├── Domain 1 Information Security Governance and Risk Management.smmx
├── Domain 10 Security Operations.smmx
├── Domain 2 Access Control.smmx
├── Domain 3 Security Architecture and Design.smmx
├── Domain 4 Physical and Environmental Security.smmx
├── Domain 5 Telecommunications and Network Security (1).smmx
├── Domain 5 Telecommunications and Network Security.smmx
├── Domain 6 Cryptography export.mm
├── Domain 6 Cryptography.smmx
├── Domain 7 Business Continuity and Disaster Recovery Planning.smmx
├── Domain 8 Legal Regulations Investigations and Compliance.smmx
├── Domain 9 SW Development Security.smmx
├── LICENSE
└── README.md
/Domain 1 Information Security Governance and Risk Management.smmx:
--------------------------------------------------------------------------------
1 |
2 | Deterrent - intended to discourage a potential attacker
3 |
4 | Preventive - intended to avoid an incident from occurring
5 |
6 | Corrective - fixes components or systems after an incident has occurred
7 |
8 | Recovery - intended to bring the environment back to regular operations
9 |
10 | Detective - helps identify an incident's activities and potential intruder
11 |
12 | Compensating - controls that provide an alternative measure of control. Provides similar protection as the original control..Logical or technical
13 | Firewalls,encryption,sw permissions,authentication devices
14 |
15 | .Administrative
16 | Policies and procedures
17 | Effective hiring practices
18 | Data classification and labeling
19 | Security awareness
20 |
21 | .Physical
22 | Badges, swipe cards
23 | Guards, dogs
24 | Fences, locks, mantrapsInternational standards on how to develop and maintain an ISMS.
25 |
26 | PDCA cycle is used in this standard.
27 |
28 | ISO/IEC 27000 overview and vocabulary
29 | 27001 ISMS requirements
30 | 27002 code of practice for information security management
31 | 27003 Guideline for ISMS implementation
32 | 27004 guideline for information security management measurement and metrics framework
33 | 27005 guideline for information security risk management
34 | 27006 guidelines for bodies providing audit and certification of information security management system
35 | 27011 information security management guidelines for telecommunications orbs
36 | 27031 guideline for information and communications technology readiness for business continuity
37 | 27033-1 guideline for network security
38 | 27799 guideline for information security management in health organizationsAll these were developed to provide holistic view of the organization, so the business people and technical people can communicate effectively.
39 |
40 | Zachman Architecture Framework:
41 | created by John Zachman.
42 | Two-dimensional model that uses 6 basic communication interrogatives (what,how,where,who,when,why) interacting with different viewpoints ( planner,owner,designer,builder,implementer,worker). The goal of this model is to be able to look at the same organization from different views.
43 |
44 | The Open Group Architecture Framework:
45 | It has it's origin in the U.S. Dep. of Defense
46 | It can be used to develop these arch types:
47 | - Business Architecture
48 | - Data Architecture
49 | - Applications Architecture
50 | - Technology Architecture
51 | Through its Architecture Development Model ADM -> iterative and cyclic process.
52 | These different architecture allow to understand the enterprise from 4 different views.
53 |
54 | Military-Oriented Architecture Frameworks
55 | - Department of Defense Arch Framework (DoDAF)
56 | - British Ministry of Defence Arch Framework
57 | (MODAF)
58 | The crux of the frameworks is to get the right to the right people.
59 | Both were developed to support military missions, they have been expanded for use in business enterprise environmentsIs a subset of an enterprise architecture. Defines the information security strategy. It is a method for describing the structure of ISMS ( information security management system)
60 |
61 | ISMS vs Security Enterprise Architecture
62 | - ISMS outlines the controls that need to put into place and provides direction on how these should be managed
63 | - SEA illustrates how these components are to be integrated into the different layers
64 |
65 | Example: ISMS dictates that risk management needs to be put in place, and the enterprise architecture will chop up the risk management components and illustrates how risk management needs to take place at strategic, tactical, operational level.Sherwood Applied Business Security Architecture
66 |
67 | Risk-driven architecture that maps to business initiatives ,similar to Zachman framework
68 | Since it is a methodology also, it provides the process to follow to build and maintain.ISO/EIC 27000 series outlines the necessary components of an org security program,
69 | Enterprise security architecture helps us integrated the requirements outlined in the security program,
70 | Security controls help to accomplish the goals outlined in the both above.CobiT - Control Objectives for Information and related Technology, developed by the Information Systems Audit and Control Association (ISACA) and the IT Governance Institute (ITGI).
71 | Is a framework and set of control objectives.
72 | 4 main domains :
73 | - plan and organize
74 | - acquire and implement
75 | - deliver and support
76 | - monitor and evaluate
77 | CobiT lays out executive summaries, management guidelines, frameworks, control objectives, an implementation toolset, performance indicators, success factors, maturity models, and audit guidelines. It lays out complete roadmap that can be followed to accomplish each of the 34 control objectives this model deals with.
78 |
79 |
80 | NIST 800-53Governance model used to help prevent fraud within a corporate environmentITIL - is a set of best practices for IT service management
81 |
82 | Six Sigma is used to identify defects in processes so that the process can be improved upon
83 |
84 | CMMI is a maturity model that allows for processes to improve in an incremented and standard approachInformation Risk Management (IRM)
85 | is the process of identifying and assessing risk, reducing it to an acceptable level, and implementing the right mechanism to maintain that level
86 |
87 | Risk management team should include individuals from different departments within the org, not just technical personnelThe IRM policy provides the foundation and direction for the organization's security risk management process and proceduresRisk assessment is a method of identifying vulnerabilities and threats and assessing the possible impacts to determine where to implement security controls
88 |
89 | Risk Analysis works with results of risk assessment. It helps to prioritize the risks and shows the amount of resources needed.
90 |
91 | Risk analysis provides cost/benefit comparison that helps to choose the right safeguardNIST 800-30 Risk Management Guide for Information Technology Systems
92 | - a U.S. federal standard that is focused on IT risks
93 |
94 | Facilitated Risk Analysis Process (FRAP)
95 | - focus only on the systems that really need assessing (qualitative approach)
96 |
97 | Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE)
98 | - team oriented approach that assesses organizational and IT risks through facilitated workshops
99 |
100 | Failure Modes and Effect Analysis (FMEA)
101 | - approach that dissects a component into its basic functions to identify flaws and those flaws' effects
102 | -> fault three analysis: used to detect failures within complex environments
103 |
104 | CRAMM
105 | - created by UK and it's automated tools are sold by SiemensQuantitative risk analysis
106 | - assigning monetary and numerical values to all the data elements of a risk assessment.
107 | A purely quantitative risk analysis is not possible because qualitative items cannot be quantified with precision. (tangible vs intangible assets)
108 |
109 | -> single loss expectancy SLE
110 | ( asset value x exposure factor)
111 |
112 | -> annualized loss expectancy ALE
113 | (SLE x ARO = ALE)
114 |
115 | Qualitative risk analysis
116 | - opinion based method of analyzing risk with the use of scenarios and ratings
117 |
118 |
119 | Total risk - amount of risk before a control is put in place
120 | Residual risk - after implementing a control
121 | Handling risk - accept, transfer, mitigate, avoidGroup decision method where each group member can communicate anonymously.Policies
122 | - a statement by management dictating the role security plays in the organization
123 |
124 | .Procedures
125 | - detailed step-by-step actions that should be followed to achieve a certain task
126 |
127 | .Standards
128 | - documents that outlines rules that are compulsory in nature and support the organization's security policies
129 |
130 | .Baselines
131 | - minimum level of security
132 |
133 | .Guidelines
134 | - recommendations and general approaches that provide advice and flexibilityData owners specify the classification of data, and the data custodians implement and maintain controls to enforce the set classification levelsSecurity governance is a framework that provides oversight, accountability, and complianceNIST 800-55
135 | - a standard for performance measurement for information security
136 |
137 | ISO/IEC 27004:2009
138 | - an international standard for information security measurement management
--------------------------------------------------------------------------------
/Domain 10 Security Operations.smmx:
--------------------------------------------------------------------------------
1 |
2 |
--------------------------------------------------------------------------------
/Domain 2 Access Control.smmx:
--------------------------------------------------------------------------------
1 |
2 | Are considered the first line of defense in asset protection
3 |
4 | They are used to dictate how subject can access object. Defines how users should be identified, authenticated,authorized.SESAME
5 | Secure European System for Applications in a Multi- vendor Environment
6 |
7 | Where Kerberos uses tickets, SESAME uses PACs - Privileged Attribute Certificates
8 | PAC contains:
9 | - subjects identity
10 | - access capabilities for the object
11 | - access time period
12 | - lifetime of the PAC
13 |
14 | PAC is digitally signed by PAS ( attribute server)
15 | PAS holds similar role as KDC
16 | After the users successfully authenticates to the AS, he is presented with a token to give to the PAS. The PAS then creates a PAC for the users to present to the resource he is trying to access.Kerberos is symmetric key-based single sign-on technology for distributed environments
17 |
18 | Main components
19 | .key distribution center KDC
20 | - holds all principals' secret keys
21 | .ticket granting service
22 | - generates tickets
23 | .authentication service AS
24 | -returns TGT encrypted by user secret key
25 |
26 | When user needs to access a resource
27 | 1. Sends TGT to TGS running on KDC
28 | 2. TGS creates a ticket which contains two instances of the session key ( encrypted by users' secret key and by the resource secret key). It contains also an authenticator.
29 | 3. User decrypts the session key and sends ticket to the resource (second session key is attached) + user authenticator
30 | 6. If the resource can decrypt the session key encrypted by its secret key, it knows that this request was authorized by the KDC + If the authenticator is a match then the resource knows that the principal info is correct
31 |
32 | Authenticator contains principals IP, sequence number, timestampGeneric Security Service Application Programming Interface
33 |
34 | Generic API for client to server authentication
35 |
36 | Kerberos version 5 and SESAME allow any application to use their auth functionality through GSS-APIXML
37 |
38 | SPML
39 | .framework for exchanging user,resource,and service provisioning information between cooperating organizations.
40 | Allows for automation of user management
41 |
42 | XACML
43 | .declarative access control policy language implemented in XML and a processing model, describes how to interpret security policies.
44 | Allows two or more org to share application security policy. So you don't have to authenticate twice when moving from one app to another
45 |
46 | SAML
47 | .allows for the exchange of authentication and authorization data to be shared between security domains. It is one of the most used approaches to allow for single sign on capabilities within a web based environment.The users can specify what type of access can occur to the objects they own.
48 |
49 | DAC system grant or deny access based on the identity of the subject.
50 |
51 | The most common implementation of DAC is through ACLs.
52 | Most of the Operating systems are based on DAC.
53 |
54 | Read - R
55 | Write - W
56 | Execute - E
57 | Delete - D
58 | Change - R, W, E , D but no changes to ACL, or ownership
59 | Full control
60 |
61 | The administrator may want to restrict the user actions, this type of access control is referred to as nondiscretionary.It is based on a security label system.
62 | Users are given a security clearance, data is classified.
63 |
64 | Decision whether a subject can access an object is based on the clearance of the subject and the classification of the object.
65 |
66 | A sensitivity label is made up of a classification and categories. Classification follow hierarchical structure, categories enforces need to know.
67 | Categories can correspond to a department of the organization.
68 |
69 | The rules how subject access objects are made by the organization security policy, configured by security admin, enforced by OS.
70 |
71 | MAC-based systems are used by government- oriented agencies.
72 | Publicly released MAC system are SE Linux (NSA), Trusted Solaris.
73 |
74 | MAC systems are resistant to malware, but require a lot of administrative overhead and are not user friendly.
75 |
76 | MAC is considered nondiscretionary.Access decisions are based on each subject's role and/or functional position
77 |
78 | Role-based access control can be managed in the following ways:
79 |
80 | 1.Non-RBAC : users are mapped directly to applications and no roles are used
81 |
82 | 2. Limited RBAC : users are mapped to roles and to applications that do not have role based access functionality
83 |
84 | 3. Hybrid RBAC : users are mapped to multiaplication roles with only selected rights assigned to those roles
85 |
86 | 4. Full RBAC : users are mapped to enterprise rolesAllows to define specific situation in which a subject can or cannot access an object.
87 |
88 | Rule-based access control is a type of compulsory control, because the administrator sets the rules and the users cannot modify these controls.Restrict users' access abilities by not allowing them to request certain functions/ information/ resources.
89 |
90 | 1. Menus and shells
91 | 2. Database views
92 | 3. Physically constrained interfacesAccess rights can be assigned to subjects (capabilities) or to objects ( ACLs)
93 |
94 | Capability table
95 | Is bound to the subject. The capability corresponds to the subjects row in the matrix
96 |
97 | ACL
98 | Is bound to object, list of subjects that can access. The ACL represents the column in matrix.Examples:
99 |
100 | DB view - content depended
101 | Stateful FW - context dependedRADIUS
102 | UDP based AAA protocol
103 | encrypts the password only when transmitted from client to server
104 | 2^8 AVP
105 | Works over PPP connections
106 | Uses single-challenge response when authenticating a user, which is used for all activities.
107 |
108 |
109 | TACACS
110 | TCP based AAA protocol
111 | TACACS+ encrypts all traffic between client and server
112 | More AVPs than in RADIUS = more granularity
113 | Support other protocols (AppleTalk,NetBios,IPX)
114 | Uses multiple-challenge response for each of the AAA processes.
115 |
116 | DIAMETER
117 | TCP based AAA protocol
118 | Consist of:
119 | Base protocol - communication between entities
120 | Extensions - allows use of various technologies
121 |
122 | Authentication
123 | - PAP, CHAP, EAP
124 | Authorization
125 | - redirects, secure proxies, relays, brokers
126 | Accounting
127 | - reporting,event monitoring, ROAMOPSExample
128 | Peer-to-peer working groupAdministrative controls
129 | .policy and procedures
130 | .personnel controls
131 | .supervisory structure
132 | .security-awareness training
133 | .testing
134 |
135 | Physical controls
136 | .network segregation
137 | .perimeter security
138 | .computer controls
139 | .work area separation
140 | .data backups
141 | .cabling
142 | .control zone
143 |
144 | Technical controls
145 | .system access
146 | .network architecture
147 | .network access
148 | .encryption and protocols
149 | .auditingHIDS and NIDS can be one of the following types:
150 |
151 | .signature-based
152 | ..pattern matching - signatures
153 | ..stateful matching -sigs in context of a stream of activity
154 |
155 | .anomaly-based (behavioral-based)
156 | ..statistical anomaly-based
157 | ..protocol anomaly-based
158 | ..traffic anomaly-based
159 | ..rule or heuristic based
160 |
161 | .rule-based
162 | Use of IF-THEN programming within expert system
163 | Cannot detect new attacks
164 |
165 | IPS
166 | Content-based
167 | .protocol analysis and signature matching
168 | Rate base metric focuses on volume of traffic (DoS, slow and low)True-name
169 | Theft uses personal information to open new accounts
170 |
171 | Account takeover
172 | Imposter uses personal information to gain access to the person's existing accounts.
--------------------------------------------------------------------------------
/Domain 3 Security Architecture and Design.smmx:
--------------------------------------------------------------------------------
1 |
2 | International standard that provides guidelines on how to create and maintain system architectures
3 |
4 | International standard on system architecture to allow for better quality, interoperability, extensibility,portability and security....SRAM or static RAM don't need continuous refreshing as DRAM, but it needs more transistors = bigger,more expensive, but faster
5 | Usually has been used in cache
6 |
7 | SDRAM, synchronized with the CPU so the speed is increased
8 |
9 | EDO RAM, faster than DRAM, because it can capture the next block of data while the first block is being sent to the CPU
10 |
11 | BEDO RAM, builds upon EDO, B stands for burst, which means it can send more data at once
12 |
13 | DDR SDRAM, carries out operations on the rising and falling cycles of a clock pulse. So instead 1 operation per pulse it makes 2Nonvolatile memory typePROM
14 | Can be programmed only once, the voltage used during this process burns out the fuses that connect the memory cells
15 |
16 | EPROM
17 | E means erasable by UV light
18 |
19 | EEPROM
20 | Electrically erasable, one byte at time
21 |
22 | Flash memory
23 | Erasing function takes place in blocksProgrammable I/O
24 | CPU sends data to I/O and polls the device to see if it is ready....waste of time
25 |
26 | Interrupt-driven I/O
27 | When the device is done with its job, it send an interrupt to the CPU
28 |
29 | I/O using DMA (direct memory access)
30 | Way of transferring data between a device and the system memory without using CPU
31 |
32 | Premapped I/O
33 | Device is trusted and can access the memory directly
34 |
35 | Fully mapped I/O
36 | Device is not trusted , physical address is not given to the device, instead the device is working with logical addressesAll OS processes run in the kernel mode
37 |
38 | MS-DOS, Windows 3.xSeparates OS functionalities into hierarchical layers.
39 | In this approach the system operates in kernel mode ring 0.
40 | Layers allowed data hiding.
41 |
42 | THE, VAX/VMS, Multics, Unix
43 |
44 | Downfalls are performance, complexity, security.Smaller subset of critical kernel processes focused mainly on memory management and interprocess communication. Other components work from the user space..but this turned out to cause a lot of performance issues, because processing requires so many mode transitions.Microkernel still exists and carries out mainly interprocess communication and memory management responsibilities.
45 | All of the other OS services work in client/server model. (Executive services)
46 |
47 | So all OS processes run in kernel mode. Core processes run within a microkernel and others run in a client/ server model.In 1972 US government released a report that outlined basic and foundational security requirements of counter systems that it would deem acceptable for purchase and deployment.
48 |
49 | As time went by this resulted in Trusted Computer System Evaluation CriteriaCollection of all the HW, SW, and firmware components within a system that provide security and enforce the system's security policy
50 |
51 | Trusted path
52 | Trustworthy software channel that is used for communication between two processes that cannot be circumvented.Mechanism used to delineate between the components within and outside of the trusted computing baseOr an abstract machine, it is an access control concept that defines a set of design requirements of a reference validation mechanism (security kernel), which enforces an access control policy over subjects' ability to perform operations on objects on a systemImplements the concept of the reference monitor
53 |
54 | The security kernel must isolate processes carrying out the reference monitor concept, must be tamperproof, must be invoked for each access attemptModel is symbolic representation of a policy.
55 | Policy provides the abstract goals, model tells us the do's and don'ts necessary to fulfill these goals.A state of a system is a snapshot of a system at one moment of time.
56 | Developers must identify all initial states and outline how these can be changed (accepted inputs),so the various number of final states still ensure that the system is safe.Simple -> reading
57 | * -> writing
58 |
59 | Covert channels
60 | is a way for an entity to receive information in an unauthorized manner. It is an information flow that is not controlled by a security mechanism.
61 |
62 | 2 types of covert channels
63 | a) covert storage channel
64 | b) covert timing channel
65 |
66 | a) presence of a lock on a file could be interpreted as 1
67 | b) eg using CPU time, using 1, rejecting 0Goals of integrity models
68 | 1. Prevent unauthorized users from making modifications
69 | 2. Prevent authorized users from making improper modifications (separation of duties)
70 | 3. Maintain internal and external consistency (well-formed transaction)Uses following elements:
71 |
72 | Users - active agents
73 | Transformation procedures TPs - programmed abstract operation like read,write,..
74 | Constrained data items CDIs - can be manipulated only by TPs
75 | Unconstrained data items UDIs - can be manipulated by users via primitive read,write operations
76 | Integrity verification procedures IVPs - check the consistency of CDIs with external reality
77 |
78 | Well formed transaction
79 | is a series of transactions that are carried out to transfer the data from one consistent state to the other.
80 |
81 | Clark-Wilson addresses each of 3 integrity goals.Biba addresses the integrity of data within applications. So the Biba model uses a lattice of integrity levels instead of security levels.
82 |
83 | 3 main rules:
84 | 1. Simple integrity axiom ( no read down)
85 | 2. *-integrity axiom (no write up)
86 | 3. Invocation property - subject cannot request service of higher integrity
87 |
88 | Biba model addresses only the first goal of integrity models!Was developed to make sure secrets stay secrets, so it address confidentiality only(don't care about integrity)
89 |
90 | All MAC systems are based on Bell-LaPadula model.
91 |
92 | Multilevel security system - users with different clearances use the system, and the system process data at different classification levels.
93 |
94 | 3 main rules:
95 | 1. simple security rule ( no read up)
96 | 2. *-property rule (no write down)
97 | 3. strong star property rule
98 |
99 | 1. Subject at given at a given security level cannot read data that reside t a higher security level.
100 |
101 | 2.subject in a given security level cannot write information to a lower security level
102 |
103 | 3.subject can read and write only objects at the same level only
104 |
105 | Tranquility principle - subjects' and objects' security levels cannot change in a manner that violates the security principleAlso known as Chinese Wall model
106 | This model allows for dynamically changing access controls that protect against conflicts of interest.Intent of this model is to address covert channels and inference attacks.A lattice model provides an upper bound and a lower bound of authorized access for subjectsThis model shows how subjects and objects should be created and deleted. It also addresses how to assign specific access rights.Deals with access rights of subjects and the integrity of those rights.
107 | This model shows how a finite set of procedures can be available to edit the access rights of a subject."Our system holds secret data and we can all access it"
108 |
109 | All users must have
110 | 1. Proper clearance for all information on the system
111 | 2. Formal access approval for all information on the system
112 | 3. A signed NDA for all information on the system
113 | 4. A valid need-to-know for all information
114 | 5. All users can access all data"Our system holds only secret data, but only some of us can access all of it"
115 |
116 | All users must have
117 | 1. Proper clearance for all information on the system
118 | 2. Formal access approval for all information on the system
119 | 3. A signed NDA for all information on the system
120 | 4. A valid need-to-know for some information on the system
121 | 5. All users can access some data, based on their need-to-know"Our system has various classifications of data, and each individual has the clearance and need-to-know to access only individual pieces of data."
122 |
123 | Bell-LaPadula is an example of this model
124 |
125 | All users must have
126 | 1. Proper clearance for some of the information on the system
127 | 2. Formal access approval for some of the information on the system
128 | 3. A signed NDA for all information on the system
129 | 4. A valid need-to-know for some of the information on the system
130 | 5. All users can access some data, based on their need-to-know, clearance, and formal access approval"Our system has various classifications of data, and each individual has the clearance to access all of the data, but not necessarily the need-to-know."
131 |
132 | All users must have
133 | 1. Proper clearance for the highest level of data classification on the system
134 | 2. Formal access approval for some information on the system
135 | 3. A signed NDA for all information they will access
136 | 4. A valid need-to-know for some of the information on the system
137 | 5. All users can access some data, based on their need-to-know and formal access approvalTrust means that a system uses all of its protection mechanism properly
138 |
139 | Assurance is the level of confidence you have in this trust and that the protection mechanism behave properly.These books provides detailed information and interpretations of certain orange book requirements and describe the evaluation processes.Trusted network interpretation TNI
140 | addresses security evaluation topics for networks and network components.Trusted Computer System Evaluation Criteria
141 | Addresses single-system security
142 | TCSEC addresses confidentiality, but not integrity. Functionality of sec mechanism and the assurance of those mechanism are not evaluated separately, but rather are combined and rated as whole.
143 |
144 | The orange book mainly addresses government and military requirements.
145 |
146 | Ratings
147 | D - minimal protection
148 | C - discretionary protection
149 | C1 - discretionary security protection
150 | C2 - controlled access protection
151 | B - mandatory protection
152 | B1 - labeled security
153 | B2 - structured protection
154 | B3 - security domains
155 | A - verified protection
156 | A1 - verified designITSEC separates the functionality and assurance ratings.
157 |
158 | F1-10 rate the functionality
159 | E0-6 rate the assurance
160 | Higher is better
161 |
162 | E0 = D
163 | F1 + E1 = C1
164 | F2 + E2 = C2
165 | ... B1,2,3
166 | ...A1Provides more flexibility by evaluating a product against a protection profile, which is structured to address a real-world security needs.
167 |
168 | After the evaluation the product is assigned an Evaluation Assurance Level EALThe international standard used as the basis for the evaluation of security properties of products under the CC framework
169 |
170 | 15408-1 introduction and general evaluation model
171 | 15408-2 security functional components
172 | 15408-3 security assurance componentsEAL1 - functionally tested
173 | EAL2 - structurally tested
174 | EAL3 - methodically tested and checked
175 | EAL4 - methodically designed,tested,reviewed
176 | EAL5 - semiformally designed and tested
177 | EAL6 - semiformally verified design and tested
178 | EAL7 - formally verified design and tested
179 |
180 | Where formally verified means it is based on a model that can be mathematically proven.This is the mechanism used to describe a real-world need for a product. It describe the environmental assumptions, the objectives, and the functional and assurance level expectation.
181 |
182 | Contains the following sections:
183 |
184 | 1. Descriptive elements - name of the profile and description of the security problem to be solved
185 |
186 | 2. Rationale - justifies the profile and gives more detailed description of the problem
187 |
188 | 3. Functional requirements - establish a protection boundary
189 |
190 | 4. Development assurance requirements - identifies the requirements on the product during the development phases from design to implementation
191 |
192 | 5. Evaluation assurance requirements - establish the type and intensity of the evaluationCertification is a technical review that assesses the security mechanisms and evaluates their effectiveness.
193 |
194 | Accreditation is management's official acceptance of the information in the certification process findingsOpen system is built upon open standards, protocols, and interfaces. This type of architecture provides interoperability between products.
195 |
196 | Closed system are proprietary.Maintenance hooks are type of back doors, they are used during he development stage by programmers, they should be removed before the product release
197 |
198 | TOC/TOU attacks when attacker jumps in between two tasks and modifies something to control the result
199 |
200 | Race condition attack is when attacker makes processes execute out of sequence to control the result.
--------------------------------------------------------------------------------
/Domain 4 Physical and Environmental Security.smmx:
--------------------------------------------------------------------------------
1 |
2 | Crime prevention through environmental design
3 | Combines the physical environment and sociology issues that surround it to reduce crime rates and the fear of crime
4 |
5 | 3 strategies
6 |
7 | 1. Natural access control
8 | 2. Natural surveillance
9 | 3. Natural territorial reinforcementTeam needs to investigate
10 |
11 | .construction materials of walls and ceilings
12 | .power distribution systems
13 | .communication paths and types
14 | .surrounding hazardous materials
15 | .exterior componentsVault
16 | Personnel
17 | Industrial
18 | Vehicle access doors
19 | Bullet-resistant doorsStandard
20 | Tempered
21 | Acrylic
22 | Wired
23 | Laminated
24 | Solar window film
25 | Security filmContinuous - Parkin lot
26 | Controlled - erect in a way that does not blind neighbors
27 | Standby - programmed to turn on
28 | Responsive - ids detectionWall safe
29 | Floor safe
30 | Chest - standalone
31 | Depositories - safe with slots
32 | Vaults - walk-in accessElectric PowerOnline UPS have the normal primary power passing through them day in and day out. They are much faster than standby.
33 |
34 | Standby UPS stay inactive until power line fails.EMI electromagnetic interference ( motors)
35 |
36 | RFI radio frequency interference (fluorescent light)
37 |
38 | May cause disturbance to the flow of electric power ( power noise)1. Power excess
39 | - spike : momentary high voltage
40 | - surge : prolonged high voltage
41 |
42 | 2. Power loss
43 | - fault : momentary power outage
44 | - blackout : prolonged, complete loss of electric power
45 |
46 | 3. Power degradation
47 | - sag/dip - momentary low-voltage condition
48 | - brownout - prolonged power supply that is below normal voltage
49 | - in-rush current : initial surge of current required to start a loadAnti static flooring
50 | Proper humidity
51 | Proper grounding
52 | Wear Anti static bands when working inside computer systemsSystem should maintain the appropriate temperature and humidity levels and provide closed-loop recirculating air-conditioning and positive pressurization and ventilation
53 |
54 | HVAC system should be off before activating of a fire suppressantTraining employees how to react
55 | Supplying the right equipment
56 | Storing combustible elements in a proper manner1. Smoke activated
57 | 2. Heat activatedA - common combustibles - water,foam
58 | B - Liquid - Gas, CO2, foam, dry powders
59 | C - electrical - Gas, CO2, dry powders
60 | D - combustible metals - dry powder
61 |
62 | Halon is banned since 1987 by Montreal protocol. The most effective replacement is
63 | FM-200 which does not damage ozone1. Wet pipe
64 | Always contain water in the pipes
65 | 2. Dry pipe
66 | Water is not held in the pipes, but it is stored in a tank. Pipes are under pressure not allowing the water valve to open
67 | 3. Preaction
68 | Similar to dry pipe + thermal-fusible on the sprinkler head has to melt before the water is released
69 | 4. Deluge
70 | Wide open sprinkler heads allow a large volume of water to be released, these are not used in data processing environmentsShould be located within 50 feet of electrical equipment and should be inspected quarterlyConsidered as delaying devices
71 |
72 | Mechanical locks
73 | 1. Warder lock - basic padlock
74 | 2. Tumbler lock (pin,wafer,lever)
75 | 3. Combination lock
76 | 4. Cipher lock
77 |
78 | Lock strengths
79 |
80 | Grade 1 - commercial and industrial use
81 | Grade 2 - heavy-duty residential/light-duty commercial
82 | Grade 3 - residential/consumer
83 |
84 | The cylinders within the locks fall into 3 main categories:
85 | Low security - no pick or drill resistance
86 | Medium security - a degree of pick resistance protection, any of three grades
87 | High security - degree of pick protection, grade 1 and 2 locksLocks and keys, an electronic card access system, personnel awarenessFences, gates, walls, doors, windows, protected vents, vehicular barriers3-5 feet only deter casual trespassers
88 | 6-7 feet considered too high to climb easily
89 | 8 feet often deter more determined intruder
90 |
91 | Gauges and mesh size
92 | Gauge is the thickness of the wires
93 |
94 |
95 | PIDAS Fencing - perimeter intrusion and assessment system is a type of fencing that has sensors located on the wire mesh and at the base of the fence. Detects cut, climb attempt
96 | It has a passive cable vibration sensor.
97 | Very sensitive, may cause many FPsClass I - residential usage
98 | Class II - commercial use, where general public access is accepted
99 | Class III - industrial usage, where limited access is expected
100 | Class IV - restricted access, prison entrance ...
101 |
102 | These classifications are developed and maintained by underwriters laboratory ULPerimeter sensors, interior sensors, annunciation mechanism
103 |
104 | IDSs can be used to detect changes in the following :
105 |
106 | 1. Beams of light
107 | 2. Sounds and vibrations
108 | 3. Motion
109 | 4. Different types of fields (microwave, ultrasonic, electrostatic)
110 | 5. Electric circuit
111 |
112 | Characteristics:
113 | - expensive and require human intervention
114 | - a redundant power supply necessary
115 | - should detect and be resistant to tampering
116 | - fail-safe defaults to activatedBreak in a circuitChanges in light beam, can be used in a windowless rooms onlyChanges of heat waves in the areaMicrophones on floors, walls, ceiling detecting sounds made during a force entryGenerates a wave pattern and check the reflected wave for disturbance (microwave, ultrasonic, low frequency)Emits measurable magnetic field, alarm sounds if the field is disrupted. Usually used to protect particular objects ( art)Guards, CCTV camerasMost of today's CCTV(close circuit TV) employ light-sensitive chips called charged-coupled devices CCDs.
117 |
118 | CCD is an electrical circuit that receives input light from lens and converts it into an electronic signal.
119 |
120 | 2 main types of lenses:
121 | - fixed focal length
122 | - zoom (varifocal)
123 |
124 | Focal length defines it's effectiveness in viewing objects from horizontal and vertical view.
125 | Short focal length lenses provide wider-angel views, long focal provide narrower view.
126 |
127 | For a warehouse 2.8 and 4.3 mm
128 |
129 | For a entrance monitoring around 8 mm
130 |
131 | Depth of field
132 | Refers to the portion of the environment that is in focus when showing on monitor
133 |
134 | CCTV lenses have irises, which control the amount of light that enters the lens.
135 |
136 | Manual iris lense have a ring that can be manually turned and controlled.
137 | Auto iris lens should be used in environments where the light changes, as in outdoor setting
138 |
139 | Announciator system can alert if detects something suspicious on CCTV (movement)Guards, local law enforcement agenciesSigns, lightning, environmental design
--------------------------------------------------------------------------------
/Domain 6 Cryptography.smmx:
--------------------------------------------------------------------------------
1 |
2 | Is study of the cryptoanalysis and cryptographyScience of secret writing that enables an entity to store and transmit data in a form that is available only to intended individualsIs the science of studying and breaking the secrecy of encryption processesA range of possible values used to construct keys
3 |
4 | 2bits = 4 possible keys (2^2)
5 | 512 bits = 2^512 possible combinationsSequence of bits that are used as instructions that govern the acts of cryptographic functions within an algorithmKey clustering is an instance in which two different keys generate the same ciphertext from the same plaintext.A system or product that provides encryption and decryptionOr work factor is an estimate of the effort and resources it would take an attacker to penetrate a cryptosystemUses keystream to encrypt plaintext one bit at a time.
6 | The keystream values are in synch with the plaintext values.Uses previously generated output to encrypt the current plaintext values.Concept that an algorithm should be known and only the keys should be kept secretEncryption scheme which is considered unbreakable, however it is impractical in most situations.
7 |
8 | XOR is used, the pad is the value
9 |
10 | Requirements:
11 | - pad must be made up of truly random values
12 | - used only once -> at least as long as the msg
13 | - securely distributed to its destination
14 | - secured at senders/receiver sitesThe running key cipher could use a key that does not require an electronic algorithm and bit alterations, but cleverly uses components in the physical world around you.
15 |
16 |
17 | A concealment cipher, also called a null cipher, is a type of steganography method. Steganography is described later in this chapter.
18 | A concealment cipher is a message hidden within a message.Steganography is a method of hiding data in another media type so the very existence of the data is concealed.The substitution cipher replaces bits, characters, or blocks of characters with different bits, characters, or blocks.The algorithm is the alphabet, and the key is the instruction shift up threeThe transposition cipher does not replace the original text with different text, but rather moves the original values around. It rearranges the bits, characters, or blocks of characters to hide the original meaning.Frequency analysis
19 | Cryptanalysis process used to identify weaknesses within cryptosystems by locating patterns in resulting ciphertext
20 |
21 | Simple substitution and transposition ciphers are vulnerable to attacks that perform frequency analysis. In every language, some words and patterns are used more often than others. For instance, in the English language, the most commonly used letter is E.Key Derivation Functions (KDFs)
22 | Generation of secret keys (subkeys) from an initial value (master key)
23 |
24 |
25 | Key Derivation Functions (KDFs) are used to generate keys that are made up of random values. Different values can be used independently or together as random key material. The algorithm is created to use specific hash, password, and/or salt values, which will go through a certain number of rounds of mathematical functions dictated by the algorithm.A polyalphabetic cipher uses more than one alphabet to defeat frequency analysis.- much faster than asymmetric
26 | - hard to break if using large key size- Requires a secure mechanism to deliver keys properly.
27 | - Each pair of users needs a unique key, so as the number of individuals increases, so does the number of keys, possibly making key management overwhelming.
28 | - Provides confidentiality but not authenticity or nonrepudiation.- Better key distribution than symmetric systems.
29 | - Better scalability than symmetric systems
30 | - Can provide authentication and nonrepudiation- Works much more slowly than symmetric systems
31 | - Mathematically intensive tasksBlock cipher performs mathematical functions on blocks go bitsStream cipher performs mathematical functions on each bit individually.
32 |
33 | The sender and the receiver must have the same key to generate the same keystream.
34 |
35 | Plaintext bit will be transformed into a different ciphertext bit each time it is encryptedFor a cipher to be considered strong, it must contain both of these attributes to ensure that reverse-engineering is basically impossible.Confusion is commonly carried out through substitutionDiffusion is carried out by using transposition.Avalanche effect Algorithm design requirement so that slight changes to the input result in drastic changes to the output.Initialization vectors (IVs)
36 | are random values that are used with algorithms to ensure patterns are not created during the encryption process. They are used with keys and do not need to be encrypted when being sent to the destination. If IVs are not used, then two identical plaintext values that are encrypted with the same key will create the same ciphertext.Data Encryption Standard
37 | NSA modified IBM's 128-bit algorithm named Lucifer to use key size only 64 bits(effective key length 56 bits + 8 parity bits )
38 | They named it DEA. So DES is standard and DEA is algorithm. (But DEA is referred as DES)
39 |
40 | DES is symmetric block encryption algorithm
41 |
42 | - divides a message into 64-bit blocks and employs S-box-type functions on them.
43 |
44 | Blocks are put through 16 rounds of transposition and substitution functions.
45 | The order and type of functions depend on the value of the key.Electronic Code Book
46 |
47 | The fastest, operations can be run in parallel
48 | If error occur, only one block is affected
49 | Only usable for short messages (pin)
50 |
51 | A key is basically instructions for the use of a code book that dictates how a block of text will be encrypted.
52 |
53 | Each block will be encrypted with the same key.Cipher Block Chaining
54 | ciphertext from previous block is used to XOR plaintext of the next block before it is encrypted.
55 |
56 | We use IV to encrypt the first block - first 64 bits of plaintext are XORed with IV.
57 |
58 | This chaining creates dependency on all previous blocks not just one.
59 |
60 | This can be used for example for email encryptionCipher Feedback Mode
61 |
62 | Combination of block and stream cipher
63 |
64 | Can be used to encrypt any size of block, even blocks of just one bit (usually 8bits)
65 |
66 | IV + key = keystream1
67 |
68 | Plaintext1 >> keystream1>> ciphertext1
69 |
70 | Ciphertext1 + key = keystream2
71 |
72 | Plaintext2 >> keystream2 >> ciphertext2
73 |
74 | !!! It is important to use a new unique IV value to encrypt each new stream of dataOutput Feedback Mode
75 |
76 | Smaller chance to extend error throughout the full encryption process.
77 | Suitable for video, voice
78 |
79 | IV + key = keystream1
80 |
81 | Plaintext1 XOR keystream1 => ciphertext1
82 |
83 | Keystream1 + key = keystream2
84 |
85 | Plaintext2 XOR keystream2 => ciphertext2Counter mode
86 |
87 | No chaining = parallel processing = performance
88 |
89 | Using counter + key => keystream
90 | So each block is XORed with unique keystream
91 |
92 | Encryption of
93 | ATM cells for virtual circuits
94 | IPSec
95 | Integrated in 802.11iUses 48 rounds => more resistance to differential cryptoanalysis, but also heavy performance hit3 different keys for encryption and the data are encrypted,encrypted,encrypted3 different keys for encryption
96 | Data are encrypted, decrypted, encrypted2 different keys
97 | 1. And 3. encryption with the same key2 keys
98 | 1. and 3. Encryption use the same keyAdvanced Encryption Standard
99 |
100 | Rijndael algorithm:
101 | Supports 128, 192,256 bits block size
102 | Number of rounds depends on the block size
103 | 128=>10 rounds
104 | 192=>12 rounds
105 | 256=>14 rounds
106 |
107 | Low memory requirements
108 | Defend against timing attacksBlock cipher
109 |
110 | Block size: 64 bits
111 | Key size: 32 - 448 bits
112 |
113 | Data blocks go through 16 rounds
114 |
115 | Bruce Schneier created this as public domainBlock cipher
116 |
117 | Block size: 64 bits
118 | Key size: 128 bits
119 |
120 | The 64 bit block is divided into 16 smaller blocks and each has 8 rounds of mathematical functions performed on it.
121 |
122 | Offers similar modes to DES, but it is considered harder to break (bigger key)
123 |
124 | IDEA is used in PGPBlock size: 32, 64, 128 bits
125 | Key size: up to 2048 bits
126 | Number of rounds: up to 255Same attributes as RC5, but optimized for speedStream cipher
127 |
128 | Used in SSL protocol
129 | Key size: variable
130 |
131 | Simple fast efficient algorithm, but with low diffusion rate => modification attack
132 |
133 | 802.11i therefore moved from RC4 to AESEnables two systems to generate a symmetric key.
134 |
135 | Private_1 + Public_2 => symmetric key
136 | Private_2 + Public_1 => the same symmetric key
137 |
138 | Vulnerable to a man-in-the-middle attack, countermeasure is to have authentication take place before accepting the public keyCan be used for
139 | - digital signatures
140 | - key exchange
141 | - encryption
142 |
143 | Based on the difficulty of factoring large numbersBased on calculating discrete logarithms in a finite field. It is actually extension of the Diffie- Hellman algorithm.
144 |
145 | It's main drawback is performanceElliptic Curve Cryptosystem
146 |
147 | - digital signatures
148 | - secure key distribution
149 | - encryption
150 |
151 | It needs less resources than RSA and other algorithms, so it is used in eg cell phones
152 | It provides the same level of protection with a smaller keyBased on knapsack problem:
153 | If you have several different items, each having its own weight, is it possible to add these items to a knapsack so the knapsack has a specific weight?
154 |
155 | This algorithm was discovered insecure and is not used in cryptosystems.One entity can prove something to be true without providing a secret value.
156 |
157 | If I encrypt msg with my private key, I provide a proof that I have my private key.
158 |
159 | So only owner of the private key can prove possession of the key.Hashing algorithms provide data integrity only.Message Authentication Code
160 | - authentication scheme derived by applying a secret key to a message
161 |
162 | MAC is sometimes called Message integrity code MIC or Modification detection code MDCHash MAC
163 | - sender concatenates a symmetric key with the message
164 | - result is put through hashing algorithm
165 | - MAC is generated and appended to the msg
166 | - receiver uses his copy of the secret key together with the message to generate MAC
167 | If both MAC are the same, message was not modifiedMessage is encrypted with symmetric block cipher in CBC mode, and the output of the final block of ciphertext is used as MACCipher-Based Message Authentication Code
168 | - provides the same level of data origin authentication as CBC-MAC
169 | - AES or 3DES
170 |
171 | Works the same way as CBC, but is based on more complex logic and mathematical functions.one-way hash function designed by Ron Rivest that creates 128-bit message digest value.
172 | It is not weaker than other MD, it is just slowerOne-way hash function designed by Ron Rivest. It also produces 128-bit message digest valueNewer version of MD4, produces 128-bit hash, but is more complex = harder to break
173 | Latest research has shown MD5 to be subject of collision attack, and is therefore no longer suitable for applications like SSL certificates and digital signatures.Was designed to be used with Digital Signature Standard DSS.
174 | Produces 160-bit hash value.
175 |
176 | SHA was improved upon and renamed SHA-1.
177 | Newer versions of this algorithm have been developed and released: SHA-256,384,512Variable-length one-way hash function, it is a modification of MD5.
178 |
179 | Block size re twice the size of those in MD5 => 1024 bits
180 |
181 | HAVAL can produce hashes from 128 to 256 bits in lengthRoss Anderson and Eli Biham developed this algorithm ( it is not based on MD4)
182 | It was design to carry out hashing functionalities on 64-bit systems and to be faster as MD5
183 |
184 | Resulting hash is 192 bits in sizeRACE Integrity Primitives Evaluation - RIPE
185 | It was developed to replace MD4If the algorithm does produce the same value for two distinctly different messages, this is called a collision. An attacker can attempt to force a collision, which is referred to as a birthday attack.Brute force
186 |
187 | The output of a hashing algorithm is n, and to find a message through a brute force attack that results in a specific hash value would require hashing 2^n random messages. To take this one step further, finding two messages that hash to the same value would require review of only 2^n/2 messages.
188 |
189 | This is based on The birthday paradox.
190 | There is a higher probability of finding two people who share a birthday than of finding another person who shares your birthday.
191 |
192 | if a hashing algorithm generates a message digest of 60 bits, there is a high likelihood that an adversary can find a collision using only 2^30 inputs.A digital signature is a hash value that has been encrypted with the sender’s private key.
193 |
194 | - A message can be encrypted, which provides confidentiality.
195 |
196 | - A message can be hashed, which provides integrity.
197 |
198 | - A message can be digitally signed, which provides authentication, nonrepudiation, and integrity.
199 |
200 | - A message can be encrypted and digitally signed, which provides confidentiality, authentication, nonrepudiation, and integrity.PKI is an ISO authentication framework that uses public key cryptography and the X.509 standard.
201 | It is a hybrid system of symmetric and asymmetric key algorithms and methods.
202 |
203 | A PKI may be made up of the following entities and functions:
204 | - Certification authority
205 | - Registration authority
206 | - Certificate repository
207 | - Certificate revocation system
208 | - Key backup and recovery system
209 | - Automatic key update
210 | - Management of key histories
211 | - Timestamping
212 | - Client-side softwareCA - certificate authority - trusted third party, issuer of digital certificates
213 |
214 | The CA is responsible for creating and handing out certificates, maintaining them, and revoking them if necessary.is the process undertaken by CAs to establish a trust relationship in which they rely upon each other’s digital certificates and public keys as if they had issued them themselves. When this is set up, a CA for one company can validate digital certificates from the other company and vice versa.certificate revocation list (CRL) is a list of every certificate that has been revoked. This list is maintained and updated periodically.
215 |
216 | A certificate may be revoked because the key holder’s private key was compromised or because the CA discovered the certificate was issued to the wrong person.Online Certificate Status Protocol (OCSP)
217 |
218 | carries out real-time validation of a certificate and reports back to the user whether the certificate is valid, invalid, or unknown.
219 | OCSP checks the CRL that is maintained by the CA. So the CRL is still being used, but now we have a protocol developed specifically to check the CRL during a certificate validation process.RA - registration authority - verifies identity of the requestor and passes the cert request off to CAThe standard for how the CA creates the certificate is X.509
220 |
221 | A certificate is the mechanism used to associate a public key with a collection of components in a manner that is sufficient to uniquely identify the claimed owner.
222 |
223 | - serial number
224 | - version number
225 | - identity information
226 | - algorithm information
227 | - lifetime dates
228 | - signature of the issuerKey management is one of the most challenging pieces of cryptography. It pertains to creating, maintaining, distributing, and destroying cryptographic keys.When using the Kerberos protocol, a Key Distribution Center (KDC) is used to store, distribute, and maintain cryptographic session and secret keys.
229 | This method provides an automated method of key distribution. The computer that wants to access a service on another computer requests access via the KDC. The KDC then generates a session key to be used between the requesting computer and the computer providing the requested resource or service.
230 | The automation of this process reduces the possible errors that can happen through a manual process, but if the ticket granting service (TGS) portion of the KDC gets compromised in any way, then all the computers and their services are affected and possibly compromised.The key should not be stored in cleartext outside of the cryptographic device.
231 |
232 | The key length should be long enough to provide the necessary level of protection.
233 |
234 | Keys should be stored and transmitted by secure means.
235 |
236 | Keys should be extremely random, and the algorithm should use the full spectrum of the keyspace.
237 |
238 | The key’s lifetime should correspond with the sensitivity of the data it is protecting. (Less secure data may allow for a longer key lifetime, whereas more sensitive data might require a shorter key lifetime.)
239 |
240 | The more the key is used, the shorter its lifetime should be.
241 |
242 | Keys should be backed up or escrowed in case of emergencies.
243 |
244 | Keys should be properly destroyed when their lifetime comes to an end.Key escrow
245 | is a process or entity that can recover lost or corrupted cryptographic keys; thus, it is a common component of key recovery operations.
246 |
247 | Multiparty key recovery
248 | key recovery processes where two or more entities are required to reconstruct a key. Multiparty key recovery implements dual control, meaning that two or more people have to be involved with a critical task.The Trusted Platform Module (TPM) is a microchip installed on the motherboard of modern computers and is dedicated to carrying out security functions that involve the storage and processing of symmetric and asymmetric keys, hashes, and digital certificates.
249 |
250 | It can be used for platform integrity, disk encryption, password protection, and remote attestation.
251 |
252 | Usage:
253 | Binding
254 | - hdd encryption, key is stored on the chip
255 |
256 | Sealing
257 | - TPM generates hash values based on the system configuration. A system can be used only when TPM verifies the integrity of the system configuration.
258 |
259 | TPM's internal memory is divided into two different segments.Endorsement key
260 |
261 | The EK is a public/private key pair that is installed in the TPM at the time of manufacture and cannot be modified. The private key is always present inside the TPM, while the public key is used to verify the authenticity of the TPM itself. The EK, installed in TPM, is unique to that TPM and its platform.Storage Root Key
262 |
263 | The SRK is the master wrapping key used to secure the keys stored in the TPM.Attestation Identity Key
264 |
265 | The AIK is used for the attestation of the TPM chip itself to service providers. The AIK is linked to the TPM’s identity at the time of development, which in turn is linked to the TPM’s Endorsement Key. Therefore, the AIK ensures the integrity of the EK.Platform Configuration Register Hashes
266 |
267 | The PCR is used to store cryptographic hashes of data used for TPM’s “sealing” functionality.The storage keys are used to encrypt the storage media of the computer system.Link encryption, which is sometimes called online encryption, is usually provided by service providers and is incorporated into network protocols.
268 | All of the information is encrypted, and the packets must be decrypted at each hop so the router, or other intermediate device, knows where to send the packet next.
269 | The router must decrypt the header portion of the packet, read the routing and address information within the header, and then re-encrypt it and send it on its way.
270 |
271 | The only traffic not encrypted in this technology is the data link control messaging information, which includes instructions and parameters that the different link devices use to synchronize communication methods.
272 |
273 | Link encryption provides protection against packet sniffers and eavesdroppers.Link encryption occurs at the data link and physical layers.
274 | Hardware encryption devices interface with the physical layer and encrypt all data that passes through them. Because no part of the data is available to an attacker, the attacker cannot learn basic information about how data flows through the environment. This is referred to as traffic-flow security.All data are encrypted, including headers, addresses, and routing information.
275 |
276 | Users do not need to do anything to initiate it. It works at a lower layer in the OSI model.Key distribution and management are more complex because each hop device must receive a key, and when the keys change, each must be updated.
277 |
278 | Packets are decrypted at each hop; thus, more points of vulnerability exist.In end-to-end encryption, the headers, addresses, routing, and trailer information are not encrypted, enabling attackers to learn more about a captured packet and where it is headed.
279 |
280 | With end-to-end encryption, the packets do not need to be decrypted and then encrypted again at each hop because the headers and trailers are not encrypted.
281 |
282 | It is called “end-to-end encryption” because the message stays encrypted from one end of its journey to the other.
283 | Link encryption has to decrypt the packets at every device between the two ends.It provides more flexibility to the user in choosing what gets encrypted and how.
284 |
285 | Higher granularity of functionality is available because each application or user can choose specific configurations.
286 |
287 | Each hop device on the network does not need to have a key to decrypt each packet.Disadvantages of end-to-end encryption include the following:
288 |
289 | Headers, addresses, and routing information are not encrypted, and therefore not protected.Multipurpose Internet Mail Extension (MIME) is a technical specification indicating how multimedia data and e-mail binary attachments are to be transferred.
290 |
291 | MIME is a specification that dictates how certain file types should be transmitted and handled. This specification has several types and subtypes, enables different computers to exchange data in varying formats, and provides a standardized way of presenting the data.extends the MIME standard by allowing for the encryption of e-mail and attachments.
292 | The encryption and hashing algorithms can be specified by the user of the mail package, instead of having it dictated to them.
293 | S/MIME follows the Public Key Cryptography Standards (PKCS).
294 | S/MIME provides confidentiality through encryption algorithms, integrity through hashing algorithms, authentication through the use of X.509 public key certificates, and nonrepudiation through cryptographically signed message digests.Pretty Good Privacy (PGP) was designed by Phil Zimmerman.
295 |
296 | PGP is considered a cryptosystem because it has all the necessary components: symmetric key algorithms, asymmetric key algorithms, message digest algorithms, keys, protocols, and the necessary software components.key ring is a collection of public keys he has received from other users.
297 |
298 | Each key in that ring has a parameter that indicates the level of trust assigned to that user and the validity of that particular key.There is no CA
299 |
300 | System relies on a “web of trust” in its key management approach. Each user generates and distributes his or her public key, and users sign each other’s public keys, which creates a community of users who trust each other.Use of quantum mechanical functions to provide strong cryptographic key exchangeHTTP is a stateless protocol, which means the client and web server make and break a connection for each operation.
301 |
302 | The web server never “remembers” the users that ask for different web pages, because it would have to commit a lot of resources to the effort.HTTP Secure (HTTPS) is HTTP running over SSL.Proprietary protocol developed by Netscape
303 |
304 | Secure Sockets Layer (SSL) uses public key encryption and provides data encryption, server authentication, message integrity, and optional client authentication.
305 |
306 | The SSL protocol works at the transport layer
307 | SSL requires a PKI environmentopen-community and standardized version of SSL is Transport Layer Security (TLS). The differences between SSL 3.0 and TLS are slight, but TLS is more extensible and is backward compatible with SSL.Secured HTTP
308 |
309 | S-HTTP is used if an individual message needs to be encrypted, but if all information that passes between two computers must be encrypted, then HTTPS is used insteadSET is a cryptographic protocol and infrastructure developed to send encrypted credit card numbers over the Internet.
310 |
311 | To use SET, a user must enter credit card number into electronic wallet software. This information is stored on the user’s hard drive or on a smart card. The software then creates a public key and a private key that are used specifically for encrypting financial information before it is sent.
312 |
313 |
314 | The following entities would be involved with a SET transaction:
315 | - Issuer (cardholder’s bank) The financial institution that provides a credit card to the individual.
316 | - Cardholder The individual authorized to use a credit card.
317 | - Merchant The entity providing goods.
318 | - Acquirer (merchant’s bank) The financial institution that processes payment cards.
319 | - Payment gateway This processes the merchant payment. It may be an acquirer.Cookies
320 | Data files used by web browsers and servers to keep browser state information and browsing preferences.
321 |
322 | Stored on user hdd or in memorySecure Shell (SSH)
323 | Network protocol that allows for a secure connection to a remote system. Developed to replace Telnet and other insecure remote shell methods.
324 |
325 | The two computers go through a handshaking process and exchange (via Diffie-Hellman) a session key that will be used during the session to encrypt and protect the data sent.
326 |
327 | SSH should be used instead of Telnet, FTP, rlogin, rexec, or rsh.IPSec Protocol suite used to protect IP traffic through encryption and authentication. De facto standard VPN protocol.if a company just needs to make sure it knows the source of the sender and must be assured of the integrity of the packets, it would choose to use AH.
328 |
329 | The AH protocol calculates ICV over the data payload, transport, and network headers. If the packet then goes through a NAT device, the NAT device changes the IP address of the packet. This means network header that was included to calculate the ICV value has now changed, and the receiver will generate an ICV value that is different from the one sent with the packet, which means the packet will be discarded automatically.The ESP protocol can provide authentication, integrity, and confidentiality.
330 |
331 | The ESP protocol does not include the network header portion when calculating its ICV value. When the NAT device changes the IP address, it will not affect the receiver’s ICV value because it does not include the network header when calculating the ICV.
332 |
333 | So when we want to go through a NAT, ESP is the right choiceBecause IPSec is a framework, it does not dictate which hashing and encryption algorithms are to be used or how keys are to be exchanged between devices.
334 |
335 | Key management can be handled manually or automated by a key management protocol.
336 |
337 | The de facto standard for IPSec is to use Internet Key Exchange (IKE), which is a combination of the ISAKMP and OAKLEY protocols.The Internet Security Association and Key Management Protocol (ISAKMP) is a key exchange architecture that is independent of the type of keying mechanisms used.
338 |
339 | Basically, ISAKMP provides the framework of what can be negotiated to set up an IPSec connection (algorithms, protocols, modes, keys).The OAKLEY protocol is the one that carries out the negotiation process.
340 |
341 | You can think of ISAKMP as providing the playing field (the infrastructure) and OAKLEY as the guy running up and down the playing field (carrying out the steps of the negotiation).Simple Key Management Protocol for IP (SKIP) is another key exchange protocol that provides basically the same functionality as IKE. It is important to know that all of these protocols work at the network layer.In known-plaintext attacks, the attacker has the plaintext and corresponding ciphertext of one or more messages.
342 |
343 | The goal is to discover the key used to encrypt the messages so other messages can be deciphered and read.Linear cryptanalysis is another type of attack that carries out functions to identify the highest probability of a specific key employed during the encryption process using a block algorithm.
344 |
345 | The attacker carries out a known-plaintext attack on several different messages encrypted with the same key. The more messages the attacker can use and put through this type of attack, the higher the confidence level in the probability of a specific key value.
346 |
347 | The attacker evaluates the input and output values for each S-box. He evaluates the probability of input values ending up in a specific combination.
348 | Identifying specific output combinations allows him to assign probability values to different keys until one shows a continual pattern of having the highest probability.In chosen-plaintext attacks, the attacker has the plaintext and ciphertext, but can choose the plaintext that gets encrypted to see the corresponding ciphertext.
349 |
350 | This gives more power and possibly a deeper understanding of the way the encryption process works so the attacker can gather more information about the key being used.
351 |
352 | Once the key is discovered, other messages encrypted with that key can be decrypted.The goal is get the key that was used for encryption purposes.
353 | This attack looks at ciphertext pairs generated by encryption of plaintext pairs with specific differences and analyzes the effect and result of those differences.
354 | One such attack was invented in 1990 as an attack against DES, and it turned out to be an effective and successful attack against DES and other block algorithms.
355 | The attacker takes two messages of plaintext and follows the changes that take place to the blocks as they go through the different S-boxes. (Each message is being encrypted with the same key.) The differences identified in the resulting ciphertext values are used to map probability values to different possible key values. The attacker continues this process with several more sets of messages and reviews the common key probability values. One key value will continue to show itself as the most probable key used in the encryption processes.
356 |
357 | Since the attacker chooses the different plaintext messages for this attack, it is considered to be a type of chosen-plaintext attack.In chosen-ciphertext attacks, the attacker can choose the ciphertext to be decrypted and has access to the resulting decrypted plaintext.
358 |
359 | Again, the goal is to figure out the key. This is a harder attack to carry out compared to the previously mentioned attacks, and the attacker may need to have control of the system that contains the cryptosystem.Replay Attacks
360 |
361 | An attacker captures some type of data and resubmits it with the hopes of fooling the receiving device into thinking it is legitimate information(authentication information).
362 |
363 | Timestamps and sequence numbers are two countermeasures to replay attacks.Algebraic attacks analyze the vulnerabilities in the mathematics used within the algorithm and exploit the intrinsic algebraic structure.
364 |
365 | For instance, attacks on the “textbook” version of the RSA cryptosystem exploit properties of the algorithm, such as the fact that the encryption of a raw “0” message is “0.”Analytic attacks identify algorithm structural weaknesses or flaws, as opposed to brute force attacks, which simply exhaust all possibilities without respect to the specific properties of the algorithm.
366 |
367 | Examples include the Double DES attack and RSA factoring attack.Statistical attacks identify statistical weaknesses in algorithm design for exploitation—for example, if statistical patterns are identified, as in the number of zeros compared to the number of ones.
368 | For instance, a random number generator (RNG) may be biased. If keys are taken directly from the output of the RNG, then the distribution of keys would also be biased. The statistical knowledge about the bias could be used to reduce the search time for the keys.Meet-in-the-middle attack
369 | Cryptanalysis attack that tries to uncover a mathematical problem from two different ends.
370 |
371 | The attack works by encrypting from one end and decrypting from the other end, thus meeting in the middle.Passive attacks
372 | the attacker is not affecting the protocol, algorithm, key, message, or any parts of the encryption system.
373 | Passive attacks are hard to detect, so in most cases methods are put in place to try to prevent them rather than to detect and stop them.The idea is that instead of attacking a device head on, just watch how it performs to figure out how it works.
374 |
375 | An attacker could measure power consumption, radiation emissions, and the time it takes for certain types of data processing.
--------------------------------------------------------------------------------
/Domain 7 Business Continuity and Disaster Recovery Planning.smmx:
--------------------------------------------------------------------------------
1 |
2 | The goal of disaster recovery is to minimize the effects of a disaster or disruption.
3 | => resume operation in a timely manner after a disaster hit the business
4 |
5 | Continuity planning provides methods and procedures for dealing with longer-term outages and disasters.Business continuity management (BCM) is the holistic management process.
6 |
7 | The main objective of BCM is to allow the organization to continue to perform business operations under various conditions.A business continuity plan (BCP) takes a broader approach to the problem. It is a plan how to get business back to its tracks.
8 |
9 | A BCP provides procedures for emergency responses, extended backup operations, and post-disaster recovery.The BCP team should identify the individuals who will interact with external players, such as the reporters, shareholders, customers, and civic officials. Response to the disaster should be done quickly and honestly, and should be consistent with any other organizational response.Disaster recovery plan (DRP) is carried out when everything is still in emergency mode.
10 | It is a plan what to do immediately in case of emergency.
11 |
12 | It should contain information about how to deal with:
13 | - people
14 | - sw & hw
15 | - emergency procedures
16 | - recovery procedures
17 | - facility issues
18 | - suppliesContinuity Planning Guide for Information Technology Systems:
19 |
20 | 1. Develop the continuity planning policy statement. Write a policy that provides the guidance necessary to develop a BCP, and that assigns authority to the necessary roles to carry out these tasks.
21 |
22 | 2. Conduct the business impact analysis (BIA). Identify critical functions and systems and allow the organization to prioritize them based on necessity. Identify vulnerabilities and threats, and calculate risks.
23 |
24 | 3. Identify preventive controls. Once threats are recognized, identify and implement controls and countermeasures to reduce the organization’s risk level in an economical manner.
25 |
26 | 4. Develop recovery strategies. Formulate methods to ensure systems and critical functions can be brought online quickly.
27 |
28 | 5. Develop the contingency plan. Write procedures and guidelines for how the organization can still stay functional in a crippled state.
29 |
30 | 6. Test the plan and conduct training and exercises. Test the plan to identify deficiencies in the BCP, and conduct training to properly prepare individuals on their expected tasks.
31 |
32 | 7. Maintain the plan. Put in place steps to ensure the BCP is a living document that is updated regularly.- integrate law and regulation requirements
33 | - define the scope, goals, roles
34 | - management approves policy- implement controls
35 | - mitigate riskISO/IEC 27031:2011 Guidelines for information and communications technology readiness for business continuity.
36 |
37 | This ISO/IEC standard that is a component of the overall ISO/IEC 27000 seriesThe British Standards Institute’s (BSI) standard for business continuity management (BCM). This BS standard has two parts:
38 |
39 | BS 25999-1:2006 Business Continuity Management Code of Practice General guidance that provides principles, processes, and terminology for BCM.
40 |
41 | BS 25999-2:2007 Specification for Business Continuity Management Specifies objective, auditable requirements for executing, operating, and enhancing a BCM system.ISO 22301 Pending International Standard for business continuity management systems.
42 |
43 | The specification document against which organizations will seek certification.
44 |
45 | This standard will replace BS 25999-2.
46 | The earliest it will be published is mid-2012.Business Continuity Institute’s Good Practice Guidelines (GPG)
47 |
48 | BCM best practices, which are broken down into the following management and technical practices:
49 |
50 | Management Practices:
51 | -- Policy and Program Management
52 | -- Embedding BCM in the Organization’s Culture
53 |
54 | Technical Practices:
55 | -- Understanding the Organization
56 | -- Determining BCM Strategy
57 | -- Developing and Implementing a BCM Response
58 | -- Exercising, Maintaining, and ReviewingDRI International Institute’s Professional Practices for Business Continuity Planners
59 |
60 | Best practices and framework to allow for BCM processes, which are broken down into the following sections:
61 |
62 | - Program Initiation and Management
63 | - Risk Evaluation and Control
64 | - Business Impact Analysis
65 | - Business Continuity Strategies
66 | - Emergency Response and Operations
67 | - Business Continuity Plans
68 | - Awareness and Training Programs
69 | - Business Continuity Plan Exercise, Audit, and Maintenance
70 | - Crisis Communications
71 | - Coordination with External AgenciesLeader of the BCP team and will oversee the development, implementation, and testing of the continuity and disaster recovery plans.Should be made up of representatives from all departmentBCP could be enterprise-wide or it can cover only portions of the organization.
72 |
73 | Another question is if the BCP supposed cover just large potential threats (huricanes, floods,..) or deal with smaller issues as well (connection failure, power loss)Supplies the framework, describes purpose of BCP.
74 | Content of the policy include scope, mission statement, principles, guidelines, standards.
75 |
76 | The BCP team produces and revise the policy, although top-tier management is responsible for it.A SWOT analysis can be carried out to ensure that the defined objectives within the scope can be accomplished.Strengths Characteristics of the project team that give it an advantage over others
77 |
78 | Weaknesses Characteristics that place the team at a disadvantage relative to others
79 |
80 | Opportunities Elements that could contribute to the project’s success
81 |
82 | Threats Elements that could contribute to the project’s failureA project plan should be developed that has the following components:
83 |
84 | - Objective-to-task mapping
85 | - Resource-to-task mapping
86 | - Workflows
87 | - Milestones
88 | - Deliverables
89 | - Budget estimates
90 | - Success factors
91 | - Deadlines
92 |
93 | Once the project plan is completed, it should be presented to management for written approval before any further steps are taken.A BIA (business impact analysis) is considered a functional analysis, in which a team collects data through interviews and documentary sources; documents business functions, activities, and transactions; develops a hierarchy of business functions; and finally applies a classification scheme to indicate each individual function’s criticality level.Maximum tolerable downtime
94 |
95 | After this time period company may not be able to recover - deadlineRecovery Time Objective (RTO) is the earliest time period and a service level within which a business process must be restored after a disaster to avoid unacceptable consequences associated with a break in business continuity. The RTO value is smaller than the MTD value, because the MTD value represents the time after which an inability to recover significant operations will mean severe and perhaps irreparable damage to the organization’s reputation or bottom line.
96 |
97 | The RTO assumes that there is a period of acceptable downtime.
98 |
99 |
100 | An RTO is the amount of time it takes to recover from a disasterThe Work Recovery Time (WRT) is the remainder of the overall MTD value.
101 |
102 | RTO usually deals with getting the infrastructure and systems back up and running, and WRT deals with restoring data, testing processes, and then making everything “live” for production purposes.The Recovery Point Objective (RPO) is the acceptable amount of data loss measured in time.
103 | This value represents the earliest point in time at which data must be recovered.
104 | The higher the value of data, the more funds or other resources that can be put into place to ensure a smaller amount of data is lost in the event of a disaster.
105 |
106 | An RPO is the amount of acceptable data, measured in time, that can be lost from the same event.Recovery proceduresDisruption of a service due to a device malfunction or failureA disaster is an event that causes the entire facility to be unusable for a day or longerMajor disruption that destroys the facilities all togetherMean time between failures
107 | - estimated lifetime of a piece of equipment, calculated by the vendorMean time to repair
108 | - an estimate of how long it will take to fix a piece of equipment- fully configured and ready to operate within few hours
109 |
110 | Most expensive of the three types of offsite facilities.
111 |
112 | This is a subscription service (not owned and maintained by the company)Mobile version- partially configured with some equipment, such as HVAC,and foundational infrastructure components, but not the actual computers.
113 |
114 | Most of the companies use warm site, which have some devices such as disk drives, tape drives, and controllers, but very little else.
115 |
116 | So the same as hot site - computersEg empty data centerSecondary backup site - backup to backup or plan BCompany A agrees to allow company B to use its facilities if company B is hit by a disaster,and vice versa.
117 |
118 | Cheaper then offsite
119 |
120 | A reciprocal agreement is not enforceable !!!More than two organizations agree to help one other in case of an emergency.Or mirrored site, configured exactly as the primary site.
121 | The business-processing capabilities between the two sites can be completely synchronized.
122 |
123 | This is property of the company, not a subscription serviceOrganization may have more interconnected facilities and switch between them in order if secondsTwo or more hdd are used to hold the exact same data.Usually includes moving only the journal or transaction logs to the offsite facility.
124 | These logs contains deltas - this can be used to rebuild the recordMakes copies of files as they are modified and periodically transmit them to an offsite backup site.
125 |
126 | This type of backup takes place in many financial institutions (change to the customer account is made locally and to a remote DB)Tape vaulting
127 | - automatic (electronic)
128 | - manual
129 |
130 | Electronic transmits data over a network to the offsite's facility tape devicePrimary and secondary data volumes are out of sync (seconds, hours, dates)Primary and secondary repositories are always in syncExecutive succession plan
131 |
132 | If someone in a senior executive retires, leaves, dies, the organization has predetermined steps to carry out to protect the company.Backs up all files that have been changed since the last full backup or incremental backupSaves files that have been modified since last full backupFortification of the facility in its construction materials
133 |
134 | Redundant servers and communications links
135 |
136 | Redundant power lines coming in through
137 | different transformers
138 |
139 | Redundant vendor support
140 |
141 | Purchasing of insurance
142 |
143 | Purchasing of uninterruptible power supplies
144 | (UPSs) and generators
145 |
146 | Data backup technologies
147 |
148 | Media protection safeguards
149 |
150 | Increased inventory of critical equipment
151 |
152 | Fire detection and suppression systemsHigh availability
153 | Is a combination of technologies and processes that work together to ensure that something is always up and runningRedundancy is commonly built into the network at a routing protocol level. The routing protocols are configured so if one link goes down or gets congested, then traffic is routed over a different network link. Redundant hardware can also be available so if a primary device goes down, the backup component can be swapped out and activated.If a technology has a failover capability, this means that if there is a failure that cannot be handled through normal means, then processing is “switched over” to a working system.Fault tolerance is the capability of a technology to continue to operate as expected even if something unexpected takes place (a fault).During the BIA, the team most likely uncovered several threats that the organization could not prevent. Taking on the full risk of these threats often is dangerous, which is why insurance exists.
154 |
155 | The company’s insurance should be reviewed annually, because threat levels may change and the company may expand into new ventures that need to be properly covered.A company could choose to purchase a business interruption insurance policy. With this type of policy, if the company is out of business for a certain length of time, the insurance company will pay for specified expenses and lost earnings.Another policy that can be bought insures accounts receivable. If a company cannot collect on its accounts receivable for one reason or another, this type of coverage covers part or all of the losses and costs.The BCP must outline the specific teams, their responsibilities, and notification proceduresThe restoration team should be responsible for getting the alternate site into a working and functioning environmentThe salvage team should be responsible for starting the recovery of the original site.- Determine the cause of the disaster.
156 | - Determine the potential for further damage.
157 | - Identify the affected business functions and areas.
158 | - Identify the level of functionality for the critical resources.
159 | - Identify the resources that must be replaced immediately.
160 | - Estimate how long it will take to bring critical functions back online.
161 | - If it will take longer than the previously estimated MTD values to restore operations, then a disaster should be declared and the BCP should be put into action.When it is time for the company to move back into its original site or a new site, the company enters the reconstitution phase.Once the damage assessment is completed and the plan is activated, various teams must be deployed, which signals the company’s entry into the recovery phase.Continuity of operations is U.S. Government initiative. BCP and COOP have the same basic goals, but BCP is commonly private-sector oriented and COOP is commonly public-sector oriented.Aka desk check test, in this type if test copies of The BCP are distributed to the different departments for review.
162 |
163 | The goal is to check if some things have not been omittedRepresentatives from each department or functional area come together and go over the plan to ensure its accuracy.
164 |
165 | The group walks through different scenarios of the plan from beginning to end to make sure nothing was left out. This also raises the awareness of team members about the recovery procedures.All employees who participate in operational and support functions, or their representatives, come together to practice executing the disaster recovery plan based on a specific scenario.A parallel test is done to ensure that the specific systems can actually perform adequately at the alternate offsite facility.
166 |
167 | Some systems are moved to the alternate site and processing takes place. The results are compared with the regular processing that is done at the original site. This points out any necessary tweaking or reconfiguring.This type of test is the most intrusive to regular operations and business productivity. The original site is actually shut down, and processing takes place at the alternate site.- integrate into change control process
168 | - assign responsibilities
169 | - update plan
170 | - distribute after update
--------------------------------------------------------------------------------
/Domain 8 Legal Regulations Investigations and Compliance.smmx:
--------------------------------------------------------------------------------
1 |
2 | Attempt to create international response to cybercrimeOrganization for Economic Co-Operation and Development
3 |
4 | Guidelines on the protection of privacy and Transborder Flows of Personal Data rules.This is set of principles addresses using and transmitting information considered private in nature.Helps US companies comply with EU privacy principles.
5 |
6 | Rules:
7 |
8 | 1. Notice
9 | Individuals must be informed that their data is being collected and how it will be used
10 |
11 | 2. Choice
12 | Individuals must have choice to opt out of the collection
13 |
14 | 3. Onward transfer
15 | Transfer of data to third parties may only occur to other organizations that follow adequate data protection principles
16 |
17 | 4. Security
18 | Reasonable efforts must be made to prevent loss of collected data
19 |
20 | 5. Data integrity
21 | Data must be relevant and reliable for the purpose it was collected for
22 |
23 | 6. Access
24 | Individuals must be able to access information held about them, and correct or delete it if it is inaccurate
25 |
26 | 7. Enforcement
27 | There must be effective means of enforcing these rulesThe principles and how they are to be followedThe Wassenaar Arrangement (full name: The Wassenaar Arrangement on Export Controls for Conventional Arms and Dual-Use Goods and Technologies) is a multilateral export control regime (MECR) with 41 participating states including many former COMECON (Warsaw Pact) countries.
28 |
29 | It is the successor to the Cold War-era Coordinating Committee for Multilateral Export Controls (COCOM), and was established on 12 July 1996, in Wassenaar, the Netherlands, which is near The Hague. The Wassenaar Arrangement is considerably less strict than COCOM, focusing primarily on the transparency of national export control regimes and not granting veto power to individual members over organizational decisions. A Secretariat for administering the agreement is located in Vienna, Austria. Like COCOM, however, it is not a treaty, and therefore is not legally binding.Some countries like China, Russia, Iran, Iraq have cryptographic import restrictions...Rule based not precedence based.
30 |
31 | Lower courts are not compelled to follow the decisions made by higher courtsDeveloped in England
32 | Based on previous interpretation of laws
33 | Today, common law uses judges and juries of peers.
34 | If the jury trial is waived, the judge decides the facts.
35 |
36 | Criminal => jail
37 |
38 | Civil/tort => financial restitution, community service
39 |
40 | Administrative => deals with regulatory standardsBased on religious beliefs of the region
41 |
42 | Cover all aspects of human life
43 |
44 | Law, in the religious sense, also include codes of ethics and morality, which are upheld and required by God.
45 |
46 | Hindu law
47 | Sharia law - Islamic
48 | Halakha - jewishTwo or more law systems are used together and apply cumulatively or interactively
49 |
50 | Most often consist of civil and common law
51 |
52 | Holland , Canada, South AfricaDeals mainly with personal conduct and patterns of behavior
53 |
54 | Based on traditions and customs of the regionProtects certain type of information or resource from unauthorized use or disclosure.
55 |
56 | Companies use NDA where employees confirm that they understand its content and promise not to share the company's trade secretsProtects the right of an author to control the public distribution, reproduction,display, and adaptation of the original workUS law that criminalizes the production and dissemination of technologies, devices, or services that circumvent access control measures that are put into place to protect copyright material.European version of DMCAProtects a word, symbol, sound, shape, color, or combination of these
57 |
58 |
59 | WIPO - World Intellectual Property Organization is the agency of the UN, oversees registrationPatents are given to individuals or companies to grant them legal ownership of, and enable them to exclude others from using or copying, he invention covered by the patent.
60 |
61 | Patent is up usually 20 years
62 |
63 | It is the strongest form of intellectual property protection.Personally Identifiable Information
64 | is data that can be used to uniquely identify, contact, or locate a single person or can be used with other sources to uniquely identify a single individual.
65 |
66 | - full name
67 | - national ID
68 | - IP address
69 | - vehicle reg number
70 | - drivers license
71 | - face, fingerprint or handwriting
72 | - credit card numbers
73 | - digital identity
74 | - birthday
75 | - birthplace
76 | - genetic informationReasonable expectation of privacy
77 |
78 | If it is not specifically explained to an employee that monitoring is possible and or probable, when the monitoring takes place he could claim that his privacy rights have been violatedSarbanes-Oxley act
79 |
80 | Horizontal regulation
81 |
82 | Was created in the wake of corporate scandals and fraud.
83 |
84 | Requirements how companies must track , manage, and report on financial information.
85 |
86 | Processes and controls must be in place to protect the data stored on computers.
87 |
88 | Failure to comply can lead to financial penalties and jail for executives.Healy insurance Portability and Accountability Act
89 |
90 | Vertical regulation
91 |
92 | Procedures for storage, use, and transmission of personal medical informationGramm-Leach-Bliley Act
93 |
94 | Vertical regulation
95 |
96 | Requires financial institutions to develop privacy notices and give their customers the option to prohibit financial institutions from sharing their information with nonaffiliated 3th parties.System for establishing the minimum amount of capital that financial institution are required to keep on hand.Applies to records and documents developed by specific branches of the federal government.
97 |
98 | It says that agency cannot disclose information without written permission from the individual.
99 |
100 | So agencies can gather only relevant informations about individuals and share this information only with approval.Federal Information Security Management Act
101 |
102 | Law that requires every federal agency to create, document, and implement an agency-wide security program to provide protection for the information
103 |
104 | It requires to conduct annual reviews of the security program and report the result to Office of Management and Budget OMBAmended by USA Patriot act and by Identity Theft Enforcement and Restitution Act
105 |
106 | It is the primary US antihacking statute.Provides structure for dealing with these types of cases and further defines trade secret to be technical, business, engineering, scientific, financial.
107 |
108 | This act enables FBI to investigate industrial and corporate espionage cases.Reduced restriction on law enforcement agencies
109 |
110 | Expanded the definition of terrorism to include domestic terrorism
111 |
112 | Expanded possibility to regulate financial transactionsPersonal Information Protection and Electronic Document Act
113 |
114 | Canadian law that deals with protection of personal informationCredit card companies joined forces and devised the Payment Card Industry Data Security Standard
115 |
116 | Minnesota mandate PCI DSS as a law => jail
117 | In other areas it may lead to financial penalties only
118 |
119 | This applies to any entity that process, transmits, stores, or accepts credit card data.
120 |
121 | 12 main requirement in 6 major categories
122 |
123 | - Build and maintain a Secure Network
124 | - Protect Card holder data
125 | - Maintain a Vulnerability Management Program
126 | - Implement Strong Access Control Measures
127 | - Test and monitor networks
128 | - Maintain an Information Security PolicyMeans that the company properly investigated all of its possible weaknesses and vulnerabilities
129 |
130 | So it is the act of gathering informationMeans that a company did all it could have reasonably done, under the circumstances, to prevent security breaches, and also took reasonable steps to ensure that if a security breach did take place, proper controls or countermeasures were in place to mitigate the damages.a Statement on auditing standards no.70 service organizations
131 |
132 | Is an audit that is carried out by a third party to assess the internal controls of a service organizationCompany B can sue company A for being negligent ( virus from A to B)Duty to protect an assetThe result of the negligence..Governance risk and compliance
133 | - allow for integration and alignment of the activities that take place in each of these silos of a security programKey performance indicators
134 | If the same KPI are used in governance, risk and compliance auditing activities, then the resulting report can effectively illustrate the overlap and integration of these different concepts.Relevant - it must have a reasonable and sensible relationship to the findings
135 |
136 | Complete - it must present the whole truth of an issue
137 |
138 | Sufficient - it must be persuasive enough to convince a reasonable person of the validity of the evidence
139 |
140 | Reliable - it must be consistent with facts. It is factual and not circumstantial
141 |
142 | International Organization on Computer Evidence IOCE
143 | Developed international principles how digital evidence is to be collected and handledIs the primary evidence, provides most reliability
144 | e.g. Originally signed contractSecondary evidence is not viewed as reliable and strong in proving innocence or guilt (or liability in civil cases) when compared to best evidence.
145 | Oral evidence, such as a witness’s testimony, and copies of original documents are placed in the secondary evidence category.Direct evidence can prove a fact all by itself and does not need backup information to refer to. When direct evidence is used, presumptions are not required. One example of direct evidence is the testimony of a witness who saw a crime take place.
146 |
147 | Although this oral evidence would be secondary in nature, meaning a case could not rest on just it alone, it is also direct evidence, meaning the lawyer does not necessarily need to provide other evidence to back it up.
148 |
149 | Direct evidence often is based on information gathered from a witness’s five senses.Conclusive evidence is irrefutable and cannot be contradicted. Conclusive evidence is very strong all by itself and does not require corroboration.Circumstantial evidence can prove an intermediate fact that can then be used to deduce or assume the existence of another fact.
150 |
151 | This type of fact is used so the judge or jury will logically assume the existence of a primary fact. For example, if a suspect told a friend he was going to bring down eBay’s web site, a case could not rest on that piece of evidence alone because it is circumstantial. However, this evidence can cause the jury to assume that because the suspect said he was going to do it, and hours later it happened, maybe he was the one who did the crime.Corroborative evidence is supporting evidence used to help prove an idea or point. It cannot stand on its own but is used as a supplementary tool to help prove a primary piece of evidence.Opinion Evidence
152 | When a witness testifies, the opinion rule dictates that she must testify to only the facts of the issue and not her opinion of the facts.
153 | This is slightly different from when an expert witness is used, because an expert is used primarily for his educated opinion.
154 | Most lawyers call in expert witnesses to testify and help the defending or prosecuting sides better understand the subject matter so they can help the judge and jury better understand the matters of the case.Hearsay evidence pertains to oral or written evidence presented in court that is secondhand and has no firsthand proof of accuracy or reliability. If a witness testifies about something he heard someone else say, it is too far removed from fact and has too many variables that can cloud the truth.
155 | If business documents were made during regular business routines, they may be admissible. However, if these records were made just to be presented in court, they could be categorized as hearsay evidence.The primary reason for the chain of custody of evidence is to ensure that it will be admissible in court by showing it was properly controlled and handled before being presented in court
156 |
157 | Evidence must be obtained legally and the chain of custody was not brokenIdentification
158 | Collection
159 | Storage
160 | Preservation
161 | Transportation
162 | Presentation
163 | Return to ownerMotive
164 | Opportunity
165 | Means
166 |
167 | This is important when looking for suspectIs act of luring an intruder and is legalInduces a crime, tricks a person, and is illegalis the coordinating committee for Internet design, engineering, and management. It is responsible for the architectural oversight of the Internet Engineering Task Force (IETF) activities, Internet Standards Process oversight and appeal, and editor of Request for Comments (RFCs).Purposely seeking to gain unauthorized access to Internet resources
168 |
169 | Disrupting the intended use of the Internet
170 |
171 | Wasting resources (people, capacity, and computers) through purposeful actions
172 |
173 | Destroying the integrity of computer-based information
174 |
175 | Compromising the privacy of others
176 |
177 | Conducting Internet-wide experiments in a negligent mannerThe main issues addressed in computer crime law are:
178 | - unauthorized modification, disclosure, destruction, or access and inserting malicious codeComputer was used as a tool to help carry out a crime.Computer was the victim of an attack crafted to harm it (and it's owners)Eg was used to store some stolen data...
--------------------------------------------------------------------------------
/Domain 9 SW Development Security.smmx:
--------------------------------------------------------------------------------
1 |
2 | Key terms:
3 | SDLC - a methodical approach to standardize requirements discovery, design, development, testing, and implementation in every phase of a system.
4 |
5 | Certification - the technical testing of a system
6 |
7 | Accreditation - the formal authorization given by management to allow a system to operate in a specific environmentThe decisions made during the design phase are pivot steps to the development phase.Testing:
8 |
9 | Unit - individual component is in a controlled environment where programmers validate data structures,logic,and boundary conditions
10 |
11 | Integration - verifying that components work together
12 |
13 | Acceptance - ensuring that code meets customers requirements
14 |
15 | Regression - after a change to a system takes place, retesting to ensure functionality, performance, and protectionVerification determines if the product meets the specification.
16 |
17 | Validation determines if the product provides the necessary solution for the problemDocument which describes the product and customer requirementsTool used to define and group project's individual work elements in an organized manner. The SDLC should be illustrated in a WBS format.Little or no planning involved. Problems are dealt with as they occur (after release)Linear-sequential life-cycle approach. Each phase must be completed in its entirety before the next phase can begin.
18 | At the end of each phase, a review takes place to make sure the project is on the correct path.This model emphasizes the verification and validation of the product at each phase.
19 | Each phase must be completed before the next phase begins. But because the V-shaped model requires testing throughout the development phase and not just waiting until the end of the project, it has higher chance of success compared to the waterfall model.In each increment
20 | Analysis - design - code - test -> delivery
21 |
22 | This would be similar to multi- waterfall cycles taking place one one piece of software as it matures through the DEV cycle.
23 |
24 | Each incremental phase results in a deliverable that is an operational product. Working peace of sw is available in early stage of development.
25 |
26 | This model is best to used when issues pertaining to risk, program complexity, funding, and functionality requirements need to be understood early in the product development cycle. If the customer needs to get some basic functionality quickly as it works on the development of the product, this can be a good model.Uses an iterative approach and places emphasis on risk analysis.
27 |
28 | 4 Phases:
29 |
30 | - Planing
31 | - Risk analysis
32 | - Development
33 | - Test and evaluation
34 |
35 | This model allows new requirements to be addressed as they are uncovered.
36 | The evaluation phase allows the customer to evaluate the product in its current state and provide feedback.
37 | It is good for complex projects that have fluid requirements.
38 |
39 | The angular aspect represents progress, radius represents cost.Combines the use of prototyping and iterative approach.
40 |
41 | Steps:
42 |
43 | - analysis and quick design
44 | <in loop>
45 | - demonstrate
46 | - refine
47 | - build
48 | </in loop>
49 | - testing
50 | - implementing
51 |
52 | This model allows the customer to be involved during the development phase so that the end result maps to their needs in a more realistic manner.An umbrella term for several development methodologies.
53 |
54 | Promotes cross-functional teamwork and continuous feedback mechanism.
55 |
56 | This model focuses on individual interaction instead of processes and tools. It emphasizes developing the right software product over comprehensive and laborious documentation.
57 |
58 | The Agile model does not use prototypes to represent the full product, but breaks the product down into individual features.Used when a clearly defined project objectives have not been presented.
59 |
60 | Relies on covering a set of specifications that are likely to affect the final product's functionality.
61 | Testing is an important part of exploratory development, as it ascertains that the current phase of the project is compliant with likely implementation scenarios.Uses a team approach in application development in a workshop-oriented environmentReduces the time needed for development using pre- existing prototypesAttempts to prevent errors or mistakes by following structured and formal methods of developing and testing.
62 |
63 | This approach is used for high-quality and critical applications that will be put through a strict certification processA process improvement approach that provides organizations with essential elements of effective processes, which will improve their performance.
64 |
65 | 5 Maturity levels of the CMMI:
66 | - initial : dev process is ad hoc
67 | - repeatable : change control, QA are in place
68 | - Defined : formal procedures are in place
69 | - Managed : processes for metrics
70 | - Optimizing : integrated plans for continuous process improvementThe process of controlling the change that take place during the life cycle of a system and documenting the necessary change control activitiesIdentifies the attributes of software at various points in time, and performs a methodical control of changes for the purpose of maintaining software integrity and traceability throughout the software development life cycle.Storing of the source code of software with a third-party escrow agent.
71 | The sw source code is released to the licensee if the licensor files for bankruptcy or fails to maintain and update the product as promised in the software license agreement.A measurement that indicates how many different types of tasks a module needs to carry out.
72 |
73 | High cohesion means that a module can carry out only one task ( or several very similar tasks)A measurement that indicates how much interaction one module requires for carrying out its tasks.
74 |
75 | Low (loose) coupling means that module does not need to communicate with many other modules to carry out its job.The first framework and development toolkit for developing client/server applications to allow for distributed computingOpen object-oriented standard architecture developed by the Object Management Group (OMG). The standards enable software components written in different computer languages and running on different systems to communicate.
76 |
77 | IT contains two main parts:
78 | - system-oriented components (ORB and object services)
79 | - application-oriented components (application objects and common facilities)Manages all communications between components and enables them to interact in heterogeneous and distributed environment. The ORB act as a broker between a client request for a service from distributed object and the completion of that request.
80 |
81 | ORB is the middleware that allows the client/server communication to take place between objects residing on different systems.A model developed by Microsoft that allows for interprocess communication between applications potentially written in different programming languages on the same computer system.Supports distributed interprocess communication (IPC). It allows to access objects that reside in different parts of the networkProvides a way for objects to be shared on a local computer and to use COM as their foundation. It is technology developed by Microsoft that allows embedding and linking to documents and other objects.An XML based protocol that encodes messages in a web service environmentWeb Service Description Language
82 | Provides a machine readable description of the specific operations provided by the service.
83 |
84 | WSDL document describes the requirements for interacting with requested service.Universal Description, Discovery and Integration
85 |
86 | Is an XML-based registry that list available services. It provides a method for services to be registered by service providers and located by service consumers.
87 | UDDI provides mechanism to allow businesses around the world to publish their services and others to discover and use these services.The combination of functionality, data, and presentation capabilities of two or more sources to provide some type of new service or functionalityA software delivery model that allows applications and data to be centrally hosted and accessed by thin clients, commonly web browsers. A common delivery method of cloud computing.A method of providing computing as a service rather than as a physical product. It is Internet-based computing, whereby shared resources and software are provided to computers and other devices on demand.Code that can be transmitted across a network, to be executed by a system or device on the other end.When applet is executed , the JVM will create a virtual machine, which provides an environment called a sandboxSet of OOP technologies and tools based on COM and DCOM. It is a framework for defining reusable software components.Microsoft implementation of code signing used by ActiveX ( instead of sandboxing)- nonpersistent XSS, or reflected, occur when an attacker tricks user into processing a URL, programmed with a rogue script to steal the victim's sensitive information.(cookie,session ID,...)
88 | The principle lies in exploiting the lack of proper input or output validation on dynamic web sites.
89 |
90 | - persistent XSS, or stored or second order vulnerabilities, are generally targeted at web sites that allow users to input data which are stored in a DB ( eg malicious JavaScript entered on a forum page)
91 |
92 | - DOM based XSS, or local cross-site scripting.attacker uses DOM to modify the original JSAchilles
93 | Burp
94 | FiddlerRelational
95 | Hierarchical
96 | Network - built upon the hierarchical
97 | Object-oriented - more dynamic than relational
98 | Object-relational - front end provides the proceduresODBC - API allows communication with DB
99 |
100 | OLE DB - replacement of ODBC, COM based, accessed via ADO
101 |
102 |
103 | ADO - high level, set of COM objects, SQL not required
104 |
105 | JDBC - Java API , can bridge through ODBC or connect directlyDDL - data definition language
106 | Defines the structure and schema of the DB
107 |
108 | DML - data manulation language
109 | Commands that allow user to view,and use the DB ( view,add, sort,delete)
110 |
111 | QL- query language
112 | Enables users to make request to the DBThe act of combining information from separate sources. The combined information has a sensitivity that is greater that the individual parts
113 |
114 | Inference is the ability to derive information not explicitly availableThe more sensitive the data, the smaller the subset of individuals who can gain access.Application keeps track of user requests.
115 | The software must be preprogrammed as to what sequence and how much data user is allowed to view.Database can employ discretionary access control (DAC) and mandatory access control (MAC)Multiple tuples with the same primary key- used based on a security level of the requesting objectInserting bogus informationTechnique used to hide specific cellsEnsures that transactions happen properly or they don't happen at all.Rule based programing is a common way of developing expert system (if then rules)The brain of the system
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | This is free and unencumbered software released into the public domain.
2 |
3 | Anyone is free to copy, modify, publish, use, compile, sell, or
4 | distribute this software, either in source code form or as a compiled
5 | binary, for any purpose, commercial or non-commercial, and by any
6 | means.
7 |
8 | In jurisdictions that recognize copyright laws, the author or authors
9 | of this software dedicate any and all copyright interest in the
10 | software to the public domain. We make this dedication for the benefit
11 | of the public at large and to the detriment of our heirs and
12 | successors. We intend this dedication to be an overt act of
13 | relinquishment in perpetuity of all present and future rights to this
14 | software under copyright law.
15 |
16 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
17 | EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
18 | MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
19 | IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR
20 | OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
21 | ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
22 | OTHER DEALINGS IN THE SOFTWARE.
23 |
24 | For more information, please refer to
25 |
26 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | CISSP
2 | =====
3 |
4 | MindMaps for the CISSP certification
5 |
--------------------------------------------------------------------------------