Domain 3B - Security Architecture and Engineering Flashcards
number one overarching primary goal of physical security is?
safety of people, people are the most valuable asset of an organization
what are the 5 pieces to physical security
- deter
- delay
- detect
- assess
- respond
deter control explain
- discourage things like trespassing, property damage, theft and intrusion with signage and other environmental design of a building and the land around it
delay control explain
- delay an attacker from gaining unauthorized access
example: locks delay and attacker from gaining unauthorized access
detective control explain
- detect if a risk has occurred
example: CCTV
assess controls
- used to determine the method of attack and the target
respond controls
- take appropriate action to remediate the risk
what is the best way to secure a perimeter
- minimize the number of entrances and exits
landscape - what role does this play in physical security
- part of perimeter control
- foliage should be maintained to provide clear sight lines for cameras and that would-be attacker cant just climb up a tree and into the building
physical security grading (perimeter) explain
- part of perimeter control
- the ground should slope down and away from the building so if there was a flood you are not part of the flood
passive infrared devices - what must happen if ambient air temp changes
- they must automatically recalibrate themselves
lighting does what
- helps deter crime
- important to safety of people
2 major types of card reader systems
- contact
- contactless
contact card reader
- employee must swipe their card through the reader for older magnetic readers
contactless card reader
- employee only need to hold their card near the rfid (radio frequency identification system) reader
social engineering attack on doors is called what
- tailgating
- piggybacking
- - an intruder follows and authorized person through the door after they have unlocked it
what are preventions for tailgating and piggybacking
- mantraps
- turnstiles
explain mantrap
- it involves 2 doors
- you must unlock the fist door, and walk into a small space, close the door behind you, then can you unlock the second door
should locks ever be used as a single line of defense
no, locks are delay only and should only be part of a layered defense
sensors to help monitor if a window has been broken
- shock - detects a small shock wave when a window breaks
- glass break sensors - essentially microphones listening for specific frequencies of sound when glass breaks
what is skimming
an attacker uses an electronic device to steal card information from valid transaction.
example: install an small electronic device attacked to an ATM machine to record debit card numbers.
what are two devices used to provide a consistent supply of clean power
- UPS
- Generator
what is a black out
no power for a long period of time
what is a brownout
prolonged low voltage
what is a power fault
short loss of power
what is a power surge
prolonged high voltage
what is a power spike
temporary high voltage
what is a sag and a dip
temporary low voltage
4 goals of cryptography and its mnemonic
P.A.I.N
- Privacy (confidentiality)
- authenticity
- integrity
- non-repudiation
class A fire –
- what is it
- what puts it out
- common fire (ash)
- water, soda, acid
class B fire –
- what is it
- what puts it out
- Liquid (boil)
- Gas (halon, C02 etc.) and soda acid
class C fire –
- what is it
- what puts it out
- electrical (conductive)
- any gas (C02, Halon etc.)
class D fire –
- what is it
- what puts it out
- metal
- dry powder
humidity in data centers
- if its too dry what do you get
- if its too humid what do you get
- static electricity
- condensation
explain positive pressurization when it comes to HVAC units in data centers
nice clean filtered air is blown into the data center slightly above ambient temperature, positively pressurizing the data center
why do you want positive pressurization
if there are any cracks in the data center. the clean air is blowing out rather than dirty (outside) air blowing into the data center
why do you want positive pressurization
if there are any cracks in the data center or someone opens an door, the clean air (HVAC) is blowing out rather than dirty (outside) air blowing into the data center
whenever we implement controls we want what combination if possible
- preventive
- detective
- corrective
fire detection - 3 main types are
- flame detectors
- smoke detectors
- heat detectors
flame detectors do what
detect the infrared and ultraviolet light created by flames - essentially video cameras
smoke detection why use them and what are the two main types and when to use each type
- one of the best ways to detect fire as early as possible
- ionization - respond more quickly to flaming or fast fires
- photoelectric - (called optical detectors) respond quickly to smoldering fires
define heat sensors
- thermal sensors
- temp sensors, monitoring for rapid rise in temperature
- what is the earliest fire detection
smoke detection (smoke before fire)
- what is the most concerning fire
- what detection system do we use for it
- flaming or fast fires
- ionization detection
two major types of fires suppressions systems
- water based - office spaces , motels etc.
- gas based - cost justified in data centers
4 types of water based suppression systems
- wet
- dry
- pre-action
- deluge
wet pipe system attributes
- cheapest
- pressurized water at all time
- cant be used where it can freeze
- eventually will have leaks
dry pipe system attributes
- look identical to wet pipe systems
- pressurized with gas so they can be used where it can freeze
- water is only realized when triggered
- closed sprinkler head
deluge attributes
- similar to dry pipe
- sprinkler heads are open
- larger sprinkler heads
- pipes are not pressurized
- water held back by deluge valve
4 types of gas-based fire suppression systems
- Inergen
- Argonite
- FM-200
- Aero-K - supposedly safe for servers and people
why is halon no longer used at a gas-based fires suppression
- ozone depleting
- turns to toxic gas at 900F
- like many gas-based fires suppression, it removes oxygen = bad for human life
why is C02 fire suppression preferred in data centers
- non-corrosive
- it does not leave residue
- will not damage equipment
- doesn’t conduct electricity
5 if you do not use too much, its not harmful to humans
social engineering - cryptographic attacks is what
going after the weakest link - people
birthday attacks - cryptographic attacks
finding collisions in hashing
rainbow tables - cryptographic attacks
how do you defeat rainbow tables
- a giant database of most common passwords and their associated hash values
- salting the password before hashing
dictionary attack - cryptographic attacks
- a form of brute force
- dictionary attack try the most likely combinations first
- can be more efficient and faster than brute force
radiation emissions - cryptographic attacks
a side channel attack - the electromagnetic waves that are emanated are closely monitored
timing attack - cryptographic attacks
- measure how long certain operations take
power attack - cryptographic attacks
- measure how much power is consumed during certain calculations
side channel attack explain - cryptographic attacks
- any attack where sensitive information is gathered by carefully monitoring a system that is performing some cryptographic tasks
implementation attack - cryptographic attacks
- target weaknesses in how an algorithm, cryptosystem, protocol or application has been implemented.
example: WEP (wired equivalency protocol) does a terrible job of implementing rc4 encryption algorithm.
IV (initialization vectors) too short, a portion is static among other issues
temporary files attack - cryptographic attacks
- temporary files my not be sufficiently secured.
- in a temporary file attack the attacker gains access to the sensitive plaintext or encryption keys by accessing encrypted and decrypted temp files
replay attack attributes - cryptographic attacks
- a form to man-in-the-middle
- attacker eavesdrops and intercepts data being
sent - they not necessary can decipher the data. they replay it, resend it later on in an attempt to use that information to their advantage
example: intercepting a users hashed password being sent to a server to authenticate the user. the attacker could resend that hash of a users password later on to gain unauthorized access
man-in-the-middle - cryptographic attacks
- attacker places themselves in the middle of a conversation, allowing them to eavesdrop on the communication
- possibly alter communications or decipher them
factoring (cryptanalytic) -what algorithm would this be used against?
RSA
chosen ciphertext - (cryptanalytic)
- the attacker has access to the machine or algorithm that is performing the encryption and decryption
- the attacker is choosing what ciphertext to feed into the algorithm then looking at the resultant plaintext to try and deduce the key
chosen plaintext - (cryptanalytic)
- the attacker has access to the machine or algorithm that is performing the encryption and decryption
- the attacker is choosing what plaintext to feed into the algorithm then looking at the resultant ciphertext to try and deduce the key
known plaintext attack - (cryptanalytic)
- attacker has access to both ciphertext and plaintext
- bad - they can now use this information to deduce the key to decrypt all messages or forge new message
ciphertext only attack - (cryptanalytic)
- the cryptanalysis only has the ciphertext to deduce the key
- very difficult
brute force attack attributes - (cryptanalytic)
- brute force will not be possible on algorithms that use 128 bit or more, especially 256 bit
- key space doubles every time the key length is increased by 1 bit
- this becomes and insurmountable problem
the primary goal of cryptanalytic attack is
- deduce the key
- find the crypto variable (the key) that can be used to decrypt the ciphertext
2 major types of cryptanalysis
- cryptanalytic attacks
- cryptographic attacks
cryptanalysis definition
the process of decoding secrets and gaining access to encrypted messages and even forging new messages
what does zero trust security use as the control plane
the user identity as the new perimeter
secure design principles take from NIST 800-160
- secure defaults
- fail securely
- default configurations reflect a restrictive and conservative enforcement of security policy.
- components should fail in a state the denies rather than grants access
what has trust but verify pretty much been replaced by
zero trust model
explain trust but verify
- an older secure design principle that is being replaced by zero trust
- this depended on an initial authentication to gain access to an internal “secured” environment the relied on generic access control methods
- the “secure perimeter” was on the edge thought process
privacy by design principles
- Proactive not reactive, preventive not remedial
- Privacy as the default setting
3 Privacy embedded into Design - full functionality - positive-sum, not zero-sum
- End-to-End Security — Full Lifecycle Protection
- visibility and Transparency- Keep it Open
- Respect for User Privacy - Keep it User-Centric
privacy by design - what does
proactive not reactive, preventive not remedial mean
systems should be designed to prevent privacy risks from occurring in the first place, not just to respond to privacy lapses to that occur
privacy by design - what does
Privacy as the default setting mean
- systems should protect the privacy of individuals even if those individuals don’t action to raise the level of privacy.
- the default approach should be to protect privacy unless the user specifically does an action to reduce the level privacy
privacy by design - what does
Privacy embedded into Design mean
- privacy should be a primary design consideration, not a bolted on afterthought
- privacy is a core requirement of the system
privacy by design - what does
full functionality - positive-sum, not zero-sum mean
- privacy should not be treated as requiring trade offs to accomplish
- privacy by design seeks win-win situations, where privacy objectives are achieved alongside other objectives
privacy by design - what does
End-to-End Security — Full Lifecycle Protection mean
- security practices should persist throughout the entire information lifecycle
- information should be securely collected, retained and disposed of to preserve individual privacy
privacy by design - what does
visibility and Transparency- Keep it Open mean
- the component parts of systems preserving privacy by design should be open for inspection by users and providers
privacy by design - what does
Respect for User Privacy - Keep it User-Centric mean
- Privacy is about protecting personal information and personal information belongs to individual people empowering data subjects with user-friendly privacy practices
best-in-suite over best-in-bread solutions. how does this simplify security in-depth
- security suites will incorporate layers of intelligence that wok better together to secure your environment
- this simplicity also helps to avoid configuration mistakes
- your layers will be integrated better
- your overall solution is generally going to be smarter
- it does not mean you will only have one security vender, it means you will likely have fewer security vendors - your foundation might be MS, google, cisco, amazon - its not the vendor, its the concept
- this will allow the org to move forward incrementally rather than expecting perfection
- — when you try to find the best vendor at every layer, you spend a lot of time shopping, testing and vetting how well the different vendors work together adds work, time and complexity
what is IPSEC
- Internet protocol security
- its a secure network protocol suite that authenticates and encrypts packets of data to provide secure communication between two computers over an insecure media (like the internet).
- highly used in VPNs
where is asymmetric encryption widely used
- Transport Layer Security (TLS)
- Secure socket Layer (SSL)
- Hypertext Transfer Protocol Secure (HTTPS)
what are components of public key encryption
- plaintext
- cyphertext
- encryption algorithm
- decryption algorithm
- private key
- public key
what are two ways to create a key pair for PKI
- using a CA (certificate authority)
- self sign (certificate not signed by a CA)
what is the disadvantage of self signing your cert
- its not a trusted certificate
- the other end of the conversation will need to manually trust that cert
list some components of PKI
- certificate requestor
- certificate signing CA
- root CA
- certificate revocation list (CRL)
what is a collision in hashing
• when the hashing tool gets the same output from two or more different inputs
what is done with the root CA to keep it from being compromised
• root CA is kept offline
what does PKI stand for
• public key infrastructure
what two ways to find that status of a certificate (find if its good or bad)
- certificate revocation list - all CAs right to this list at certain intervals for updates - verify what certs are still good and what certs need to be cut out of their chain of trust
- OCSP (online certificate stat protocol) - faster but only shows the status not give details of the ticket as well as why it was revoked.
what does IETF stand for what what is it
- internet engineering task for
- the body that defines standard operating internet protocols such as tcp/ip
who supervises the IETF (internet engineering task force)
• IAB (Internet Architecture Board)
what IETF protocol is the standard for PKI digital certs
• X.509
what is RIR with IPs and what does it do
- regional internet registry
- manages the allocation and registration of internet number resources within the regions of the world
- internet number resources include IP address
what are the 5 regions of RIP
- AFRINIC (African network information center) -Africa
- ARIN (American Registry of internet numbers) - Antarctcia, canada, caribbean and unites stats
- APNIC (Asia-Pacific network information center - east asia, oceania, south asia, and southeast asia
- LACNIC (Latin America and Caribbean network information center) - most of caribbean and all of latin america
- RIPE NCC (Roseaux IP Europeen Network Coordination Centre) – Europe, central Asia, Russia and west Asia
what to know about a HASH
- one way function (not reversible)
- typically fixed length
- also called message digest
- provides encryption using an algorithm with no key
what happens during a TLS handshake
A. `Specify which version of TLS
B. Decide on which cipher suites they will use
C. Authenticate the identity of the server via the
server’s public key and the SSL certificate authority’s
digital signature
D. Generate session keys in order to use symmetric
encryption after the handshake is complete
explain all you see in this cipher suite
TLS_ECDHE_RSA_with_AES_128_GCM_SHA256
TLS_ECDHE_RSA_with_AES_128_GCM_SHA256
ECDHE - elliptic curve diffie-hellman ephemeral – key exchange
RSA – (Rivest–Shamir–Adleman) public key authentication mechanism - verify server is who they say they are by checking public key certificate to verify digital signature
AES – encryption cipher
128 – key size
GCM – mode of operations
SHA256 – hash
worm media is what
anything that is (write once, read many) Rdvd, Rcd, some tape drives, there is some media that has write protection applied
ensures the highest level of integrity and data security
IDEA encryption
A: International Data Encryption Algorithm
B: was intended as a replacement for DES
C: 64 bit cipher
D: 128 bit key
E. was patented so it was not commonly used because of added cost
we are using a cloud computing and have chosen to use IaaS. who is responsible for the database
A: the security team
B: the vendor
C: the customer
D: the network team
the answer is
C:
explain IaaS
A: infrastructure as a service
B: vendor provides infrastructure up the OS
C: customer adds the OS and up
MAC when talking about hashing means what
Message Authentication Code
what handles all access between objects and subjects in the computer kernel
reference monitor
what would we use Distributed control systems (DSC)j for?
computerized control system for a process or plant
what can we use digital signatures to provide
A: none repudiation
B: integrity
NSA wanted to embed the clipper chip on all motherboards. which encryption algorithm did the chip use?
A: skipjack
B: 3DES
C: DSA
D: RSA
the answer is
A:
The clipper chip was created by the NSA for what
A: promoted as an encryption device that secured voice and data messages
B: it had a built-in backdoor
C: used skipjack - a block cipher
which of these symmetric encryption types are no longer considered secured and should not be considered to use
A: twofish
B: AES
C: RC4
D: 3DES K1
the answer is
C:
what is nonce
an arbitrary number used only once in a cryptographic communication. It is often a random or pseudo-random number issued in an authentication protocol to ensure that old communications cannot be reused in replay attacks
name some asymmetric key algorithms
RSA, Diffie-Hellman, El Gamal, Merkle-Hellman (trapdoor) Knapsack, Elliptic Curve
name some symmetric key algorithms
Data encryption standard (DES), Triple DES, Advanced Encryption Standard (AES), International Data Encryption Algorithm (IDEA), Rivest Cipher 5, (RC5)
how do you create a message digest
by using a way-way hashing function
is sha-1 a valid hashing function
Sha-1 is considered obsolete and should be replaced with sha-3
3 digest algorithms
MD5, sha-w,sha-256, sha-384, sha-512
what does digital signature do
a simple way to verify the authenticity and integrity of a message
3 digital signature algorithms according to Federal Information Processing Standard (FIPS)
RSA digital signature
DSA (digital signature algorithm) - based on modified EL Gamal
ECDSA (elliptic curve digital signature algorithm)
define ephemeral port
a communication port of a transport layer protocol(TCP/UDP) of the internet protocol suit (IP suite) that is used only for a short period of time, for the duration of that session only.
What feature enables code to be executed without the usual security checks?
A. Temporal isolation
B. Maintenance hook
C. Race conditions
D. Process multiplexing
the answer is B.
Maintenance hooks get around the system’s or application’s security and access control checks by allowing whoever knows the key sequence to access the application and most likely its code. Maintenance hooks should be removed from any code before it gets into production.
What is an advantage of RSA over DSA?
A. It can provide digital signature and encryption functionality.
B. It uses fewer resources and encrypts faster because it uses symmetric keys.
C. It is a block cipher rather than a stream cipher.
D. It employs a one-time encryption pad.
Answer is A:
RSA can be used for data encryption, key exchange, and digital signatures. DSA can only be used for digital signatures.
what are clark-wilson model attributes
- integrity model
- prevents authorized users from making improper modifications (separation of duties)
- maintain internal/external consistency (well formed transactions)
- access triple
- ••• subjects and objects can only access what they are allowed
- ••• separation of duties is enforced
- ••• auditing of each transaction
what is IPSEC, what is it used for and when might it be used
- Internet Protocol Security
- it provides authentication and encrypts packets of data to provide secure encrypted communication between two computers over an unsecure media (like the internet)
- this is highly used in VPNs
3 main components of IPSEC are
- IKE (internet key exchange)
- AH (authentication header)
- ESP (encapsulation security protocol)
what does IKE (internet key exchange) do in IPSEC
• establishes SA (security association) between communicating hosts, negotiating the cryptographic keys and algorithms the will use during the session
what does AH (authentication header) do in IPSEC
- adds a header field to the packet that includes cryptographic hash
- provides authentication
- provides integrity (HMAC - hashed message authentication codes)
- does not provide confidentiality
- protects against replay attacks
what does ESP (encapsulation security protocol) do in IPSEC`
• encrypts the payload
• adds a sequence number so the host is sure it isn’t
getting duplicate information
• provides confidentiality
• it can provide authentication and integrity
explain SA (security association)
•. simplex connections (communication one way)
• if using both AH and ESP you need 2 SAs for each
communication, so for bidirectional you would need 4
SA connections
• each SA has a unique 32 bit SPI (security parameter
index)
what does ISAKMP stand for and what does it do
• internet security and key management protocol)
• manages the SA creation process and key exchange
mechanics
what are the two modes ISPEC can be used
- Tunnel mode
- Transport mode
what does tunnel mode in IPSEC do and when to use it
- encrypts and authenticates the entire package (including headers)
- used when a system does not natively speak IPSEC
does does transport mode do in IPSEC
- only encrypts and authenticates the payload
- used when both systems already understand IPSEC
what 3 things do digital signatures provide
- authenticity
- integrity
- non-repudiation of both origin and delivery
what does DAC stand for
• discretionary access control
what does MAC stand for with access controll
• Mandatory access control
what does RBAC stand for
• roll based access control
what does ABAC stand for
• attribute based access control
explain DAC
- discretionary access control
- this allows the owner or creators the ability to control access given in any way they feel the need
explain MAC with access control
• mandatory access control
• think military
• labels and categories
• you have to request access to every level
• classified access does not give you access to everything under classified. you will need to request access to each level under the top level
Example: you have top secret access. you still need to request access to nuclear submarine even when it is under top secret
explain RBAC
- role based access control
- access based on the role of the subject
explain ABAC
- attribute based access control
- access granted by attributes
- location
- subject (user)
- environment - location and/or time of access
explain RUBAC
- rules based access control
- example firewall
- access granted off if/then statements
Bell Lapadula security model - where does is belong on the triad and what access control is it
- confidentiality
- Mandatory access control (classified information)
bell lapadula - what are the 3 rules
- simple security - no read up
- * (star property) - no write down
- strong * (star) property - no read or write up or down. subjects can only access data at their level
what is a digital certificate
• its a file or electronic password that proves the authenticity of a device, server, or user through the use of cryptography and the public key infrastructure (PKI)
what are the steps in tls handshake
- ClientHello
- ServerHello - certificate - ServerHelloDone
- clientkeyexchange - changecipherspec - finished
- changecipherspec - finished
TCP handshake
- syn
- syn ack
- ack
when does the TLS handshake occur
- whenever a user navigates to a website over https and the browser first begins to query the website
- when other communications use https, including API calls and DNS over HTTPS
what does TLS handshake follow, what always happens first
• TCP handshake, which creates the connection
what does TLS handshake follow, what always happens first
• TCP handshake, which creates the connection for all communications after that
firs step in TLS handshake (client hello) what is in that message
- max TLS version this client can support
- random number to prevent replay attacks
- list of cipher suites options
second step of TLS handshake (server response)
- server hello (will contain the follow for the encrypted communication)
- chosen TLS version to use
- chosen cipher suite to use
- random number to prevent replay
second half of the second step of the TLS handshake, the server sends a second message that includes?
- certificate with the agreed encryption and a public key
- server key exchange (parameters for Diffie_Hellman key exchange)
- •••• digital signature as part of key exchange this includes (summarized version previous messages hashed and signed with the private key of the server to prove who they are)
- Server hello done
TLS handshake step 3 (client reply) what is sent
- client key exchange
- change cipher spec message (i have all i need, i will not start encrypting the message with agreed specs)
- finish message (this will contain a summary of all the messages to this point, encrypted)
last step of TLS handshake (server final reply) what is in the message
- change cipher spec message
- finish message (this contains a summary of all the message to this point, encrypted)
once the TLS handshake is completed how long does that TLS session last
- this based off a few things
- if you browse to another site obviously you will create a TLS session with that site
- there are refresh times, after 30 minutes or so (not a standard time) the handshake will happen again to verify there are new random numbers etc
- possibly session resumption (resume sessions based off certain criteria) based configuration of server
Graham-Denning security model attributes
• uses objects, subjects and rules
• there are 8 rules to specific subject can execute on an object
1. transfer access
2. grant access
3. delete access
4. read object
5. create object
6. destroy object
7. create subject
8. destroy subject
harrison Ruzzon Ullman security model (HRU) attributes
• deals with integrity of access rights
• an operating system level computer security model
• an extension of Graham-Denning
• considers subjects to be objects
• 6 primitive operations
1. create object
2. create subject
3. destroy subject
4. destroy object
5. enter right into access matrix
6. delete right from access matrix
EAP attributes
- eap is a is a framework for authentication instead of an actual protocol
- eap was originally desined to work over physical isolated channels, thus assumed a secured pathway
- some eap methods use encryption, some do not .
- over 40 EAP methods - leap, peap, eap-sim, eap-fast, eap-tls, eap-ttls ETC.
do we ever send anyone our asymmetric public key?
absolutely not, we send them our digital certificate
