Yes
Secure System Design Concepts
Secure system design is a critical component of Security Architecture and Engineering. It aims to create systems that are resilient to attacks and maintain their functionality even in adverse conditions.
Layering
A design principle organizes system components into separate, hierarchical layers. Each layer performs specific functions and interacts only with its adjacent layers. This approach enables better separation of concerns, limits the attack surface, and simplifies the management and maintenance of systems.
Abstraction
Abstraction is a design concept that simplifies complex systems by hiding the details of lower-level components and providing a higher-level, more user-friendly interface. This approach allows developers and administrators to focus on the relevant aspects of a system while reducing complexity and potential vulnerabilities.
Security domains
A security domain is a collection of resources that share a common security policy and are controlled by a single authority. Dividing systems into security domains helps enforce security policies and manage access controls more effectively. Security domains are often represented by trust boundaries, which define the level of trust between different domains and the rules governing data flow between them.
The ring model
The ring model is a security architecture that organizes system components into hierarchical protection rings, each representing a different privilege level. The most privileged components, such as the operating system kernel, reside in the innermost ring (Ring 0). As the ring number increases, the level of privilege decreases. This model ensures that more sensitive components have higher levels of protection and limits the potential damage caused by security breaches.
Open and closed systems
Open systems follow widely accepted standards and protocols, making it easier for components to interoperate with other systems. These systems often promote collaboration and innovation but may be more susceptible to security threats due to their transparency. On the other hand, closed systems use proprietary protocols and technologies, making it more difficult for external entities to interact with or compromise the system. While closed systems offer increased security, they can limit interoperability and hinder collaboration.
Threat modeling
Threat modeling is a systematic process of identifying, prioritizing, and addressing potential threats and vulnerabilities in a system. It helps organizations proactively mitigate risks and improve the security posture of their systems.
Least privilege
The principle of least privilege states that users, processes, and systems should have the minimum access rights necessary to perform their tasks. This approach limits the potential damage caused by security breaches and reduces the attack surface.
Defense in depth
Defense in depth is a security strategy that employs multiple layers of protection to defend against potential threats. By implementing diverse security controls at various levels of a system, this approach ensures that even if one layer is compromised, other layers can still provide protection.
Secure defaults
Secure defaults is a design principle that ensures systems are configured with secure settings by default. This approach reduces the likelihood of misconfigurations, which can lead to security vulnerabilities.
Fail securely
Failing securely means that when a system encounters an error or failure, it should maintain its security posture and not expose sensitive data or resources. This approach helps to prevent data leaks and unauthorized access in case of system failures.
Separation of duties (SoD)
Separation of duties is a principle that divides critical tasks among multiple individuals to prevent fraud and misuse of access privileges. By requiring more than one person to perform sensitive actions, SoD helps to ensure accountability and maintain data integrity.
Keep it simple
The principle of simplicity emphasizes that systems should be designed with as little complexity as possible. Simpler systems are easier to manage, maintain, and secure, as they have fewer potential vulnerabilities and are less prone to errors.
Zero Trust
Zero Trust is a security model that assumes all users, devices, and networks are untrustworthy by default. This model enforces strict access controls and continuous monitoring, requiring users to verify their identities and permissions for every access request.
Privacy by design
Privacy by design is a framework that promotes the integration of privacy considerations into the design and development of systems and processes. This approach ensures that privacy is an integral part of a system’s architecture rather than an afterthought.
Trust but verify
Trust but verify is a security principle emphasizing the importance of validation and verification, even when dealing with trusted entities. By continuously monitoring and verifying the actions of users and systems, organizations can detect potential security issues and maintain a strong security posture.
Shared responsibility
The shared responsibility model highlights the need for collaboration between stakeholders, such as service providers and customers, to ensure system security. All parties must implement and maintain security controls and practices in this model.
Overview of Different Computing Systems
A diverse range of computing systems exist, each designed to serve specific purposes and meet unique requirements. Understanding these computing systems is essential for security professionals as they design and implement secure solutions across various environments.
Client-based systems
These are computing devices, such as desktops, laptops, or smartphones, that users interact with directly. They typically run end-user applications and rely on server-based systems for centralized data storage and processing.
Server-based systems
Provide resources and services to client-based systems, such as file storage, application hosting, or data processing. They are often more powerful and have higher availability than client-based systems.
Database systems
Database systems store, manage, and retrieve structured data. They support various data models, such as relational, NoSQL, or graph databases, and provide mechanisms for ensuring data consistency, integrity, and security.
Cryptographic systems
These systems use cryptographic techniques, such as encryption, decryption, and digital signatures, to protect the confidentiality, integrity, and authenticity of data and communications.
Industrial control systems (ICS)
ICS are used to monitor and control industrial processes, such as manufacturing, power generation, or water treatment. They include Supervisory Control and Data Acquisition (SCADA) systems and Distributed Control Systems (DCS).
Cloud-based systems
Cloud-based systems offer computing resources and services over the Internet. Examples include Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS), which allow users to access applications, infrastructure, or development platforms on a subscription basis.
Distributed systems
These systems consist of multiple computing nodes that collaborate to achieve a common goal, such as processing large datasets or providing high availability. Examples include peer-to-
peer networks, distributed databases, and blockchain systems.
Internet of Things (IoT)
IoT refers to the network of interconnected devices that collect and exchange data, often using sensors and actuators. These devices can range from smart home appliances to industrial equipment and wearables.
Microservices
Microservices is an architectural pattern that breaks down applications into small, loosely coupled, and independently deployable services. This approach enables greater flexibility, scalability, and resilience than monolithic architectures.
Containerization
Containerization is a virtualization method that packages applications and their dependencies into lightweight, portable containers. This approach allows faster deployment, improved resource efficiency, and greater application portability.
Serverless
Serverless computing is a cloud-based execution model that automatically manages and scales the underlying infrastructure, allowing developers to focus on application logic rather than server management.
Embedded systems
Embedded systems are specialized computing devices designed for a specific purpose, such as automotive control systems or smart appliances. They typically have limited resources and are optimized for their specific function.
High-performance computing (HPC) systems
HPC systems are designed for processing complex and resource-intensive tasks, such as simulations, data analysis, or artificial intelligence. They often use parallel processing techniques and specialized hardware for high computational performance.
Edge computing systems
Edge computing is a distributed computing paradigm that brings processing capabilities closer to the data sources, reducing latency and bandwidth consumption. This approach is beneficial for IoT and real-time applications.
Virtualized systems
Virtualization allows multiple virtual machines (VMs) to run on a single physical host, sharing hardware resources. This approach improves resource utilization, reduces costs, and enables greater flexibility in managing and scaling computing environments.
Chapter 5 Security architecture and engineering
Infrastructure as a Service (IaaS)
Infrastructure as a Service (IaaS) provides virtualized computing resources over the Internet. For example, Amazon EC2 allows businesses to run virtual servers and scale computing power based on needs. Users are responsible for managing the OS, applications, and data, offering flexibility but requiring a robust understanding of the underlying components.
Platform as a Service (PaaS)
Platform as a Service (PaaS) takes this a step further by providing a platform for developers to build applications without worrying about the underlying infrastructure. For instance, Microsoft Azure’s App Service offers a fully managed platform for building, deploying, and scaling web apps, abstracting the complexities and allowing developers to focus on creating applications.
Software as a Service (SaaS)
Software as a Service (SaaS) represents the most user-
friendly model, delivering software applications over the Internet. Google Workspace, for example, provides access to productivity tools like Gmail, Docs, and Drive, all hosted and maintained by Google, making it an attractive option for end users without technical expertise.
Public clouds
These are owned and operated by third-
party providers and deliver resources over the Internet. Amazon Web Services (AWS) offers a wide range of cloud services publicly, available to anyone who wants to purchase them, offering scalability and flexibility.
Private clouds
These are used exclusively by one organization. A large corporation might have its private cloud to ensure control and compliance with specific regulations. This model provides more control and is suitable for organizations with stringent security requirements.
Hybrid clouds
These combine public and private clouds, allowing data and applications to be shared between them. A healthcare provider might use a private cloud for sensitive patient data and a public cloud for nonsensitive administrative information, offering greater flexibility and optimization of existing infrastructure.
Community clouds
These are shared by several organizations with common concerns. Several government agencies might share a community cloud to collaborate on joint projects while maintaining regulatory compliance. This collaborative approach allows multiple entities to benefit from shared resources while maintaining aligned goals and requirements.
Cryptographic life cycle
The cryptographic life cycle includes the generation, distribution, usage, storage, and disposal of cryptographic keys. Proper management of the cryptographic life cycle helps ensure the security and integrity of encrypted data and communications.
Cryptographic methods
Cryptographic methods include symmetric (e.g., AES), asymmetric (e.g., RSA), elliptic curve cryptography, and emerging quantum-
resistant algorithms. Each method has its strengths, weaknesses, and use cases.
Public key infrastructure (PKI)
PKI is a framework that enables the secure distribution and management of digital certificates and public keys. It provides a trusted environment for establishing secure communication and verifying identities.
Key management practices
Key management practices involve securely generating, distributing, storing, using, and disposing of cryptographic keys. Proper key management is essential for maintaining the security of encrypted data and preventing unauthorized access.
Digital signatures and certificates
Digital signatures use public key cryptography to authenticate the sender and ensure data integrity. Digital certificates issued by a certificate authority (CA) bind a public key to an entity’s identity, enabling secure communication and identity verification.
Non-repudiation
Non-repudiation ensures that a sender cannot deny having sent a message or performed an action. Cryptographic techniques, such as digital signatures, provide non-repudiation by authenticating the sender and verifying data integrity.
Integrity (e.g., hashing)
Cryptographic hashing algorithms, such as SHA-256, maintain data integrity by creating a unique, fixed-size output (hash) from an input. A small change in the input data results in a significantly different hash, making it easy to detect alterations.
Brute force
Brute-force attacks involve systematically attempting all possible combinations of keys or passwords until the correct one is found. These attacks can be resource-intensive but may succeed when weak encryption or passwords are used.
Ciphertext only
In ciphertext-only attacks, an attacker attempts to decrypt a message using only the ciphertext without knowing the plaintext or encryption key.
Known plaintext
In known plaintext attacks, the attacker possesses both the ciphertext and corresponding plaintext, which can be used to deduce the encryption key or reveal weaknesses in the encryption algorithm.
Frequency analysis
Frequency analysis is a cryptanalysis technique that exploits the frequency of letters or patterns in the encrypted text to deduce the underlying plaintext or encryption key.
Chosen ciphertext
In chosen ciphertext attacks, the attacker can choose ciphertexts and obtain their corresponding plaintexts, which can reveal weaknesses in the encryption scheme or deduce the encryption key.
Implementation attacks
Implementation attacks: These attacks exploit weaknesses in how cryptographic algorithms or protocols are implemented in software or hardware rather than targeting the algorithms.
Side channel
Side-channel attacks exploit information leaked through unintended channels, such as power consumption, electromagnetic emissions, or timing, to deduce sensitive data like encryption keys.
Fault injection
Fault injection: These attacks intentionally induce errors in a system to exploit its behavior and reveal sensitive information or bypass security controls.
Timing
Timing attacks exploit the time it takes for a system to perform cryptographic operations, allowing attackers to deduce sensitive information, such as encryption keys.
Man-in-the-middle (MITM)
MITM attacks involve an attacker intercepting and potentially altering communications between two parties, allowing the attacker to eavesdrop or impersonate one of the parties.
Pass the hash
These attacks exploit weaknesses in authentication protocols, allowing an attacker to use a stolen password hash to authenticate as a user without knowing the actual password.
Kerberos exploitation
Kerberos exploitation: Exploitation attacks target the Kerberos authentication protocol, aiming to obtain or forge authentication tickets to gain unauthorized access to resources.
Ransomware
Ransomware: This is a malware that encrypts a victim’s files or systems, demanding a ransom payment for the decryption key. This attack can have severe consequences like data loss or business disruption.
Wiring closets/intermediate distribution facilities
Wiring closets and intermediate distribution facilities house telecommunications and networking equipment. They should be secured to prevent unauthorized access and tampering and maintain the integrity and availability of the network infrastructure.
Server rooms/data centers
Server rooms and data centers house critical computing and storage resources. These facilities should be designed with strict access controls, redundancy, and environmental controls to ensure the continuous operation and security of the housed systems.
Media storage facilities
Media storage facilities store sensitive data on physical media, such as tapes or hard drives. They should be secured against unauthorized access, theft, and environmental hazards like fire, water damage, or electromagnetic interference.
Evidence storage
Evidence storage facilities store physical evidence related to investigations or legal proceedings. They should be designed to maintain the stored evidence’s integrity and chain of custody and protect against unauthorized access and tampering.
Restricted and work area security
Restricted and work areas should have appropriate access controls, such as badge readers or biometric authentication, to ensure that only authorized personnel can access sensitive spaces and resources.
Utilities and heating, ventilation, and air conditioning (HVAC)
Utilities and HVAC systems should be designed to maintain the proper environmental conditions for the equipment and personnel. This includes temperature, humidity, air quality control, and ensuring essential services like power and water availability.
Environmental issues
Environmental issues, such as natural disasters, pollution, or climate change, can significantly impact the security and availability of facilities and systems. Organizations should assess and mitigate these risks through planning, design, and operational measures.
Fire prevention, detection, and suppression
Fire prevention, detection, and suppression systems should be in place to minimize the risk of fire damage to facilities and equipment. This includes using fire-resistant materials, fire detection systems, and appropriate fire suppression systems, such as sprinklers or clean agent systems.
Power (e.g., redundant, backup)
Power systems should be designed to ensure the continuous availability of critical systems. This includes redundant power sources, uninterruptible power supplies (UPS), and backup generators to maintain power during outages or other disruptions.
Risk assessment and planning
A thorough assessment helps organizations identify potential threats and vulnerabilities in their site and facility design. This information can be used to develop a comprehensive security plan that addresses identified risks and implements appropriate security measures.
Layered security
Layered security: Implementing a layered security approach ensures multiple security measures are in place to protect assets and personnel. This can include perimeter security, access controls, surveillance systems, and intrusion detection systems, which provide a robust and comprehensive security solution.
Secure access control
Secure access control: Access control measures, such as card readers, biometric authentication, and security guards, should be implemented to restrict access to sensitive areas and resources. These controls help prevent unauthorized access and maintain the security of the site and facility.
Surveillance and monitoring
Surveillance and monitoring: Installing surveillance systems, such as CCTV cameras and intrusion detection systems, can help monitor and detect unauthorized access, theft, or vandalism. Monitoring systems should be strategically placed to cover critical areas and entry points, providing a clear view of the facility’s premises.
Environmental controls
Environmental controls, such as HVAC systems, fire detection and suppression systems, and backup power systems, should be implemented to maintain a safe and secure environment for personnel and equipment. These controls help ensure the continuous operation of critical systems and protect sensitive data from environmental hazards.
Segregation of duties and restricted areas
Segregation of duties and restricted areas can help prevent unauthorized access to sensitive information or resources. By separating responsibilities and access to sensitive areas, organizations can minimize the risk of insider threats and maintain the security of their assets.
Physical security measures
Implementing physical security measures, such as barriers, gates, locks, and lighting, can help deter unauthorized access and protect the site and facility from external threats. These measures should complement other security controls, providing a comprehensive security solution.
