Security Architecture and Engineering Flashcards
What are the types of security model
Mandatory Access Control (MAC) Modes of Operation Confidentiality: Bell-LaPadula Integrity: Biba Lattice Commercial: Clark-Wilson
What is Mandatory Access Control (MAC)
Read down, write up
can only access object if the subject clearance is equal to or greater than the object’s label (Top Secret, Secret, etc..)
What are the four types of Modes of Operation
Dedicated
System High
Compartmented
Multilevel
What is Dedicated mode of operation
only contains object of one classification label (e.g. Top Secret)
Need to have clearance of equal to or higher to access the object
What is System High mode of operation
contains mixture of labels (confidential, secret, top secret)
Need to have clearance of the highest object
What is Compartmented mode of operation
all subjects have necessary clearance but don’t have formal access approval or Need to Know
Uses technical control to enforce need to know vs policy basis need to know
Formal access approval for SOME information they will access on the system.
A valid need to know for SOME information on the system.
All users can access SOME data, based on their need to know and formal access approval.
What is Multilevel mode of operation
stores objects at different labels
allow access by subject with different clearances
What is Bell-Lapadula security model
Confidentiality
No Reads up
No Write Downs
What is Bell-Lapadula - Strong
Stuck at level
Can only perform operations at that level
What are the 2 types of Bell-Lapadula tranquillity
Weak Tranquility property - the label of the subject and the object can’t change to violate defined security policy
Strong Tranquility property - label never change during operations
What is Biba security model
Integrity (think of time, isn’t confidential, but requires integrity)
No read downs, no write up
Which security model deal with integrity
All the model contains the letter I
Biba
Clark-Wilson
Non-Interference
What is Lattice security model
Confidentiality
Deals with data flow
No read up, no write down
What is the Clark-Wilson model
internal/external consistency
Authorized users cannot make unauthorized changes
Separation of duties
What is the State Machine model
Captures current security posture
Test all paths
What is the Research model
used to research the best security posture
Information Flow Model, Bell-Lapadula is one of them
Non-interference - High level action does not determine low level user visibility (NSA and pizza story)
What is the Chinese Wall model
No information flow is allowed that could cause information leakage that could lead to conflict of interest
Treat them as separate companies
aka Brewer Nash
What is Trusted Computing Base (TCB)
all components are properly implemented and secure
What is a Reference Monitor
Mediates all access between object and subjects
Checks to ensure they are authorized to view/access objects
What is Domain Separation
group of object with same security requirement
e.g. Top Secret object, HR department
What is COI
Conflict of Interest
What are the 3 types of Domain Separation
Execution Rings
Base Address Registers
Segment Descriptors
What are the 4 Orange Book classes
A. Verified Protection (MAC +
B. Mandatory Protection (Mandatory Access Control)
C. Discretionary Protection (Discretionary Access Control)
D. Minimal Protection (e.g your laptop)
What are the key principles of The Orange Cook
Functionality - how well does it operate
Effectiveness - how secure is it
Assurance - can we prove it is secure
Lifecycle assurance -
What is ITSEC F1-F5
Mirror functionality of The Orange Book
What is ITSEC F6
High Integrity Requirement
What is ITSEC F7
High Availability
What is ITSEC F8
High integrity for communication
What is ITSEC F9
High confidentiality
What is ITSEC F10
High confidentiality and integrity for data network
Target of Evaluation (TOE)
System or product being evaluated
Security Target (ST)
documentation describing TOE, including security requirements and operational environment
Protection Profile
independent set of security requirements for specific product or system
e.g. Fire, IDS
Evaluation Assurance Level (EAL)
Evaluation score of the tested product
EAL 1
Functionally tested
EAL 2
Structurally tested
EAL 3
Methodically tested and checked
EAL 4
Methodically designed, tested, and checked
EAL 5
Semi-formally designed and tested
EAL 6
Semi-formally verified, designed, and tested
EAL 7
Formally, verified, designed, and tested
What are the 2 parts of the CPU
Arithmetic Logic Unit (ALU)
Control unit
What is Fetch-Decode-Execute cycle
Fetch - retrieves information
Decode - understand the instructions
Execute - instructions executed and stored in a register
Fetch-Decode-Execute (no pipeline)
Sequential
Book 3.3 slide #4
Fetch-Decode-Execute (pipeline)
Pipeline is hardware
Instead of doing it one at a time, can do multiple
Book 3.3 slide #4
Complex-Instruction-Set-Computer (CISC)
Long command
x86 CPU
Reduced-Instruction-Set-Computer (RISC)
Short command
ARM CPU
What is multitasking
Multiple tasks concurrently on one CPU
Heavy Weight - each has own copy of dll
What is multithreading
multiple threads concurrently on one CPU
Light weight, point to a copy of the dll
What is multiprocessing
multiple task at the same time with multiple CPU
What are the 3 types of Memory Protection
Process Isolation
Address Space Layout Randomization (ASLR)
Non eXecutable (NX) Stack
Process Isolation
prevents one process from affecting another
Address Space Layout Randomization (ASLR)
randomizes address used by programs
Non eXecutable (NX) Stack
marks pages of the stack non executable
Virtual memory
swapping memory to disk
think disk paging (oldest on disk, newest in RAM)
doesn’t correspond directly to physical memory
Threads use virtual address
Direct Addressing (memory addressing)
exact location in memory to execute
Indirect Addressing (memory addressing)
pointer to location in memory to execute
Register Direct Addressing (memory addressing)
refer directly to specific register that already contains the data.
Register are temp storage for the task teh CPU works on at that instant
Register Indirect Addressing (memory addressing)
pointer - looks for specified register
Register are temp storage for the task teh CPU works on at that instant
Index Addressing (memory addressing)
Memory location plus offset
Think of an array
Layering (OS)
Think OSI model
Works with layer above and below it and work independently. If one layer fails, should not affect other other layer
Abstraction (OS)
Think of saving file
reduce complexity and hide the inner working of the system
What are the 4 layer of Ring Layers of CPU
Ring 3: Applications and utilities
Ring 2: I/O drivers and utlities
Ring 1: OS component not part of kernel
Ring 0: Kernel
All modern OS, only uses ring 0 and 3
Trust Platform Module (TPM)
think of motherboard. TPM use to authenticate integrity of the BIOS
**Full disk encryption, if you don’t have TPM can’t decode to use it.
Hypervisor
runs on the host, controlling the VM and their access to the hardware.
What is full virtualization
run unmodified applications or OS designed to run directly on computer hardware
What is Paravirtualization
runs specially modified applications or OS
Unique requirements for VM
**Protect Hypervisor - Must remain secure!!!
Protect special host (such as drag and drop)
What is a database
collection of related data intended for sharing
What is Database Management System (DBMS)
Stores data and provides operation CRUD and search
What are the 4 types of data model
Hierchial
Mesh
Object-Oriented
Relational
Semantic Integrity
Wrong data type
Entity Integrity
Primary key
Referential Integrity
Foreign key
Concurrency
locking so two users can’t update at the same time
Commit
writes changes to DB
2-Phase commit
distributed DB, if commit cannot happen on all db, rollback changes
Checkpoint
snapshot of database
Database Journal
log file of db changes in real time
Data Warehouse
used for queries, does not affect current system
Data Mining
looking for something wrong, fraud
Aggregation
example - download the entire phone book
iterate through the entire collection to get all the info
Inferences
able to find out information of high level from lower level
What is Inference Controls
Enforced during query processing (think of CIA and pizza)
Content-Depended access rules (think of phone book and asking for more than 5 at a time)
Shadow database
Active - Passive
2 database, 1 mirrors the other. Only one takes the transaction.
What is active-active db
Two DB synch, both writing transactions
What is active-passive
Two DB synch, one mirrors the other and only one writes transactions
What is an applet
Functions w/o sending users request back to the server
Remote code exec on client, additional risk
What is Active X
MS version of applet
*Code Signing
What is same-origin policy
Protocol, host and port must be same
http(protocol) bank.example.com (host) port 80
Whitelisting
only allows specific characters
Whitelisting superior to blacklisting
Blacklisting
rejects specifics characters and allows all others
Supervisory Control System
Gathers data
Sends command
Remote Terminal Unit
aka Remote Telemetry Unity
Connects devices to SCADA Network
converts analog data to digital
Human-Machine Interface (HMI)
Presents data to the operator
What are the security issues in SCADA
Older & unpatched
Default credentials
Serial ModBu and Modbus TCP have no built in security
Relied on network separate for security (internet causing issues)
Easily accessible via simple tools like SHODAn
Cryptology
study of secure communications
Contains both Cryptography and Cryptoanalysis
Cryptography
study of rendering messages indecipherable except to the intended recipients
Cryptoanalysis
study of breaking code
Cryptosystem
System design to encrypt
Definition of Cryptography
hidden writing
Plaintext
message in original form
Ciphertext
message in encrypted form
Encryption
creating of ciphertext from plaintext
Decryption
ciphertext back to plaintext
Cipher
aka cryptographic algo
Work Factor
how long it takes to break
Entropy
amount of randomness
Exclusive (XOR)
boolean - plaintext to encryption and then back example (pg 108 book 3)
1- true
0 false
Input same - 0
Input different - 1
Confusion
destroy pattern key to ciphertext
Diffusion
destroy pattern plaintext to ciphertext
Rotation Substitution
shift number of characters a set number of spaces
ROT3/ROT13
Arbitrary Substitution
Replace one letter for another
Polyalphabetic Cipher
Multiple alphabets
Permutation
Rearranges the order of the characters (think anagram)
One-Time Pad
Cannot Be broken
Truly random
Pads are kept secure - not intercepted
Each key is used once and never used
What are the Cryptography Lifecycle
Cryptographic limitations
Algorithm Selection
Protocol Governance
Key Managment
What are the two ways to encrypt data
Block by block encryption
Encrypt the entire stream
What are the goals of the cryptography
Contains at least one or more of the items below
Confidentiality - secrets remain secrets
Data Integrity - data not altered
Authentication - providing identity claim
Non-Repudiation - can’t deny you did it. - this is combines data integrity and authentication
Non-Repudiation
combines data integrity and authentication
Can’t deny you did something
Symmetric
single key encrypt/decrypt
Asymmetric
two key to encrypt/decrypt
Hashing
“integrity” & Fixed Length
one way encryption
using algorithm with no key encryption
DES: Data Encryption Standard
Describes the data encryption algorithm (DEA) - cipher
64 bit block
56 bit key size
What are types of cipher mode
Electronic Codebook (ECB) Cipher Block Chaining (CBC) Output Feedback (OFB) Cipher Feedback (CFB) Counter Mode (CTR)
What is Electronic Codebook (ECB)
Does not destroy pattern
Weakest of modes
No chaining
What is Cipher Block Chaining (CBC)
requires IV
ensures confidentiality for known text
Chaining - ciphertext use as input for next plaintext encryption
Output Feedback Mode (OFB)
Streaming Cipher
1 bit
Requires IV
does not propagate errors
Cipher Feedback Mode (CFB)
Similar to CBC, but streaming not block 1 bit Feedback like chaining Requires IV Errors will propagate
Counter Mode (CTR)
Streaming Cipher
Use counter as IV
Doesn’t propagate error
What are DES Weaknesses
crackable short time
Small keyspace, brute force
Triple DES
3DES
TDEA (remember this)
Three rounds of DES
Double DES
Meeting the middle flaw issue
How does Triple DES work
Encrypt, Decrypt, Encrypt
3 Different Key
Backward compatible with single DES
International Data Encryption Algorithm (IDEA)
Key length - 128 bit
Block size - 64 bit
slower than AES
Advance Encryption Standard (AES)
Underlying - Rijndael
Symmetric block ciper
Block size: 128 bits
Variable key length: 128, 192, 256 bits
What are the 4 AES basic functions
SubBytes - Substitute bytes
ShiftRows - Shift rows (rotation)
MixColums - Mixes Columns
AddRoundKey - XOR (boolean) state with a subkey at the end of each round
Blowfish
Symmetric block cipher
Block size - 64 bit
Key length - 32-448 bit
Twofish
Symmetric block cipher
Block size - 128 bit
Key length - 128,192,56 bit
RC5
Symmetric block cipher
Block size - 32,64, 128 bit
Key length - 0-2040 bit
RC6
Symmetric block cipher
Block size - 128 bit
Key length - 128,192, 256 bit
Tractable Problems
Easy problems
Think prime number times each other
Intractable Problems
Hard problem, cannot be solved quickly
Example 391 is what number x what number
Diffie-Helman Key Exchange
Does not provide confidentiality, not encryption
exchange symmetric key via public channel
Exponentiation
9^13
Logarightms
Opposite of Exponentiation
Digital Signatures
Authentication and integrity
proves it was signed and not changed
Asymmetric encryption and hash (RSA & SHA-1)
What are three steps to digital signatures
Plaintext -> Hash - > Asymmetric Encryption
Digital Signature Creation
Encrypt Private Key
Digital Signature Verification
Decrypt with Public key
Hash Message Authentication Code (HMAC)
Symmetric
Authenticate holder of symmetric key and verifies integrity
What is Public Key Infrastructure used for (PKI)
Creating certs
Maintaining Certs
Revoking Certs
What are the 5 components of PKI
Certificate Authority - issues/revokes certs
Organizational Registration Authority (ORA) vouch for the binding between public key and cert holder
Cert holder - sign digital certs
Clients that can validate digital signature
Central Repo
How does PKI work
User A trust PKI server A: Therefore User A trust
any server signed by Server A
Any cert signed by Server A
any cert or server trust by Server A
What are the trust model for CA
Hierarchical - Tree/leaf
Bridge - joining two organization CA
Mesh - 3 or more AC to trust each CA w/Hierarchical
Hybrid - some combination of the three
PKI Cert Lifecycle
Registration Creation Distribution Validation Key Recovery Expiration Revocation
Certificate Revocation List (CRL)
Entire list must be downloaded
CRL download can be network intensive
No real time notification
Key Escrow
Split key in half - Separation of duties
Pretty Good Privacy (PGP)
Symmetric, asymmetric, and hash cipher
Digital Signatures
secure communication w/o pre-sharing keys
Decentralized
Transport Encryption
End to end encryption
e.g VPN
Focus on confidentiality but properly configured provide confidentiality, integrity, authentication, and non-repudiation
TLS & SSL
TLS 1.0 is SSl 3.1
backward compatibility with SSL
TLS current version 1.2
SSL/TSL Warning
sign of man in the middle attack
DNS poisioning
IPSEC
Authentication Header (authentication/integrity, digital signature) *AH - does not provide confidentiality Encapsulating Security Payload (ESP) - confidentiality, integrity, and authentication. ESP protects data, NOT the header
IPSEC Security Association
One way (simplex) Bidirectional communications requires 2 SA
Perfect Forward Secrecy (PFS)
Key 1 generates key 2
If key 1 compromised
Key 2 still secure
Secure Shell (SSH)
replaced telnet, fpt provides secure network terminal access and file transfer port 22 SSHv1 - man in the middle attack issue SSHv2 is preferred over SSHv1
Known plaintext
some of plaintext is known as well as portion of ciphertext
Used that to figure out the rest…thing uboat/enignma
Chosen plaintext
choose what gets encrypted to get the outpout
Adaptive chosen plaintext
chosen plaintext with iterations based on knowledge of the output
Chosen Key Attack
know something about the key (e.g. numbers only, upper case)
reduce number of characters to try
Analytical attacks
use algo and math to figure out key
reduce the portion to be searched
Statistical attacks
use statistical character of language or weakness in key
Differential attacks
analyze results difference based on plaintext using a crypto key
think of example of making every 10 character an upper case X
Linear attack
linear analysis of pairs of plaintext and ciphertext
Differential linear attack
applying differential analysis with linear analysis
Side-Channel attack
Use physical data to break crypto system
monitor CPU
Birthday Attack
deals with hash collision
Steganography
Data hiding
Images, word document, text documents
Contraband checks
x-ray, metal detectors
What are the types of facility control
Fences Landscape Vehicle barriers Guards Dogs Badges Lights Motion detectors, sensors, and alarms
Fences
3-4 ft/ 1 meter - deter causal trespasser
6-7ft / 2 meters - too high to easily climb
8 ft / 2.4 meters + 3 strands of barb wire - prevents determined intruder
Gates
Class I - residential
Class II - commercial (parking garage)
Class III - Industrial (loading dock/factory)
Class IV - restricted access (prison/airport)
Mantraps
Think of bank processing facility
Physical preventive control
Entrance protected by 2 doors
Intruder confined between 2 doors
Restricted Area
Establish restricted and non-restricted area to determine perimeter
Escort from restricted area (employee/guard)
Perimeter of restricted area (space/time)
How to deter unauthorized access
Educate - Employees only sign
Discourage - Psuedo-guard (unarmed)/prosecuted sign)
Security guards
Duties Checking entrance credentials Issue/removing visitor badge Monitor CCTV Guards be trained and have complete and clear orders Guards are expensive
Dogs
**Main issue - Liability
deployed for perimeter security in controlled/enclosed area
Better are hearing and seeing at night
cost incur beyond basic feed and care (e.g insurance and liability)
What is required lighting
2 candle power
Install lighting at least 8 ft high (2.4 m) and illumination of 2-foot candles
Types of motion detectors, sensors and alarms
Motion (sonic sounds, ultrasonic sounds, microwave (radio waves))
Photometric - IR
Acoustical-sesmic detection - microphone
Proximity - electronic field sense presense
Site Selection
Visibility
Local consideration (hazards, crime rate)
Natural disaster (earthquake, flood, etc..)
Transportation (easy access to transit, high traffic area)
Shared tenancy (HVAC)
Facility design
Slab to slab
Wall - Fire rating - 1 hr
Door- solid/hollow core
Enclosed areas
Slab to Slab wall - so intruder can’t sneak underneath etc..
Doors
make sure which way the door swings to make sure when it open not block critical exit point
Doors open out, not in!
Fire rating equal to walls
Windows
Laminated glass Wired glass Solar window films Security film Glass Breakage Bulletproof Explosive resistant
Locks
Preventive control
lock bumping - shave points down on key
Combination lock
no accountability - don’t know who unlocked it.
Physical Security
Overlooked because assume already in place
Should be:
Risk-based
Focused on critical intellectual property (IP)
Balance with safety
Wiring closets
avoid spaghetti cable
don’t intermingle power and network cable
Wiring closets
closets should be secure
Demarc should be secure
Server room
all three dimension (floor, ceiling wall) should be secure
all walls, doors, windows, floors, ceilings - 1 hour fire rating
Slab to slab walls
Media storage
Stored off site and encrypted
Strict procedures
use bonded and license company for off-site storage
Make sure not impacted by same disaster
Earthquakes
Detective - structural assessment
Corrective - structural reinforcement, evacuation
Floods
Detective - detectors (moisture, humidity)
Corrective - bilge pump, evacuation
HVAC
Positive Pressure - bad stuff goes out
proper temp and humidity level
Design for computers, no human
HVAC Temp & Humidity
Temp - 70-74 degrees / 21-23 celcius
Humidity -40-60 % (50 % + or - 10)
Low humidity - static
High humidity - moisture (rust)
Humidity
Maintain proper humidity level Anti-static spray Anti-static flooring Grounding buildings and computers properly Anti-static table covering Anti-static floor mats
Electrical Power
Fault: momentary power loss Sag: momentary low voltage Brownout: prolonged low voltage Blackout: loss of all power Spike: momentary high voltage Surge: prolonged high voltage Transient: short duration noise interference
Smoke & Fire
Detective: smoke detectors, heat sensors, flame
Suppressive: sprinkler, extinguishers
Smoke detectors
change in ionization
change in light beam
Fire Detectors
sense pulsation of flame
Need line of sight
Fire Classes (A-D)
A: Think ash (wood) - Suppression - water
B: Liquid (Banana Suit) - Suppression - soda acid
C: Conductive (electrical) - Suppression - gas
D: Combustible Metal - dry powder
Fire Suppression
CO2 & soda acid remove fuel and oxygen
Water reduces temperature
Gas (Halon/Halon Sub) interferes with chemical reactions between elements
Fire Suppression Systems
Zones of coverage Time-release HVAC off before activation Water and gas (Halon) Gas best used in pre-action, time delayed mode: Halon <10% breathed in healthy person.
Wet pipe
filled with water
activated once reaches 165 degrees, material melts
Dry Pipe
not filled with water - held back
activated once reaches 165, valves open
Pre-action
hybrid between wet & dry pipe
Deluge
similar to dry pipe, larger amount of water
Gas discharge
Halon
installed under the floor of computer area
Portable extinguishers
50 feet of electrical equipment At exits clearly marked with unobstructed view Easily reached and operated by average size person inspected regularly
Water (Fire)
fire protection and insurance support use of water are primary fire extinguishing agent for all business environment.
CO2
Colorless, odorless and potentially lethal cause it removes oxygen
Gas mask - no protection
best use - unattended facilities
built in delay for manned areas
Halon
Must be thoroughly mixed with air
1/1/94 - have to stop using it -releases ozone depleting substances
FM-200 - most effected replacement
FM-13 breathable up to 30% concentration
