Professional Documents
Culture Documents
Isc2 Acceleratedcissp 2018 3 1 13 Security Architecture and Engineering
Isc2 Acceleratedcissp 2018 3 1 13 Security Architecture and Engineering
Topic 1: Implement and manage engineering processes using secure design principles
Systems engineering models and processes usually organize themselves around the
concept of a life cycle.
1. Agreement
2. Organization Project-Enabling
3. Technical Management
4. Technical
The V-model - all system development lifecycles share the fundamental elements
in the V-model. The left side of the V represents concept development and the
decomposition of requirements into functions and physical entities that can be
architected, designed, and developed. The right side of the V represents
integration of these entities and their ultimate transition into the field, where
they are operated and maintained.
https://www.commoncriteriaportal.org/index.cfm
decommissioning activities
engineering activities
d. Bounds - limits set on the memory addresses and resources a process can
access in a system
e. Isolation - the ability to use bounds and confinement to control the impact
process sensitive data for many types of users while maintaining a stable,
secure environment
================================================================================
AND
================================================================================
Security Token - an object, separate from the asset, that is used to describe
the security attributes of the asset
Trusted Recovery - ensures that all security controls remain in place in the
event of a crash
Maintenance Hook (backdoor) - entry point into a system known only to the
developer of the system.
a. Data Diddling - attacker makes small, random changes to data to hide their
activity
b. Salami attack - small transactions deducting tiny financial amounts from
lots of accounts
Trusted Computing Base (TCB) - the totality of the hardware, software and
firmware that contains all elements of the system responsible for supporting the
security policy and the isolation of objects. When activated it provides a
Trusted Path for communication and a Trusted Shell for activity.
Security Kernel - made up of all of the components of the TCB and is responsible
for implementing and enforcing the reference monitor. A security kernel is
responsible for enforcing a security policy. The kernel should be at the lowest
and most primitive level or layer in the architecture. It is a small portion of
the operating system through which all references to information and all changes
to authorizations must pass.
unauthorized access
specifications
1. fetching
2. decoding
3. executing
4. storing
Processor Privilege States - protect the processor and the activities that it
performs. Many operating systems use two processor access modes:
1. User (or process, problem, or program) mode - processor limits the access
privilege level on the system, and this allows the process running in
supervisor state to access any system resource (data and hardware) and execute
both privileged and non-privileged instructions
Layering - One of the ways that privileged parts of the system are protected is
through the use of discrete layers that control interactions between more
privileged and less privileged processes on the system. One of the most common
ways this is done uses ring protection. It is frequently represented as a series
of concentric rings where the innermost ring is assigned the lowest number and
the outermost ring is assigned the highest number. The most privileged
ring (Ring 0) is associated with core system functions, such as the most sensitive
parts of the O/S kernel, while the lowest privileged ring (Ring 3) is associated
to end-user applications.
memory location includes a value that identifies a segment and an offset within
that segment.
2. Paging - divides the memory address space into equal-sized blocks called
pages. A page table maps virtual memory to physical memory. Unallocated pages
and pages allocated to any other application do not have any addresses from
the application point of view.
size, each of which has an associated numerical value called a protection key.
Each process also has a protection key value associated with it. When memory
is accessed, the hardware checks that the current process’s protection key
matches the value associated with the memory block being accessed; if not, then
an exception occurs.
methods / approaches:
that need to use resources according to a controlled and tightly managed schedule
4. Virtual address memory mapping - allows each process to have access to its
own memory space as it executes. Enforced through the operating system’s use of
the memory manager. The memory manager provides for the following:
c. Protect the operating system and applications once they are loaded into
memory
1. Relocation: Move, or swap, content between RAM and the hard drive as needed
2. Protection: Provide access control for memory segments and limit processes
3. Sharing: Allow for multiple users with different access levels to interact
with an application or process while running and enforce integrity and
confidentiality controls between processes while using shared memory segments
Memory Manager Registers - allow the operating system to make sure that a
process is only able to interact with the defined memory segments assigned to it
by the memory manager. Two types of registers used by the CPU to identify memory
addresses:
process
process
1. All system-wide data structures and memory pools used by kernel mode
system components can be accessed only while in kernel mode. (user mode
requests cannot access these pages) Any attempt to do so will generate a fault,
and then the memory manager will create an access violation
2. Each process has a separate, private address space protected from being
accessed by any request belonging to another process (for the most part). Each
time a request references an address, the virtual memory hardware, in conjunction
with the memory manager, intervenes and translates the virtual address into a
physical one. This control mechanism is referred to as Address Space Layout
Randomization (ASLR).
Secondary Storage - holds data not currently being used by the CPU and is used
when data must be stored for an extended period of time using high-capacity,
nonvolatile storage.
Virtual Memory - storing part of the data on secondary storage, such as a disk,
which is a virtual page. If the data requested by the system is not currently in
main memory, a page fault is taken. If the virtual address is a valid one, the
OS will locate the physical page, put the right information in that page, update
the translation table, and then try the request again. Some other page might be
swapped out to make room. Each process may have its own separate virtual address
space along with its own mappings and protections.
State Machine Model - based on the computer science definition of a Finite State
Machine (FSM), which describes the behavior of a system as it moves between one
state and another. Purpose is to define which actions will be permitted at any
point in time to ensure that a secure state (a point in time when things are
secure) is preserved. The role of time in a state machine model is very important.
According to its rule set, which is determined by a security policy, a model
system’s secure state can only change at distinct points in time, such as when
an event occurs or a clock triggers it. Thus, upon its initial startup, the
system checks to determine if it is in a secure state. Once the system is
determined to be in a secure state, the state machine model will ensure that
every time the system is accessed, it will be accessed only in accordance with
the security policy rules. This process will guarantee that the system will
transition only from one secure state to another secure state.
Take-Grant Model - uses a set of rules to enforce how rights can be passed from
one subject to another or from a subject to an object.
Multilevel Lattice Models - describes strict layers of subjects and objects and
defines clear rules that allow or disallow interactions between them based on
the layers they are in. Subjects are assigned security clearances that define
what layer they are assigned to and objects are classified into similar layers.
Related security labels are attached to all subjects and objects. According to
this type of model, the clearance of the subject is compared with the
classification of the data to determine access. They will also look at what the
subject is trying to do to determine whether access should be allowed.
Specific Models:
2. Biba - INTEGRITY !!! (only). Like Bell LaPadula, requires that all
subjects & objects have a classification label. Designed to address three
integrity issues:
Properties:
ditching the formal state machine in favor of defining each data item and
allowing modification ONLY through a small set of programs. Uses a three part
relationship (subject | program | object) called a triple or an access control
triple. NO DIRECT ACCESS BY SUBJECTS TO OBJECTS !!! (access only allowed
through authorized programs). Principles:
a. well-formed transactions
b. separation of duties
a. constrained data item (CDI) - any data item protected by the model
b. unconstrained data item (UDI) - any data item not protected by the model
integrity. Based on state machine and information flow. Only allows for the
use of a set of predetermined secure states to maintain integrity and prevent
interference. Is often used to prevent covert channels from influencing outcomes.
================================================================================
This includes what types of controls need to be included, what assets must be
protected, what common threats must be addressed, and what vulnerabilities
have been found.
C&A process is governed by two sets of standards in the U.S. Government and
military:
1. NIST Risk Management Framework (RMF) | RMF is the most current, it replaced
Phase 1 - Definition
Phase 2 - Verification
Phase 3 - Validation
D Minimal Protection
C1 Discretionary Protection
B1 Labeled Security
B2 Structured Protection
B3 Security Domains
A1 Verified Protection
Rainbow Series is where Orange Book comes from. Approx. 30 titles with different
color designations make up the series. Red Book
(Trusted Network Interpretation | TNI), discussed how to implement the Orange
Book concept into a trusted network.
vendor has the ability to define a set of requirements from a menu of possible
requirements into a Security Target (ST) and vendors develop products (the
Target of Evaluation or ToE) and have them evaluated against that target.
Provides two sets of levels: functional levels and assurance levels. Unlike
TCSEC, it also addressed a wider range of security needs, including integrity
and availability requirements. Where ITSEC was significantly different from
TCSEC is in the assignment of assurance levels (or E levels). Assurance can be
defined as the level of confidence that the evaluator has that the product not
only meets the functional requirements, but that it will continue to meet those
requirements. ITSEC defined six different levels of assurance, each more
difficult to achieve than the last.
The functionality of a system is rated from F-D through F-B3. (There is no F-A1)
================================================================================
1. Client-based systems
2. Server-based systems
3. Database systems
IN ORDER TO KNOW THE SYSTEM, YOU MUST KNOW THE SYSTEM COMPONENTS !!!
Processor (CPU) - the Central Processing Unit that governs all operations
Execution Types:
independently
system.
single process
Processing Types:
Protection Mechanisms - the ways in which computers implement & handle security
at runtime
may run
1. Ready
2. Waiting
3. Running (problem)
4. Supervisory
5. Stopped
Security Modes - used by the U.S. Government to designate four approved modes for
systems that process classified information. The following three elements must
exist BEFORE a security mode can be deployed:
b. total physical control over which subjects can access the computer console
c. total physical control over which subjects can enter into the same room as
1. Dedicated
2. System High
3. Compartmented
4. Multilevel (controlled)
1. User (or process, problem, or program) mode - processor limits the access
privilege level on the system, and this allows the process running in
supervisor state to access any system resource (data and hardware) and execute
both privileged and non-privileged instructions
Memory - Storage for information that the system needs to be able to access
1. Read-Only Memory (ROM) - no writing allowed
Memory Addressing - how the CPU refers to locations in memory. Five common
addressing schemes:
part of an instruction
e. Base + Offset Addressing - uses a value stored in one of the CPU registers
as the base value, then adds the offset value provided to it and retrieves the
information from the computed location
Basic Input/Output System (BIOS) & Unified Extensible Firmware Interface (UEFI):
UEFI - more advanced interface between hardware & software that replaces the BIOS
3. ActiveX Controls
c. Concurrency (TOC/TOU) - When actions or processes run at the same time, they
e. Deadlocking - Occurs when two users try to access the information at the
Grid Computing - the sharing of CPU and other resources across a network in
such a manner that all machines function as one large computer. Grid computers
are often used for processor intensive tasks that are suitable to be processed
by parallel tasks.
2. Broad Network Access - Capabilities are available over the network and
consumers from organizations that have shared concerns (e.g., mission, security
requirements, policy, and compliance considerations). It may be owned, managed,
and operated by one or more of the organizations in the community, a third
party, or some combination of them, and it may exist on or off premises.
3. Public Cloud - provisioned for open use by the general public. It may be
(private, community, or public) that remain unique entities but are bound
together by standardized or proprietary technology that enables data and
application portability (e.g., cloud bursting for load balancing between clouds).
The key component that makes virtualization possible is the use of a Hypervisor
(Virtual Machine Monitor). Types:
Biggest issues are the IP enabling of these systems to allow for non-closed loop
remote monitoring and control along with a lack of security capabilities built-in
to the protocol stacks (no encryption or tunneling support)
================================================================================
Web based systems face a wide variety of vulnerabilities. The OWASP top 10 list
is VERY, VERY IMPORTANT !!
https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
A1 - Injection: Injection flaws, such as SQL, NoSQL, OS, and LDAP injection, occur
when untrusted data is sent to an interpreter as part of a command or query. The
attacker’s hostile data can trick the interpreter into executing unintended
commands or accessing data without proper authorization.
a. Input Validation
b. Limit Account Privileges
A4 - XML External Entities (XXE): Many older or poorly configured XML processors
evaluate external entity references within XML documents. External entities can
be used to disclose internal files using the file URI handler, internal file
shares, internal port scanning, remote code execution, and denial of service
attacks.
untrusted sources, or inserts untrusted data into XML documents, which is then
parsed by an XML processor.
• Any of the XML processors in the application or SOAP based web services has
document type definitions (DTDs) enabled. As the exact mechanism for disabling
DTD processing varies by processor, it is good practice to consult a reference
such as the OWASP Cheat Sheet 'XXE Prevention’.
security or single sign on (SSO) purposes. SAML uses XML for identity
assertions, and may be vulnerable.
• If the application uses SOAP prior to version 1.2, it is likely susceptible
to XXE attacks if XML entities are being passed to the SOAP framework.
NOTE: Being vulnerable to XXE attacks likely means that the application is
vulnerable to denial of service attacks including the Billion Laughs attack.
2. Stored XSS - The application or API stores unsanitized user input that is
viewed at a later time by another user or an administrator. Stored XSS is often
considered a high or critical risk.
Typical XSS attacks include session stealing, account takeover, MFA bypass, DOM
node replacement or defacement (such as trojan login panels), attacks against
the user's browser such as malicious software downloads, key logging, and other
client-side attacks.
1. Directory Traversal (../) - moving from one directory to others without the
send a forged HTTP request, including the victim’s session cookie and any other
automatically included authentication information, to a vulnerable web
application. This allows the attacker to force the victim’s browser to generate
requests the vulnerable application thinks are legitimate requests from the
victim.
================================================================================
Device security is often a difficult issue for mobile devices, but not because
options are unavailable. Instead the need to secure personal devices that are
used to access corporate assets is the problem that has to be addressed.
Potential Approaches:
The applications that run on the device are also a potential source of
vulnerabilities. The same kind of concerns we would address on a laptop or a
desktop are what must be addressed in mobile devices:
Potential Approaches:
1. Key Management
2. Credential Management
3. Authentication
4. Geotagging
5. Encryption
6. Application Whitelisting
1. Data Ownership
2. Patch Management
3. A/V
4. Device Forensics / Incident Response
5. Privacy
6. Cameras & Microphones
Alternatives to BYOD:
1. Company Owned Personally Enabled (COPE)
3. Corporate Owned
================================================================================
Security Approaches:
1. Network Segmentation
2. Security Layering
3. Application Firewalls
4. Patch Management
5. Firmware Versioning
6. Wrapping / Encapsulation of updates or configuration information to allow
================================================================================
1. Confidentiality
2. Integrity
3. Authentication
4. Nonrepudiation
MAKE SURE THAT YOU DOWNLOAD THE CRYPTO DEFINITIONS WORD DOCUMENT !!!
Some additional things that are important, but are not in the document:
Kerckhoffs's principle - stated by Netherlands born cryptographer Auguste
Kerckhoffs in the 19th century: "A cryptosystem should be secure even if
everything about the system, except the key, is public knowledge."
1. Boolean Mathematics - defines the rules used for the bytes & bits that make
up information
2. Logical Operators:
a. AND - represented by the ^ symbol checks to see whether two values are
both true - (x^y)
Modulo Function - the remainder left over AFTER a division operation has been
performed
Example: 8 MOD 6 = 2
One-Time Pad (Vernam Ciphers) - Only TRULY UNBREAKABLE Cryptosystem, but only if
implemented correctly
Caesar Cipher - one of the earliest documented cipher systems, used substitution
Null Cipher - used in cases where the use of encryption is not necessary but yet
the fact that no encryption is needed must be configured in order for the system
to work. In such cryptographic systems, various encryption options are configurable,
including the option to not use encryption. A Null Cipher is used when
testing/debugging, low security is needed, or when using authentication-only
based communications.
NOTE: also a reference to an ancient form of ciphering where the plaintext is
mixed together with non-cipher material. Today this is regarded as a type of
steganography.
Playfair Cipher - sender and receiver agree on a key word, for example, Pizza. A
table is then constructed using that word and then the rest of the
alphabet — skipping over the letters already appearing in the key, and using
I and J as the same letter. If the sender wanted to encrypt the message
“Do not eat my slice,” it would be encrypted by first grouping the plaintext in
two letter blocks and spacing the repeated letters in the plaintext with a
filler letter, e.g., H.
http://rumkin.com/tools/cipher/playfair.php
Running Key Cipher - the key is repeated (or runs) for the same length as the
plaintext input
Symmetric Key Algorithms - are SINGLE KEY !!! - We call that key the
PRIVATE KEY | SECRET KEY | SHARED KEY (all or any will do, but make sure that you
know we only use one key, shared by all participants in the system)
Weaknesses:
Strength:
Asymmetric Key Algorithms - are DUAL KEY !!! - We call the keys a
PUBLIC / PRIVATE key pair.
Each user has a distinct key pair issued to them upon entry / registration into
the system. The PUBLIC key is meant to be shared with anyone who may need it to
facilitate communication. The PRIVATE key is kept secret and NOT SHARED.
But, Wait for it .... Wait for it ... Here it comes .. THE UGLY TRUTH:
We use OPPOSITE & RELATED keys in tandem to encrypt & decrypt TA DA!!
So, if your public key is used to encrypt a message, then ONLY your private key
can be used to decrypt that message.
That is THE ABSOLUTE HARDEST CONCEPT that you have to master about cryptography.
If you can wrap your head around that, and understand whose key is used to do
what, you can solve ANY problem or question that you will see.
Strengths:
1. adding users requires ONLY the generation of the key pair for them
3. ONLY time you typically regenerate a key is if the PRIVATE KEY of a user has
been compromised, or is suspect for some reason
Weakness:
4 4(4-1)/2 = 6
64-bit block cipher that has five modes of operation. This means that DES takes
64 bits of data and sets them into a block to encipher them into a 64-bit block
of ciphertext. DES uses 16 Exclusive ORs (XORs) in a series to generate the
ciphertext. We calls these ROUNDS, which is why people say that DES performs 16
rounds of encryption.
NOTE: DES uses a 56-bit key, because 8 bits are supposed to be reserved for
parity operations. This means:
DES Modes:
MAKE SURE THAT YOU DOWNLOAD THE CRYPTO DEFINITIONS WORD DOCUMENT !!!
International Data Encryption Algorithm (IDEA) - Block Cipher like DES. Uses
64-bit blocks to encrypt, like DES. Starts with a 128 bit key, NOT LIKE DES !!
Blowfish - Block Cipher. Uses 64-bit blocks to encrypt, like DES. Variable key
from 32 bits to 448 bits.
Skipjack - Block Cipher. Uses 64-bit blocks to encrypt, like DES. 80 bit key. Has
an additional capability to use key escrow for the encryption keys. The basis for
the U.S. Gov'ts attempts at the Clipper Chip.
Advanced Encryption Standard (AES) - Variable key strengths (128 | 192 | 256 bits)
with a 128-bit block. Number of rounds:
NOTE: The original name for AES is the Rijndael Algorithm. Rijndael consists of
four major operations:
entire block
the table
4. Add round key - XOR each byte with the key for that round; the key is
NOTE: The Rijndael S-box is a square matrix (square array of numbers) used in
the Rijndael cipher. The S-box (substitution box) serves as a lookup table.
CAST - CAST-128 can use keys between 40 and 128 bits in length and will do
between 12 and 16 rounds of operation, depending on key length. CAST-128 is a
Feistal-type block cipher with 64-bit blocks.
CAST-256 operates on 128-bit blocks and with keys of 128, 192, 160, 224, and
256 bits. It performs 48 rounds and is described in RFC 2612.
Secure and Fast Encryption Routine (SAFER) - either 64-bit input blocks
(SAFER-SK64) or 128bit blocks (SAFER-SK128). A variation of SAFER is used as a
block cipher in Bluetooth.
Rivest Cipher (RC) 5 - Variable block size (32, 64 or 128 bits) with variable
key length of 0 bits to 2048 bits.
The most widely used stream cipher, being deployed, for example, in WEP and
SSL/TLS. RC4 uses a variable length key ranging from 8 to 2,048 bits (1 to 256 bytes).
If RC4 is used with a key length of at least 128 bits, there are currently no
practical ways to attack it; the published successful attacks against the use of
RC4 in WEP applications are related to problems with the implementation of the
algorithm, not the algorithm itself.
NOTE: RC2 is no longer considered to be safe for use, but when active was
64-bit block with a 128 bit key.
Blowfish 64 32 - 448
DES 64 56
2-DES 64 112
3-DES 64 168
IDEA 64 128
RC2 64 128
Skipjack 64 80
a. never store the key in the same system as the encrypted data
3. Key Escrow & Recovery - Key escrow is a data security measure in which a
a. Fair Cryptosystem - split knowledge approach with key shards being held
by different trusted third parties
Each user has a distinct key pair issued to them upon entry / registration into
the system. The PUBLIC key is meant to be shared with anyone who may need it to
facilitate communication. The PRIVATE key is kept secret and NOT SHARED.
We use OPPOSITE & RELATED keys in tandem to encrypt & decrypt (already said that,
but so important, I am saying it again!!)
Ron Rivest
Adi Shamir
Leonard Adleman
Merkle-Hellman Knapsack - developed at approx. same time as RSA, and also based
on difficulty of factoring, but took a different approach. Broken in 1984.
a. hashes
b. hash values
c. hash total
d. CRC
e. fingerprint
f. checksum
g. digital ID
RSA says that a hash function has five basic requirements it must meet:
4. hash function is "one-way"; almost impossible to figure out the input based
on the output
a. SHA-160 = 160 bits (using a 512 bit block size for processing message data)
b. SHA-224 = 224 bits (using a 512 bit block size for processing message data)
c. SHA-256 = 256 bits (using a 512 bit block size for processing message data)
d. SHA-384 = 384 bits (using a 1024 bit block size for processing message data)
e. SHA-512 = 512 bits (using a 1024 bit block size for processing message data)
NOTE: SHA1 is considered to be weak, and has been replaced by the SHA2 series
(SHA-224 | SHA-256 | SHA-384 | SHA-512). SHA2 is considered secure, but
potentially has same weaknesses as SHA1, so SHA3 has been produced, called the
Keccak algorithm.
3. Hash of Variable Length (HAVAL) - 128 | 160 | 192 | 224 & 256 bits
Digital Signatures - provide assurance that a message does indeed come from the
person who claims to have sent it, it has not been altered, both parties have a
copy of the same document, and the person sending the document cannot claim that
he/she did not send it.
A digital signature is a block of data (usually a hash) that is generated based
on the contents of the message sent and encrypted with the sender’s private key.
It must contain some unique value that links it with the sender of the message
that can be verified easily by the receiver and by a third party, and it must be
difficult to forge the digital signature or create a new message with the same
signature.
using SHA-160
2. Cherokee then encrypts ONLY the message digest using her private key - this
7. Adam then uses the same hashing function to create a message digest of the
message
8. Adam then compares the decrypted message digest to the new one he has just
created; if the two match, then the message was sent by Cherokee; if they do
not match, then it was not sent by Cherokee
Digital Signature Standard (DSS) - document that NIST puts out to specify the
digital signature algorithms & the encryption algorithms approved for use by the
U.S. Federal Government:
NOTE: PKI functions, or not, based on the TRUST of all of the participants in
the system; remove the trust and the system crashes
X.509 v3 is current format most widely used. Part of the X.500 family of standards
Authority (CA)
d. Issuer Name
e. Validity Period
f. Subject's Name (the Distinguished Name, DN, of the owner of the public key
in the certificate)
Certificate Authorities (CA) - Perform the activities that make the PKI function,
include issuance of certificates and oversight of the certificate lifecycle. The
CA “signs” an entities digital certificate to certify that the certificate
content accurately represents the certificate owner.
identity. Will need to provide the CA with a copy of your PUBLIC KEY once
identity is validated to allow CA to issue the digital certificate on your
behalf. Certificate issued is signed by the CA using it's PRIVATE KEY, certifying
that they "TRUST" you and includes a copy of your PUBLIC KEY.
by using the issuing CA's PUBLIC KEY. You must also check to ensure that the
certificate has not been revoked by consulting the CA's Certificate Revocation
List (CRL), or the Online Certificate Status Protocol (OCSP).
know that the certificate is no longer valid. The revocation request grace
period is the maximum response time within which a CA will perform a revocation.
Defined by the Certificate Practice Statement (CPS).
The key is the true strength of the cryptosystem. The size of the key and the
secrecy of the key are perhaps the two most important elements in a crypto
implementation.
XML Key Management Specification 2.0 (XKMS) - defines protocols for distributing
and registering public keys, suitable for use in conjunction with XML Digital
Signatures and XML Encryption.
Key Wrapping and Key Encrypting Keys (KEK) - KEKs are used as part of key
distribution or key exchange. The process of using a KEK to protect session keys
is called key wrapping. Key wrapping uses symmetric ciphers to securely encrypt
(thus encapsulating) a plaintext key along with any associated integrity
information and data.
Key wrapping can be used when protecting session keys in untrusted storage or
when sending over an untrusted transport medium. Key wrapping or encapsulation
using a KEK can be accomplished using either symmetric or asymmetric ciphers.
1. If the cipher is a symmetric KEK, both the sender and the receiver will
encapsulate a session key, both the sender and the receiver will need the
other’s public key.
Protocols such as SSL, PGP, and S/MIME use the services of KEKs to provide
session key confidentiality, integrity, and sometimes to authenticate the
binding of the session key originator and the session key itself to make sure
the session key came from the real sender and not an attacker.
Pretty Good Privacy (PGP) - Phil Zimmerman created this secure e-mail solution
E-mail security:
integrity & non-repudiation. Uses Message Digest 2 (MD2) and Message Digest 5
(MD5), RSA public key & Data Encryption Standard (DES) for authentication &
encryption.
encrypted connection with every other mail server that supports it.
Digital Rights Management (DRM) - using software to encrypt data and then apply
stringent protections to only allow authorized users to interact with the data in
specifically defined ways. Types:
a. Music
b. E-Book
c. Video Games
d. Document
e. Movies - two technologies:
encrypted tunnel between two end points, encrypting ALL OF THE DATA, including
the header, trailer, address and routing information.
IP Security Protocol (IPSec) - Most commonly used VPN protocol !!! IP traffic
only. Public key cryptography for encryption, access control, non-repudiation &
authentication. Two primary components:
Tunnel Mode - Entire IP packet is encrypted & new header is added to manage
Wired Equivalent Privacy (WEP) - uses a predefined and shared symmetric key that
is STATIC. Uses RC4 stream cipher. Bad implementation is at the heart of the
issues with WEP, not the use of RC4 itself.
a. static symmetric key
b. small IV's
Wi-Fi Protected Access (WPA) - meant to be a bridge between WEP and newer
802.11i standard that would replace it. Based on Lightweight Extensible
Authentication Protocol (LEAP) and Temporal Key Integrity Protocol (TKIP). Also
uses a single static passphrase. TKIP sought to improve on WEP by implementing a
key mixing function combining the IV with the secret root-key BEFORE using the
key with RC4 to encrypt along with a sequence counter to prevent replay attacks
and a strong integrity check named Michael.
NOTE: WPA only encrypts traffic between the mobile device & the wireless access
point. Once traffic moves to the wired network, it is no longer encrypted by WPA.
Wi-Fi Protected Access 2 (WPA2 or 802.11i) - uses Counter Mode Cipher Block
Chaining Message Authentication Protocol (CCMP), based on AES 128 bit key. Can be
attacked potentially using a Key Reinstallation Attack (KRACK), which is capable
of corrupting the initial 4 way handshake between the client and the Wireless
Access Point (WAP), forcing the reuse of keys and/or a key comprised of all zeros.
4. Brute Force Attack - attempting EVERY POSSIBLE combination until the right
one is found
Ways to enhance effectiveness of attack:
a. Salt the passwords - add random values to end of password and then hash.
The salt is stored along with the password hash in the password file
maintained in the O/S. By using the salt value when the password hash is
submitted for verification, we can determine if the password is accurate or
not without exposing it.
b. pepper - a large constant number stored separately from the hashed password
5. Frequency Analysis & the Ciphertext Only Attack - what we do when we only
6. Known Plaintext - attacker has a copy of the plaintext & ciphertext versions
9. Meet in the Middle - used against algorithms that use 2 rounds of encryption.
(reason that 2-DES was defeated) Attacker uses a known plaintext message and
encrypts it using every possible key, and then the ciphertext is decrypted
using every possible key. When a match is found, the corresponding key pair
represents both the encrypt and decrypt capabilities
10. Man in the Middle - attacker sits between the two communicating parties,
11. Birthday Attack (collision attack | reverse hash matching) - find flaws in
12. Replay Attacks - used against cryptosystems that do not use temporal
protections.
================================================================================
Apply security principles to site and facility design (topic 10)
AND
================================================================================
The single most important goal in planning a site is the protection of life,
property, and operations
1. Threat Definition
2. Target Identification
3. Facility Characteristics
a. Deter
b. Deny
c. Detect
d. Delay
Equipment Failure can cause a Single Point of Failure if not anticipated and
monitored for. Things to consider:
Cable Plant - the collection of interconnected cables and devices that establish
the network. Made up of:
a. Entrance Facility (demarcation point) - cables from the provider enter the
building here
Consists of:
1. Cables
2. Cross-connecting blocks
3. Patch panels
4. Jumpers
5. Connecting hardware
6. Pathways (supporting structures such as cable trays, conduits, and hangers
that support the cables from the telecommunication room to the work areas)
Cable Plant Management - the design, documentation, and management of the lowest
layer of the OSI network model – the physical layer
Server Rooms | Data Centers - protected areas that should be optimized for
operations, not humans
Smartcards & Proximity Readers - often used to control access to a secure area
such as a datacenter
a. Masquerading
b. Piggybacking
NOTE: remember the importance of Audit Trails & Access Logs as physical access
controls
a. Faraday Cage
b. White Noise
c. Control Zone
Media Storage / Evidence Storage - need to plan for these areas as well
Types of Glass:
2. Wired glass provides resistance to impact from blunt objects. The wire mesh
doorways, and other access areas. It is made from two sheets of ordinary glass
bonded to a middle layer of resilient plastic. When it is struck, it may crack
but the pieces of glass tend to stick to the plastic inner material.
areas.
Glass Break Sensors - a good intrusion detection device for buildings with a lot
of glass windows and doors with glass panes. The basic types of glass break
sensors include:
a. Acoustic sensors - listen for an acoustic sound wave that matches the
NOTE: use of dual-technology glass break sensors — both acoustic and shock
wave — is most effective
Garages -
1. use CCTV cameras to monitor events and place emergency call boxes throughout
the garage
3. lighting levels of at least 10- to 12-ft. candles over parked cars and
they should point downward to illuminate wide areas along the ground
light
6. place lighting fixtures to bounce light off the walls and reduce dark
Power Supplies - Redundant (or dual) power supplies are common in systems where
failures cannot be tolerated.
Alternatively, failures that occur outside of an individual system can be dealt
with using appropriate uninterruptible power supply (UPS) systems and alternative
sources of power from the main grid (such as diesel-based generators common to
many data center facilities).
Power Concerns:
k. Ground - wire in the electrical circuit that is the reference point from
which voltages are measured, a common return path for electric current, or a
direct physical connection to the earth
a. Common Mode - difference in power between the hot & ground wires
b. Traverse Mode - difference in power between the hot & neutral wires
NOTE: The neutral wire is the wire in which electricity returns from the hot
wire. It is also connected to the ground wire.
Temperature & Humidity & Static - all bad if not managed and controlled
Temperature Range -
60 - 75 degrees Fahrenheit
15 - 23 degrees Celsius
Humidity Range -
40 - 60 %
reached; these are the systems that most of us are familiar with
1. Wet Pipe Systems (closed head) - have a constant supply of water in them at
2. Dry Pipe Systems - do not have water in them, they are filled with
compressed air. Discharge occurs only after all air has escaped.
concerns of water damage due to false activations. Water is held back until
detectors in the area are activated.
heads are in the open position and larger pipes are used to provide greater
water flow.
Gas Systems - operate to starve the fire of oxygen. Halon used to be used in
most systems, as it is a very effective suppression agent. However, it is
problematic for several reasons, and has been banned by International Treaty
(Montreal Protocol). A variety of alternates are now used, including:
a. FM-200
b. CEA-410 or CEA-308
c. Argon
d. Aero-K