Domain 3A - Security Architecture and Engineering Flashcards
what did TLS replace and where is it used
Transport Layer security (TLS) replaced SSL
its used for data in motion (HTTPS)
what is a security architecture
how we secure the components in an architecture
what does a enterprise security architecture do
its how we protect all the components of the enterprise, the people, processes, systems, networks etc.
3 major enterprise architectures
- Zachman
- sabsa (sherwood applied business security architecture) - defines a risk driven enterprise security architecture model
- TOGAF (The Open group Architecture Framework) - helps you break an organization into components so you can build security into each component
2 types of security models
Lattice based and rule based
describe lattice based security model
essentially means Layers
– define layer of confidentiality or integrity
– define rules as to what can be read or written the layers to maintain confidentially or integrity
attributes of lattice based security model Bell-LaPadula
- focused on maintaining confidentiality of information
- simple security property states – no read up
- start property states – no write down
- strong star property - if you are both reading and writing you can only do so at your own level
2 types of lattice (layer) based security models
- Bell-LaPadula
- Biba
describe attributes of lattice based security model Biba (inverse of Bell-LaPadula)
- focused on maintaining integrity of the information
- simple security property - no read down
- star property - no write up
describe attributes of Lipner implementation
- its not a security model, its an implementation
- its a way to get both confidentiality and integrity from both Bell-LaPadula and Biba
attributes of Clark Wilson rule based security model
- focus is on integrity
- (3) goals of integrity
— preventing unauthorized subjects from making changes
— preventing authorized subjects from making bad changes
— maintaining the consistency of the system - (3) rules to achieve the (3) goals
— must have well formed transactions
— must have separation of duties
— must have the access triple (subject, program and object)
attributes of Brewer-Nash rule based security model
- known as the Chinese wall model
- only goal is to prevent conflicts of interest
recognize these as rule based security models
- Graham-Denning
- Harrison-Ruzzo-Ullman — enhancement of Graham-Denning
name the 4 “rules based” security models
- Clark-Wilson
- Brewer-Nash
- Graham-Denning
- Harrison-Ruzzo-Ullman
name the most widely used security framework in the world
ISO 27001
name some attributes about ISO 27001
- best practice recommendations for an ISMS (information security management system)
- defines 114 controls
- 14 domains/categories
- best practices you should have in place for a well run security program!
– security governance, security policies, onboarding, asset management, asset control, cryptography, physical security, network security all the way to having a compliance function. - you can be ISO 27001 certified
attributes of ISO 27002
- code of practice for ISMS (information security management system) controls
- provide the implementation guide for the controls in 27001
- cant be certified for this, its just a guidance
attributes of NIST 800-53
provide guidelines for selecting and specifying security controls for organizations and information systems supporting the executive agencies of the federal government to meet the requirements of FIPS Publication 200, Minimum Security Requirements for Federal Information and Information Systems.
attributes for COSO (Committee of Sponsoring Organizations of the Treadway Commission)
- initiative in the US in the 1980s to combat corporate fraud
- focused on financial reporting controls, it does contain requirement for reasonable security
attributes of ITIL (The Information Technology Infrastructure Library)
- framework of best practices for delivering IT services and are aligned with business goals and objectives
- very useful for looking at IT process like change management, configuration management, access management, availability management etc.
attributes of HIPAA (Health Insurance Portability and Accountability Act)
- focused on safeguarding medical healthcare information
attributes of SOX (Sarbanes-Oxley Act)
- thanks to Enron and WorldCom for the US federal law
- requires top level management (CFO, CEO) to individual certify the accuracy of financial information
- if fraudulent activities are found, the penalty is much more severe
- financial records must have integrity and be available
what are the 7 steps of NIST 800-37 (RMF) - Risk Management Framework
- Prepare to execute the RMF
- Categorize information system
- Select security controls
- Implement security controls
- Assess security controls
- Authorize information systems
- Monitor
3 frameworks that you only need to know that they contain risk management components. no other details needed.
- ISO 31000
- COSO
- ISACA Risk IT
what are the two major steps in product evaluation criteria
- Certification
- Accreditation
Common criteria- what happens in the certification step
an independent lab evaluates a product and give it a rating
evaluation criteria systems
- TCSEC
- ITSEC
- Common Criteria
TCSEC attributes
- evaluate confidentiality
- evaluate a product that was not connected to a network - single box only
- 7 functional levels D1 (lowest) to A1 (highest)
- C2 is the most common rating for products
- B1 requires labeling
ITSEC evaluation attributes
- Replaced TCSec
- evaluates confidentiality and integrity
- can evaluate devices connected to a network
- can evaluate assurance ( how to test its working properly)
- Was replaced by common criteria ISO 15408
common criteria evaluation attributes
- adopted as sn international standard - ISO 15408)
- Evaluation criteria for IT security
- defines a protection profile (class of devices) - examples: firewalls, smartcards, switches
- target of evaluation(TOE) defines the product - the very specific product, model etc. example: cisco asa 5505-X
- security targets - document prepared by the product vendor that defines the functional and assurance properties and capabilities that the vendor claims are built into the target of evaluation
- the independent test lab will then test the functional and assurance requirements of the target of evaluation
- the end result will be an EAL(evaluation of assurance level) rating
what are the 7 common criteria EAL (evaluation of assurance level ratings
- EAL1 - functionally tested
- EAL2 - structurally tested
- EAL3 - methodically tested and checked
- EAL4 - methodically designed, tested and reviewed
- EAL5 - semi formally designed an tested
- EAL6 - semi formally verified designed and tested
- EAL7 - formally verified designed and tested
what is accrediation
official management approval and sign off for a set period of time to purchase and deploy a product in the organization
definition of TCB (trusted computing base)
TCB is the totality of protection mechanisms (people, processes and technology) within a system or architecture that work together to enforce a security policy
taxonomy in technology
organizing into categories and subcategories
what is a subject
an active entity - (people, processes) that want to access objects
define mediate (mediation) a subjects access to an object in RMC (TCB)
—mediation is anything that is controlling a subject access to an object–
examples are:
1. physical lock on a door controlling which people (subjects) can access the building (object)
2. windows login prompt, controlling if a user can access their computer
3. could be the system kernel, controlling which applications can access the network card
how are rules used in RMC
rules are created so that the mediation will make decisions based on (functional aspect of the control)
what does the assurance aspect tell you
if the process or product is working correctly
in the RMC how do we get the assurance aspect
logging and monitoring
what is an object
a passive entity, whatever is being accessed by the subject. examples: databases, word files, buildings and sometimes other processes
breakdown of the RMC
subject access an object, through some form of mediation, based on a set of rules and all of it is logged and monitored to provide assurance that it is working correctly
RMC (reference model concept) is a concept. what is it called when you implement the concept.
security kernel
where are security kernels used
wherever we need to control a subjects access to an object . the access is controlled with a security kernel
3 criteria for a security kernel
- completeness - subject not able to bypass the mediation (no backdoor)
- isolation - rules are tamper proof
- verifiability - logging and monitor to verify the mediation is working correctly (assurance)
4 steps of a CPU
- fetch instructions
- decode instructions
- execute instructions
- store the results
what is multitasking
running multiple complex applications simultaneously
2 major categories of storage
- primary - super fast, little storage and volatile (ram, cache etc.)
- secondary - slower, much more storage space ( solid state drives, CDs, DVDs, Tapes etc.)
firmware attributes
- stored on the hardware
- typically in non-volatile memory such as ROM (read only memory)
middleware attributes
- act like software glue
- acts as a translator between different incompatible applications, enabling interoperability and translating messages for incompatible applications
2 major methods to achieve process isolation
- memory segmentation - each application is given its own memory space
- Time Division Multiplexing (time slicing) - each process is given access to the resource for a specified time then handed to the next resource
Processor states
- Problem state - lower privileged level - most applications will run at this level. they do not have full access to the cpu capabilities but enough to run
- Supervisor state - higher privileged level - the kernel will run here, full access to CPUs capabilities
problem state meaning
its what CPUs are meant to do, solve problems. normal operating level for the CPU
2 common privilege levels that applications and processes code can run at
User mode - lower level, most applications will run here. User mode restricts what resources applications can have access to
Kernel mode - higher level - system kernel runs here. unrestricted access to underlying hardware.
ring protection model - another way of how access to system resources is restricted
Ring 0 - greatest privilege, system kernel, also firmware
Ring 3 - least privilege most applications will run
idea of data hiding is what
applications running at a lower privilege level are not aware of applications at a higher privilege level so they are simply hidden from the lower privilege levels
there is no security without physical security
true
TOCTOU (time of check time of use) attributes
- also known as (race conditions)
- application checks the state of resource before using it.
- an attacker attempts to race in and change a resource (file, variable or some data in memory) between when the resource is checked and used
- the defense for this is to increase the frequency of how often a check is performed to ensure access is appropriate. this reduces the window in time where an attacker can race in and do what they are not supposed to do
emanation attributes - what is it and what are some controls
- radio signals, electrical signals, light, sound, vibrations that radiate from a system and can be intercepted to eavesdrop and allow leakage of informatoin
—– counterattacks —– - shielding (tempest) designed to shield devices that emit electromagnetic radiation
- white noise – drowns out the weak emanations from a secured device
- control zones - place high value systems in a physical secured zone. only authorized individuals can get near high value systems
covert channels attributes
- unintentional communication path that unintentionally disclose confidential information
—– 2 Types —- - storage - most common –
- timing
———-counter attack———– - careful analysis of systems and processes to identify unintentional communication paths and design controls to prevent or mitigate
aggregation and inference details
- vulnerabilities that occur when you collect and centralize a lot of data in one location – data warehouse, data lakes
- unauthorized inference - someone might be able to infer or figure out something they are not supposed to
———–counterattack——=–
polyinstantiation - different versions of the same information or process can exist at different classification levels – copy of the same information with different meanings per authorization level
This use of mobile devices in the org causes some security risks -
- name some concerns
- Name some controls
- clearly defined polies regarding the acceptable use of mobile devices
- require that sensitive data not be stored on mobile devices or severely limited
- training to make sure employees follow acceptable use
—————–contols————- - mobile device connection back to the office should be encrypted to ensure protection of sensitive data in transit
- strong authentication
- whole drive encryption
- remote wipe
OWASP mobile top 10 – M1
improper platform usage - things like touch ID, face ID or keychain are not used properly
counterattack – secure coding and configuration management - use these good security features
OWASP mobile top 10 – insecure data storage
– PII is stored in insecure directories- data in these locations can be trivially accessed if an attacker gets physical access or attacker writes malware to copy the data and send to attacker
——counterattack——–
dont allow sensitive data on mobile device
OWASP mobile top 10 – M3
insecurity communication
- most mobile devices will communicate with a server across the insecure internet. any such data could potentially be intercepted.
————counterattack———-
1. encrypt with protocols like TSL
2. authenticate with server with certificates
OWASP mobile top 10 – M4
insecure authentication - an attacker figures out how a mobile application calls a backend server its connected to. once the attacker figures this out, they bypass the mobile app and send requests straight to the backend server, bypassing authentication mechanisms
—————–counterattack———-
perform authentication on the server side
OWASP mobile top 10 – M5
insufficient cryptography - mobile device that is using crappy encryption algorithms or algorithms that were poorly implemented
—————–counterattack————-
use good algorithms that will withstand the test of time and implement them properly
OWASP mobile top 10 – insecure authorization
- doing a poor job of authorization, potentially allow an attacker to bypass the authorization or grant themselves access they are not entitled to .
—————-counterattack———
1. authorization is performed by backend server and not the mobile device
2. server should verify mobile device requested access is appropriate to permitted access per user
OWASP mobile top 10 – M7
client code quality - software running on a mobile device that is vulnerable to common attacks like memory leaks and buffer overflows
————–counterattack————-
1. write more secure code
2. developers should be knowledgeable and trained
OWASP mobile top 10 – M8
code tampering - an attacker changing or adding new malicious code into a mobile application
——-counterattack——-
1. mobile applications should be able to detect if the code has been tampered with at runtime
OWASP mobile top 10 – M9
reverse engineering - an attacker carefully analyzing an app’s code to reveal information about backend servers reveal problems weaknesses with crypto etc.
——————counterattack————
use code obfuscation tools
OWASP mobile top 10 – M10
extraneous functionality - refers to an attacker carefully analyzing and application to find hidden functionality left behind by the developer. this hidden functionality will often allow the attack to have a backdoor into the application or backend servers
——————counterattack———–
make sure extraneous functionality is removed before an application is published by doing manual code review
cross site scripting (XSS) is what
- a malicious script is injected into trusted websites. a visitors browser will download and execute the attackers script, allowing the attacker to run code on victims machines
3 flavors of cross site scripting
- stored
- reflected - most common form
who is the target with cross site scripting
the client - the users browser
cross site request forgery (CSRF)
- an attacker forces or tricks a user into executing unwanted actions on a web application in which the user is currently authenticated. allowing an attacker to execute authorized commands on a server. –(very simplified explanation)
