Go to Account Policies, then click on Password Policy.

The options, explained:

• History – how many passwords will Windows store (you won’t be able to reuse these passwords)
• Complexity requirements – if enabled, the Windows complexity requirement states that passwords should be at least 6 characters long, must not contain the username, have at least 3 different character types ([a-z][A-Z][0-9][special characters])
• Minimum length – this overrides the previous length setting
• Store passwords using reversible encryption – self explanatory; note that if the key used for encryption is lost, the password can be retreived
• Maximum age – how long (in days) until the user is forced to change the password
• Minimum age – very interesting option! If left to 0 you can change the password as many times as you like in one day. The problem is in conjunction with History. If, for example, History is set to 5, a user can change 6 passwords in one day and reuse the original password.

More information on: http://windows.microsoft.com/en-au/windows-vista/change-password-policy-settings

Certification against these ISO standards is only defined for ISO 27001, that is, an organization may be certified ISO 27001 compliant. ISO 27001 describes how to build what ISO calls an ISMS. An ISMS is a process to create and maintain a management system for information security. ISO 27001 references details from ISO 27002 and describes how to apply the ISO 27002 security controls; however, the organization is not ISO 27002 certified. By virtue of using ISO 27002 and adhering closely to the guidelines therein, an organization may claim to be ISO 27002 compliant, but without official recognition of this claim via certification.

Types of controls:

 – Administrative controls
– Facility selection or construction
– Facility management
– Personnel controls
– Training
– Emergency response and procedures

 – Technical controls
– Access controls
– Intrusion detection
– Alarms
– Monitoring (CCTV)
– Heating, ventilation and air conditioning (HVAC)
– Power supply
– Fire detection and suppression
– Backups

 – Physical controls
– Fencing
– Locks
– Lighting
– Facility construction materials

Facility Management

Issues with selecting a location:
– Visibility
– Surrounding area and external entities
– Accessibility
– Natural disaster

Construction issues when designing and building a facility:
– Walls
– Doors
– Ceilings
– Windows
– Flooring
– Heating and Air Conditioning
– Power Supplies
– Water and Gas Lines
– Fire Detection and Suppression

Concerns:

The load – How much weight that can be held of a building’s walls, floors and ceilings needs to be estimated and projected to ensure that the building will not collapse in different situations.

Positive flow (water and gas lines) – Material should flow out of building, not in.

Internal partitions – Many buildings have hung ceilings, meaning the interior partitions may not extend above the ceiling; therefore an intruder can lift a ceiling panel and climb over the partition.

Physical Security Component Selection Process

Security Musts: Obliged by law to obey certain safety requirements

Security Shoulds: Protection procedures that should be put into place to help protect the company from devastating activities and their results.

Hardware: SLAs / Servicelevel agreements – Ensure that vendors provide the necessary level of
protection.

MTBF / Mean Time Between Failure – Is used to determine the expected lifetime of a device or when an element within that device is expected to give out.

MTTR / Mean Time To Repair – Is used to estimate the amount of time between repairs.

Power Supply

Power protection –
– Online systems: Use a bank of batteries
– Standby UPS: Stay inactive until a power line fails
– Backup power supplies: Used to supply main power or charge batteries in a UPS system.
– Voltage regulators and line conditioners: Can be used to ensure a clean and smooth distribution of power.

Electrical Power Definitions

Ground: The pahtway to the earth to enabled excessive voltage to dissipate
Noise: Electromagnetic or frequency intererence that disrupts the power flow and can dagusse fluctations
Transient noise: Short duration of power line disruption
Clean power: Power that does not fluctate
Fault: Momentary power loss/out
Blackout: Complete / Prolonged loss of  power
Sag: Momentary low voltage
Brownout: Prolonged  low voltage
Spike: Momentary  high voltage
Surge: Prolonged high voltage
Inrush: Initial surge of power at the beginning

Environmental issues

Positive drains – Their contents flow out instead of in.

Relative humidity – 40 to 60 % is acceptable

High humidity – Can cause corrosion

Low humidity – Can cause excessive static electricity

Positive pressurization – When an employee opens a door, the air goes out and outside air does not come in.

Fire detectors

Smoke activated – Photoelectric device.

Heat activated – Rate-of-rise temperature sensors and fixed-temperature sensors.

Flame activated – Senses the infrared energy

Automatic Dial-up Alarm – Call the local fire station to report detected fire.

Fire suppression: Portable extinguishers should be located within 50 feet of any electrical equipment and
located near exists.

Fire classes and suppression medium:

A  – Common combustibles – Water or Soda Acid
B  – Liquid – CO2, Soda Acid or Halon
C  – Electrical – CO2 or Halon

Water – Suppresses the temperature required to sustain the fire.

Soda Acid – Suppresses the fuel supply of the fire

CO2 – Suppresses the oxygen supply required to sustain the fire

Halon – Suppresses the combustion through a chemical reaction

Replacement list for Halon: FM-200, NAF-S-III, CEA-410, FE-13, Water, Inergen, Argon, Argonite.

Water Sprinkler

Wet Pipe – Always contain water in the pipes and are usually discharged by temperature control level sensors.

Dry Pipe – The water is held by a valve until a specific temperature is reached. There is a time delay between the predefined temperature being met and the release of water.

Preaction – Combine the use of wet and dry pipe system. Water is not held in the pipes and is only released into the pipes once a predefined temperature is met. Once this temperature is met, the pipes are filled with water, but it does not release right away. A link has to melt before the water is released from the sprinkler head itself.

Deluge – The same as a dry pipe system except the sprinkler head is open.

Perimeter Security

Facility Access Control

Enforced through physical and technical components

Locks: Are the most inexpensive access control mechanisms. Are considered deterrent to semiserious intruders and delaying to serious intruders.

Preset Locks – Are locks usually used on doors.

Cipher Locks / programmable locks – Use keypads to control access into an area or facility.

  Options available on many cipher locks:
– Door delay: If the door is held open for a long period of time, an alarm will trigger to alert personnel of suspicious activity.
– Key-override: A specific combination can be programmed to be used in emergency situations to override usual procedures or for supervisory overrides.
– Master-keying: Enables supervisory personnel to change access codes and other features of the cipher lock.
– Hostage alarm: If an individual is in duress and/or held hostage, there can be a combination he or she enter to communicate this situation to the guard station and/or police station.

Device Locks – To protect devices by using Switch controls, slot locks, port controls, peripheral switch control and cable traps.

Personnel Access Controls: Proper identification to verify if the person attempting to access a facility or area should actually be allowed in.

Piggybacking – When an individual gains unauthorized access by using someone else’s legitimate credentials or access rights.

Magnetic cards:

Memory card – The reader will pull information form it and make an access decision.

Smart card – The individual may be required to enter a PIN or password, which the reader compares against the information held within the card.

Wireless Proximity Readers:

User activated – Transmits a sequence of values to the reader

System sensing – Will recognize the presence of the coded device within a specific area.

   – Transponders: The card and reader have a receiver, transmitter and battery
– Passive devices: The card does not have any power source of its own
– Field-powered devices: The card and reader contain a transmitter and active electronics.

External Boundary Protection Mechanism

Fencing:
3-4 feet – Deter casual trespassers
6-7 feet – Considered too high to climb easy
8 feet with 3 strands of barbed wire – Deter intruders
Mantrap – The entrance is routed through a set of double doors that may be monitored by a guard.

Lighting:
Should be used to discourage intruders and provide safety for personnel, entrances, parking areas and critical sections.
Critical areas should be illuminated 8 feet high and 2 feet out.

Surveillance Devices

Three main categories –
– Patrol Force and Guards – Can make determinations
– Dogs – Are loyal, reliable and have a sense of smell and hearing
– Visual Recording Devices: Camera, CCTV, etc.

Detecting:
Proximity Detection System / Capacitance detector – Emits a measurable magnetic field while in use. The detector monitor this electrical field and an alarm sounds if the field is disrupted.

Photoelectric or Photometric System – Detects the change in the level of light within an area.

Wave Patterns – Generates a wave pattern that is sent over an area and reflected back to the receiver.

Passive Infrared System – Identifies the changes of heat waves with an area it is configured to protect.

Acoustical-Seismic Detection System – Is sensitive to sounds and vibrations and detects the changes in the noise level of an area it is placed.

Media Storage Requirements

Data that is no longer needed or used must be destroyed.

Object reuse – The concept of reusing data storage media after its initial use

Data remanence – Is the problem of residual information remaining on the media after erasure.

Stages of data erasure –
– Clearing: Overwriting of datamedia intended to be reused in the same organization or
monitored environment.
– Purging: Degaussing or overwriting media intended to be removed from a monitored
environment.
– Destruction: Completely destroying the media and therefore residual data.

To protect hardware, software and media resources from:
– Threats in an operating environment
– Internal or external intruders
– Operators who are inappropriately accessing resources

Categories of Controls:
– Preventative Controls: Are designed to lower the amount and impact of unintentional errors that are entering the system and to prevent unauthorized intruder from internally or externally accessing the system.
– Detective Controls: Are used to detect an error once it has occurred.
– Corrective Controls / Recovery Controls: Are implemented to mitigate the impact of a loss event through data recovery procedures.
– Deterrent Controls / Directive Controls: Are used to encourage compliance with external controls.
– Application Controls: Are the controls that are designed into a software application to minimize and detect the software’s operational irregularities.
– Transaction Controls: Are used to provide control over the various stages of a transaction. Types of controls are: Input, processing, output, change and test controls.

Orange Book Controls

Operational assurance:
– System architecture
– System integrity
– Covert channel analysis
– Trusted facility management
– Trusted recovery

Life cycle assurance:
– Security testing
– Design specification and testing
– Configuration management
– Trusted distribution

Covert channel analysis:
– B2: The system must protect against covert storage channels. It must perform covert channel analysis for all covert storage channels.
– B3 and A1: The system must protect against both covert storage and covert timing channels. It must perform a covert channel analysis for both types.

Trusted Facility Management

B2: Systems must support separate operator and system administrator roles.
B3 and A1: System must clearly identify functions of the security administrator to perform the security-related functions.

Separation of duties and job rotation

 – Least privilege: Means that a system’s user should have the lowest level of rights and privileges necessary to perform their work and should only have them for the shortest length of time.

 – Two-man control: Two operators review and approve the work of each other, to provide accountability and to minimize fraud in highly sensitive or high-risk transactions.

 – Dual control: Both operators are needed to complete a sensitive task.

 – Job rotation: The process of limiting the amount of time an operator is assigned to perform a security related task before being moved to a different task with a different security classification.

Trusted Recovery: Ensures that security is not breached when a system crash or other system failure occurs. Is only required for B3 and A1 level systems.

 – Failure preparation: Backing up all critical files on a regular basis.

 –  System recovery

In common criteria three hierarchical recovery types –
– Manual recovery
– Automated recovery
– Automated recovery without undue Loss

Configuration / Change Management Control

Procedures to implement and support change control process:
– Applying to introduce a change
– Cataloging the intended change
– Scheduling the change
– Implementing the change
– Reporting the change to the appropriate parties

Clipping Levels: Thresholds for certain types of errors or mistakes allowed and the amount of these mistakes that can take place before it is considered suspicious. Once the clipping level has been exceeded, further violations are recorded for review.

Administrative Controls: Controls that are installed and maintained by administrative management to help reduce the threat or impact of violations on computer security.

 – Personal Security
– Employment Screening or Background Checks
– Mandatory Taking of Vacation in One Week Increment
– Job Action Warnings or Termination

 – Separation of Duties and Responsibilities

 – Least Privilege
– Need to Know
– Change/Configuration Management Controls
– Record Retention and Documentation

Record Retention:

Data Remanence – Refers to the data left on the media after the media has been erased

Operations Controls: Day-to-day procedures used to protect computer operations.

Resource Protection: Is the concept of protecting an organization’s computing resources and assets from loss or compromise. Covers hardware, software and data resources.

Hardware Controls:
– Hardware Maintenance
– Maintenance Accounts
– Diagnostics Port Control
– Hardware Physical Control

Software Controls:
– Anti-virus Management
– Software Testing
– Software Utilities
– Safe Software Storage
– Backup Controls

Privileged Entity Controls / Privileged operations functions:
– Special access to system commands
– Access to special parameters
– Access to the system control program

Media Resource Protection: Are implemented to protect any security threat by intentional or unintentional exposure of sensitive data

 – Media Security Controls:

Should be designed to prevent the loss of sensitive information and can be:
– Logging
– Access control
– Proper disposal
– Media Viability Controls

Should be used to protect the viability of the data storage media. Is required in the event of system recovery process –
– Marking
– Handling
– Storage

Physical Access Controls:
Covers

 – Hardware
– Software

Special arrangements for supervision must be made when external support providers are entering a data center.

Piggybacking: Is when an unauthorized person goes through a door behind an authorized person. The concept of a ”man trap” is designed to prevent it.

Monitoring and Auditing

Monitoring: Contains the mechanisms, tools and techniques which permit the identification of security events that could impact the operations of a computer facility.

Monitoring techniques –
– Intrusion detection
– Penetration testing
– Scanning and probing
– Demon Dialling
– Sniffing
– Dumpster Diving
– Social Engineering
– Violation processing using clipping levels

Auditing: Is the foundation of operational security controls monitoring.

Audit Trails: Enables a security practitioner to trace a transaction’s history.

Problem Management Concepts:
– Reduce failures to a manageable level
– Prevent the occurrence or re-occurrence of a problem
– Mitigate the negative impact of problems on computing services and resources.

Threats and Vulnerabilities

Threats

Accidential loss: Is a loss that is incurred unintentionally, though either the lack of operator training or proficiency or by the malfunctioning of an application processing procedure.

 – Operator input error and omissions

 – Transaction processing errors

Inappropriate Activities: Is computer behaviour that, while not rising to the level of criminal activity may be grounds for job action or dismissal.

 – Inappropriate Content

 – Waste of Corporate Resources

 – Sexual or Racial Harassment

 – Abuse of Privileges or Rights

Illegal Computer Operations and Intentional Attacks: Computer activities that are considered as intentional and illegal computer activity for personal financial gain for destruction.

 – Eavesdropping

 – Fraud

 – Theft

 – Sabotage

 – External Attack

Vulnerabilities:

 – Traffic / Trend Analysis

 – Maintenance Accounts

 – Data Scavenging Attacks

 – IPL Vulnerabilities

 – Network Address Hijacking

E-mail and Internet Security Issues

E-mail

 – SMTP – Works as a message transfer agent.

 – POP – Is an Internet mail server protocol that supports incoming and outgoing messages. Once the messages are downloaded from the POP server, they are usually deleted from that server.

 – IMAP Is an Internet protocol that enables users to access mail on a mail server. Messages can be downloaded or leave them on the mail server within her remote message folder, referred to as a mailbox.

Hack and Attack Methods:

 – Port Scanning and Networking mapping: Networking mapping tools send out seemingly benign packets to many different systems on a network. Port scanning identifies open port on a computer.

 – Superzapping: Is a utility used in IBM mainframe centers and has the capability to bypass access control within operating systems.

 – Browsing: Is a general term used by intruder to obtain information that they are not authorized to access. Can be accomplished by looking through another person’s files kept on a server or workstation, rummaging through garbage looking for information that was carelessly thrown away or reviewing information that has been saved on diskettes.

 – Sniffers: Tools that monitors traffic as it passes by. The tool is either a piece of hardware or software that runs on a computer with its network interface card (NIC) in promiscuous mode.

 – Session Hijacking: An attacker putting herself in the middle of a conversation without being detected.

 – Password Cracking: Capture and reveal passwords –

   – Dictionary attack: Is when a large list of words is fed into a hacking tool. This tool runs a one-way hash on the captured password and on each word in the list. The tool compares the hashing results to see if they match. If they do match, the tool has discovered the password, if not it moves to the next word in the list.

   – Brute force attack: A tool will try many different variations of characters, run a hash value on each variation and compare it to the hash value of the captured password.

    – Backdoors

Is a program that is installed by an attacker to enable her to come back into the computer at a later date without having to supply login credentials or go through any type of authorization process.

Is a statement that outlined the requirements necessary to properly support a certain security policy.

Computer Architecture

CPU – Central Processing Unit: Is a microprocessor. Contains a control unit, an ALU / Arithmetic Logic Unit and primary storage. Instructions and data are held in the primary storage unit needed by the CPU. The primary storage is a temporary memory area to hold instructions that are to be interpreted by the CPU and used for data processing.

Buffer overflow – Data being processed is entered into the CPU in blocks at a time. If the software instructions do not properly set the boundaries for how much data can come in as a block, extra data can slip in and be executed.

Real storage – As instructions and data are processed, they are moved back to the system’s memory space / real storage.

Memory

RAM / Random Access Memory – Is a volatile memory, because when power is lost -> information is lost.

Types of ram:
– Static RAM – When it stores data, it stays there without the need of being continually refreshed.
– Dynamic RAM – Requires that that data held within it be periodically refreshed because the data dissipates and decays.

ROM / Read-only memory – Is a nonvolatile memory. Software that is stored within ROM is called firmware.

EPROM / Erasable and programmable read-only memory – Holds data that can be electrically erased or written to.

Cache memory: Is a part of RAM that is used for high-speed writing and reading activities.

PLD – Programmable Logic Device: An integrated circuit with connections or internal logic gates that can be changed through programming process.

Memory Mapping

Real or primary memory – Memory directly addressable by the CPU and used for the storage of instructions and data associated with the program that is being executed.

Secondary memory – Is a slower memory (such as magnetic disks) that provides non-volatile storage.

Sequential memory – Memory from which information must be obtained by sequential searching from the beginning rather than directly accessing the location (magnetic tape, etc.)

Virtual memory – Uses secondary memory in conjunction with primary memory to present a CPU with a larger, apparent address space of the real memory locations.

Memory addressing:

Register addressing – Addressing the registers within a CPU or other special purpose registers that are designated in the primary memory.

Direct addressing – Addressing a portion of primary memory by specifying the actual address of the memory location. The memory addresses are usually limited to the memory page that is being executed or page zero.

Absolute addressing – Addressing all of the primary memory space.

Indexed addressing – Developing a memory address by adding the contents of the address defined in the program’s instruction to that of an index register. The computed, effective address is used to access the desired memory location. Thus, if an index register is incremented or decremented, a range of memory location can be accessed.

Implied addressing – Used when operations that are internal to the processor must be performed such as clearing a carry bit that was set as a result of an arithmetic operation. Because the operation is being performed on an internal register that is specified within the instruction itself, there is no need to provide an address.

Indirect addressing – Addressing where the address location that is specified in the program instruction contains the address of the final desired location.

CPU Modes and Protection Rings

Protection rings – Provide strict boundaries and definitions on what the processes that work within each ring can access and what commands the can successfully execute. The processes that operate within the inner rings have more privileges, privileged / supervisor mode, than the processes operating in the outer rings, user mode.

Operating states:
Ready state – An application is ready to resume processing.
Supervisory state – The system is executing a system, or highly privileged, routine.
Problem state – The system is executing an application.
Wait state – An application is waiting for a specific event to complete, like the user finishing typing in characters or waiting for a print job to finish.

Multi-threading, -tasking, -processing:
Multithreading – One application can make several calls at one time, that use different threads.
Multitasking – The CPU can process more than one process or task at one time.
Multiprocessing – If a computer has more than one CPU and can use them in parallel to execute instructions.

Input/Output Device Management: Deadlock situation – If structures are not torn down and released after use. Resources should be used by other programs and processes.

System architecture

TCB – Trusted Computing Base: Is defined as the total combination of protection mechanisms within a computer system. Includes hardware, software and firmware. Originated from the Orange Book. The Orange Book defines a trusted system as hardware and software that utilize measures to protect the integrity of unclassified or classified data for a range of users without violating access rights and the security policy. It looks at all protection mechanisms within a system to enforce the security policy and provide an environment that will behave in a manner expected of it.

Security perimeter: Defined as resources that fall outside of TCB. Communication between trusted components and untrusted components needs to be controlled to ensure that confidential information does not flow in an unintended way.

Reference monitor: Is an abstract machine, which mediates all access subjects have to objects to ensure that the subjects have the necessary access rights and to protect the objects from unauthorized access and destructive modification. Is an access control concept, not an actual physical component.

Security kernel: Is made up of mechanisms that fall under the TCB and implements and enforces the reference monitor concept. Is the core of the TCB and is the most commonly used approach to building trusted computing systems. Three requirements:
– It must provide isolation for the processes carrying out the reference monitor concept and they must be tamperproof.
– The reference monitor must be invoked for every access attempt and must be impossible to circumvent. Thus, the reference monitor must be implemented in a complete and foolproof way.
– It must be small enough to be able to be tested and verified in a complete and comprehensive manner.

Domains: Defined as a set of objects that a subject is able to access.

Execution Domain – A program that resides in a privileged domain needs to be able to execute its instructions and process its data with the assurance that programs in a different domain cannot negatively affect its environment.

Security Domain – Has a direct correlation to the protection ring that a subject or object is assigned to. The lower the protection ring number, the higher the privilege and the larger the security domain.

Resource isolation: Hardware segmentation – Memory is separated physically instead of just logically.

Security policy: Is a set of rules, practices and procedures dictating how sensitive information is managed, protected and distributed.

Multilevel security policy – Security policies that prevent information from flowing from a high security level to a lower security level.

Least privilege: Means that a resource, process has no more privileges than necessary to be able to fulfil its functions.

Layering: A structured and hierarchical architecture that has the basic functionality taking place at lower layers and more complex functions at the higher layers.

Data hiding: When it is required that processes in different layers do not communicate, therefore, they are not supplied with interfaces to interact with each other.

Abstraction: When a class of objects is assigned specific permissions and acceptable activities are defined. This makes management of different objects easier because classes can be dealt with instead of each and every individual object.

Security Models

Maps the abstract goals of the policy to information systems terms by specifying explicit data structures and techniques necessary to enforce the security policy.

State machine model: To verify the security of a system, the state is used, which means all current permissions and all current instances of subjects accessing objects must be captured.

State transitions – Activities that can alter a state.

A system that has employed a state machine model will be in a secure state in each and every instance of its existence. It will boot up into a secure state, execute commands and transactions securely, and will allow subjects to access resources only in secure states.

Bell-Lapaduda model: Address concerns about system security and leakage of classified information.

Multilevel security system – A system that employs the Bell-Lapuda model, where users with different clearances use the systems and the systems process data with different classifications. The level at which information is classified determines the handling procedures that should be used -> forms a lattice.

Lattice – Is an upper bound and lower bound of authorized access. Is a state machine model enforcing the confidentiality aspects of access control. An access control matrix and security levels are used to determine if subjects can access different objects. The model uses subjects, objects, access operations (read, write and read/write) and security levels.

Bell-Lapadula: Is an information flow security model, which means that information does not flow to an object of lesser or noncomparable classification.

Two main rules:
– The simple security rule – A subject at a given security level cannot read data that resides at a higher security level. Is referred to no ”read up” rule.
– *(star)-property – States that a subject in a given security level cannot write information to a lower security level. Is referred to no ”write down” rule.

Defines a secure state as a secure computing environment and the allowed actions which are security-preserving operations.

Basic Security Theorem – If a system initializes in a security state and all state transitions are secure, then every subsequent state will be secure no matter what inputs occur. The model provides confidentiality, and does not address integrity of the data the system maintain.

Biba model: Is an information flow model, concerned about data flowing from one security level to another. Uses a state machine model. Address the integrity of data being threatened when subject can read data at lower levels. Prevents data from any integrity level from flowing to a higher integrity level. Two main rules:
– ”No write up” – A subject cannot write data to an object at a higher integrity level.
– ”No read down” – A subject cannot read data from a lower integrity level.

Clark-Wilson model: Protecting the integrity of information by focusing on preventing authorized users from making unauthorized modifications of data, fraud, and errors within commercial applications. Users cannot access and manipulate objects directly, but must access the object through a program. Uses also separation of duties, which divides an operation into different parts and requires different users to perform each part. This prevents authorized user from making unauthorized modifications to data, which again protects its integrity. Auditing is also required to track the information coming in from the outside of the system.

Information flow model: Can deal with any kind of information flow, not only the direction of the flow. Looks at insecure informational flow that can happen at the same level and between objects along with the flow between different levels. A system is secure if there is no illegal information flow permitted.

Non interference Model: Ensure that any actions that take place at a higher security level do not affect, or interfere, with actions that take place at a lower level

Security Modes of Operation

Dedicated Security Mode: If all users have the clearance or authorization and need-to-know to all data processed within the system. All users have been given formal access approval for all information on the system and have signed nondisclosure agreements pertaining to this information. The system can handle a single classification level of information.

System-High Security Mode: All users have a security clearance or authorization to access the information but not necessarily a need-to-know for all the information processed on the system (only some of the data). Require all users to have the highest level of clearance, but a user is restricted via the access control matrix.

Compartmented Security Mode: All users have the clearance to access all the information processed by the system, but might not have the need-to-know and formal access approval. Users are restricted to being able to access some information because they do not need to access it to perform the functions of their jobs and they have not been given formal approval to access this data. Compartments are security levels with limited number of subjects cleared to access data at each level.

CMW / Compartments – Enable users to process multiple compartments of data at the same time, if they have the necessary clearance.

Multilevel Security Mode: Permits two or more classification levels of information to be processed at the same time when all the users do not have the clearance of formal approval to access all the information being processed by the system.

Trust and Assurance:

Trust – Tells the customer how much he can expect out of this system, what level of security it will provide.
Assurance – The system will act in a correct and predictable manner in each and every computing situation.

System Evaluation Methods

Examines the security-relevant parts of a system, meaning the TCB, access control mechanisms, reference monitor, kernel, protection mechanisms.

The Orange Book / TCSEC: TCSEC – Trusted Computer System Evaluation Criteria. Evaluates products to assess if they contain the security properties they claim and evaluate if the product is appropriate for a specific application or function. Looks at the functionality, effectiveness and assurance of a system during its evaluation and it uses classes that were devised to address typical patterns of security requirements. Focuses on the operating system. Hierarchical division of security levels –
A – Verified protection
B – Mandatory protection
C – Discretionary protection
D – Minimal security

Topics – Security policy, accountability, assurance and documentation

Areas

Security policy – Must be explicit and well defined and enforced by the mechanisms within the system.

Identification – Individual subjects must be uniquely identified.

Labels – Access control labels must be associated properly with objects.

Documentation – Includes test, design, specification documents, user guides and manuals.

Accountability – Audit data must be captured and protected to enforce accountability.

Life cycle assurance – Software, hardware and firmware must be able to be tested individually to ensure that each enforces the security policy in an effective manner throughout its lifetime.

Continuous protection – The security mechanisms and the system as a whole must perform predictably and acceptably in different situations continuously.

Evaluation levels –
D – Minimal Protection
C1 – Discretionary Security Protection
C2 – Controlled Access Protection
B1 – Labeled Security
B2 – Structured Protection
B3 – Security Domains
A1 – Verified Design

The Red Book / TNI: TNI – Trusted Network Interpretation. Addresses security evaluation topics for networks and network components. It addresses isolated local area networks and wide area internetwork systems.

Security items addressed:
* Communication integrity
— Authentication
— Message integrity
— Nonrepudiation
* Denial of service prevention
— Continuity of operations
— Network management
* Compromise protection
— Data confidentiality
— Traffic flow confidentiality
— Selective routing

Ratings –
– None
– C1 – Minimum
– C2 – Fair
– B2 – Good

ITSEC: ITSEC – Information Technology Security Evaluation Criteria. Only used in Europe. Two main attributes – Functionality and Assurance. Is a criteria for both security products and security systems and refers to both as the target of evaluation (TOE).

Common Criteria: Is an international evaluation standard.

EAL – Evaluation assurance level.

Protection profile – The set of security requirements, their meaning and reasoning and the corresponding EAL rating.

Two main attributes – Functionality and Assurance. Five sections of the protection profile:

 – Descriptive elements

 – Rationale

 – Functional requirements

 – Development assurance requirements

 – Evaluation assurance requirements

Certification <-> Accreditation
Certification: Is the technical evaluation of the security components and their compliance for the purpose of accreditation. Is the process of assessing the security mechanisms and controls and evaluating their effectiveness.

Accreditation: Is the formal acceptance of the adequacy of a system’s overall security by the management. Is management’s official acceptance of the information in the certification process findings.

Open Systems <-> Closed Systems

Open Systems: Have an architecture that has published specifications, which enables third-party vendors to develop add-on components and devices. Provides interoperability between products by different vendors of different operating systems, applications and hardware devices.

Closed Systems: Use an architecture that does not follow industry’s standards. Interoperability and standard interfaces are not employed to enable easy communication between different types of systems and add-on features. Are proprietary, meaning that the system can only communicate with like systems.

Threats to Security Models and Architectures

Covert Channels: Is a way for an entity to receive information in an unauthorized manner. It is an information flow that is not controlled by a security mechanism.

Covert timing channel – One process relays information to another by modulating its use of system resources.

Covert storage channel – When a process writes data to a storage location and another process directly or indirectly reads it. The problem occurs when the processes are at different security levels, and therefore not supposed to be sharing sensitive data.

 – Countermeasures: There is not much a user can do to countermeasure these channels. For trojan horses that uses HTTP, intrusion detection and auditing may detect a covert channel.

Back Doors: Also called maintenance hooks. Are instructions within software that only the developer knows about and can invoke.

 – Countermeasures: Code reviews and unit and integration testing should always be looking out for back doors.

Preventative measures against back doors

-Host intrusion detection system

-Use File system permissions to protect configuration files and sensitive information from being modified.

-Strict access control.

-File system encryption.

-Auditing

Timing Issues: Also called asynchronous attack. Deals with the timing difference of the sequences of steps a system uses to complete a task. A time-of-check versus time-of-use attack, also called race conditions, could replace autoexec.bat.

 – Countermeasures:

Host intrusion detection system

File system permissions and encryption

Strict access control measures

Auditing

Buffer Overflows: Sometimes referred to ”smashing the stack”. When programs do not check the length of data that is inputted into a program and then processed by the CPU.

 – Countermeasures

Proper programming and good coding practices.

Host intrusion detection system

File system permission and encryption

Strict access control

Auditing

Types of databases:
– Hierarchical
– Mesh
– Object-oriented
– Relational

DBMS / Database Management System

A suite of programs used to manage large sets of structured data with ad hoc query capabilities for many types of users.

Database: A collection of data stored in a meaningful way that enables multiple users and applications to access, view and modify data as needed.

Database terms/jargon
– Record: Collecion of related data items
– File: Collection of record of the same type
– Database: Cross-referenced collection of files
– DBMS: Manages and controls the database
– Base relation: A table stored in a database
– Tuple: A row in a database
– Attribute: A column in a database
– Primary key: Columns that make each row unique
– View: Virtual relation defined by the database to control subjects from viewing certain data
– Foreign key: Attribute of one table that is the primary key of another table
– Cell: Intersection of a row and column
– Schema: Holds data that describes a database
– Data dictionary: Central repository of data element and their relationships.
– Cardinality: The number of rows in the relation.
– Degree: The number of columns in the relation.
– Domain: Is a set of allowable values that an attribute can take.

Database models

Relational data model – Uses attributes (columns) and tuples (rows) to contain and organize information. A primary key is a field that links all the data within a record to a corresponding value.

Hierarchical data model – Combines records and fields that are related in a logical tree structure. Can have one child, many children, no children. Are useful for mapping one-to-many relationships.

Distributed data model – Has data stored in more than one database, but it is logically connected. Enable different databases to be managed by different administrators, although one person or group must manage the entire logical database.

Relational database components:

DDL / Data Definition Languag: Defines the structure and schema of the database.
– Structure: table size, key placement, views and data element relationships.
– Schema: the type of data that will be held and manipulated and their properties.

DML / Data Manipulation Language: All the commands that enable a user to view, manipulate and use the database.

QL / Query Language: Enables users to make requests of the database.

Report Generator: Produces printouts of data in a userdefined manner.

Data dictionary: Is a central repository of data elements and their relationships. Is a collection of data elements, schema objects and reference keys.

Schema objects – Can contain tables, views, indexes, procedures, functions and triggers.

Keys

Primary key – Is a unique identifier in the table that unambiguously point to an individual tuple or row in the
table. Is a subset of candidate keys within a table.

Foreing key – An attribute (column) in one relation that has values matching the primary key in another relation.

Integrity:

Concurrency problems – Making sure that different subjects receive the most up-to-date information.

Semantic integrity – Makes sure that structural and semantic rules are enforced. These rules pertain to data types, logical values, uniqueness constraints and operations that could adversely affect the structure of the database.

Referential integrity – Mechanism would ensure that no record would contain a reference to a primary key of a nonexisting record or a NULL value.

Entity integrity – If an attribute is NULL.

Rollback – Is a statement that ends a current transaction and cancels all other changes to the database.

Commit – Terminates a transaction and executes all changes that were just made by the user.

Checkpoint – Are used to make sure that if a system failure occurs or if an error is detected, the user can always return to a point in time before the system crashed.

Database security issues:

Aggregation – When a user does not have the clearance or permission to access specific information, but she does have the permission to access components of this information. She can then figure out the rest and obtain restricted information.

Inference – Happens when a subject deduces information that is restricted from data he has access to. This is seen when data at a lower security level indirectly portrays data at a higher level.

Content-dependents access control – Looks at the content of a file when it makes an access control decision. This type of access control increases processing overhead, but it provides higher granular control.

Cell suppression – Is a technique used to hide or not show specific cells that contain information that could be used in inference attacks.

Partitioning – Involves dividing the database into different parts, which makes it much harder for an unauthorized individual to find connecting pieces of data that can be brought together and other information that can be deduced or uncovered.

Noise and perturbation – Is a technique of inserting bogus information in the hope of misdirecting an attacker or confusing the matter enough that the actual attack will not be fruitful.

Database views – Permit one group or a specific user to see certain information, while restricting another group from viewing it altogether.

Polyinstantiation – Enables a relation to contain multiple tuples with the same primary keys with each instance distinguished by a security level.

OLTP / On Line Transaction Processing – Provides mechanisms that watch for problems and deal with them appropriately when they do occur.

– Two-phase commit service: Will make sure that a transaction is not complete until all databases receive and reflect a change.

Data warehousing – Combines data from multiple databases into a large database with the purpose of a fuller extent of information retrieval and data analysis

Data mining – Is the process of messagining the data held in the data warehouse into more useful information.

– Metadata: Data produced by data mining tools to find associations and correlations.

OODB / Object-Oriented Data Bases – Have the characteristics of ease of reusing code and analysis, reduced maintenance and an easier transition from analysis of the problem to design and implementation. Its main disadvantages are a steep learning curve and high overhead of hardware and software required for development and operation.

Object-Relational Databases – Combines the attributes of object-oriented and relational technologies.

System life cycle phases/software life cycle development process

System Life Cycle Phases:

 – Project initiation:
– Conception of project definition
– Proposal and initial study

 – Functional design analysis and planning
– Requirements uncovered and defined
– System environment specification determined

 – System design specifications
– Functional design review
– Functionality broken down
– Detailed planning put into place
– Code design

 – Software development
– Developing and programming software

 – Installation / implementation
– Product installation
– Testing and auditing

 – Operational/maintenance
– Product changes, fixes and minor modifications

 – Disposal / Revision and replacement
– Modifying the product with revisions or replacing it altogether

The Waterfall Model:
– System requirements
– Software requirements
– Analysis
– Program design
– Coding
– Testing
– Operations & Maintenance

Modified Waterfall Model incorporating V&V:
– System feasibility -> validation
– Software plans & requirements -> validation
– Product design -> verification
– Detailed design -> verification
– Coding -> unit test
– Integration Product -> verification
– Implementation -> system test
– Operations & Maintenance -> revalidation

Security concerns:

– Security should be addressed in each phase of system development. Security should not be addressed at the end of development because of the added cost, time, effort and lack of functionality.

– Separation of duties should be practiced in roles, environments and functionality pertaining to development of a product.

– A programmer should not have direct access to code in production.

– Certification deals with testing and assessing the security mechanism in a system

– Accreditation pertains to the management formally accepting the system and its security level.

– Changes must be authorized, tested and recorded. The changes must not affect the security level of the system or its capability to enforce the security policy.

Change control sub-phases:
– Request control
– Change control
– Release control

Change control process

 – Make a formal request of change

 – Analyze the request
– Develop the implementation strategy
– Calculate the costs of this implementation
– Review any security implications

 – Record the change request

 – Submit the change request for approval

 – Develop the change
– Recode segments of the product and add or subtract
functionality.
– Link these changes in the code to the formal change control
request
– Submit software for testing and quality approval
– Repeat until quality is adequate
– Make version changes

Configuration management:
– Configuration identification
– Configuration control
– Configuration status accounting
– Configuration audit

CMM / Software Capability Maturity Model

 – Level 1: Initiating – Competent people and heroics; processes are informal and ad hoc

 – Level 2: Repeatable – Project management processes; project management practices are institutionalized

 – Level 3: Defined – Engineering processes and organizational support; technical practices are integrated with management practices institutionalized

 – Level 4: Managed – Product and process improvement; product and process are quantitatively controlled

 – Level 5: Optimized – Continuous process improvement; process improvement is institutionalized

Application Development Methodology

Types of languages
Machine language: Is in a form that the computer and processor can understand and work with directly.
Assembly language: Cannot be understood directly by the system and must be processed, which results into machine code language.
High-level language: Cannot be understood directly by the system and must be processed,
which results into machine code language.

Programs

Interpreted programs: Have instructions that are read and interpreted by a program one instruction at a time.

Compiled programs: Are written in a high-level language and turned into machine readable format by a program called compiler.

OOP / Object-Oriented Programming

Works with classes and objects within those classes. Once the class is defined, the attributes can be reused for each new member or instance of the class that is created. The object encapsulate the attribute values, which means that this information is packaged under one name and can be reused as one entity by other objects.

An object can have a shared portion – The interface that enables it to interact with other components

An object can have a private portion – How it actually works and performs the requested operations. Messages enter through the interface to specify the requested operation or method to be performed.

Information hiding – There is no need for other components to know how each object works internally.

Abstraction – Is the capability to suppress unnecessary details so that the important, inherent properties can be examined and reviewed

Phases of object-orientation

OORA / Object-Oriented Requirements Analysis – Defines classes of objects and their interactions.
OOA / Object-Oriented Analysis – In terms of object-oriented concepts, understanding and modelling a particular problem within a problem domain.
DA / Domain Analysis – Seeks to identify the classes and objects that are common to all applications within a given domain.
OOD / Object-Oriented Design – Object is the basic unit of modularity; objects are instantiations of a class.
OOP / Object-Oriented Programming – Emphasizes the employment of objects and methods rather than types or transformations as in other programming approaches.

Features of OOP

Encapsulation – Hides internal data and operations.

Polymorphism – Makes copies of objects and makes changes to those copies.

Polyinstantiation – Multiple distinct differences between data within objects to discourage lower-level subjects from learning information at a higher-level of security.

Inheritence – Shares properties and attributes.

Multiple inheritence – Is the situation where a class inherits the behavioural characteristics of more than one parent class.

Delegation – Forwarding of a request by an object to another object or delegate. This forwarding is necessitated by the fact that the object receiving the request does not have a method to service the request.

Data Modelling

Structured analysis approach: Looks at all objects and subjects of an application and maps the interrelationships, communication paths and inheritance properties.

Data modelling: Considers data independently of the way that the data is processed and the components that process the data.

Data Structure: Is a representation of the logical relationship between elements of data.

Cohesive: A cohesive module can perform a single task with little or no help from other modules
– Low Cohesion: Scatter brained, does several tasks.
– High Cohesion: Focused on one task.

The best programming uses the most cohesive modules possible, but because different modules need to pass data and communicate, they usually cannot be totally cohesive.

Coupling:

Is a measure of interconnection among modules in an application.
– Low Coupling: Promotes module independence.
– High Coupling: Depend on other modules

The lower the coupling, the better the software design, because it promote module independence. The more independent a component is, the less complex the application is and the easier it is to modify and troubleshoot.

OMA / Object Management Architecture

ORB / Object Request Brokers: Manages all communication between components and enables them to interact in a heterogeneous and distributed environment.

CORBA / Common Object Request Broker Architecture: Provides interoperability among the vast array of different software, platforms and hardware in environments.  Enables applications to communicate with one another no matter where the application is located or who developed it. To implement this compatible interchange, a user develops a small amount of initial code and an Interface Definition Language (IDL) file.

COM / Common Object Model: Supports the exchange of objects among programs.

DCOM / Distributed Common Object Model: Defines the standard for sharing objects in a networked environment. Uses a globally unique identifier, GUID, to uniquely identify users, resources and components within an environment.

ODBC / Open Database Connectivity: Provides a standard SQL dialect that can be used to access many types of rational databases.

DDE / Dynamic Data Exchange: Enables different applications to share data by providing IPC. Is a communication mechanism that enables direct conversation between two applications.

DCE / Distributed Computing Environment: Is a set of management services with a communication layer based on RPC. Is a layer of software that sits on top of the network layer and provides services to the applications above it. Uses universal unique identifier, UUID, to uniquely identify users, resources and components within an environment.The RPC function collects the arguments and commands from the sending program and prepares them for transmission over the network.

The DFS / Distributed File Services provides a single integrated file system that all DCE users can use to share files.

Expert systems / knowledge based systems: Use artificial intelligence / emulate human knowledge to solve problems. Is a computer program containing a knowledge base and set of algorithm and rules used to infer new facts from knowledge and incoming data.

 – Rule-based programming: Is a common way of developing expert systems.

 – Pattern matching: Based on if-then logic units.

 – Inference engine: A mechanism that automatically matches facts against patterns and determines which rules are applicable.

Artificial Neureal Networks: Is an electronic model based on the neural structure of the brain. Tries to replicate the basic functions of neurons and their circuitry to solve problems in a new way.

Java: Is a platform independent because it creates intermediate code, bytecode, which is not processor specific. The Java Virtual Machine then converts the bytecode to machine code. Java applets use a security scheme that employs a sandbox to limit the applet’s access to certain specific areas within the user’s system and protects them from malicious or poorly written applets.

ActiveX:
Microsoft technology that is used to write controls that Internet users can download to increase their functionality and Internet experience. Practices security by informing the user where the program came from. Uses authenticode technology that relies on digital certificates and trusting certificate authorities.

Malicious Code: Viruses, worms, trojan horses, logic bombs, etc.

Can be detected by:
– File size increase
– Many unexpected disk accesses
– Change in update or modified timestamps

Virus: Is a program that searches out other programs and infects them by embedding a copy of itself. When the infected program executes, the embedded virus is executed which propagates the infection.

 – Boot sector virus: Move data within the boot sector or overwrite the sector with new
information

 – Stealth virus: Hides the modifications that it has made to files or boot records.

 – Polymorphic virus: Produces varied but operational copies of itself.

 – Mulitpart virus: Infects both the boot sector of a hard drive and executable files.

 – Self-garbling virus: Attempts to hide from antivirus software by garbling its own code. As the virus spreads, it changes the way its code is encoded.

Worm: They can reproduce on their own with no need for a host application and that they are self-contained programs.

Logic bomb: Will execute a program, or string of code,  when a certain event happens.

Trojan horse: Is a program disguised as another program.

Attacks

DoS / Denial of Service: An attack consuming the victim’s bandwidth or resources, that cause the system to crash or stop processing other packet.

Smurf: Requires three players: the attacker, the victim and the amplifying network. The attacker spoofs, or changes the source IP address in a packet header, to make an ICMP ECHO packet seem as though it originated at the victim’s system. This ICMP ECHO message is broadcasted to the amplifying network, which will reply to the message in full force. The victims system and victim’s network is overwhelmed.

Fraggle: Uses UDP as its weapon of choice. The attacker broadcasts a spoofed UDP packet to the amplifying network, which in turn replies to the victim’s system

SYN Flood: Continually sending the victim SYN messages with spoofed packets. The victim will commit the necessary resources to set up this communication socket and it will send its SYN/ACK message waiting for the ACK message in return.

Teardrop: An attacker sending very small packets that would cause a system to freeze or reboot. Causes by the fact that some systems make sure that packets are not too large, but do not check to see if a packet is too small.

DDoS / Distributed Denial of Service: Is a logical extension of the DoS. The attacker creates master controllers that can in turn control slaves / zombie machines.

DNS DoS Attacks: A record at a DNS server is replaced with a new record pointing at a fake/false IP address.

Cache poisoning – The attacker inserting data into the cache of the server instead of replacing the actual records.

Security objectives

Confidentiality: Provides the ability to ensure that the necessary level of secrecy is enforced.

Integrity: Is upheld when the assurance of accuracy and reliability of information and system is provided and unauthorized modification of data is prevented.

Availability: Prevents disruption of service of productivity.

Definitions

Vulnerability: Is a software, hardware or procedural weakness that may provide the attacker the open door he is looking for to enter a computer or network and have unauthorized access to resources within the environment.

Threat: Is any potential danger to information or systems

Risk: Is the likelihood of a threat agent taking advantage of a vulnerability.

Exposure: Is an instance of being exposed to losses from a threat agent.

Countermeasure / safeguard: Mitigates the potential risk.

Top-down approach: The initiation, support and direction come from top management and work their way through middle management and then to staff members.

Bottom-up approach: Security program developed by IT without getting proper management support and direction.

Operational goals: Daily goals.
Tactical goals: Mid-term goals.
Strategic goals: Long-term goals.
Risk Management: Is the process of identifying, assessing and reducing risks to an acceptable level and implementing the right mechanisms to maintain that level of risk.

Risk Analysis

Is a method of identifying risks and assessing the possible damage that could be caused in order to justify security safeguards.

Three main goals:
– identify risks
– quantify the impact of potential threats
– provide an economic balance between the impact of the risk and the cost of the countermeasure.

Risks have a loss potential: The company would lose something if a threat agent actually exploits a vulnerability.

Delayed loss: Has a negative effect on a company after a risk is initially exploited.

Quantitative Approach: Attempts to assign real numbers to the costs of countermeasures and the amount of damage that can take place. Provides concrete probability percentages when determining the likelihood of threats and risks. Purely quantitative risk analysis is not possible because the method is attempting to quantify qualitative items.

Steps in risk analysis
– Assign value to information and assets
– Estimate potential loss per risk
– Perform a threat analysis
– Derive the overall loss potential per risk
– Choose remedial measures to counteract each risk
– Reduce, assign or accept the risk

Calculating risks
EF (Exposure Factor) = Percentage of asset loss caused by identified threat.
SLE (Single Loss Expectancy) = Asset value * Exposure Factor
ARO (Annualized Rate of Occurrence) = Estimated frequency a threat will occur within a
year.
ALE (Annualized Loss Expectancy) = Single Loss Expectancy * Annualized Rate of Occurrence

Qualitative Approach: Walk through different scenarios of risk possibilities and rank the seriousness of the threats and the sensitivity of the assets.

Procedures in performing the scenario:
– A scenario is written that addresses each major threat
– The scenario is reviewed by business unit managers for a reality check
– The RA team recommends and evaluates the various safeguards for each threat
– The RA team works through each finalized scenario using a threat, asset and safeguard.
– The team prepares their findings and submits them to management.

Delphie Technique: Is a group decision method and is used to ensure that each member of a group gives an honest opinion of what he or she thinks the result to a particular risk will be.

Calculating countermeasures and risk:
Value of safeguard to the company = (ALE before implementing safeguard) – (ALE after implementing safeguard) – (annual cost of safeguard)
Total risk = threats * vulnerability * asset value
Residual risk = (threats * vulnerability * asset value) * control gap

Handling Risk:
Transfer risk -> Purchase an insurance
Reduce risk -> Implements countermeasures
Rejecting risk -> Denial of its risk or ignores it.
Accept the risk -> The company understands the level of risk they are under and the cost of damage that is possible and they decide to live with it.

Security Program

Categories of policy:
– Regulatory
– Advisory
– Informative

Security Policy:
Is a general statement produced by senior management to dictate what type of role security plays within the organization. Are written in broad and overview terms to cover many subjects in a general fashion.

– Organisational security policy: Provides scope and direction for all further security activities within the organization.

– Issue-specific policies: Addresses specific security issues that management feels need more detailed explanation and attention to make sure a comprehensive structure is built and all employees understand how they are to comply to these security issues.

– System-specific policy: Presents the management’s decision that are closer to the actual computers, networks, applications and data.

Standards: Specify how hardware and software products are to be used. They provide a means to ensure that specific technologies, applications, parameters and procedures are carried out in a uniform way across the organization. These rules are usually compulsory within a company and they need to be enforced.

Baselines: Provides the minimum level of security necessary throughout the organization.

Guidelines: Are recommendation actions and operational guides to users, IT staff, operations staff and others when a specific standard does not apply.

Procedures:Are step-by-step actions to achieve a certain task. Procedures are looked at as the lowest level in the policy chain.

Data Classification

The primary purpose of data classification is to indicate the level of confidentiality, integrity and availability that is required for each type of information. It helps to ensure that the data is protected in the most cost-effective manner.

Common classification levels (from highest to the lowest level):
Commercial business ->
– Confidential
– Private
– Sensitive
– Public

Military ->
– Top secret
– Secret
– Confidential
– Sensitive but unclassified
– Unclassified

Layers of Responsibility

Senior Manager: Ultimately responsible for security of the organization and the protection of its assets.

Security professional: Functionally responsible for security and carries out sensitive manager’s directives.

Data Owner: Is usually a member of senior management and is ultimately responsible for the protection and use of the data. Decides upon the classification of the data he is responsible for and alters these classifications if the business needs arise. Will delegate the responsibility of the day-to-day maintenance of the data, which is the responsibility of the data custodian.

Data Custodian: Is given the responsibility of the maintenance and protection of the data.

User: Any individual who routinely uses the data for work-related tasks. Must have the necessary level of access to the data to perform the duties within her position and is responsible for following operational security procedures to ensure the data’s C/I/A to others.

Structure and practices

Separation of duties: Makes sure that one individual cannot complete a risky task by herself.
Collusion: More than one person would need to work together to cause some type of destruction or fraud and this drastically reduces its probability.

Nondisclosure agreements: To protect the company if and when this employee leaves for one reason or another.

Job rotation: No one person should stay in one position for a long period of time because it can end up giving too much control of a segment of the business to this one individual.

Security Awareness

Types of training:
– Security-related job training for operators
– Awareness training for specific departments or personnel groups with security sensitive positions
– Technical security training for IT support personnel and system administrators
– Advanced InfoSec training for security practitioners and information system auditors.
– Security training for senior managers, functional managers and business unit managers.

Protocol – Standard set of rules that determine how systems will communicate across networks.

OSI Model             TCP/IP  
Application            Application
Presentation
Session
Transport             Host-to-host
Network               Internet
Data Link             Network Access
Physical

Each layer adds its own information to the data packet.

7. Application layer: Processes and properly formats the data and passes it down to the next layer. Protocols used – SMTP, HTTP, LPD, FTP, WWW, Telnet, TFTP.

6. Presentation layer: Provides a common means of representing data in a structure that can be properly processed by the end system. Formats Graphic into TIFF, GIF or JPEG. Handles data compression and encryption.

5. Session layer: Establishing a connection between the two computers, maintaining it during the transferring of data and controlling the release of this connection. Protocols used – SSL, NFS, SQL, RPC

4. Transport layer: Provides end-to-end data transport services and establishes the logical connection between two communicating computers. Protocols used – TCP, UDP, SPX. Information is passed down from different entities at higher layers to the transport layer, which must assemble the information into a stream.

3. Network layer: Insert information into the packet’s header so that it can be properly routed. Protocols used – IP, ICMP, RIP, OSPF, BGP, IGMP. Protocols that work at this layer do not ensure the delivery of the packets.

2. Data Link layer: The operating system format the data frame to properly transmit over networks (Token Ring, Ethernet, ATM or FDDI). Protocols used – SLIP, PPP, RARP, L2F, L2TP, FDDI, ISDN. Each network technology has defined electronic signalling and bit patterns.

1. Physical layer: Converts bits into voltage for transmission. Standard interfaces – HSSI, X.21, EIA/TIA-232, EIA/TIA-449. The session layer enables communication between two computers to happen in three different
modes:

– Simplex: Communication takes place in one direction.

– Half-duplex: Communication takes place in both directions, but only one system can send
information at a time.

– Full-duplex: Communication takes place in both direction and both systems can send
information at the time.

TCP/IP – Transmission control protocol/Internet protocol

IP: The main task is to support internetwork addressing and packet forwarding and routing. Is a connectionless protocol that envelops data passed to it from the transport layer.

TCP: Is a reliable and connection-oriented protocol, that ensures that packets are delivered to the destination computer. If a packet is lost during transmission, TCP has the capability to resend it. Provides reliability and ensures that the packets are delivered. There is more overhead in TCP packet. Data -> Stream-> Segment -> Datagram -> Frame

UDP: Is a best-effort and connectionless oriented protocol. Does not have packet sequencing, flow and congestion control and the destination does not acknowledge every packet it receives. There is less overhead in UDP packet. Data – Message -> Packet -> Datagram -> Frame

TCP Handshake:

1. Host sends a SYN packet

2. Receiver answers with a SYN/ACK packet

3. Host sends an ACK packet

IPv4 – Uses 32 bits for its address

IPv6 – Uses 128 bits for its address

LAN media access technologies

Ethernet: Characteristics: Share media / Uses broadcast and collision domains / Uses carrier sense multiple access with collision detection (CSMA/CD) access method / Supports full-duplex on twisted-pair implementations / Can use coaxial or twisted-pair media / Defined by standard 802.3

10base2 implementation: ThinNet, uses coaxial cable, maxlength 185 meters, provides 10 Mbps.

10base5 implementation: Thicknet, uses coaxial cable, maxlength 500 meters, provides 10 Mbps.

10base-T implementation: Uses twisted-pair wiring, provides 10 Mbps, usually implemented in star topology.

Fast Ethernet implementation: Uses twisted-pair wiring, provides 100 Mbps.

Token ring: Uses a token-passing technology with a star configured topology. Each computer is connected to a central hub, MAU – Multistation Access Unit. Transmits data at 16 Mbps. Active monitor – Removes frames that are continuously circulating on the network. Beaconing – If a computer detects a problem with the network, it sends a beacon frame. It generates a failure domain where computers and devices will attempt to reconfigure certain settings to try and work around the detected fault.

FDDI—Fiber Distributed Data Interface:
Is a high speed token-passing media access topology.
Transmits data at 100 Mbps
Provides fault tolerance by providing a second counterrotating fiber ring.
Enables several tokens to be present on the ring at the same time.

Cabling

Coaxial Cable: Is more resistant to EMI electromagnetic interference, provides a higher bandwidth and longer cable lengths compared to twisted pair. Can transmit using a baseband method, where the cable carries only one channel. Can transmit using a broadband method, where the cable carries several channels.

Twisted pair: Is cheaper and easier to work with than coaxial cable. STP Shielded twisted pair – Has an outer foil shielding which is added protection from radio frequency interference. UTP Unshielded twisted pair – Different categories of cabling that have different characteristics.

Fiber-optic cabling: Because of the use of glass, it has higher transmission speeds that can travel over longer distances and is not affected by attenuation and EMI when compared to cabling that uses copper. It does not radiate signals like UTP cabling and is very hard to tap into. Is expensive.

Cabling problems: Noise – The receiving end will not receive the data in the form that was originally transmitted. Can be caused by motors, computers, copy machines, florescent lightning and microwave ovens. Attenuation – The loss of signal strength as it travels or caused by cable breaks and cable malfunctions. Crosstalk – When electrical signals of one wire spill over to another wire. UTP is much more vulnerable to this than STP or coaxial. Plenum space – Network cabling that is placed in an area to meet specific fire rating to ensure that it will not produce and release harmful chemicals in case of a fire. Pressurized conduits – Encapsulation of wires so if there is an attempt to access a wire, the pressure of the conduit will change and sound an alarm or send a message to the administrator.

Types of transmission

Analog transmission signals – Modulation of signals, electromagnetic waves.

Digital transmission signals – Represents binary digits as electrical pulses.

Asynchronous communication – Two devices are not synchronized in any way. The sender can send data at anytime and the receiving end must always be ready. Can be a terminal and a terminal server or modem.

Synchronous communication – Takes place between two devices that are synchronized, usually via a clocking mechanism. Transfers data as a stream of bits.

Baseband – Uses the full cable for its transmission

Broadband – Usually divides the cable into channels so that different types of data can be transmitted at a time.

Unicast method – A packet needs to go to one particular system

Multicast method – A packet need to go to a specific group of systems

Broadcast method – A packet goes to all computers on its subnet

Network Topology

Ring Topology: Has a series of devices connected by unindirectional transmission links, that forms a ring. Each node is dependent upon the preceding nodes and if one system failed, all other systems could fail.

Bus Topology: A single cable runs the entire length of the network. Each node decides to accept, process or ignore the packet. The cable where all nodes are attached is a potential single point of failure. Linear bus – Has a single cable with nodes attached to it. Tree topology – Has branches from the single cable and each branch can contain many nodes.

Star Topology: All nodes connect to a central hub or switch. Each node has a dedicated link to the central hub.

Mesh Topology: All systems and resources are connected to each other in a way that does not follow the uniformity of the previous topologies.

LAN Media Access Technologies

MTU – Is a parameter that indicates how much data a frame can carry on a specific network.

Token passing: Is a 24-bit control frame used to control which computers communicate at what intervals. The token grants a computer the right to communicate. Do not cause collisions because only one computer can communicate at a time.

CSMA Carrier sense multiple access: CSMA/CD (collision detection) – Monitor the transmission activity or carrier activity on the wire so that they can determine when would be the best time to transmit data. Computers listen for the absence of a carrier ton on the cable, which indicates that no one else is transmitting date at the same time.

Contention – The nodes have to compete for the same shared medium

Collision – Happens when two or more frames collide.

Back-off algorithm – All stations will execute a random collision timer to force a delay before they attempt to transmit data. CSMA/CA (collision avoidance) – Is an access method where each computer signals its intent to transmit data before it actually does so.

Collision Domains: Is a group of computers that are contending or competing for the same shared communication medium.

Polling: Some systems are configured to be primary stations and others are secondary stations. At predefined intervals, the primary station will ask the secondary station if it has anything to transmit.

Protocols

ARP – Knows the IP address and broadcasts to find the matching hardware address, the MAC address.

RARP – Knows the hardware address and broadcasts to find the IP address. Masquerading attack – An attacker alter a system’s ARP table so that it contains incorrect information (ARP table poisoning).

DHCP – A computer depends upon a server to assign it the right IP address.

BOOTP -Can receive a diskless computers IP address from a server

ICMP – Delivers messages, reports errors, replies to certain requests, reports routing information and is used to test connectivity and troubleshoot problems on IP networks.

Networking devices

Device                        OSI Layer                                Functionality
Repeater                      Physical                                    Amplifies signals and extends networks.
Bridge                          Data link                                   Forwards packets and filters based on
_                                                                                MAC adresses; forwards broadcast traffic,
_                                                                                but not collision traffic.
Router                         Network                                   Seperates and connnects LANs creating
_                                                                               internetworks; routers filter based on IP addresses.
Brouter                        Data link and Network               A hybrid device that combines the
_                                                                               functionality of a bride and a router. A
_                                                                               brouter can bridge multiple protocols and
_                                                                               can route packets on some of those protocols.
Switch                         Data link(More intelligent           Provides a private virtual link between
_                                 switches work at the network layer)   communicating devices, allows for
_                                                                                        VLANs, reduces traffic and impedes
_                                                                                         network sniffing.
Gateway                      Application(although different     Connects different types of networks,
_                                types of gateways can work at    performs protocol and format translations.
_                                otherLayers)

Comments on bridges:

Three types of bridges:
– Local bridge: Connects two or more LAN segments within a local area.
– Remote bridge: Can connect two or more LAN segment over a wide area network by using telecommunications.
– Translation bridge: If two LANs being connected are different types and use different standards and protocols.

Broadcast storm – Because bridges forward all traffic, the forward all broadcast packets.

STA Spanning Tree Algorithm – Ensures that frames do not circle networks forever, provides redundant paths in case a bridge goes down, assigns unique identifiers to each bridge, assigns priority values to these different bridges and calculates path costs.

Source routing – The packets hold the forwarding information so that they can find their way to the destination themselves without bridges and routers dictating their paths.

VLAN Virtual LANs: Enable administrators to logically separate and group users based on resource requirements, security or business needs instead of the standard physical location of the users.

PBX Private Branch Exchange: Is a telephone switch that is located on a company’s property.

Firewalls

Restrict access from one network to another, internally or externally.

DMZ – Demilitarized Zone: A Network segment that is located between the protected and the unprotected networks.

Packet filtering: A method controlling what data can flow into and from a network. Take place by using ACL’s, which are developed and applied to a device. Is based on network layer information, which means that the device cannot look too far into the packet itself. Is not application dependent. Do not keep track of the state of a connection. Provides high performance. Used in first-generation firewalls.

Stateful Packet Filtering: It remembers and keeps track of what packets went where until that particular connection is closed. This requires the firewall to maintain a state table, which is like a score sheet of who said what to whom. Make decisions on what packets to allow or disallow. Works at the network layer.

Proxy firewalls: Stands between a trusted and untrusted network and actually makes the connection, each way, on behalf of the source. Makes a copy of each accepted packet before transmitting it and repackages the packet to hide the packet’s true origin. Works at the application layer.

Dual-homed firewall: Has two interfaces; one facing the external network and the other facing the internal network. Has two NICs and has packet forwarding turned off. Are often used when a company uses proxy firewalls.

Application-level proxies: Inspect the entire packet and make access decisions based on the actual content of the packet. Understand different services and protocols and the commands that are used within them There must be one application-level proxy per service. Works at the application level.

Circuit-level proxy: Creates a circuit between the client computer and the server It knows the source and destination addresses and makes access decisions based on this information. Can handle a wide variety of protocols and services. Works at the network layer.

SOCKS: Is an example of a circuit-level proxy gateway that provides a secure channel between two TCP/IP computers. Does not provide detailed protocol-specific control.

Firewall architecture

Bastion Host: It is the machine that will be accessed by any and all entities trying to access or leave the network. Can support packet filtering, proxy and hybrid firewall applications.

Screened Host: Is a bastion host firewall that communicates directly with a border router and the internal
network.

Screened Subnet: The bastion host, housing the firewall, is sandwiched between two routers. The external applies packet filtering and the internal also filters the traffic.

Shoulds of Firewalls: The default action of any firewall should be to implicitly deny any packets not explicitly
allowed.

Masquerading / spoofing: The attacker modifies a packet header to have the source address of a host inside the network that she wants to attack.

Honeypot: Is a computer that sits in the DMZ in hopes to lure attackers to it instead of actual production computers.

Networking Services

NOS – Networking operations system: Is designed to control network resource access and provide the necessary services to enable a computer to interact with the surrounding network.

DNS – Domain Name service: Is a method of resolving hostnames. Networks are split up into zones The DNS server that holds the files for one of these zones is said to be the authoritative name server for that particular zone. It is recommended that there be a primary and secondary DNS server for each zone.

Directory Services: Has a hierarchical database of users, computers, printers, resources and attributes of each.

Intranets and Extranets

Intranets: When a company uses Internet– or Web-based technologies inside their networks.

Extranets: Enable two or more companies to share common information and resources.

NAT Network Address Translation: Is a gateway between a network and the Internet, or another network, that performs transparent routing and address translation.

MAN – Metropolitan Area Network: Usually a backbone that connects businesses to WANs, the Internet and other businesses. A majority are SONET / Synchronous Optical Network or FDDI rings.

WAN – Wide Area Network: Are used when communication needs to travel over a larger geographical area.

Dedicated links: Also called leased line or point-to-point link.

T-carriers: Dedicated lines that can carry voice and data information over trunk lines.

S/WAN – Secure WAN: Based on VPNs that are created with IPSec.

WAN Technologies

CSU/DSU – Channel Service Unit / Data Service Unit: Is required when digital equipment will be used to connect a LAN network to a WAN network. DSU converts digital signals to be transmitted over the telephone company’s digital lines. CSU is the unit that connects the network directly to the telephone company’s line. Provides a digital interface for DTE – Data Terminal Equipment. Provides an interface to the DCE – Data Circuit-Terminating Equipment device.

Switching: Circuit switching – Sets up a virtual connection that acts like a dedicated link between two systems. Packet switching – Packets can travel along many different routes to arrive to the same destination.
Frame relay: Is a WAN protocol that operates at the data link layer. Uses packet-switching technology. CIR /committed information rate – Companies that pay more to ensure that a higher level of bandwidth will always be available to them.

Two main types of equipment used:
– DET / Data Terminal Equipment – Customer owned.
– DCE / Data Cricuit-Terminating Equipment – Service provider’s or phone company’s

Virtual Circuits:

PVC / Permanent virtual circuit – Works like a private line for a customer with an agreed – upon bandwidth availability.

SVC / switched virtual circuits – Require steps similar to a dial-up and connection procedure.

X.25: Is an older WAN protocol that defines how devices and networks establish and maintain connections. Is a switching technology. Data is divided into 128 bytes and encapsulated in High-level Data Link Control (HDLC) frames. The frames are then addressed, and forwarded across the carrier switches.

ATM – Asynchronous Transfer Mode: Is a switching technology. Uses a cell-switching technology. This means that data is segmented into fixed size cells, 53 bytes, instead of variable-size packets. Is a high-speed networking technology used for LAN, WAN and service provider connections Sets up virtual circuits, which act like dedicated paths between the source and destination. These virtual circuits can guarantee bandwidth and QoS.

SMDS – Switched Mulitmegabit Data Service: Is a high-speed packet-switched technology used to enable customers to extend their LANs across MANs and WANs. Is connectionless and can provide bandwidth on demand.

SDLC – Synchronous Data Link Control: Is based on networks that use dedicated, leased lines with permanent physical connections. Provides the polling media access technology, which is a mechanism that enables secondary stations to communicate on the network.

HDLC – High-level Data Link Control: Is a bit-oriented link layer protocol used for transmission over synchronous lines. Works with primary stations that contact secondary stations to establish data transmission.

HSSI – High-Speed Serial Interface: Is used to connect multiplexers and routers to high-speed communication services like ATM and frame relay.

Multiservice Access: Combine different types of communication categories over one transmission line. Jittering – When someone using VoIP for phone call experiences lags in the conversation.

H.323: Is a part of ITU-T recommendations that cover a wide variety of multimedia communication services.

Remote Access

Dial-up and RAS: RAS / Remote Access Service server – Performs authentication by comparing the provided
credentials with the database of credentials it maintains.

Wardialing – Is a process used by many attackers to identify remote access modems.

ISDN – Integrated Services Digital Network: Breakes the telephone line into different channels and transmits data in a digital form versus the old analog method.

Three methods:
– BRI / Basic Rate Interface – 2 B channels and 1 D channel.
– PRI / Primary Rate Interface – 23 B channels and 1 D channel.
– BISDN / Broadband – Handle different types of services at the same time.
The D channel provides for a quicker call setup and process of making a connection.

DSL – Digital Subscriber Line: is a broadband technology. The services can be symmetric -> Speed upstream <> downstream. Connected all the time.

Cable modems: Provide high speed access. Connected all the time.

VPN – Virtual Private Network: Is a secure private connection through a public network.

PPTP – Point-to-point tunnelling protocol: Is an encapsulation protocol based on PPP. Works at the data link layer and it enables a single point-to-point connection. Encrypts and encapsulates PPP packets. When negotiating takes place, PPTP cannot encrypt this information because encryption is in the process of being invoked. Can only work on top of IP networks.

L2TP – Layer 2 Tunnelling Protocol: Can run on top and tunnel through networks that use other protocol. Is not an encryption protocol. Supports TACACS+ and RADIUS.

L2F – Layer 2 Forwarding: Provides mutual authentication. No encryption.

IPSec: Handles multiple connections at the same time. Provides secure authentication and encryption. Supports only IP networks. Focuses on LAN-to-LAN communication rather than a dial-up protocol. Works at the network layer and provides security on top of IP. Can work in tunnel mode, meaning the payload and header is encrypted or transport mode, meaning that only the payload is encrypted.

PPP – Point-to-Point: Is used to encapsulate messages and transmit them through an IP network.

PAP – Password Authentication Protocol: Provides identification and authentication of the user attempting to access a network from the remote system.

CHAP – Challenge Handshake Authentication Protocol: Is an authentication protocol that uses challenge/response mechanism to authenticate instead of sending a username and password.

EAP – Extensible Authentication Protocol: Provides a framework to enable many types of authentication techniques to be used during PPP connections.

Network and resource availability

Single point of failure: If one device goes down, a segment or the entire network is negatively affected.

RAID – Redundant Array of Inexpensive Disks: A technology used for redundancy and performance improvement that combines several physical disks and aggregates them into logical arrays.

Clustering: A group of servers that are viewed logically as one server to users and are managed as a single system.

As a side notice, there are questions about CISSP vs CISA. The focus of those two certifications is different. While CISSP is focused on building and maintain security (although is not a technical standard), CISA is more focused on auditing and assessing risks and controls. Your choice of certification should be based on what you really want to work with. If you want to be a security professional, CISSP is the choice. If you want to be an IT/IS auditor instead, then you should take CISA. As I’ve been an IT/IS auditor and now is an IS consultant. There is a lot of knowledge supported by both CISA and CISSP.