Chapter 8: Principles of Security Models, Designs & Capabilities (WIP)
Know details about each of the access control models
Know the access control models and their functions
The state machine model ensures that all instances of subjects accessing objects are secure. A state transition occurs when accepting input or producing output, and always results in a new state.
A secure state machine model system always boots into a secure state, maintains a secure state across all transitions, and allows subjects to access resources only in a manner compliant with security policy.
The secure state machine model is used for the basis for many other security models.
The information flow model is designed to prevent unauthorised, insecure or restricted information flow.
Bell-LaPadula and Biba are both information flow models (concerned with prevenint information flow from a high security level to a low security level, and a low to high security level respectively)
The non-interference model prevents the actions of one subject from affecting the system state or actions of another subject.
The Take-Grant model dictates how rights can be passed from one subject to another, or from a subject to an object.
A subject with the grant right can grant another subject or another object any other right they possess.
A subject with the take iright can take a right from another subject.
An access control matrix is a table of subjects & objects that indicates the actions or functions that each subject can perform on each object.
Each column of the matrix is an access control list (ACL).
Each row of the matrix is is a capabilities list.
An ACL is tied to an object, and lists valid actions each subject can perform.
A capability list is tied to the subject, and lists valid actions that can be taken on each object.
Bell-LaPadula subjects have a clearance level that allows them to access only those objects with the corresponding clearance levels; this enforces confidentiality.
Simple Security Property: A subject may not read information at a higher sensitivity level (no read up)
*-Security Property: A subject may not write information to an object at a lower sensitivity level (no write down) – also known as the Confinement Property
Discretionary Securtiy Property: States that the system uses an access matrix to enforce discretionary access control
Common in government & military applications, where confidentiality is often the most important security tenet
Biba prevents subjects with lower security levels from writing to objects at higher security levels; this protects integrity.
Effectively the inverse of Bell-LaPadula
Simple Integrity Axiom: A subject cannot read an object at a lower integrity level (no read down)
*-Integrity Axiom: A subject cannot modify an object at a higher integrity level (no write up)
More common in commercial settings, where organisations are often more concerned about integriy than confidentiality.
Clark-Wilson is an integrity model that relies on auditing to ensure that unauthorised subjects cannot access objects, and that authorised users access objects properly.
A constrained data item (CDI) is any data item whose integrity is protected by the security model.
An unconstrained data item (UDI) is any data item that is not controlled by the security model (this includes any output, as well as any unvalidated input data)
An integrity verification procedure(IVP) scans data items and confirms their integrity
Transformation procedures (TPs) are the only procedures that are allowed to modify a CDI.
Effectively enforces separation of duties.
Brewer and Nash (aka Chinese Wall) permits access controls to change dynamically based on a usr’s previous activity (making it a kind of state machine model).
Goguen-Meseguer and Sutherland also focus on integrity.
Goguen-Meseguer is based on the predeterming the set or domain (a list of objects that a subject can access), using automation theory & domain separation.
Sutherland is based on the idea of defining a set of system states, initial states and state transitions. A common use is to prevent a covert channel from being used to influence the outcome of a process or activity,
Graham-Denning focuses on the secure creation & deletion of both subjects and objects.
Composition theories
Some other models that fall into the information flow category work on the relation between inputs and outputs between multiple systems, rather than within an individual system.
These are called composition theories because they explain how outputs from one system relate to inputs to another system.
There are three recognised composition theories:
Cascading: Input from one system comes from the output of another system.
Feedback: One system provides input to another system, which reciprocates by reversing those roles.
Hookup: One system sends input to another system, but also sends input to external entities.
Know the definitions of certification & accreditation
Certification is the technical evaluation of each part of a computer system to assess its adherence to security standards.
Only valid for a system in a specific environment and configuration
Accreditation is the process of formal acceptance of a certified configuration from a designated authority (such as management).
Certification & accreditation systems
The current DoD standard for certification & accreditation is RMF (Risk Management); replaced DIACAP & DITSCAP.
The standard for all other US executive branch depts is CNSSP (Committee on National Security Systems Policy); replaced NIACAP.
Both processes are divided into four phases:
Phase 1: Definition
Phase 2: Verification
Phase 3: Validation(certification & accreditation take place here)
Phase 4: Post-Accreditation
Be able to describe open & closed systems
Open systems are designed using industry standards and are usually easy to integrate with other open systems
Because standard communication components are incorporated into open systems, there are far more predictable entry points & methods for launching attacks.
Closed systems are generally proprietary hardware and/or software. Their specifications are not normally published, and they are usually harder to integrate with other systems.
In many cases, attacking a closed system is harder than launching an attack on an open system.
Different from the concept of open source and closed source; a closed-source program can be either an open system or a closed system, and an open-source program can be either a closed system or an open system.
Know what confinement, bounds & isolation are
Confinement restricts a process to reading from and writing to certain memory locations (also known as sandboxing).
Can be implemented through the OS, a confinement application/service such as Sandboxie, or a virtualisation/hypervisor solution.
Bounds are the limits of memory a process cannot exceed when reading or writing.
Isolation is the mode a process runs in when it is confined through the use of memory bounds.
Be able to define object and subject in terms of access
The subject is the user or process that makes a request to access a resource.
The object is the resource a user or process wants to access.
Transitive trust is the concept that if A trusts B and B trusts C, then A trusts C (it inherits trust of C through the transitive property).
Know how security controls work and what they do
Security controls use access rules to limit the access by a subject to an object.
The primary goal of controls is to ensure the confidentiality & integrity of data by disallowing unauthorised access by authorised or unauthorised subjects.
Be able to list the classes of TCSEC, ITSEC and the Common Criteria
The classes of TCSEC (Orange Book) include verified protection (A or A1), mandatory protection (B), discretionary protection (C) and minimal protection (D).
C is split into C1 (discretionary security protection) and C2 (controlled access protection), where C2 is more secure than C1.
B is split into B1 (labelled security), B2 (structured protection) and B3 (security domain, where B3 is the most secure in the class.
ITSEC rates the functionality of the system from F-D through F-B3, mirroring TCSEC classes (though there is no F-A1), and the assurance of a system from E0-E6.
The Common Criteria specifies 7 Evaluation Assurance Levels
EAL1: Functionally tested
EAL2: Structurally tested
EAL3: Methodically tested & checked
EAL4: Methodically designed, tested & reviewed
EAL5: Semi-formally designed & tested
EAL6: Semi-formally verified, designed & tested
EAL7: Formally verified, designed & tested
These map to TCSEC and ITSEC as per the table below:
TCSEC
ITSEC
Common Criteria
Description
D
F-D + E0
EAL0, EAL1
Minimal/no protection
C1
F-C1 + E1
EAL2
Discretionary security mechanims
C2
F-C2 + E2
EAL3
Controlled access protection
B1
F-B1 + E3
EAL4
Labelled security protection
B2
F-B2 + E4
EAL5
Structured security protection
B3
F-B3 + E5
EAL6
Security domains
A1
F-B3 + E6
EAL7
Verified security design
Table comparing security evaluation standards
Common Criteria terms
Target of evaluation (TOE) is the system being evaluated (term also used in ITSEC).
A protection profile (PP) specifies the security requirements and protections that apply to a particular class of product (e.g. a firewall)
A security target (ST) specifies the claims of security from the vendor.
The PP is compared to various STs from the selected vendors TOEs.
Trust & assurance
Security must be integrated before and during the design & architectural period in order to produce a reliably secure product; baked in, not sprayed on!
A trusted system is one in which all protection mechanisms work together to process sensitive data for many types of users while maintaining a stable & secure computing environment.
Assurance is simply the degree of confidence in satisfaction of security needs. It must be continually maintained, updated & reverified if the system experiences a known change or a significant amount of time has passed.
Trust can be built into a system by implementing specific security features; acssurance is an assessment of the reliablity & usability of those security features in a real-world situation.
Tokens, capabilities & labels
A security token is a separate object associated with a resource, describing its security attributes. It can communicate security information about an object prior to requsting access to the actually object.
A capabilities list maintains a row of security attributes for each controlled object. Although not as flexible as the token approach, capabilities lists generally offer quicker lookups when a subject requests access to an object.
A third common type of attribute storage is a security label, which is generally a permanent part of the object to which it is attached. Once a security label is set, it usually cannot be altered. This provides another safeguard against tampering that neither tokens nor capabilities lists provide.
Define a trusted computing base (TCB)
A TCB is the combination of hardware, software and controls that form a trusted base that enforces the security policy.
The TCB is a subset of a complete information system, and it should be as small as possible to allow detailed analysis to reasonable ensure that the system meets design specifications & requirements.
The TCB is the only portion of the system that can be trusted to adher to and enforce the security policy; it is not necessary that all every component in a system be trusted.
Be able to explain what a security perimeter is
A security perimeter is the imaginary boundary that separates the TCB from the rest of the system.
TCB components communicate with non-TCB components using trusted paths.
Know what a reference model & the security kernel are
The reference monitor is the logical part of the TCB that confirms whether a subject has the right to use a resource prior to granting access.
The security kernel is the collection of TCB components that implement the functionality of the reference monitor.
Understand the security capabilities of information systems
Common security capabilities include memory protection, virtualisation and TPM (Trusted Platform Module).
Constrained or restricted interfaces limit the actions that users can take within a system.
Understand the key types used in asymmetric cryptography
Public keys are freely shared, private keys are kept secret.
Encrypt with recipient’s public key, decrypt with your own private key.
Sign a message with your own private key. Validate a signature using the sender’s public key.
Know the fundamental requirements of a hash function
Allow input of any length.
Provide fixed-length output.
Make it relatively easy to compute the hash function for any input.
Be a one-way function.
Be collision free.
Be familiar with major hashing algorithms
Government standard message digest functions:
SHA-1: 160-bit hash.
SHA-2: Variable up to 512-bits (SHA-224, SHA-256, SHA-384, SHA-512)
SHA-3 (based on Keccak algorithm) improves upon security of SHA-2 and support same hash lengths (SHA3-256 etc)
Others:
MD2/MD4/MD5 – considered insecure
HMAC: implements a partial digital signature to guarantee integrity but not non-repudiation, using a shared secret – halfway point between unencrypted message digests and computationally-expensive digital signatures based on public-key cryptography. Can be combined with any standard message digest algorithm such as SHA-3.
HAVAL (Hash Of Variable Length): modification of MD5 which uses 1,024-bit blocks and produces hash lengths of 128, 160, 192, 224 & 256 bits.
Name
Hash value length
Hash of Variable Length (HAVAL)
128, 160, 192, 224 & 256 bits
Hash Message Authentication Code (HMAC)
Variable
Message Digest 2 (MD2)
128
Message Digest 4 (MD4)
128
Message Digest 5 (MD5)
128
Secure Hash Algorithm (SHA-1)
160
SHA2-224/SHA3-224
224
SHA2-256/SHA3-256
256
SHA2-384/SHA3-384
384
SHA2-512/SHA3-512
512
Hash algorithm memorisation chart
Know how cryptographic salts improve the security of password hashing
Reduces effectiveness of rainbow table attacks.
Common password hashing algorithms that use key stretching to further increase the difficulty of attack include PBKDF2, bcrypt & scrypt.
Understand how digital signatures are generated & verified
To digitally sign a message, use a hashing function to generate a message digest, then encrypt the digest with your private key.
To verify a digital signature on a message, decrypt the signature with the sender’s public key and then compare the message digest to one you generate yourself. If they match, the message is authentic.
Know the components of the Digital Signature Standard (DSS)
DSS uses the SHA-3 message digest functions along with one of three encryption algorithms:
Digital Signature Algorithm (DSA)
RSA (Rivest, Shamir & Adleman)
Elliptic Curve DSA (ECDSA)
Understand the public key infrastructure (PKI)
Certification authorities (CAs) generate digital certs containing the public keys of system users.
Users then distribute these certs to people with whom they want to communicate.
Certificate recipients verify a cert using the CA’s public key.
Registration authorities (RAs) assist CAs with the verification of users’ identities prior to issuing certs, but do not issue certificates themselves.
CRLs and OCSP are two techniques to verify the authenticity of certificates and identify revoked certs.
Know the common applications of cryptography to secure email
The emerging standard for encrypted messages is S/MIME.
Relies on the use of X.509 certs.
Supports AES and 3DES for symmetric encryption, and RSA for asymmetric.
Another popular email security tool is PGP.
Based on the “web of trust” concept.
Commercial version uses RSA for key exchange, IDEA for encryption/decryption and MD5 for message digest production.
Free version (based on OpenPGP) uses Diffie-Hellman key exchange, CAST (Carlisle Adams/Stafford Tavares) 128-bit encryption and SHA-1 hashing.
Most users of email encryption rely on having this technology built into their email client or webmail service.
Know the common applications of cryptography to secure web activity
Standard for secure web traffic is HTTP over TLS or SSL.
Many web browsers support both, but many websites are dropping SSL due to security concerns
POODLE attack on SSL 3.0 fallback capability in TLS
Know the common applications of cryptography to secure networking
IPsec provides a common framework for encrypting network traffic and is built into a number of common OSes.
In transport mode, packet contents are encrypted for peer-to-peer communication: end-to-end encryption
In tunnel mode, the entire packet (including header information) is encrypted for gateway-to-gateway communications: link encryption
TLS provides end-to-end encryption between a user and a Web server; SSH is another end-to-end encryption protocol (SSH1 supports DES, 3DES, IDEA and Blowfish; the more secure SSH2 drops DES & IDEA but adds support for some other algorithms).
End-to-end encryption usually takes place at the higher layers of the OSI model, and link encryption at the lower layers.
WPA wireless encryption uses TKIP, and WPA2 uses AES. Remember that WPA/WPA2 do not provide end-to-end security; they encrypt traffic only between the device and the access point. Once the traffic hits the wired network, it’s in the clear again.
Be able to describe IPsec
IPsec is a security architecture framework that supports secure communication over IP through the use of public key cryptography.
It establishes a secure channel in either transport or tunnel mode.
Can be used to establish direct communication between computers, or to set up VPN between networks (in which case it’s commonly paired with L2TP which doesn’t provide any encryption of its own).
Uses two protocols:
Authentication Header (AH) provides integrity & non-repudiation. Also provides authentication & access control, and prevents replay attacks.
Encapsulating Security Payload (ESP) provides confidentiality & integrity of packet contents through encryption. It provides limited authentication, and also prevents replay attacks.
Though ESP is sometimes used alone, it’s rare to see AH used without ESP.
Uses simplex SAs (Security Associations) – you need one at each end of the link, or two at each end (total of four) for bi-directional communications.
ISAKMP (Internet Security Association & Key Management Protocol) handles the creation & management of SAs. It also authenticates communicating peers, provides key generation mechanisms, and protects against threats such as replay and DoS attacks.
Be able to explain common cryptographic attacks
Analytic attacks focus on the logic on the algorithm itself in an attempt to reduce its complexity using algebra.
Implementation attacks exploit weaknesses in the implementation (software code) of a cryptosystem
Statistical attacks exploit statistical weaknesses in a cryptosystem, such as floating-point errors and inability to produce truly random numbers. These attempt to find a vulnerability in the hardware or OS hosting the cryptography application.
Brute-force attacks are attempts to randomly or methodically find the correct cryptographic key. Every additional bit of key length doubles the time to perform a brute-force attack, because the number of potential keys doubles.
Frequency analysis is a ciphertext-only attack: simply counting the number of times each letter appears in the ciphertext vs the most common letters in the English language.
If these letters are also the most common in the ciphertext, it’s most likely a transposition cipher was used.
If different letters are the most common, it’s most likely a substitution cipher.
Known plaintext, chosen ciphertext and chosen plaintext attacks require the attacker to have some extra information in addition to the ciphertext.
In the known plaintext attack, the attacker has a copy of the plaintext as well as the ciphertext, which greatly assists in breaking weaker codes (consider the Caesar cipher example)
In the chosen ciphertext attack, the attacker has the ability to decrypt chosen portions of the ciphertext and use the decrypted portion to discover the key.
In the chosen plaintext attack, the attacker has the ability to encrypt plaintext messages of their choosing and can then analyse the resulting ciphertext.
The meet-in-the-middle attack exploits protocols that use two rounds of encryption (and is why 2DES was soon replaced with 3DES!)
The man-in-the-middle attack fools both parties into communicating with the attacker instead of directly with each other.
The birthday attack is an attempt to find collisions in hash functions.
The replay attack is an attempt to reuse authentication requests.
Understand uses of digital rights management (DRM)
DRM solutions allow content owners to enforce restrictions on the use of their content by others.
They commonly protect entertainment content such as music, movies & e-books, but are occasionally found in the enterprise, protecting sensitive documents.
Notes on asymmetric algorithms
RSA (Rivest, Shamir, Adleman) is based on factoring large prime numbers; patented in 1977 and released into the public domain in 2000
Merkle-Hellman Knapsack is based on set theory but was broken in 1984
El Gamal extends the mathematic principles of Diffie-Hellman to support an entire public key cryptosystem
Was immediately released into the public domain, giving it a major advantage over the then-patented RSA.
Major disadvantage is that it doubles the length of any message it encrypts.
Elliptic curve cryptography (ECC) can provide equivalent encryption to 1,024-bit RSA/DSA keys using a 160-bit key; smaller key means easier to work with so ideal for low power/mobile devices
Digital signature algorithms to know by name: Schnorr’s signature algorithm and Nyberg-Rueppel’s signature algorithm.
Key lengths
Moore’s law suggests that computing power doubles approximately every two years; therefore if it takes current computers a year to break your code, it will take only three months if the attempt is made in four years’ time with the latest computers.
The length of your key should therefore be based on how long you expect your data to remain sensitive.
Asymmetric key management
Keys should be retired when they’ve served a useful life; many organisations have mandatory key rotation requirements to guard against undetected key compromise
Good idea to change your key pair every few months, if practical.
Back up your private key and make sure the backup is handled in a secure manner!
Understand the role that confidentiality, integrity & non-repudiation play in cryptosystems
Symmetric & asymmetric crypto can provide confidentiality & integrity.
Only asymmetric crypto can provide non-repudiation; symmetric cannot.
Know how cryptosystems can be used to achieve authentication goals
One possible scheme is the challenge-response protocol: the remote user is asked to encrypt a message using a key known only to the communicating parties.
Authentication can be achieved with both symmetric & asymmetric crypto.
Be familiar with the basic terminology of cryptography
Cryptovariable: another name for a key.
Initialisation vector (IV) or nonce: Random number that acts as a placeholder in mathematical function and is used to create unique ciphertext every time the same message is encrypted using the same key.
Cryptography: the art of creating & implementing secret codes & ciphers.
Cryptoanalysis: the study of methods to defeat codes & ciphers.
Together, cryptography & cryptoanalysis are referred to as cryptology.
Understand the difference between a code and a cipher, and explain the basic types of cipher
Codes are cryptographic systems of symbols than operate on words or phrases, and are sometimes secret but do not always provide confidentiality.
Ciphers are always meant to hide the true meaning of a message.
Substitution ciphers use the encryption algorithm to replace each character/bit with a different one
Caesar shift cipher (ROT3) shifts letters three places to the right to encrypt – a monoalphabetic cipher that is vulnerable to frequency analysis
Encryption: C = (P + 3) mod 26
Decryption: P = (C – 3) mod 26
The “mod 26” accounts for the wrap-around the end of the alphabet (Z becomes B etc)
Vigenère cipher is a polyalphabetic substitution cipher that is protected from frequency analysis but vulnerable to a second-order form called period analysis (examination of frequency based on repeated use of the key)
Using a fixed encryption/decryption chart (header row of A-Z, followed by A-Z again and 25 more instances with the alphabet shifted left each time, e.g. BCD…YZA, CDE..ZAB down to YZA…VWX, ZAB…WXY)
Write out the plain text, then write the encryption key underneath, repeating the key as many times as needed to establish a line of text the same length as the plaintext
Locate the column headed by the first plaintext character, and the row headed by the first character of the key – write down the letter that appears where these intersect. Repeat for each character.
One time pads (Vernam ciphers)
Extremely powerful type of substitution cipher.
Uses a different substitution alphabet for each letter of the plaintext message
One time pads are written as a very long series of number to be plugged into the function C = (P + K) mod 26.
Unbreakable if used correctly (see section below)
Caesar, Vigenère & one-time pads are very similar; in fact, the only difference is key length. Caesar ciphers use a key of length 1, Vigenère uses a longer key (usually a word or sentence) and the one-time pad uses a key that is as long as the message itself.
Running key cipher (also known as a book cipher) uses a chapter or passage from a book as a key
Convert each letter of the plaintext and key to a numeric value (A = 0, B = 1, Z = 25 etc), add them together and perform a modulo 26 operation.
Transposition ciphers…
Stream ciphers operate on one character/bit of a message/datastream at a time
Can also function as a type of block cipher, by using a buffer than fills up with real-time data that is then encrypted as a block.
The Caesar cipher is an example of a stream cipher.
Block ciphers operate on “chunks”, or blocks, of a message and apply the encryption algorithm at the same time.
Transposition ciphers are examples of block ciphers.
Most modern encryption algorithms implement some type of block cipher.
Confusion occurs when the relationship between the plaintext and the ciphertext is so complicated that an attacker can’t merely continue altering the plaintext and analysing the result to determine the key.
Diffusion occurs when a change in the plaintext results in multiple changes spread throughout the ciphertext.
Know the requirements for successful use of a one-time pad
Key must be generated randomly, without any known pattern.
Key must be at least as long as the message to be encrypted.
Pad must be protected against physical disclosure.
Each pad must be used only once, then discarded.
Understand the concept of zero-knowledge proof
The communication concept of zero-knowledge proof is where a specific type of information is exchanged, but no real data is transferred, as with digital signatures and digital certificates.
Proving you know a piece of information (e.g. a password) without revealing that information.
Understand split knowledge
Split knowledge means that the info or privilege required to perform an operation is divided amongst multiple users. This ensures that no single person has sufficient privileges to compromise the security of the environment. M of N control is an example of split knowledge.
Useful for key escrow applications.
Understand work function (work factor)
Work function, or work factor, is a away to measure the strength of a cryptosystem but measuring the effort in terms of cost and/or time to decrypt messages.
Usually represents the time & effort required to perform a comprehensive brute-force attack against the cryptosystem.
The security & protection offered by a cryptosystem is directly proportional to the WF.
The WF need only be slightly greater than the time value of the data. Spend no more effort to protect an asset than it warrants, but be sure to provide sufficient protection.
For long-term data storage, may be a good idea to decrypt and re-encrypt using a stronger key and/or cryptosystem on a periodic basis.
Understand the importance of key security
Cryptographic keys provide the necessary element of secrecy to a cryptosystem.
Modern keys utilise keys that are at least 128 bits long to provide adequate security (AES-256 or equivalent is recommended for symmetric, and keys of at least 1,024 bits for standard asymmetric, or the equivalent 160 bits for ECC)
Generally agreed that the 56-bit key of DES no longer provides sufficient security.
Know the differences between symmetric & asymmetric cryptosystems
Symmetric key (or secret key) cryptosystems:
rely on the use of a shared secret key
are much faster than asymmetric algorithms (typically 1,000-10,000 times faster), and lend themselves well to hardware implementations
lack support for scalability, non-repudiation & easy key distribution (requires out-of-band exchange)
keys must be regenerated often (e.g. whenever a participant leaves a group)
a system with n participants requires ( n * (n – 1) ) / 2 keys; with 10 participants; 45 keys are required (10,000 participants require almost 50m keys!)
only support confidentiality
sometimes called private key cryptosystems, not to be confused with public key cryptosystems below
Asymmetric (or public key) cryptosystems:
use public-private key pairs for communication between parties
operate much more slowly than symmetric algorithms
are scalable, offer non-repudiation & easy key distribution
key generation is only required when a user’s private key is compromised (and only for that user)
no pre-existing communication link needs to exist
support confidentiality, integrity, authenticity & non-repudiation
require two keys per participant; with 10 participants, 20 keys are required (10,000 participants require 20,000 keys)
asymmetric keys must be longer than symmetric keys to provide equivalent strength
Be able the explain the basic operational modes of DES and 3DES
DES (and therefore 3DES) operates in one of five modes:
Electronic Code Book (ECB)
each time the algorithm processes a 64-bit block, encrypts the block using the chosen secret key
large messages are vulnerable to cryptanalytic techniques which make it impractical to use for all but the shortest transmissions
Cipher Block Chaining (CBC)
each block of unencrypted text is XORed with the block of ciphertext immediately preceding it, before encrypting with the DES algorithm
uses an IV for the first block, producing a unique output each time the operation is performed
IV must be sent to the recipient, e.g. by pre-pending the IV to the completed ciphertext in plain form, or by protecting with with ECB mode encryption using the same key used for the message
errors propagate – if one block is corrupted during transmission, it becomes impossible to decrypt that and any subsequent blocks
Cipher Feedback (CFB)
streaming cipher version of CBC
instead of breaking a message into blocks, it uses memory buffers of the same block size; as the buffer fills, it is encrypted and sent to the recipients (and the process repeats)
other than this, it operates in the same fashion as CBC; it uses an IV and chaining, so errors propagate
Output Feedback (OFB)
operates in almost the same fashion as in CFB mode
instead of XORing an encrypted version of the previous block of ciphertext, DES XORs the plaintext with a seed value
for the first encrypted block, an IV is used to create the seed value; future seed values are derived by running the DES algorithm on the previous seed value
major advantage is that there is no chaining function so errors do not propagate
Counter (CTR)
uses a stream cipher similar to that used in CFB & OFB modes
instead of creating the seed value for each encryption/decryption operation from the results of the previous seed values, it uses a simple counter that increments for each operation
as with OFB mode, errors do not propagate
CTR mode allows you to break an encryption or decryption operation into multiple independent steps, making it well suited for use in parallel computing
3DES uses three iterations of DES with two or three different keys, to increase the effective key strength to 112 or 168 bits respectively
DES-EEE3 encrypts the plaintext three times using three different keys, giving an effective key length of 168 bits (3*56)
DES-EDE3 also uses three keys but replaces the second encryption operation with a decryption operation; effective key length is again 168 bits
DES-EEE2 uses only two keys, K1 and K2. It encrypts with K1, then with K2, then with K1 again; 112-bit effective key length (2*56)
DES-EDE2 replaces the K2 encryption step with a K2 decryption step; again 112-bit effective key length
Current belief is that all modes are equally secure
Know the Advanced Encryption Standard (AES)
The US standard for secure exchange of SBU (sensitive but unclassified) data
Uses the Rijndael algorithm
Uses key lengths of 128, 192 & 256 bits and a fixed block size of 128 bits
Rijndael also supports 192- and 256-bit block sizes but this is not part of the standard
Achieves a much higher level of security than the older DES algorithm
Symmetric cipher memorisation chart
Name
Block size
Key size
AES 128-bit keys require 10 rounds of encryption, 192-bit 12 rounds, and 256-bit 14 rounds.
128
128, 192, 256
Rijndael
128, 192, 256
128, 192, 256
Blowfish Often used in SSH, also bcrypt. Licence-free, much faster than IDEA & DES.
64
32 – 448
DES
64
56
IDEA Originally developed as a solution to DES weakness. Operates in the same 5 modes: ECB, CBC, CFB, OFB & CTR. Used in commercial PGP.
64
128
Rivest Cipher 2 (RC2) No longer considered secure.
64
128
Rivest Cipher 5 (RC5) RSA-patented replacement for RC2. (Successor is RC6, but not widely adopted)
32, 64, 128
0 – 2,040
Skipjack Developed for EES (Escrowed Encryption Standard) and Clipper/Capstone chips. NIST and Dept of Treasury can reconstruct keys (each hold a portion of the knowledge required). Supports same 5 modes as DES/IDEA.
64
80
Triple DES (3DES)
64
112 or 128
Twofish AES finalist which uses pre- and post-whitening techniques.
128
1 – 256
Know this for the exam!
Creation & distribution of symmetric keys
Offline distribution:Exchanging symmetric keys, e.g. by physical exchange of key material on paper/removable storage media. Each method has its own inherent flaws: mail can be intercepted, telephones can be wiretapped, papers containing keys could be lost or accidentally thrown away.
Public key encryption: To obtain the speed benefits of secret key encryption without the hassle of key distrbution, many people use public key encryption to set up an initial comms link. A secret key is then exchanged over this secure link, then communication is switched to the much faster secret key algorithm.
Diffie-Hellman: In some cases, neither public key encryption nor offline distribution is sufficient. Two parties might need to communicate with each other, but they have no physical means to exchange key material, and there is no public key infrastructure in place to facilitate the exchange of secret keys. In situations like this, key exchange algorithms like Diffie-Hellman can be extremely useful.
Involves two communicating parties agreeing on two large integers, one of which is a prime number.
Both parties choose a different random large integer and perform a calculation using their own integer and the two numbers from before..
They send their random integers to each other, and they both perform a calculation to derive the same value. This is the secret key that can be used for communication between the two parties.
Key escrow approaches
Fair Cryptosystems: Secret keys used in communication are divided into two or more pieces, and each given to an independent third party. When the government obtains legal authority, it provides evidence of the court order to each party, and then reassembles the secret key.
Escrowed Encryption Standard: Provides the government with the technological means to decrypt ciphertext; the basis behind the Skipjack algorithm discussed earlier.
While the technology exists, it’s highly unlikely that the general public with ever accept the potential governnment intrusiveness it facilitates.
Understand the importance of data & asset classifications
Data owners are responsible for defining data and asset classifications and ensuring that data & systems are properly marked.
Additionally, data owners define requirements to protect data at different classifications, such as encrypting sensitive data at rest and in transit.
Data classifications are typically defined within security policies or data policies.
Know about PII and PHI
Personally identifiable information (PII) is any information that can identify an individual.
Protected health information (PHI) is any health-related information that can be related to a specific person.
Many laws & regulations mandate the protection of PII and PHI.
Know how to manage sensitive information
Sensitive information is any type of classified information; proper management helps prevent unauthorised disclosure resulting in a loss of confidentiality.
Proper management includes marking, handling, storing and destroying sensitive information.
The two areas in which organisations often miss the mark are:
adequately protecting backup media holding sensitive information
sanitising media or equipment at the end of its lifecycle.
Understand record retention
Record retention policies ensure that data is kept in a usable state while it is needed, and destroyed when it is no longer needed.
Many laws & organisations mandate keeping data for a specific amount of time, but in the absence of formal regulations, organisations specify the retention period within a policy.
Audit trail data needs to be be kept long enough to reconstruct past incidents, but the organisation must identify how far back they want to investigate.
A current trend with many organisations is to reduce legal liabilities by implementing short retention policies with email.
Know the difference between different roles
The data owner is the person responsible for classifying, labelling & protecting data.
System owners are responsible for the systems that process the data.
Business & mission owners own the processes & ensure that the systems provide value to the organisation.
Data processors are often the third-party entities that process data for an organisation.
Administrators grant access to data based on guidelines provided by the data owners.
A user accesses data while performing work tasks.
A custodian has day-to-day responsibilities for protecting & storing data.
Understand GDPR security controls
GDPR mandates protection of privacy data. Two key security controls mentioned in the GDPR are:
encryption
pseudonymisation (replacing some data elements with pseudonyms, making it more difficult to identify individuals.)
Know about security control baselines
Security control baselines provide a listing of controls that an organisation can apply as a baseline.
Not all baselines apply to all organisations. However, an organisation can apply scoping & tailoring techniques to adapt a baseline to its needs.
Understand the difference between criminal law, civil law & administrative law
Criminal law protects society against acts that violate the basic principles we believe in.
Violations of criminal law are prosecuted by federal & state governments.
Civil law provides the framework for the transaction of business between people & organisations.
Violations of civil law are brought to the court and argued by the two affected parties.
Administrative law is used by government agencies to effectively carry out their day-to-day business.
Be able to explain the basic provisions of major laws designed to protect society against computer crime
The Computer Fraud & Abuse Act (as amended) protects computers used by the government or in interstate commerce from a variety of abuses.
The Electronic Communications Privacy Act (ECPA) makes it a crime to invade the electronic privacy of an individual.
Know the differences among copyrights, trademarks, patents & trade secrets
Copyrights protect original works of authorship, such as books, articles, poems & songs.
Trademarks are names, slogans & logos that identify a company, product or service.
Patents provide protection to the creators of new inventions.
Trade secret law protects the operating secrets of a firm.
Be able to explain the basic provisions of the DMCA
The Digital Millennium Copyright Act (1998) prohibits the circumvention of copy protection mechanisms placed on digital media and limits the liability of Internet service providers for the activities of their users.
Know the basic provisions of the Economic Espionage Act
The Economic Espionage Act (1996) provides penalties for individuals found guilty of theft of trade secrets.
Harsher penalties apply when the individual knows that the information will benefit a foreign government.
Understand the various types of software license agreements
Contractual license agreements are written agreements between a software vendor and user.
Shrink-wrap agreements are written on software packaging and take effect when a user opens the package.
Click-through agreements are included in a package but require the user to accept the terms during the software installation process.
Understand the notification requirements placed on organisations that experience a data breach
California’s SB 1386 implemented the first statewide requirement to notify individuals of a breach of their personal information.
All but three states eventually followed suit with similar laws.
Currently, federal law only requires the notification of individuals when a HIPAA-covered entity breaches their protected health information (PHI).
Understand the major laws that govern privacy of personal information in both the US and the EU
The US has a number of privacy laws that affect the government’s use of information as well as the use of information by specific industries, such as financial services companies and healthcare organisations that handle sensitive information.
The EU has a more comprehensive General Data Protection Regulation (GDPR) that governs the use and exchange of personal information.
Explain the importance of a well-rounded compliance program
Most organisations are subject to a wide variety of legal & regulatory requirements related to information security.
Building a compliance program ensures that you become and remain compliant with these often overlapping requirements.
Know how to incorporate security into the procurement & vendor governance process
The expanded use of cloud services by many organisations requires added attention to conducting reviews of information security controls during the vendor selection process and as part of ongoing vendor governance.
Understand the four steps of the business continuity planning process
BC planning involves four distinct phases:
project scope & planning
business impact assessment
continuity planning
approval & implementation
Each task contributes to the overall goal of ensuring that business operations continue uninterrupted in the face of an emergency situation.
Describe how to perform the business organisation analysis
In the BOA, the individuals responsible for leading the BCP process determine which departments & individuals have a stake in the business continuity plan.
This analysis used as the foundation for BCP team selection and, after validation by the BCP team, is used to guide the next stages of BCP development.
List the necessary members of the BCP team
The BCP team should contain, at a minimum:
representatives from each of the operational & support departments
technical experts from the IT department
physical & IT security personnel with BCP skills
legal representatives familiar with corporate legal, regulatory & contractual responsibilities
representatives from senior management
Additional team members depend on the structure & nature of the organisation.
Know the legal & regulatory requirements that face BC planners
Business leaders must exercise due diligence to ensure that shareholders’ interests are protected in the event disaster strikes.
Some industries are also subject to federal, state & local regulations that mandate specific BCP procedures.
Many businesses also have contractual obligations to their clients that must be met before & after a disaster.
Explain the steps of the BIA process [TODO]
The five steps of the BIA process are:
Identification of priorities
Risk identification
Likelihood assessment
Impact assessment
Resource prioritisation
Describe the process used to develop a continuity strategy
During the strategy development phase, the BCP team determines which risks will be mitigated.
In the provisions & processes phase, mechanisms and procedures that will mitigate the risks are designed.
The plan must then be approved by senior management and implemented.
Personnel must also receive training on their roles in the BCP process.
Explain the importance of fully documenting an organisation’s BC plan
Committing the plan to writing provides the organisation with a written record of the procedures to follow when disaster strikes.
It prevents the “it’s in my head” syndrome and ensures the orderly progress of events in an emergency.
Understand the security implications of hiring new employees
To properly plan for security, you must have standards in place for:
job descriptions
job classification
work tasks
job responsibilities
preventing collusion
candidate screening
background checks
security clearances
employment agreements
non-disclosure agreements
By deploying such mechanisms, you ensure that new hires are aware of the required security standards, thus protecting your organisation’s assets.
Be able to explain separation of duties
Separation of duties is the security concept of dividing critical, significant, sensitive work tasks among several individuals.
By separating duties in this manner, you ensure that no one person can compromise system security.
Understand the principle of least privilege
The principle of least privilege states that, in a secured environment, users should be granted the minimum amount of access necessary for them to complete their required work tasks or job responsibilities.
By limiting user access only to those items that they need to complete their work tasks, you limit the vulnerability of sensitive information.
Know why job rotation & mandatory vacations are necessary
Job rotation serves two functions:
it provides a type of knowledge redundancy
moving personnel around reduces the risk of fraud, data modification, theft, sabotage & misuse of information
Mandatory vacations of 1-2 weeks are used to audit & verify the work tasks & privileges of employees. This often results in easy detection of abuse, fraud or negligence.
Vendor, consultant & contractor controls are used to define the levels of performance, expectation, compensation & consequences for entities, persons or organisations that are external to the primary organisation.
Often defined in an SLA.
Be able to explain proper employee termination policies
A termination policy should include items such as:
always having a witness
disabling the employee’s network access
performing an exit interview
escorting the terminated employee off the premises
the return of security tokens/badges & other company property
Know how privacy fits into the realm of IT security
Know the multiple meanings/definitions of privacy, why it is important to protect, and the issues surrounding it, especially in a work environment.
Be able to discuss third-party governance
Third-party governance is the system of oversight that may be mandated by law, regulation, industry standards or licensing requirements.
Be able to define overall risk management
Risk management is:
the process of identifying factors that could damage or disclose data
evaluating those factors in light of data value & countermeasure cost
implementing cost-effective solutions for mitigating or reducing risk
By performing RM, you lay the foundation for reducing overall risk.
Understand risk analysis & the key elements involved
Risk analysis is the process by which upper management is provided with details to make decisions about which risks are to be mitigated, which should be transferred and which should be accepted.
To fully evaluate risks and subsequently take proper precautions, you must analyse the following:
assets
asset valuation
threats
vulnerability
exposure
risk
realised risk
safeguards
countermeasures
attacks
breaches
Know how to evaluate threats
Threats can originate from numerous sources, including IT, humans & nature.
Threat assessment should be performed as a team effort to provide the widest range of perspectives.
By fully evaluating risks from all angles, you reduce your system’s vulnerability.
Understand quantitative risk analysis
Quantitive risk analysis focuses on hard values & percentages.
A complete quantitative analysis is not possible because of intangible aspects of risk.
The quantitative RA process involves asset valuation & threat investigation, followed by determining the threat’s potential frequency & the resulting damage; the result is a cost/benefit analysis of safeguards.
Key terms include:
Asset value (AV): The value of an asset, expressed as a $ amount.
Exposure factor (EF): Represents the %age of loss that an organisation would experience if a specific asset were violated by a realised risk. By calculating EFs, you are able to implement a sound RM policy.
Single loss expectancy (SLE): Represents the cost associated with a single realised risk against a specific asset. SLE = AV * EF
Annualised rate of occurrence (ARO): Represents the expected frequency with which a specific threat or risk will occur within a single year.
Annualised loss expectancy (ALE): Represents the possible yearly cost of all instances of a specific realised threat against a specific asset. ALE = SLE * ARO
To evaluate the cost/benefit of a safeguard, you must determine the annual cost of the safeguard, and the ALE for the asset after the safeguard is implemented. Value of cost to the company = ALE before safeguard – ALE after safeguard is implemented– annual cost of safeguard, i.e. Value = (ALE1 – ALE2) – ACS
Understand qualitative risk analysis
Qualitative RA is based on scenarios rather than calculations.
Exact $ figures are not assigned to possible losses; instead threats are ranked on a a scale to evaluate their risks, costs & effects; this assists those responsible in creating proper RM policies.
The Delphi technique, often used in qualitative RA, is an anonymous feedback-and-response process used to arrive at a consensus; this gives the responsible parties the opportunity to properly evaluate risks & implement solutions.
Know the options for handling risk
Reducing risk, or risk mitigation, is the implementation of safeguards & countermeasures.
Assigning/transferring risk places the cost of loss a risk represents onto another entity/organisation. Purchasing insurance is one form of transferring risk.
Accepting risk means that the management has decided that the cost/benefit analysis of possible safeguards and has determined that the cost of the countermeasure greatly outweighs the possible cost of loss due to a risk. It also means that management has agreed to accept the consequences and the loss of the risk is realised.
Be able to explain total risk, residual risk & controls gap
Total risk is the amount of risk an organisation would face if no safeguards were implemented.
Total risk = Threats * Vulnerabilities * Asset Value
Residual risk is the risk that management has chosen to accept rather than mitigate.
The difference between total risk and residual risk is the controls gap, which is the amount of risk that is reduced by implementing safeguards.
Residual risk = Total risk – Controls gap
Understand control types
The term control refers to a broad range of controls that perform such tasks as ensuring that only authorised users can log on, and preventing unauthorised users from gaining access to resources.
Control types include:
preventive
detective
corrective
deterrent
recovery
directive
compensation.
Controls can also be categorised by how they are implemented:
administrative
logical (technical)
physical.
Know how to implement security awareness & education
Before actual training can take place, awareness of security as a recognised entity must be created for users.
Once this is accomplished, training (teaching employees to perform their work tasks and to comply with security policy) can begin
All new employees require some level of training so they will be able to comply with all standards, procedures & guidelines mandated by policy.
Education is a more detailed endeavour in which students learn much more than they actually need to know in order to perform their work tasks; this is often associated with users pursuing certification or job promotion.
Understand how to manage the security function
To manage the security function, an organisation must implement proper & sufficient security governance.
The act of performing a risk assessment to drive the security policy is the clearest & most direct example of management of the security function.
This also relates to budget, metrics, resources, information security strategies, and assessing the completeness & effectiveness of the security program.
Know the six steps of the risk management framework
Chapter 1: Security Governance Through Principles & Policies (WIP)
Understand the CIA Triad elements of confidentiality, integrity & availability
Confidentiality is the principle that objects are not disclosed to unauthorised subjects.
Integrity is the principle that objects retain their veracity and are intentionally modified by only authorised subjects.
Availability is the principle that authorised subjects are granted timely & uninterrupted access to objects.
Know why these are important, the mechanisms that support them, the attacks that focus on each, and the effective countermeasures.
Understand the process of authentication
Authentication is the process of verifying or testing that a claimed identity is valid.
Authentication requires information from the subject that must exactly correspond to the identity indicated.
Know how authorisation fits into a security plan
Once a subject is authenticated, its access must be authorised.
The process of authorisation ensures that the requested activity or object access is possible given the rights & privileges assigned to the authenticated identity.
Understand security governance
Security governance is the collection of practices related to supporting, defining & directing the security efforts of an organisation.
Be able to explain the auditing process
Auditing, or monitoring, is the programmatic means by which subjects are held accountable for their actions while authenticated on a system.
Auditing is also the process by which unauthorised or abnormal activities are detected on a system.
Auditing is needed to:
detect malicious actions by subjects
detect attempted intrusions
detect system failures
reconstruct events
provide evidence for prosecution
provide problem reports & analysis
Understand the importance of accountability
An organisation’s security policy can be properly enforced only if accountability is in place: security can be maintained only if subjects are held accountable for their actions.
Effective accountability relies on the capability to prove a subject’s identity and track their actions.
Be able to explain non-repudiation
Non-repudiation ensures that the subject of an activity or event cannot deny that the event occurred
It prevents a subject from claiming not to have sent a message, not to have performed an action, or not to have been the cause of an event.
Understand security management planning
Security managemetnt is based on three types of plans:
A strategic plan is a long-term plan that is fairly stable. It defines the organisation’s goals, missions & objectives.
The tactical plan is a mid-term plan developed to provide more details on accomplishing the goals set forth in the strategic plan.
Operational plans are short-term, highly-detailed plans based on the strategic & tactical plans.
Know the elements of a formalised security structure
To create a comprehensive security plan, you need the following items in place:
Security policy
Standards
Baselines
Guidelines
Procedures
Such documentation clearly states security requirements and creates due diligence on the part of the responsible parties.
Understand key security roles
The primary security roles are:
security manager
organisational owner
upper management
security professional
user
data owner
data custodian
auditor
By creating a security role hierarchy, you limit risk overall.
Know how to implement security awareness training
Before actual training can take place ,awareness of security as a recognised entity must be created for users.
Once this is accomplished, training (teaching employees to perform their work tasks and comply with the security policy) can begin.
All new employees require some level of training so they will be able to comply with all standards, guidelines & procedures mandated by the security policy.
Education is a more detailed endeavour where students/users learn much more than they actually need to know to perform their work tasks.
Education is most often associated with users pursuing certification or seeking job promotion.
Know how layering simplifies security
Layering is the use of multiple controls in series.
Using a multi-layered solution allows for numerous controls to guard against threats.
Be able to explain the concept of abstraction
Abstraction is used to collect similar elements into groups, classes or roles that are assigned security controls, restrictions or permissions as a collective.
It adds efficiency to carrying out a security plan.
Understand data hiding
Data hiding, as the name suggests, is preventing data from being discovered or accessed by a subject.
It is often a key element in security controls as well as in programming.
Understand the need for encryption
Encryption is the art & science of hiding the meaning or intent of a communication from unintended recipients.
It can take many forms and be applied to every time of electronic communication, including text, audio & video files, as well as programs themselves.
Encryption is an important element in security controls, especially in regard to the transmission of data between systems.
Know why and how data is classified (TODO)
Data is classified to simplify the process of assigning security controls to groups of objects rather than individual objects.
The two common classification schemes are government/military and commercial business/private sector.
Know the five levels of government classification and the four levels of commercial classification.
The seven major steps or phases in the implementation of a classification scheme are:
TODO
TODO
TODO
TODO
TODO
TODO
TODO
Understand the importance of declassification
Declassification is required once an asset no longer warrants the protection of its currently-assigned classification or sensitivity level.
Know the basics of COBIT (TODO)
Control Objectives for Information & Related Technologies (COBIT) is a security concept infrastructure used to organise the complex security solutions of compliance.
Know the basics of threat modelling (TODO)
Threat modelling is the security process where potential threats are identified, categorised & analysed.
Threat modelling can be performed as a proactive measure during design & development, or as a a reactive measure once a product has been deployed.
Key concepts include:
assets
attackers
software
STRIDE
PASTA
Trike
VAST
diagramming
reduction/decomposing
DREAD
Understand the need to apply risk-based management concepts to the supply chain
Applying risk-based management concepts to the supply chain is a means to ensure a more robust and successful security strategy in organisations of all sizes.
When purchases and acquisitions are made without security considerations, the risks inherent in those products remain throughout their deployment life span.
You need to reduce the likelihood that an unauthorised person can piggyback their way into your data centre. Which of the following is the BEST way to ensure this?
(a) Retina scanners (b) Security awareness training (c) Magnetically locked doors with PIN pad access (d) Fingerprint activated locks (e) Mantrap
Answer: (e)
Explanation: (a), (c) & (d) would not prevent an adversary piggybacking an authorised user (b) Security awareness training is a basic requirements, can help increase vigilance of users and reduce piggybacking incidents, but some users are apathetic/ignorant to security so this will not ensure piggybacking doesn’t happen. (e) Mantraps can be expensive but are a very good physical access control that mitigates piggybacking Remember that tailgating = following an authorised user without their consent or knowledge, and piggybacking = being allowed through a secured entrance by an authorised user (e.g. under false pretences/social engineering). However, a mantrap prevents against both, as the user will need to be authenticated before the nextdoor opens, at which point the security guard will deny access as there’s a “piggybacker”. Some mantraps even incorporate weighing scales to detect if there is more than one person trying to get through.
How many possible keys exist in a 4-bit key space?
(a) 4 (b) 8 (c) 16 (d) 128
Answer: (c)
Explanation: An n-bit key space contains 2n keys; 24 = 16.
What block size is used by the 3DES encryption algorithm?
(a) 32 bits (b) 64 bits (c) 128 bits (d) 256 bits
Answer: (b)
Explanation: 3DES uses the same encryption algorithm as DES, albeit three times, so the block size is the same: 64 bits (though the key size doubles or triples from 56 to 112 or 128 bit depending on the mode)
Which of the following DES operating modes can be used for large messages with the assurance that an error early in the encryption/decryption process won’t spoilt results throughout the communication
Explanation: Neither ECB or OFB propagate errors, but ECB is not suitable for large messages.
How many keys are required to fully implement a symmetric algorithm with 10 participants?
(a) 10 (b) 20 (c) 45 (d) 100
Answer: (c)
Explanation: Fully implementing a symmetric algorithm with n participants requires ((n * (n – 1)) / 2 separate keys.
What block size is used by AES?
(a) 32 bits (b) 64 bits (c) 128 bits (d) Variable
Answer: (c)
Explanation: AES uses a fixed block size of 128 bits, although the underlying Rijndael algorithm supports variable block sizes.
How many encryption keys are required to fully implement an asymmetric algorithm with 10 participants?
(a) 10 (b) 20 (c) 45 (d) 100
Answer: (b)
Explanation: In an asymmetric cryptosystem, each participant requires two keys.
Which cryptographic algorithm forms the basis of the El Gamal cryptosystem?
(a) RSA (b) Diffie-Hellman (c) 3DES (d) IDEA
Answer: (b)
Explanation: The El Gamal cryptosystem extends the functionality of the Diffie-Hellman key exchange protocol to support the encryption & decryption of messages.
If a 2,048-bit plaintext message were encrypted with the El Gamal public key cryptosystem, how long would the resulting ciphertext message be?
Which of the following would NOT be considered an indicator of attack? (Choose two)
(a) Detection of an ongoing spear phishing campaign against employees (b) A NIDS identifies a buffer overflow exploit in an inbound packet (c) Unusual amounts of SSH traffic leaving the network (d) Log files show the same username attempted to log into 20 different servers in a 20 second window (e) A zero day exploit has been identified for software widely used in your enterprise
Answer: (c), (e)
Explanation: (c) is an indication of compromise (as opposed to an attack), and suggests data exfiltration is in progress (e) is not an indication of attack or compromise, but it could leave you open to attack if not mitigated
In response to a report you delivered to executives detailing the security features of smartcards, you have been asked to explain how the keys on the smart card are used to authenticate the user. Which of the following is the BEST answer?
(a) The smartcard calculates a hash of the user certificate and sends it to the host computer (b) The computer validates the user certificate with standard PKI validation techniques (c) The user smartcard PIN unlocks access to the user certificate (d) The user private key encrypts a challenge generated by the computer
Answer: (d)
Explanation: (a) does not occur, and would not provide authentication (b) is technically true, but not the best answer as this doesn’t authenticate the user (c) the PIN unlocks/provides access to the private key (d) authentication is provided by using the user private key to encrypt a challenge generated by the computer to decrypt using the public key in the certificate
As part of the development of a new software product being built in-house, you are completing the design of the system security architecture. What phase of the SDLC are currently in?
Explanation: During the Development & Acquisition phase (phase 2 of the SDLC), risk assessments are performed, security controls are defined, legal & regulatory landscape is assessed, and the security architecture is designed & engineered, making sure that security is built in from the start.
Who is ultimately responsible for accepting a risk associated with operating a system in your enterprise?
(a) System owner (b) ISSO (c) Software developer (d) Authorising Official (AO) (e) CIO
Answer: (d)
Explanation: The AO provides authorisation for the use of the system and formally accepts the risk associated.
Which one of the following tasks would a custodian most likely perform?
(a) Access the data (b) Classify the data (c) Assign permissions to the data (d) Back up data
Answer: (d)
Explanation: A data custodian performs day-to-day taks to protect the integrity & security of data, and this includes backing it up. Administrators assign permissions to the data.
Which one of the following data roles is most likely to assign permissions to grant users access to data?
(a) Administrator (b) Custodian (c) Owner (d) User
Answer: (a)
Explanation: The administrator assigns permissions based on the principles of least privilege and need-to-know. A custodian protects the integrity & security of the data.
Which of the following is a PRIMARY activity that should occur during the implementation & assessment phase of the SDLC?
(a) Authorisation to operate should be obtained from the AO (b) Security documentation should be developed (c) A privacy impact assessment should be performed (d) Continuous monitoring processes should be implemented
Answer: (a)
Explanation: (a) An ATO must be obtained from the Authorising Officer as a primary activity in this phase. (b) Would occur in the previous phase: Development & Acquisition (c) Would occur in the first phase: Initiation (d) Would also incur in Development & Acquisition
A web application regularly gets and puts confidential information to a cloud-based HTTPS server. Your security admin is concerned about the data being compromised if/when the server’s private key is obtained by an adversary. Which of the following represents the BEST way to mitigate this issue?
(a) Increase the key size to 2048 bits (b) Install a new certificate with a lifetime not longer than 90 days (c) Enable perfect forward secrecy on the HTTPS server (d) Enable certificate pinning
Answer: (c)
Explanation: (a) While 2048 is the minimum recommended key size for asymmetric crypto, (a) won’t help – if the adversary has your private key, they have your private key. (b) This is labour intensive and would only limit the adversary to a maximum of 90 days’ worth of data, which doesn’t fully solve the problem. (c) Perfect forward secrecy is a way of largely fixing the concern of an adversary (or even law enforcement) getting hold of private keys. With PFS, your long term keys are not actually used in the key exchange process, so if someone gets hold of the keys, they will not be able to decrypt the data of previous communications. The long term keys are instead use to sign an ephemeral key, and this ephemeral key pair is destroyed when communication is complete. (d) Can speed up connection speed and mitigate fraudulent certificates, so doesn’t help us in this context.
Once you have identified that a security event is an actual security incident, what is the FIRST action you should take?
(a) Isolate the affected system(s) from the network (b) Begin documenting everything being done (c) Power off the system by pulling the power cable (d) Create a forensic image of the affected system(s)
Answer: (b)
Explanation: (a) is a good option, but (b) should happen first so is the best answer.
Users in the Sales team access multiple third-party web-based applications, and each app authenticates the users with its own user account database. You want to deploy an SSO solution that allows team members to access the apps using their domain credentials. Which of these options is the BEST choice?
Explanation: (a) SAML allows you to have an identity provider (in this case, your Active Directory) and service providers (the individual apps, assuming they support SAML) to provide SSO. (b) is a JavaScript-based data format used for remote procedure calls (c) LDAPS is the secure version of the LDAP directory service (not normally used over the Internet) (d) OAuth is used to authenticate via third-party identity providers such as Facebook, Twitter & Google, not normally internal Active Directory domains. (e) Kerberos could be used internally to your network but not for federated access to external web apps
My CISSP Notes 