Security Architecture and Design

Question 1

Security Model Concepts

Answer 1

Confidentiality

Integrity

Availability

Defense in depth

Question 2

System Architecture

Answer 2

Process of describing, representing components that make up the planned system and interrelationships between components.

Answer questions like:

what is the purpose of system?

who will use it?

what environment will it operate in?

Question 3

System Architecture Steps

Answer 3

1. System Design Phase - gather system requirements, and manner in which requirements will be met
2. Development Phase - HW, SW components assigned for development
3. Maintenance Phase - System and Security architecture are evaluated to ensure system operates properly and security is maintained

Question 4

ISO / IEC 42010:2011 Terminology

Architecture

Answer 4

Describes organization of system including its components and their interrelationships along with principles that guide its design and evolution

Question 5

ISO / IEC 42010:2011 Terminology

AD - Architectural Description

Answer 5

Set of documents that convey the architecture in a formal manner

Question 6

ISO / IEC 42010:2011 Terminology

Stakeholder

Answer 6

Individuals, teams, departments including groups outside organization with interests or concerns to consider

Question 7

ISO / IEC 42010:2011 Terminology

View

Answer 7

Representation of the system from the perspective of a stakeholder or set of stakeholders

Question 8

ISO / IEC 42010:2011 Terminology

Viewpoint

Answer 8

Template used to develop individual views that establish the audience, techniques and assumptions made

Question 9

Computing Platforms

Mainframe / Thin Clients

Answer 9

power is on mainframe, clients just used to access it

Question 10

Computing Platforms

Distributed Systems (Client / Server)

Answer 10

devices have client software that interact with server software

Question 11

Computing Platforms

Middleware

Answer 11

software that talks between two different systems

ex. Users connect to software that provides interface which accesses databases

Question 12

Computing Platforms

Embedded Systems

Answer 12

Platform in another system.

System within a system

Embedded in hardware or software

Question 13

Computing Platforms

Mobile Computing

Answer 13

software running on tablets, phones, etc

Question 14

Virtual Computing and Security Services

Answer 14

Running multiple instances of operating system on a single server

Question 15

Security Services

Boundary Control

Answer 15

Placing components in security zones and maintaining boundary control among them

Question 16

Security Services

Access Control Services

Answer 16

Gives users only the access required to do their jobs

Question 17

Security Services

Integrity Services

Answer 17

Ensures data moving through OS or application can be verified as not damaged or corrupted

Question 18

Security Services

Cryptography Services

Answer 18

Encrypting information in transit

Question 19

Security Services

Auditing and Monitoring Services

Answer 19

Method of tracking the activities of users and of the operations of the system processes

Question 20

System Components

CPU

Answer 20

Executes all instructions in the code

Multiprocessing allows executing multiple instructions in parallel

CPUs have their own memory

Can work in user mode (user or app) or privileged mode (for operating system)

If instruction for CPU is marked to be performed in privileged mode, it must be a trusted OS Process and is given functionality not available in user mode

Question 21

System Components

RAM

Answer 21

Desktop
SDRAM - Synchronous Dynamic RAM
DDR SDRAM - Double Data Rate SDRAM
DDR 2 SDRAM - Double Data Rate 2 SDRAM
DDR 3 SDRAM - Double Data Rate 3 SDRAM

Laptop
SODIMM - Small Outline DIMM

Question 22

System Components

ROM

Answer 22

Flash Memory - electronically programmable ROM

PLD - Programmable Logic Device, integrated circuit with internal logic gates that can be changed programmatically

FPGA - Field Programmable Gate Array, a type of PLD programmed by blowing fuse connections on the chip, or using an antiques that makes connection when high voltage applied to junction

Firmware - type of ROM where a program or low-level instructions are installed

Question 23

Memory Concepts

Associative Memory

Answer 23

Searches for specific data value in memory rather than by specific memory address

Question 24

Memory Concepts

Implied Addressing

Answer 24

Refers to registers usually contained inside the CPU

Question 25

Memory Concepts

Absolute Addressing

Answer 25

Addresses the entire primary memory space. CPU uses the physical memory addresses that are called absolute addresses

Question 26

Memory Concepts

Cache

Answer 26

Small amount of high-speed RAM that holds the instructions and data from primary memory and that has high probability of being accessed during currently executed portion of a program

Question 27

Memory Concepts

Indirect Addressing

Answer 27

The address location specified in the program instruction contains the address of the final desired location

Question 28

Memory Concepts

Logical Address

Answer 28

Address at which a memory cell or storage element appears to reside from the perspective of an executing program

Question 29

Memory Concepts

Relative Address

Answer 29

Specifies its locations by indicating its distance from another address

Question 30

Memory Concepts

Virtual memory

Answer 30

Location on hard drive used for temporary storage when memory space is low

Question 31

Memory Concepts

Memory Leak

Answer 31

Occurs when computer program incorrectly manages memory allocations which can exhaust available system memory as an application runs

Question 32

Rings of privilege

0, 1, 2, 3, 4

Answer 32

Ring 0 - Most privileged
Ring 1 
Ring 2
Ring 3
Ring 4 - least privileged
etc

Question 33

Multitasking Types

Symmetric, Asymmetric

Answer 33

Symmetric Multitasking
Two processes divide the same work

Asymmetric Multitasking
One processor is dedicated to the OS, other(s) dedicated to user operations

Question 34

System Security Architecture

Answer 34

Views components that comprise a system from a security perspective

Should be derived from the organization security policy

System-specific policy must be more detailed. It addresses level security required on a device, OS or application

Question 35

Trusted Computer System Evaluation Criteria
(Orange Book Concepts)

TCB - Trusted Computer Base

Answer 35

Composed of components (HW, firmware, SW) that are trusted to enforce the security policy of the system

Security Perimeter - dividing line between trusted parts of system and untrusted parts

Reference Monitor - any system component that enforces access controls on an object

Security Kernel - The HW, firmware, SW elements of a TCB that implements the reference monitor concept

Question 36

Security Architecture Frameworks

Zachman Framework

Answer 36

2D model that intersects communication interrogatives (what, why, where, etc) with viewpoints like planner, owner, designer, etc

Question 37

Security Architecture Frameworks

SABSA - Sherwood Applied Business Security Architecture

Answer 37

Attempts to enhance communication process between stakeholders

Question 38

Security Architecture Frameworks

ITIL - IT Infrastructure Library

Answer 38

Set of best practices which have become de facto standard for IT Service Management

Question 39

TOGAF

The Open Group Architecture Framework

Answer 39

Calls for an ADM (architectural development method) that uses an iterative process which continuously monitors and updates individual requirements

Question 40

Security Architecture Documentation

ISO / IEC 27000 Series

Answer 40

Establishes information security standards published jointly by the International Organization for Standardization (ISO) and the Electrotechnical Commission (IEC)

Question 41

Security Architecture Documentation

CobiT
Control Objectives for Information and Related Technology

Answer 41

Derived from the COSO framework created by the Committee of Sponsoring Organizations of the Treadway Commission.

Deals with IT Governance

Question 42

Security Models

State Machine Model

Answer 42

Examines every possible state that system could be in and ensures the system maintains proper security relationships between objects and subjects in each state

Question 43

Security Models

Multilevel Lattice Models

Answer 43

Assigns each security subject a label defining upper and lower bounds of the subjects access to the system.

Applies controls to all objects by organizing them into levels or lattices

Question 44

Security Models

Matrix-based models

Answer 44

Organizes tables of subjects and objects indicating what actions individual subjects can take upon individual objects, often implemented as a control matrix

Question 45

Security Models

Non-Interference Models

Answer 45

Concerned with subject’s knowledge of the state of the system at a point in time.

Concentrates on preventing actions that take place at one level from altering state presented to another level

Question 46

Security Models

Information Flow Models

Answer 46

Attempts to prevent flow of information from one entity to another that violates or negates the security policy

Question 47

Security Models

Bell-LaPadula Model

Answer 47

Incorporates 3 basic rules regarding flow of information in a system

Simple Security Rule
A subject cannot read data located at higher security level than that possessed by the subject (aka no read up)

• • Property Rule
    A subject cannot write to a lower level than that possessed by the subject (aka no write down or confinement rule)

Strong Star Property Rule
A subject can perform both read and write functions only at the same level possessed by the subject

Question 48

Security Models

Bell-LaPadula Model Limitations

Answer 48

No provision for changing data access control. Only works well with access systems that are static in nature

Doesn’t address covert channels. Low-level subject can sometimes detect existence of a high-level object when it’s denied access. Sometimes it’s not enough to hide the content of an object, the existence may also need to be hidden

Main contribution at expense of other concepts is confidentiality

Question 49

Security Models

Biba Model

Answer 49

Applies series of properties or axioms to guide protection of integrity

Integrity Axiom
A subject cannot write to a higher integrity level than that which he has access (no write up)

Simple Integrity Axiom
Subject cannot read to a lower integrity level than that which he has access (no read down)

Invocation Property
A subject cannot invoke (request service) of higher integrity

Question 50

Security Models

Clark-Wilson Integrity Model

Answer 50

Describes series of elements used to control integrity of data

User - an active agent

TP (Transformation Procedure) - An abstract operation like read, write, modify implemented via programming

CDI (Constrained Data Item) - Item that can be manipulated only through a TP

UDI (Unconstrained Data Item) - An item that can be manipulated by a user via read and write operations

IVP (Integrity Verification Procedure) - A check of the consistency of data with the real world

Question 51

Security Models

Clark-Wilson Integrity Model part 2

Answer 51

Enforces its elements by allowing data to be altered only through programs and not directly by users. Goals are separation of duties and well-formed transactions

Separation of duties - ensures certain operations require additional verification

Well-Formed Transaction - Ensures all values checked before and after transaction by carrying out particular operations to complete change of data from one state to another

Question 52

Security Models

Lipner Model

Answer 52

Combines elements of Bell-LaPadula and Biba

Question 53

Security Models

Brewer-Nash (Chinese Wall) Model

Answer 53

If users accesses data set A, then set B is now unavailable

Goal is to protect against conflicts of interests by tracking previous requests.

Introduced concept of allowing access controls to change dynamically based on user’s previous actions

Question 54

Security Models

Graham-Denning Model

Answer 54

Attempts to address issue ignored by Bell-LaPadula - Deals with delegate and transfer rights.

Question 55

Security Models

Harrison-Ruzzo-Ullman Model

Answer 55

Restricts set of operations that can be performed on an object to a finite set to ensure integrity

Question 56

Security Modes

Dedicated Security Mode

Answer 56

Employs single classification level

All users can access all data, but they must sign NDA and be formally approved for access on need-to-know basis

Question 57

Security Modes

System High Security Mode

Answer 57

All users have same security clearance.

They do not all have a need-to-know clearance for all the information in the system

Question 58

Security Modes

Compartmented Security Mode

Answer 58

All users must have the highest security clearance (as in both dedicated and system high security)

They must also have valid need-to-know clearance, signed NDA and formal approval for information they have access

Question 59

Security Modes

Multilevel Security Mode

Answer 59

Allows two or more classifications levels of information to be processed at same time

Question 60

System Evaluation and Assurance Levels

TCSEC
Trusted Computer System Evaluation Criteria

Answer 60

Developed by National Computer Security Center for the DoD to evaluate products

Question 61

System Evaluation and Assurance Levels

Orange Book

Answer 61

Collection of criteria based on Bell-LaPadula model used to grade the security of a computer system

Question 62

System Evaluation and Assurance Levels

Red Book

Answer 62

Addresses network security

Question 63

System Evaluation and Assurance Levels

ITSEC

Answer 63

Addresses integrity and availability plus confidentiality

Mainly set of guidelines used in Europe

Question 64

System Evaluation and Assurance Levels

Common Criteria

Answer 64

Uses EAL’s (Evaluation Assurance Levels) to rate systems with each representing successively higher level of security testing and design in a system

Question 65

TCSEC Classes

A
B
C
D

Answer 65

A - Verified protection
A1 - Verified design

B - Mandatory Protection
B1 - labeled security protection
B2 - structured protection
B3 - security domains

C - discretionary protection
C1 - discretionary security protection
C2 - controlled access protection

D - Minimal protection

Question 66

ITSEC Ratings

functional requirements
assurance requirements

Answer 66

10 classes
F1 to F10 to evaluate functional requirements

7 classes E0-E6 to evaluate assurance requirements

Question 67

Common Criteria Assurance Levels

EAL 1-7

Answer 67

EAL1 - Functionally tested
EAL2 - Structurally tested
EAL3 - Methodically tested and checked
EAL4 - Methodically designed, tested and reviewed
EAL5 - Semi-formally designed and tested
EAL6 - Semi-formally verified design and tested
EAL7 - Formally verified design and tested

Question 68

Common Criteria

Uses Protection Profile during the evaluation process

Answer 68

Protection profile contains these elements

descriptive elements

rationale

functional requirements

development assurance requirements

evaluation assurance requirments

Question 69

Certification vs Accreditation

Answer 69

Certification evaluates technical system components. comes before accreditation

Accreditation occurs when adequacy of a system’s overall security is accepted by management

Question 70

Accreditation process by NIACAP has 4 phases

Answer 70

Phase 1 - definition
Phase 2 - Verification
Phase 3 - validation
Phase 4 - Post accreditation

Question 71

Types of accreditation

Answer 71

Type accreditation - evaluates application or system distributed to different locations. Not accredited by location, but by type

System accreditation - evaluates application or support system

Site accreditation - evaluates application or system at a specific self-contained location

Question 72

Security Architecture Threats

Maintenance Hooks

Answer 72

built into code (aka back door) that allows developers access without normal controls

Question 73

Security Architecture Threats

Time of check / time of use attacks

Answer 73

attempt to take advantage of sequence of events that occur as the system completes common tasks

Question 74

Security Architecture Threats

Web based attacks

Answer 74

operate by making normal or modified requests aimed at taking advantage of inadequate input validation and parameters, or instruction spoofing

Question 75

Security Architecture Threats

Server based attacks

Answer 75

focuses on operations of the server OS, rather than web applications

Question 76

Addressing concerns with XML

Define SAML and OWASP

Answer 76

SAML
Security Assertion Markup Language - XML based open standard data format for exchanging authentication and authorization data, mainly between identity provider and service provider

OWASP
Open Web Application - open source application security project. They create guidelines, testing procedures and tools to help web security. Maintain top-ten list of web application security risks

Question 77

Database Security Concepts

Inference

Answer 77

Occurs when someone has access to info at one level that allows them to infer info about another level

Question 78

Database Security Concepts

Polyinstantiation

Answer 78

Main mitigation technique for inference

Development of a detailed version of an object from another object using different values in the new object

Question 79

Database Security Concepts

Aggregation

Answer 79

Assembling or compiling units of information at one sensitivity level and having the resultant totality of data being of a higher sensitivity level than the individual components

Question 80

Database Security Concepts

Contamination

Answer 80

mixing of data with one sensitivity level, with another

Question 81

Data Mining Warehouse

Answer 81

repository of information from various databases

lets multiple data sources to be stored in one place and organized so that redundancy is reduced (aka data normalizing)

data mining tools used to manipulate data and discover relationships

Question 82

Distributed Systems Security
Special cases where extra security concerns may be needed

Cloud Computing
Grid Computing
Peer to Peer Computing

Answer 82

Cloud - centralizing data in web environment

Grid - harnessing power of multiple computers to perform a job

P2P - any client-server solution where any platform can be a client or server or both

Question 83

4 Characteristics of ActiveX Data Objects (ADO)

Answer 83

high-level programming interface to an underlying data access technology like OLE DB

set of COM objects for accessing data sources (not just database access)

Allows developers to write programs that access data without knowing how database is implemented

SQL Commands not required to access database when using ADO

Question 84

In computer crime, what does MOM stand for?

Answer 84

Means
Opportunity
Motives

Question 85

What does the Operating System’s Control Unit do?

Answer 85

fetches programming code, interprets it, oversees execution of the instruction sets.

It manages and synchronizes the system while different applications’ code is being executed

Question 86

What are 3 types of Digital Forensic Science?

Answer 86

Media Analysis
Software Analysis
Network Analysis

Question 87

What type of DFS is referred to as “computer forensics”

Answer 87

media analysis

Question 88

What encrypts all the data in a communication path including the header, trailer and routing information?

End to End Encryption
Link Encryption

Answer 88

Link Encryption

Question 89

What generation does machine language exist in?

Answer 89

generation one

1 - machine
2 - assembly
3 - high level
4 - very high level
5 - natural

Question 90

What is least important when quantifying risks associated with a potential disaster?

a. gathering information from agencies that report on disasters
b. ID company’s key functions
c. ID critical systems
d. estimating potential loss and impact

Answer 90

gathering information from agencies that report probability of certain natural disasters is the least important

Question 91

What is key clustering?

Answer 91

when different keys generate the same ciphertext for the same message

Question 92

The 5 defined maturity levels of the CMMI (Capability Maturity Model)

I
R
D
M
O

Answer 92

Initial
Repeatable
Defined
Managed
Optimizing

Question 93

Are increased developmental testing and using only operational data - good remedies to buffer overflows?

Answer 93

yes

Question 94

Do stateful inspection firewalls pay attention to previous packets and monitor the sequence and acknowledgement numbers of a connection, to understand when a packet could be out of sequence?

Answer 94

yes

Question 95

Should you put smoke detectors near exterior rear doorways?

Answer 95

No

Question 96

Do block ciphers perform substitution by using S-Boxes? (substitution boxes)

Answer 96

yes

they use lookup tables to determine how a block is encrypted or decrypted, the key is used to decide on the s-box to use for each block

Question 97

Does parallel computing happen at these 3 levels?
user mode, kernel mode, or OS level

or these 3 levels? bit, instruction, task

Answer 97

bit, instruction, task

Question 98

identifying openings in a target’s network is called what?

Answer 98

port scanning

not fingerprinting

Question 99

What is a B3 TCSEC rating? What are its requirements?

Answer 99

B3 requires:
trusted recovery
monitors events and notifies appropriate personnel
security administrator role defined
(doesn’t require formal methods and procedures)

Class A rated product requires all of B3 plus formal methods and procedures

Question 100

Does the Clark-Wilson model address confidentiality?

Answer 100

No

It’s an integrity model. It’s better suited for the commercial industry than Bell-LaPadula which is a confidentiality model.

It prevents unauthorized users from changing data
Provides internal and external consistency
prevents authorized users from improperly changing data

Question 101

Key features of the Caesar Cipher

Answer 101

ROT 3

Question 102

what percentage of businesses would go out of business if they had to close for only one week?

Answer 102

65%

Question 103

Are products that pass through the Trusted Products Evaluation Program (TPEP) published in the List of Evaluated Products?

Answer 103

yes

Question 104

Do you use CGI scripts or executables in a website to respond dynamically to code?

Answer 104

yes

CGI scripts or executables translate, respond to requests, build new web pages and send them to the user.

Question 105

Federal Sentencing Guidelines of 1991

Answer 105

Specifically for white collar crime

Detailed specific responsibilities of senior executives

Encouraged implementing security policies and a security program

Question 106

What happens in the acceptance testing/implementation phase?

Answer 106

QA does testing
Product is integrated into desired network
Product is given to customer for certification and accreditation

(But the product is NOT used in intended environment)

Question 107

define a disaster in terms of length of time

Answer 107

disasters affect a business for one day or more

Question 108

define a catastrophe in terms of length of time

Answer 108

catastrophes affect a business for weeks, months or years

Question 109

Data mart

Answer 109

collection of data that fulfills a specific need / is targeted at one group or for a specific objective

Question 110

What’s so special about ISO/IEC 15408?

Answer 110

used as the basis for evaluating security products under the CC framework (common criteria)

Question 111

Is DEA the algorithm used in DES?

Answer 111

yes

Question 112

Are locks considered delaying devices?

Answer 112

yes

Question 113

What are the 3 ways a computer can react to a problem / failure?

Answer 113

emergency system restart
system reboot
system cold start

Question 114

How much stronger is 3DES than DES?

Answer 114

2^56

Question 115

Why is computer generated or electronic information often categorized as hearsay (secondhand) evidence?

Answer 115

Because computer files and systems can be modified after the fact without others being aware

Question 116

What happens in the project initiation phase?

Answer 116

formal introduction of project to participating parties

entire scope is overviewed

initial risk analysis performed

(customer requirements are too granular and are performed in second phase)

Question 117

Is tort law the same as civil law?

Answer 117

yes

they typically don’t require same degree of burden of proof that criminal cases require

Question 118

multithreading

Answer 118

processing more than one request or thread at once

Question 119

multitasking

Answer 119

processing more than one task or process at once

Question 120

multiprocessing

Answer 120

multiple CPU’s and processing separate instructions in parallel

Question 121

Maximum Tolerable Downtime for:

critical
urgent
important
normal
non-essential

Answer 121

critical - minutes to hours
urgent - 24 hours
important - 72 hours
normal - 7 days
non-essential - 30 days

Question 122

Define domain

Answer 122

set of resources available to a subject

subject can be a user, process, application

Question 123

Define security domain

Answer 123

resources in the domain are working under the same security policy and managed by the same group

Question 124

Why does the Internet Architecture Board sound like a bunch of wankers?

Answer 124

They state the “internet is a privilege and should be treated and used with respect”

Question 125

What was cool about the Gramm-Leech-Bliley act of 1999?

Answer 125

Required financial institutions to tell customers their privacy rights

requires Sr. executives to be accountable for security issues and provide training to employees about security

Question 126

Chosen ciphertext

Answer 126

attackers possesses ciphertext and chooses which parts are decrypted.

Those decrypted portions are analyzed to find the key

Question 127

Why is computer generated or electronic information often categorized as hearsay (secondhand) evidence?

Answer 127

Because computer files and systems can be modified after the fact without others being aware

It is admissible when the output is generated as part of normal business activities and not just once for the court, and has testimony of the person who generated them

Question 128

When do you apply corrective controls?

Answer 128

when a situation needs correcting (fixing)! For instance, after an attack occurred, or after a vulnerability was found

Question 129

Is accountability a characteristic of an identity?

Answer 129

no

Question 130

to hold a person accountable, do you need uniqueness or accountability

Answer 130

uniqueness because accountability isn’t a characteristic

Question 131

Enticement vs Entrapment

Answer 131

Enticement - Honeypot that records attacker

Entrapment - tricking attacker into committing a crime

Question 132

Polymporphism

Answer 132

two different objects responding to same command in different ways

objects are derived from different classes, so the respond differently to same command.