My Memory Palace-1 Flashcards
Code Review and Testing
POP Is Reworking the Floor Up stair.
Planning, Overview, Preparation, Inspect, Rework, and Follow Up.
Penetration Test Process
Mnemonic: PI-VERsion
- Planning (Scope of the test, Management approval)
- Information Gathering (Network discovery scan, enumeration)
- Vulnerability Scanning (Network/Web vuln scan)
- Exploitation
- Reporting
Asymmetric Algorithms
SA brothers
EE Sisters
Guy name Diffie and his knapsack
RSA and DSA
ECC and El Gamal
Diffie Hellman and knapsack
Symmetric Stream algorithm
RC4
Symmetric Algorithms Mnemonic
a FISH named DES had an IDEA on how to make RC4 and AES SAFER
TwoFish, DES, IDEA, RC4, AES, SAFER
HASHES a bunch of MD’s hanging out with SHA’s HAVAL the RIPE MD TIGERs
SHA, HAVAL, RIPE, MD, TIGER
Clark Wilson-Model IVP CDI Transformation
Integrity Verfication Procedures Constrained Data Items Maintained well-formed Transaction
Six types of controls
Directive, Deterrent, Preventive, Corrective, Recovery, and Compensating controls
ISO/IEC 15288:2015
is a systems engineering standard covering processes and life cycle stages. It defines a set of processes divided into four categories:
- Agreement
- Organization Project-Enabling
- Technical Management
- Technical
ISO 15408
Common Criteria. provides a structured methodology for documenting security requirements, documenting and validating security capabilities
ISO/IEC 21827:2008
Systems Security Engineering – Capability Maturity Model (SSE-CMM). Metric standards covers: a. The entire life cycle b. whole organization, management and engineering c. cocurrent interaction w/other discipline d. Interaction w/other organization, acquistion, certification, accredidation, and evaluation
Capabilities List
maintains a row of security attributes for each controlled object (asset) managed through the model
Security Label
a permanent part of the object it references
Data Hiding
important concept in multilevel security systems, ensuring that data existing at one security level is not visible to a process running at a different security level
To be secure, the kernel must meet three basic conditions:
a. Completeness (complete mediation): All accesses to information must go through the kernel b. Isolation: The kernel itself must be protected from any type of unauthorized access c. Verifiability: The kernel must be proven to meet design specifications
Processor - Perform four key tasks:
- fetching 2. decoding 3. executing 4. storing
most common ways to achieve memory protections
- Segmentation - dividing a computer’s memory into segments. A reference to a memory location includes a value that identifies a segment and an offset within that segment. 2. Paging - divides the memory address space into equal-sized blocks called pages. A page table maps virtual memory to physical memory. Unallocated pages and pages allocated to any other application do not have any addresses from the application point of view. 3. Protection keying - divides physical memory up into blocks of a particular size, each of which has an associated numerical value called a protection key. Each process also has a protection key value associated with it. When memory is accessed, the hardware checks that the current process’s protection key matches the value associated with the memory block being accessed; if not, then an exception occurs.
memory manager provides for the following
a. provide an abstraction level for programers b. Maximize performance with the limited amount of memory available to the system (Physical RAM) c. Protect the operating system and applications once they are loaded into memory
Memory Manager has the following 5 responsibilities
- Relocation 2.Protection 3.Sharing 4.Logical organization 5.Physical organization
Class of fire A B C D K
A ash
B boil
C current
D dent
K kitchen
Two types of registers use by CPU to identify memory addresses
- a base register is used to identify the beginning address asssigned to the process 2. a limit register is used to identify the ending address assigned to the process
Take-Grant Model
Uses a set of rules to enfore how rights can be passed from one subject to another or from subject to an object.
Multilevel Lattice Models
describes strict layers of subjects and objects and defines clear rules that allow or disallow interactions between them based on the layers they are in. Subjects are assigned security clearances that define what layer they are assigned to and objects are classified into similar layers. Related security labels are attached to all subjects and objects. According to this type of model, the clearance of the subject is compared with the classification of the data to determine access. They will also look at what the subject is trying to do to determine whether access should be allowed.
Noninterference Models
a type of multilevel model with a high degree of strictness. These models not only address obvious and intentional interactions between subjects and objects, but they also deal with the effects of covert channels that may leak information inappropriately. The goal of a noninterference model is to help ensure that high-level actions (inputs) do not determine what low-level users can see (outputs).
Bell-LaPadula
CONFIDENTIALITY OF DATA
- Simple Property - NO READ UP
- Star Property - NO WRITE-DOWN
- Discretionary Security Property - the system uses an access matrix to enforce discretionary access control
BIBA
INTEGRITY
- NO READ DOWN
- NO WRITE-UP
Clark-Wilson
INTEGRITY
Takes a different approach than Biba, ditching the formal state machine
in favor of defining each data item and allowing modification ONLY through a small set of programs.
Uses a three-part relationship (subject | program | object) called a triple or an access control triple.
NO DIRECT ACCESS BY SUBJECTS TO OBJECTS!!! (access only allowed through authorized programs). Principles:
- well-formed transactions
- separation of duties
Brewer-Nash (Chinese Wall)
focuses on the conflict of interest
Goguen-Meseguer
INTEGRITY !!! (just not as well known as Biba). Credited with defining the concepts of noninterference. Based on predetermined a list of objects that a subject can access.
Sutherland
INTEGRITY
focuses on preventing interference to support integrity. Based on state machine and information flow. Only allows for the use of a set of predetermined secure states to maintain the integrity and prevent interference. Is often used to prevent covert channels from influencing outcomes.
Graham-Denning
secure creation & deletion of subjects & objects specified via a collection of rules & detailed in an Access Control Matrix. 8 primary rules:
a. securely create an object
b. securely create a subject
c. securely delete an object
d. securely delete a subject
e. securely provide the read access right
f. securely provide the grant access right
g. securely provide the delete access right
h. securely provide the transfer access right
Harrison-Ruzzo-Ullman
very similar to Graham-Denning. Composed of a set of generic rights and a finite set of commands. It is also concerned with situations in which a subject should be restricted from gaining particular privileges.
Six types of controls types
PDC, RDC
Preventive, Detective, Corrective,
Recovery, Deterrent, compensating
Six access control types fall into three categories
PAT
Physical, Administrative, Technical
- Physical - are implemented with physical devices, such as locks, fences, gates, and security guards.
- Administrative - aka, directive. are implemented by creating and following organization policies, procedures, or regulations. User training and awareness also fall into this category.
- Technical is implemented using software, hardware, or firmware that restrict logical access on an IT system. Examples include firewalls, routers, encryption, etc…
RADIUS
UDP: Authentication port: 1812
UDP: Accounting port: 1813
Kerberos
biggest weakness: storage of plain text symmetric keys
TACACS
Use UDP port 49 for authentication, may also use TCP
TACACS+, port and auth option
Use TCP 49, plus allows for MFA
SOD - Separation of Duty
Dual Control, two-person
Split Knowledge
SOD - they are doing different activities
Dual Control - they are doing the same activity
Split knowledge - classic example - you create a encryption key - sting of characters - tear the paper in half and - each individual keeps their half
Pen Test Methodology
PR, SV, ER
Planning
Reconnaissance
Scanning (aka Enumeration)
Vulnerability Assessment
Exploit
Report
Security Assessments
A holistic (Broader Scope) approach to assessing the effectiveness of access control; may cross multiple domains:
- Policies, procedures, and other administrative controls
- Assessing real world-effectiveness of administrative controls
- Change Management
- Architecture review
- Penetration tests
- Vulnerability assessments
- Security Audits
Traceability Matrix, Sometimes, call a requirements traceability matrix (RTM)
Use to map customers’ requirements to the software testing plan
Synthetic Transactions,
Synthetic Monitoring
Establish expected norms for the performance of these (Synthetic) transactions. Useful for testing application updates prior to deployment to ensure that functionality will not be negatively impacted.
Regression testing
Testing software after updates, modifications, or patches.
Acceptance Testing
- Testing to ensure that the software meets the customer’s operational requirements.
- When the test is done by customer, it is called user acceptance testing
Combinatorial Software Testing
is a black-box testing method that seeks to identify and test all unique combinations of software inputs. Example - pairwise testing, aka all-pairs testing.
Risk
Threat x Vulnerability
(ISC)² Ethics
PAPA
Protect, Act, Provide, Advance
- Protect society, the common good, necessary public trust and confidence, and the infrastructure.
- Act honorably, honestly, justly, responsibly, and legally.
- Provide diligent and competent service to principals.
- Advance and protect the profession.
Compartmentaliization
a method of enforcing “need to know”, goes beyond the mere reliance upon clearance level and necessitates simply that someone requires access to information.
Mandatory Leave/forced vacation
the main reason: reduce or detect personnel SPOF (single point of failure), and detecting and deterring fraud.
slack space
data is stored in specific-sized chunks known as clusters, which are sometimes referred to as sectors or blocks. A cluster is a minimum size that can be allocated by a file system. If a particular file, or final portion of a file, does not require the use of the entire cluster, then some extra space will exist within the cluster. This leftover space is known as slack space. This may be used intentionally by an attacker to hold data.
“Bad” blocks/clusters/sectors for bad guys to use
An attacker can mark it as bad and hide data here.
IOCE and SWGDE
Guideline and Principle of Forensic
- All forensic principles must be applied to digital evidence
- Evidence should not be altered as a result of collection
- All activity relating to the seizure, access, storage, and transfer of digital evidence must be fully documented and available for review
- An individual is responsible for actions affecting digital evidence while that evidence is in their possession
- Any entity responsible for seizing, accessing, storing, or transferring digital evidence is responsible for compliance with these principles
Forensics Investigation Process
- Identification
- Preservation
- Collection
- Examination
- Analysis
- Presentation
- Decision
Which of the following is BEST represented by encrypting a message with a private key and having the message decrypted with the matching public key?
A. Knapsack problem
B. Zero-knowledge proof
C. Key escrow
D. Elliptic curves
In cryptography, zero-knowledge proof can be represented by encrypting something with your private key. To decrypt something that was encrypted using a private key, you will need to use the corresponding public key. In this case, you know that the item was encrypted using the private key, but you never actually view or are given the public key. Only the owner of the private key can prove they have the key.
Registration Authority
RA
A registration authority (RA) acts as a verifier for the certificate authority before a digital certificate is issued to a requestor. The RA is responsible for verifying the identity of the requesting individual for the certificate authority (CA).acts as a verifier for the certificate authority before a digital certificate is issued to a requestor. The RA is responsible for verifying the identity of the requesting individual for the certificate authority (CA).
DRM technique
With recent advancements in technology, it is becoming more and more difficult for copyright holders to control the illegal duplication of their software or digital content. One solution to this problem is the use of DRM. DRM protection can be provided using software or hardware-based solutions. Two types of software-based solutions include watermarking and fingerprinting. Watermarking involves embedding copyright information or a hidden message in the content. Watermarks can be visible or invisible and are copied as the file is passed from device to device or user to user. This can be useful in identifying content that might have been obtained through unauthorized means. Fingerprinting is a type of watermarking technique. It involves embedding a unique identification or serial number into the content so that it can be easily identified.
HMAC Use Case
In HMAC, a secret key is added to the message. The message then runs through an algorithm, which generates a MAC value. Only the message and the MAC value are sent to the receiver, and not the secret key. The receiver accepts the message and adds their secret key to the message before an algorithm generates a MAC value for the message. If the receiver’s MAC value matches the sender’s, the message was not modified and was sent from a known computer. HMAC provides data origin authentication, but fails to provide data confidentiality.
Incident Response eight steps
PDR, MR, RRL
- Preparation (Policy, procedures, tools, etc)
- Detection (Identification)
- Response (Containment)
- Mitigation (Eradication)
- Reporting (All phases, begins with Detection)
- Recovery
- Remediation
- Lesson Learned (post-incident activity, postmortem, or reporting)
RAID 3
Byte-level striping with dedicated parity
RAID 4
block-level striping with dedicated parity
RAID 5
block-level striping with distributed parity
RAID 6
Striped set w/dual distributed parity
allow for failure of two drives and still function
writes parity to two different disks
RAID 0
Block-level striped set
RAID 1
Mirrored set
BCP
The focus of BCP is on the business as a whole, ensuring that those critical services or functions the business provides or performs can still be carried out both in the wake of disruption and after the disruption has been weathered.
DRP
DRP is considered tactical rather than strategic and provides a means for immediate response to disasters.
DRP focuses on efficiently attempting to mitigate the impact of a disaster by preparing the immediate response and recovery of critical IT systems.
A short time plan for dealing with IT-oriented disruption.
Example: Mitigating a malware infection that shows the risk of spreading to other systems.
DR Process
RAC AR
- Respond - The initial response to assess damaged. Is the event constitutes a disaster?
- Activate Team - If declared, then the recovery team needs to be activated. Use “call tree” to help facilitate the process.
- Communicate - often occurs out-of-band, leveraging an office phone will quite often not be a viable option. Internal status and must prepare to provide external communication (public)
- Assess - Proceed to assess the extent of damage to determine the proper steps necessary to ensure the organization’s ability to meet its mission.
- Reconstitution - recover critical business operations at either a primary or secondary site. Also, a salvage team is employed to begin the recovery process at the primary facility that experienced the disaster.
NIST DR/DRP, Contingency Planning Guide
NIST 800-34
Custodian
provides hands-on protection of assets
perform data backups and restoration, patch systems, configure av, etc..
DO NOT make critical decisions on how data is protected.
System Owner
is a manager who is responsible for the actual computers that house the data. They ensure H/W is secure, OS is patched and up to date, the system is hardened, etc. Technical hands-on responsibilities are delegated to custodians.
Data Controllers
Create and manage sensitive data w/in the organization. HR is often data controllers, as they create and manage sensitive data.
Data Processers
Manage data on behalf of data controllers.
An outsourced payroll company is an example of a data processor who processes data on behalf of data controllers.
Commercial organizations typically use the following four sensitivity levels:
PS PC
Public, Sensitive, Private, and Confidential.
BRP Business Recovery(or Resumption) Plan
ref: NIST 800-34
Purpose: Provide procedures for recovering business operations immediately following a disaster.
Scope: Address business Processes; not IT-focused; IT addressed based only its support for business process.
Continuity of Operations Plan
( COOP )
Purpose: Provide procedures and capabilities to sustain an organization’s essential, strategic functions at an alternate site for up to 30 days.
Scope: Addresses the subset of an organization’s missions that are deemed most critical; usually written at the headquarters level; not IT-focused.
Continuity of Support Plan/IT Contingency Plan
Purpose: Provides procedures and capabilities for recovering a major application or general support system.
Scope: Same as IT contingency plan; addresses IT system disruptions; not business process-focused.
Crisis Communications Plan
Purpose: Provides procedures for disseminating status reports to personnel and the public
Scope: Addresses communications with personnel and the public; not IT-focused.
Cyber-incident Response Plan
Ref: NIST 800-34
Purpose: Provide strategies to detect, respond to, and limit the consequences of a malicious incident.
Scope: Focus on information security responses to incidents affecting systems and/or networks
RAID 0 offer zero protection
Striping
Occupant Emergency Plan
(OEP)
Purpose: Provide coordinated procedures for minimizing loss of life or injury and protecting property damage in response to a physical threat
scope: Focuses on personnel and property particular to specifics facility; not business process or IT system functionality based
Differential Backup
Archive data since the last full backup
Gates basically have four distinct classifications:
Ref: Shawn Harris, page 1369
Class I - Residential usage
Class II - Commercial usage, where general public access is expected.
examples: a public parking lot entrance, a gated community, or a self-storage facility.
Class III - Industry usage, where limited access is expected.
example: A warehouse property entrance not intended to serve the general public
Class IV - Restricted access; this includes a prison entrance that is monitored either in person or via closed circuitry.
Negative Testing
Negative testing is also called misuse testing. It is typically performed by entering invalid information to identify how it is handled by the application. Negative testing can also involve attempting to perform other actions that should not be allowed by the application. Determining whether an application will allow a web page to be accessed by a user without requiring them to log in first would be an example of a negative software test.
BCP/DRP Frameworks
NIST 800-34 - Contingency Planning Guide
ISO 27031 - focuses on BCP (DRP is handled by another framework)
ISO 2476:2008 - Disaster Recovery Plan.
BCI - Business Continuity Institute. Good Practice Guideline (GPG)
Common BCP/DRP mistakes
- Lack of Management support
- Lack of business unit involvement
- Lack of prioritization among critical staff
- Improper (often overly narrow) scope
- Inadequate telecommunications management
- Incomplete or Inadequate CMP
- Lack of testing
- Lack of training and awareness
- Failure to keep the BCP/DRP plan up to date
Which technique is used to extend the capability of a role-based access control mechanism?
A. Polyinstantiation
B. Asset valuation
C. Temporal isolation
D. Scrubbing
Answer: A - Lattice?
TearDrop
Teardrop attacks occur when an attacker sends packets that are too small and result in a system locking up or rebooting. This type of attack takes advantage of the fact that systems do not check to see if a received packet is too small. The attacker creates these small packets in such a way that when the receiving system attempts to recombine the fragments, they cannot be reassembled properly. There are three common methods used to protect a system from this type of attack.
Firstly, keep the operating system patched and up-to-date.
Secondly, use a router to disallow any malformed packets from entering into the network environment.
Finally, use a router to attempt to combine all fragments into the associated packet before sending them on to the destination system.
MPLS
Multiprotocol Label Switching (MPLS) does not natively include encryption services. MPLS traffic can be encrypted before encapsulation by using protocols such as IP Security (IPsec) and Secure Sockets Layer (SSL). MPLS security can be facilitated through the specification of traffic flow routes and by hiding the IP destination addresses from intermediate devices.
PKI
PKI is a set of policies, processes, server platforms, software, and workstations to administer certificates and public-private key pairs. PKI has the ability to issue, maintain, and revoke public key certificates. PKI provides security services for confidentiality, integrity, authentication, nonrepudiation, and access control, based on using private and public key cryptography. A registration authority (RA) acts as a verifier for the certificate authority before a digital certificate is issued to a requestor. The RA is responsible for verifying the identity of the requesting individual for the certificate authority (CA). However, if an RA is not specifically being implemented within the PKI, the certificate authority (CA) can provide its verification services.
Provide CIA and Non-repudation
To provide confidentiality, authentication, nonrepudiation, and integrity, messages will have to be encrypted and digitally signed. Encryption provides confidentiality. RSA, ECC, and El Gamal are algorithms that provide encryption. Digital signatures provide authentication, nonrepudiation, and integrity. RSA, DSA, ECC, and El Gamal are algorithms that can be used to digitally sign a message.
PGP
Pretty Good Privacy (PGP) is a cryptosystem that was created to protect e-mail messages, which allows only the communicating parties to be able to read their e-mail messages. PGP works using RSA public key encryption, in which each communicating party creates an RSA public and private key pair. The private key remains private and the public key is distributed on the Internet. PGP uses the International Data Encryption Algorithm (IDEA) for encrypting bulk data, which provides data confidentiality. PGP relies on a web of trust in its approach to key management, so it does not require a PKI infrastructure. Each user has a file referred to as a key ring. This file contains a collection of the public keys received from other users.
Key Management
All cryptographic algorithms and protocols eventually age and become compromised. IS professionals must test the cryptographic systems of their organization and replace the systems that are outdated. The governance of cryptographic algorithms and systems should address the following at a minimum:
Transition plans for replacing outdated algorithms and keys
Procedures for the use of cryptographic systems
Approved cryptographic algorithms and key sizes
Key generation, escrow, and destruction guidelines
Incident reporting guidelines
TCSEC
TCSEC provides a graded classification of systems that is divided into assurance levels. There are four divisions of assurance levels:
A: verified protection
B: mandatory protection
C: discretionary protection
D: minimal security
Some of these divisions can also be further divided into one or more numbered classes. Division B evaluates the MACs and the reference monitor mechanisms used in a system. For the organization’s systems to meet the B1 assurance level, security labels must be used by the subjects and objects of the systems. These security levels must be enforced by a MAC mechanism
A double-encapsulated 802.1Q frame attack
A double-encapsulated 802.1Q frame attack involves an attacker exploiting a weakness in how the 802.1Q encapsulation process works. This weakness allows an attacker to encapsulate the frame with two VLAN tags.
The first encapsulation will contain the VLAN number of the targeted VLAN (VLAN 7 for example). The second, outer encapsulation will contain the VLAN number of the native VLAN (VLAN 1 by default). The switch will remove the outer encapsulation, but it will not remove the inner encapsulation containing the second VLAN number of the targeted VLAN. Since the outer encapsulation that was removed contained the native VLAN number, the switch will then forward the frame along the trunk without encapsulating it. When the frame is received by the second switch, it will see the inner encapsulation containing the VLAN number of the targeted VLAN (VLAN 7 in this example). It will then remove the encapsulation and forward the frame on VLAN 7. This will allow an attacker to transmit packets on the wrong VLAN. The double-encapsulated 802.1Q frames attack can be prevented by removing (filtering) the native VLAN from all trunk links.
Other measures that can help prevent this attack include issuing the switchport mode access and switchport nonegotiate commands on all user-facing switch ports.
Meltdown
A meltdown is a memory vulnerability that allows the contents of private kernel memory to be read by an unauthorized process. It happens when a modern CPU makes an inaccurate prediction about future instructions in an attempt to optimize performance. If the incorrect procedure isn’t reversed entirely it can leave some data remnants exposed.
Information Flow Model
The information flow security model compartmentalizes data based on classification and the need to know. To access an object, a subject’s clearance should dominate the object’s classification and specify the need to know. This security model was the basis for models such as Bell-LaPadula and Biba. The goal of this model is to prevent the existence of covert channels in a system and to secure the flow of information. The model also ensures that information always flows from a low security level to a high security level and from a high integrity level to a low integrity level.
IED - Intelligent Electronic Devices
The Intelligent Electronic Devices (IED) component of a SCADA system is a sensor that is able to obtain data from devices and perform actions based on it. The IED provides a way of performing automatic control of devices at the local level.
TCP sequence number attack
A Transmission Control Protocol (TCP) sequence number attack exploits the communication session that is created between two hosts. It hijacks the session so that the attacker can communicate with the host that it wishes to attack. Once this attack is successful, the attacker will have the same privileges and access rights that the original host would have been granted. In a TCP sequence number attack, the attacker will sniff the network traffic and locate packets that are going between the two hosts. It will make note of the sequence numbers that are being used and attempt to trick the receiving host into thinking that it is the original client. It will do this by sending its own message using a sequence number that is valid, based on the previous numbers that it sniffed out of the traffic stream. Once successful, the original client will no longer be responded to, so it will have to set up a new session while the attacker is using the original session that was created.
NDA
Nondisclosure agreements (NDAs), not NCAs are typically used to protect a company’s propietary or confidential information from being disclose by an employee.
NCA - Non-Compete Agreement
Are typically used to prevent the threat of loss of an employee to a similar company as a means of wage negotiation and to prevent the potential loss of company skills to a competitor. Therefore, NDAs are more likely to contain a non-disclosure demand than NCAs. Like NCAs, NDAs are typically signed at the time of hiring and can be used to enforce strict penalties on employees who violate them.
NCAs are likely to contain an expiration date because courts consider it unreasonable to bar an employee from working for competitor over a lifespan.
NCAs can be difficult to enforce in court because legal systems recognize the employee’s need to earn a reasonable income by using the knowledge or skills they already have. One way to prevent an employee from violating the NCAs is to ensure that the agreement is enforceable in a court of law. Therefore, most NCAs provide an expiration date to make the agreement enforceable.
NCAs are likely to contain a job description and a geographic restriction for the same reason they contain an expiration date. Without these limitations, a court might consider the NCA to be unreasonable and therefore unenforceable.
