Professional Documents
Culture Documents
Landoll Doug Everything About Cissp
Landoll Doug Everything About Cissp
www.lantego.com
(512)
633-8405
dlandoll@lantego.com
@NTXISSA
Session Agenda
@NTXISSA
@NTXISSA
PreparaAon
Process
Learn
in
groups
and
relaOonships
Look
for
relaOonship
between
terms
and
principles,
across
domains,
and
in
pracOce.
@NTXISSA
@NTXISSA
Legal,
Risk
Management
Asset Security
Cryptography
Physical
Security
Security Engineering
Security Architecture
TelecommunicaOons
Access Control
BCP
OperaOons
@NTXISSA
Maybe
+
4%
NTX
ISSA
Cyber
Security
Conference
April
24-25,
2015
@NTXISSA
Access
Control
Mostly
Vocabulary
Passwords:
StaOc,
Dynamic,
CogniOve,
vs.
Passphrases,
Hashes,
Thresholds
Biometrics:
EecOve:
RIP;
Accepted:
VSHK
Strong
Auth
IdM:
Ident,
Authent,
Auth
(x.500,
LDAP,
XML,
SPML,
SAML,
SOAP)
Policies:
DAC,
MAC,
RBAC
SS:
Kerberos,
KryptoKnight,
SESAME
NTX
ISSA
Cyber
Security
Conference
April
24-25,
2015
@NTXISSA
Architecture
Computer
Architecture
CPU
OperaOng
System
System
Architecture
System
boundaries
Security
policy
models
Modes
of
operaOon
Enterprise
Architecture
Architecture
Threats
NTX
ISSA
Cyber
Security
Conference
April
24-25,
2015
@NTXISSA
Architecture:
Models
Model
ATributes
Policy
Comments
C: DAC
Rows:CLs
Columns:
ACLs
BLP
C: DAC, MAC
Biba
I: Auth changes
Clark Wilson
Non
Interference
Inputs
(cmds),
Outputs
(views)
I:
Auth
changes
C:
MAC
Useful
in
CCA
Not
lakce
InformaOon
Flow
Objects, info ow
I:
Auth
changes
C:
MAC
Useful
in
CCA
Not
lakce
Flips BLP
@NTXISSA
10
Cryptography
SYMMETRIC
DES,
TDES,
AES,
IDEA
Blowsh,
RCx,
CAST,
SAFER,
Serpent
KEYED HASH
HYBRID
MAC, HMAC
HASH
MD5,
RIPEMD,
SHA-x
ASYMMETRIC
D-H,
RSA,
El
Gamal,
ECC,
LUC,
Knapsack
DIGITAL
SIGNATURE
DSS,
RSA-DS,
DSA
NTX
ISSA
Cyber
Security
Conference
April
24-25,
2015
@NTXISSA
11
TelecommunicaAons
@NTXISSA
12
Legal
Type
IP Protected
Term
Issues
Patent
InvenOon
20
years
Patent
&
Trade
Oce
1st
to
le
vs
invent
<
1
year
of
1st
Public
Use
Copyright
Works of authorship
Trademark
Right
to
disOnguish
goods
and
services
10
years
(+)
PTO
OpOon
le
DisOncOveness
(TM)
(R)
DiluOon
Trade Secret
Proprietary
InformaOon
None
Requirements
Commercially
viable
Not
in
public
domain
Reasonable
protecOon
@NTXISSA
13
OperaAons
(Learning)
Discovery
EnumeraOon
Vulnerability
Mapping
ExploitaOon
LEVER
OR
DEnVER
Newsgroups
Domain
name
registries
Ping
sweep,
trash
INT
Port
Scanning
OS
ngerprinOng
Vulnerability
Scanning
Casing
Exploit
vulnerabiliOes
Social
Engineer
Escalate
privileges
Report
to
Management
NTX
ISSA
Cyber
Security
Conference
April
24-25,
2015
@NTXISSA
14
@NTXISSA
15
Scenario
QuesAons
DescripOon:
SituaOonal:
1-2
paragraphs
describing
an
environment,
results
of
an
audit,
etc.
3-5
quesOons
on
the
scenario
TacOcs:
Read
the
quesOon
rst
Consider
operaOonal
issues
(tradeos)
@NTXISSA
16
@NTXISSA
17
Hot
Spot
The
diagram
below
is
a
design
of
a
Public
Key
Infrastructure
to
secure
internet
transacOons.
Within
the
design
is
a
CerOcate
Authority,
a
RegistraOon
Authority,
and
a
ValidaOon
Authority.
Click
on
the
locaOon
of
the
registraOon
authority.
@NTXISSA
18
Study
Strategies
Register
NOW
Allows
for
study
planning
Commits
you
to
the
process
of
successfully
studying
@NTXISSA
19
@NTXISSA
20
Word-based
Sentence-based
Other
Mnemonics
Phrases
Reading
is
simple
Link(in)
Tunnel
Diagrams
@NTXISSA
21
The
Day
of
What
to
Bring
RegistraOon
paper
work
Snack
&
Drink
Jacket
or
sweater
@NTXISSA
@NTXISSA
Scenario QuesOons
@NTXISSA
@NTXISSA
Review SelecOon
@NTXISSA
Thank
you
NTX
ISSA
Cyber
Security
Conference
April
24-25,
2015
@NTXISSA
30