Security Architecture and Engineering

Question 1

ISO 15288

Answer 1

Common for processes

Question 2

TECHNICAL PROCESSES

Answer 2

Business and mission analysis process

Stakeholder needs and requirements definition process

System requirements definition process

Architecture definition process

Design definition process

System analysis process

Implementation process

Integration process

Verification process

Validation process

Operation process

Maintenance process

Disposal process

Question 3

TECHNICAL MANAGEMENT PROCESSES

Answer 3

Project planning process

Project assessment and control process

Decision management process

Risk management process

Configuration management process

Information management process

Measurement process

Quality assurance process

Question 4

ENABLING PROCESSES

Answer 4

Lifecycle model management process

Infrastructure management process

Portfolio management process

Human resources management process

Quality management process

Knowledge management process

Question 5

SYSTEM AND SECURITY ENGINEERING PROCESSES

Answer 5

Commonly accepted sources for engineering processes:

International Council on Systems Engineering (INCOSE)
NIST SP800-160 System Security Engineering
ISO/IEC 15026 series-System and Software Engineering
ISO/IEC/IEEE 15288 Systems and Software Engineering

Systems and systems engineering processes have converged across major sources:

NIST and INCOSE recognize system security engineering as a specialty engineering function

Question 6

AGREEMENT PROCESSES

Answer 6

Acquisition process

Supply process

Question 7

KEY PRINCIPLES OF SYSTEM SECURITY

Answer 7

Confidentiality

Integrity

Availability

Question 8

SECURITY MODELS

Answer 8

Purpose: the security models define rules of behavior for an information system to enforce policies related to system security but typically involving confidentiality and/or integrity policies of the system

Question 9

BELL-LPADULA (BLP) MODEL

Answer 9

CONFIDENTIALITY MODEL

State machine level

Developed for the Department of Defense (DOD)

Used for multilevel security (MLS)

3 Properties defined:

No read-up (simple security property)

No write-down (star property)

Access matrix (discretionary property)

Question 10

BIBA MODEL

Answer 10

INTEGRITY

State transition model

Focus on integrity vice confidentiality

Opposite rules from VBell-LaPadule (BLP)

Can read up (simple integrity property)

Can write down (star integrity property)

Lower level process cannot request higher access (invocation propoerty)

Question 11

BREWER AND NASH MODEL

Answer 11

CONFIDENTIALITY

Designed to prevent conflict of interest

Information flow control model

Decomposes a company’s information into discrete datasets based on potential conflicts of interest

Defines rules for acceptable access to data objects by a particular subject(e.g person or process)

Accessing a data object excludes future access to potential conflict of interest objects

Question 12

CLARK-WILSON MODEL

Answer 12

INTEGRITY

Introduces the concept of triples:

Subject
Program
Object

Subjects can only manipulate data objects though the use of a defined program

Set of rules designed to ensure data integrity for all operation

Question 13

GRAHAM-DENNING (MODEL

Answer 13

CONFIDENTIALITY + INTEGRITY

Set of rules for creation, assignment of access rights, and deletion of objects and subjects

Eight rules (create/delete object/subject, assign, read, grant, delete, and transfer access rights)

Often used in distributed systems

Question 14

HARRISON RUZZO ULLMAN (HRU)

Answer 14

INTEGRITY

Primarily for protection of access rights integrity

Confidentiality is protected by access rights, so HRU does provide secondary confidentiality protection

Extends Graham-Denning model

Defines a set of primitive allowable operations involving subjects and objects

Question 15

AVAILABILITY MODELS

Answer 15

THERE ARE NONE

Question 16

SECURITY CONTROLS

Answer 16

Safeguards or countermeasures that mitigate risks to confidentiality, integrity and availability in a system or operating environment

Controls may impact or modify the behavior of people, process or technology

Question 17

TYPE OF CONTROLS

Answer 17

PREVENTATIVE - reduce the likelihood o impact of an undesirable event from happening.

DETECTIVE CONTROLS - identify an undesired event or collect information about it

CORRECTIVE CONTROLS - reduce or eliminate the impact of an undesirable event that has occurred

MEANS OF APPLICATION:
MANAGEMENT - policy or human driven controls

OPERATIONAL - process-driven controls

TECHNICAL - controls applied to technology

Question 18

COMMON/INHERITABLE CONTROLS

Answer 18

Exist outside of a particular system but to provide some confidentiality, integrity and availability (firewall inherited by systems behind a firewall)

May include management, operational or technical controls

Question 19

CONTROL SELECTION

Answer 19

Controls are selected to support the confidentiality, integrity and availability needs of the system

Control frameworks are often utilized to select appropriate controls and define controls

Inheritable controls that support the system are identified

Question 20

CONTROL FRAMEWORKS

Answer 20

They define controls and control elements

frameworks allow for standardization of control implementation

Control frameworks often include evaluation criteria or mechanisms to verify controls are effective

Question 21

EXAMPLE OF CONTROL FRAMEWORKS

Answer 21

ISO 27001 - industrial standard

NIST (SP800-52) - required for government use

COBIT - focused on business values

ISA/IEC 62443(ISA 99) - industrial automation and control systems

Question 22

TAILORING CONTROLS

Answer 22

Control frameworks and standards are intended to be tailored to specific use-cases

Adjust control specifications or parameters to meet the needs of a specific system or environment

“Book” controls must be tailored to provide optimum value

Controls are not intended to be used as a checklists

Question 23

EVALUATION CRITERIA

Answer 23

Each control should include specific evaluation methods and expected results

NIST Example:

TEST - coduct a direct test of the control

INTERVIEW - interview or question staff

EXAMINE - examine documentation or artifacts for evidence the control is properly employed

CONTROLS MAY BE EVALUATED BY MULTIPLE METHIDS

Question 24

SYSTEM SECURITY CAPABILITIES

Answer 24

Access Control

Processor States

Memory Management

Process Isolation

Data Hiding

Abstraction Layers

Security Kernel

Encryption

Code Signing

Audit and Monitoring

Virtualization/ Sandbox

Hardware Security Modules

File System Attributes

Question 25

GENERIC OPERATING SYSTEM (OS) MODEL

Answer 25

Application APPLICATION APPLICATION
API Services User Interface
Security Monitor Memory Mgr. Process Mgr.
I/O Mgr. Device Drivers Hardware Abstr. Layer

       HARDWARE     Trusted Platform Module (TPM)

Question 26

TRUSTED PLATFORM MODULE

Answer 26

Encryption

Question 27

REFERENCE OR SECURITY MANAGER

Answer 27

Theoretical

Question 28

ACCESS CONTROL

Answer 28

OS controls access to objects

Rules defined allowable behavior

Security monitor or reference monitor enforces allowed behavior

File systems typically support by assigning security attributes to objects/files

Question 29

PROCESSOR STATES

Answer 29

Processors typically support at least two states of operation: user and kernel modes.

User mode has limited access to ore functions or direct hardware access

Question 30

MEMORY MANAGEMENT

Answer 30

Direct application access to system memory is restricted

Modern operation systems randomize memory location (address space)

Modern operating systems limit memory locations where code can execute - for example:

Data Execution Prevention (DEP) in Windows

Question 31

PROCESS ISOLATION

Answer 31

Processes execute in separate memory space

Direct exchanges between processes is limited

Operating system (OS) manages inter-process exchanges through controlled interfaces

Question 32

DATA HIDING

Answer 32

Typical with multi-level security (MLS) architectures using mandatory access control (MAC)

Data or objects at a higher security level cannot be seen by objects at a lower security level (BLP Model)

Also a coding practice where raw data is hidden from access and can only be obtained from a standardized interface.

Question 33

ABSTRACTION LAYERS

Answer 33

Limits direct access to objects or entities

Defines allowable actions and interactions between layers

Protects against improper behavior or access between layers

Question 34

SECURITY KERNEL

Answer 34

Also known as reference monitor

“Big brother” of kernel mode

Monitors and validates access control over system objects

Enforcement and validation component of all secure operating systems

Question 35

REFERENCE MONITOR

Answer 35

Theoretical set of system tools which independently verify the actions of a system from a security standpoint.

Question 36

Trusted Platform Module (TPM)

Answer 36

Hardware which provides cryptographic information and functions to enable the management and communications of sensitive information

Question 37

ENCRYPTION

Answer 37

Can be applied to data at rest (hard-drive files) or in transit (communication channel)

May protect confidentiality and/or integrity of data

Protects data when OS features (security kernel) are not active or present

for example - Bitlocker protects data when the OS is not running

Question 38

CODE SIGNING and VALIDATION

Answer 38

Cryptographic function

Executable code is digitally signed

OS validates signature before loading code

Unsigned code or code with a invalid signature is prevented from executing

May include OS internal code to prevent placement of OS components

Question 39

AUDIT AND MONITORING

Answer 39

System actions are recorded and stored in a protected location

Specific actions that are recorded are typically customized

Audit records MUST be reviewed or monitored to be effective

Monitoring and review may include both automated and manual elements

Audit records are typically transferred off a system for protection and long term storage

Question 40

VIRTUALIZATION / SANDBOX

Answer 40

Executing code is”wrapped” in a virtualization or sandbox layer

Code executing within the environment is strictly limited from direct interaction outside the environment

Permissions for a system access may be restricted independently for each virtualized or sandbox instance

May be an OS native function or function provided by a third party software

Question 41

HARDWARE SECURITY MODULES

Answer 41

Hardware components that provide security services

Trusted Platform Module (TPM)
most common security module
provides secure storage and crypto functions
typically used to generate and store crytpo keys
keys or stored data cannot be accessed without permissions

Specialized modules may contain multiple hardware security modules

Question 42

FILE SYSTEM ATTRIBUTES

Answer 42

Various file systems may store security attributes or provide security functions

A critical component to employing access control models in operating systems

File systems may include journaling that can provide data integrity

Question 43

HOST PROTECTION SOFTWARE

Answer 43

Antivirus

Host based intrusion prevention (HIPS)

Host firewall

File integrity monitoring

Configuration and policy monitor

Question 44

HIPS

Answer 44

Host Based Intrusion Prevention

Question 45

NIPS

Answer 45

Network Based Intrusion Prevention

Question 46

TOP THREAT / MITIGATIONS

Answer 46

TOP THREAT ACTIONS
Hacking
Social Engineering
Malware Distribution
Phishing

TOP MITIGATIONS
Know what you have
Patch and manage what you have
Assess, monitor, log
Educate users

Question 47

COMMON SYSTEM VULNERABILITIES -

HARDWARE

Answer 47

HARDWARE
Hardware components may fail at any time

Mean-time-between-failure (MTBF)

Failure rates higher during initial system operation

Supply chain issues may introduce technical
flaws/vulnerabilities or malicious modifications

Old hardware may be difficult to repair or replace

Question 48

COMMON SYSTEM VULNERABILITIES -

COMMUNICATIONS

Answer 48

COMMUNICATIONS:

Can fail

Can be blocked (DDoS)

Can be intercepted

Can be counterfeited (replayed)

Can be modified

Characteristics can expose information about the sender/receiver (address/location)

Question 49

COMMON SYSTEM VULNERABILITIES -

ABUSE BY USER

Answer 49

Can be intentional or accidental

Can degrade or bypass security controls

Increases the likelihood as difficulty to operate increases

Question 50

COMMON SYSTEM VULNERABILITIES -

CODE FLAWS

Answer 50

CODE FLAWS

Exist in all software with more than trivial complexity

May be introduced accidentally or intentionally

TYPICAL RISK CONDITIONS
Known flaws, patch available, systems not patched, exploit available

Known flaws, patch not available, exploit available

Unknown flaws, exploit available (zero-day attack possible )

Question 51

COMMON SYSTEM VULNERABILITIES -

EMANATIONS

Answer 51

Hardware/physical elements may radiate information

• Radio frequency
• Visible or non-visible spectrum

Can be used to discern system functions

Can be used to locate systems/components

Question 52

CLIENT BASED SYSTEMS

Answer 52

Desktops, laptops, thin client terminals

Typically represent larger quantities

Continuous state of adding new and decommissioning old in most organizations

General purpose devices with inconsistent usage patterns across the install base

Question 53

THIN CLIENT

Answer 53

PC Without Storage

Question 54

CLIENT BASED SYSTEM VULNERABLITIES

Answer 54

Physically under user’s control

Susceptible to user misuse (intent. or accidental)

May be lost / stolen

Monitoring may be difficult

100% update may be difficult

Question 55

CLIENT BASED SYSTEM MITIGATIONS

Answer 55

Patch/Update - continuous action

General network protections (network segmentation,firewall devices, IDS, IPS)

Host protections (anti virus, hist IPS, host firewall, disk encryption)

Monitor (log alerts, track location)

Educate users (anti-phishing campaign, detecting attacks)

Question 56

SERVER BASED SYSTEMS

Answer 56

Application servers, file servers, domain controllers, print servers, network service servers (DNS, DHCP)

Centrally managed / controlled

Limited access / functionality

Likely to be in a tightly controlled network segment

Question 57

SERVER BASED VULNERABILITIES

Answer 57

May be exposed to external communications / services

Updates may be delayed due to operational need

May exist for long periods (risk of being outdated)

High traffic volume makes monitoring more difficult

Question 58

SERVER BASED MITIGATIONS

Answer 58

Targeted network protections (server specific rules, restricted ports/protocols

Strong remote access mechanisms

Configurations and change management

Monitor: logs, alerts- targeted to server functions

Question 59

DATABASE SYSTEMS

Answer 59

Hosted on servers, cloud, distributed etc.

Typically contains large quantities of valuable information

Typically requires high-speed operation with large number of transactions

Question 60

DATABASE SYSTEM VULNERABILITIES

Answer 60

Inference

Aggregations

Data mining

High-value target

Question 61

DATABASE SYSTEM MITIGATIONS

Answer 61

Input validation

Robust authentication/access control

Output throttling

Anonymization

Tokenization

Question 62

INDUSTRIAL CONTROL SYSTEMS (ICS)

Answer 62

Typically embedded, limited function hardware

Interfaces between logical (computer) space and physical world

Includes sensors, motors, actuators, valves, gauges etc.

Question 63

INDUSTRIAL CONTROL SYSTEMS (ICS) TYPES

Answer 63

Supervisory control and data acquisition (SCADA)

Distributed control systems (DCSs)

Programmable logic controllers (PLCs)

Question 64

INDUSTRIAL CONTROL SYSTEMS VULNERABILITIES

Answer 64

Limited functionality

Limited protections

Long lifespan (become outdated)

Susceptible to misuse/error

Highly susceptible to Denial of Service (DoS) attacks

Attacks can produce physical effects

Often unattended in remote locations

Question 65

INDUSTRIAL CONTROL SYSTEMS (ICS) MITIGATIONS

Answer 65

Isolated network infrastructure

Robust network connection restrictions and monitoring

Highly segmented network

Protect communications channels

Robust configuration control

Question 66

CLOUD BASED SYSTEMS

Answer 66

Components hosted by a cloud service provider (CSP)

CSP assumes specific security responsibilities, the remainder stay with the data owner

Typically high reliability, speed, capacities

CSP to data owner relationship is governed by a contract and/or service-level agreements (SLAs)

Question 67

CLOUD-BASED SYSTEM CHARACTERISTICS

Answer 67

On-demand self service

Broad network access

Resource pooling

Rapid elasticity

Measured service

Multi-Tenancy

Question 68

CLOUD-BASED SYSTEM TYPES

Answer 68

Software as a Service (SaaS)

Platform as a Service (PaaS)

Infrastructure as a Service (IaaS)

Network as a Service (NaaS)

Question 69

CLOUD-BASED SYSTEM DEVELOPMENT

Answer 69

Private - exclusive use by one organization / on or off premise

Community - Provisioned for exclusive use by a community of users

Public - Open use by general public

Hybrid - combination of two or more

Question 70

CLOUD-BASED VULNERABILITIES

Answer 70

Inherently exposed to external communications / access

Misconfiguration a major risk

May exist for long periods (risk of being outdated)

Gap between CSP and data owner security controls

Question 71

CLOUD-BASED SYSTEM MITIGATIONS

Answer 71

Reputable loud service provider that supplies security/ information testing results

Well trained system administrators

Robust configuration/change control

File and communication encryption

Well managed identity and access controls

Question 72

DISTRIBUTED SYSTEMS

Answer 72

Nodes and processors operate independently

Storage and processing spread across multiple components

Nodes “pass messages” to coordinate and communicate

Example: traditional telephone
Switches operate independently
Coordinate to pass calls between them

Question 73

DISTRIBUTED SYSTEMS VULNERABILITIES

Answer 73

Lack of central control/monitoring

Data elements may be lost if nodes fail

Inconsistent security levels between nodes is possible

Susceptible to communication failures, compromise, or denial of service (DoS)

Question 74

DISTRIBUTED SYSTEMS MITIGATIONS

Answer 74

Standard security rules for nodes to enter distributed network

Communication control, encryption, and redundancy

Node backup and data sharing between nodes

Question 75

INTERNET-OF-THINGS (IOT) SYSTEMS

Answer 75

Generally small form factor, embedded hardware

Limited functionality OS

May interface with the physical world

Pervasive and often connected to general purpose networks

Functions /accessibility may be unclear to owner/user

Question 76

INTERNET-OF-THINGS (IOT) SYSTEMS VULNERABILITIES

Answer 76

Limited vendor support for updates

Limited to no onboard security capability

Poor code management due to rapid development cycles

May contain limited or weak security implementation on standard protocols (Bluetooth, WiFi)

Question 77

INTERNET-OF-THINGS (IOT) SYSTEMS MITGATIONS

Answer 77

Isolated on private networks with controlled access

Products selected for security features and update-ability

Product security/penetration testing

Disable unneeded functions

Question 78

WEB-BASED SYSTEMS

Answer 78

Application or data accessible and manipulated through a web browser or web service

Often connects to a data source (database) that may be on or off platform

Uses standard protocols and interface languages

Connections are typically dynamic

Question 79

WEB-BASED SYSTEM VULNERABILITIES

Answer 79

Accessibility to network communications/access

Use of obsolete protocols/encryption

Code/Configuration errors that expose components to data

Question 80

WEB-BASED SYSTEM MITIGATIONS

Answer 80

Protect system behind firewalls and access controls

Limit and monitor communications protocols

Scan,evaluate, and assess interfaces and code (HTML, Java, scripts etc.)

Tightly control configuration and change management

Ensure platform is securely configured

Question 81

MOBILE SYSTEMS

Answer 81

PHONE TABLETS WEARABLE DEVICES
Portable small form factor
Limited functionality
Embedded OS
Typically contains limited amounts of data
Connected (cellular, WIFI, Bluetooth, tethering)
Designed for single user

LAPTOPS PERSONAL COMPUTERS
Portable - medium form factor
Full featured operating system
Capability similar to desktop
May contain large amounts of data
Multi-user capable
Connected (WI-FI, Bluetooth, tethering, possibly cellular)

Question 82

MOBILE SYSTEMS VULNERABILITIES

Answer 82

Loss or theft

Weak access controls configured

Un-Encrypted data

Communications interception or eavesdropping

Limited onboard security services and monitoring

Question 83

MOBILE SYSTEMS MITIGATIONS

Answer 83

Mobile device management (MDM) installed (device tracking, wiping, software control, policy enforcement)

Activate screen lock and high complexity pass-codes or biometrics

Ensure device is encrypted

Tunnel communications through VPN architecture

Limit software / apps installed to trusted packages

Prevent jailbreak or rooting devices

Do not connect to public networks (coffee shop, hotel)

Question 84

MOBILE SYSTEM MITIGATIONS (LAPTOPS)

Answer 84

Apply all traditional computer system protections (AV, FW, Host IPS etc.)

Ensure encryption is activated

Ensure strong passwords, biometrics, or two factor authentication on all user accounts

Activate anti-theft function or tracking functions if available

Tunnel mobile communications through VPN

Do not connect to public networks

Question 85

EMBEDDED SYSTEMS

Answer 85

Computing platform with a dedicated function

Limited function / specialized OS

Limited processing power

Long service life in many applications

Includes a system on a chip (SoC) architectures

Typically includes special device categories : IoT, ICS, mobile devices

Highly diverse in nature (specialized computing vs general purpose computing)

Question 86

EMBEDDED SYSTEMS VULNERABILITIES

Answer 86

Limited function design doe not include all full monitoring and security control implementation

Limited access controls

Limited ability to update, vendor support, often time-limited

Question 87

EMBEDDED SYSTEMS MITIGATIONS

Answer 87

Limited access to devices

Limit communications to devices

Disable unnecessary /unneeded/ components/ features/communications

Isolate on dedicated networks, if connected

Monitor external communications with exterior sensors

Apply vendor updates when available

Question 88

CRYPTOGRAPHY SERVICES

Answer 88

CONFIDENTIALITY

INTEGRITY

AUTHENTICITY

NON-REPUDIATION

ACCESS CONTROL

Question 89

DATA PROTECTION

Answer 89

DATA AT REST
Backup tapes, off-site storage, password files

DATA IN TRANSIT
Provide secure and confidential methods to transmit data .
Allows the verification of the integrity of the message so that any changes to the message itself can be detected

Question 90

LINK ENCRYPTION

Answer 90

Encrypts all of the data along a communication path

Communications nodes need to decrypt the data t continue routing

Question 91

END-TO-END ENCRYPTION

Answer 91

Generally performed by the end user within an organization

Encrypted at start and not decrypted until the end user

Routing information remains visible

Question 92

CRYPTOGRAPHIC EVOLUTION

Answer 92

Manual

Mechanic

Electro-Mechanical

Electronic

Quantum

Question 93

CAESAR CIPHER

Answer 93

Shifting letters by a certain number

Question 94

SPARTAN BELT SETTLE

Answer 94

Wrap belt around settle to read text

Question 95

BOOK CIPHER

Answer 95

Pages numbers

Question 96

WORK FACTOR

Answer 96

The level of difficulty in cracking a code

Question 97

STREAM CIPHERS

Answer 97

A key-stream (sequence of bits used as a key) is generated and combined with plain text using an exclusive -or (XOR)

Statistically unpredictable

Not linearly related to the key

Operated on individual bites or bytes

Functionally complex

Long periods with no repeats

Seemingly random due to the generation of the key-stream is usually controlled by the key

Question 98

EXCLUSIVE-or XOR

Answer 98

If both values are the same = 0

If values are different = 1

Question 99

BLOCK CIPHERS

Answer 99

Uses fixed-sized blocks of text

The size of the blocks affects the strength of the crypto implementation

As plain-text is fed into the crytposystem, it’s divided into blocks of a preset size

Often a multiple of the ASCII character size: 64, 128, 192 bits etc.

Question 100

INITIALIZATION VECTORS - WHY NEEDED

Answer 100

Encrypting the same text with the same key produces the same cipher-text

Encrypting the same message with different keys may produce detectable patters

An IV is a random value added to plain-text message before encrypting so that each cipher-text will be ubstantially different

Question 101

KERCKHOFF’s PRINCIPLE

Answer 101

A cryptosystem should be secure even if everything about the system, except the key , is public knowledge

Question 102

HIGH WORK FACTOR

Answer 102

Measured in units such as:

Hours of computing time

Cost in dollars of breaking the encryption

If the work factor is substantially high, the encryption system is considered to be practically or economically unbreakable

Question 103

SUBSTITUTION CIPHERS

Answer 103

The process of substituting one letter fr another based upon a crypto-variable

Involves shifting positions in the alphabet of a defined number of characters (Caesars cipher and Vigenere cipher)

Involves using a scrambled alphabet to substitute one letter for another (Enigma Machine)

Question 104

TRANSPOSITION CIPHERS

Answer 104

Cryptosystems that use transposition or permutation

rely on concealing the message through transposing of or interchanging the order of the letters