This chapter discusses security vulnerabilities, threats, and countermeasures related to hardware, firmware, memory, input/output devices, client-based systems, server-based systems, database systems, distributed systems, cloud-based systems, mobile systems, embedded devices, and cyber-physical systems. It covers protection mechanisms, common architecture flaws, and methods to assess and mitigate risks like injections, cross-site scripting, and covert channels. The chapter emphasizes principles like layering, abstraction, data hiding, and least privilege to inform security policies and architecture design.

1. Chapter 9
Security Vulnerabilities, Threats,
and Countermeasures
Assess and Mitigate Security Vulnerabilities
Hardware
Hardware Components
Protection Mechanisms
Memory
Memory Addressing
Secondary Memory
Input/Output Devices
Firmware
overview
Hardware Components
Processor / central processing unit (CPU)
Execution types:
Multitasking
Multicore
Multiprocessing: SMP and MPP
Multiprogramming
Multithreading
Processing types:
Singles state
Multistate

2. Protection Mechanisms 1/3
Protection rings
Kernel mode or
privileged mode
User mode
Mediated access/
system call
Protection Mechanisms 2/3
Process states/Operating states
OS: supervisory or problem
Processes: Ready, Waiting, Running, Supervisory, Stopped
Process scheduler or program executive
Protection Mechanisms 3/3
Security Modes
Requirements:
MAC
Physical control over who can access console
Physical control over who can enter room
Dedicated
System high
Compartmented

3. Multilevel
Memory
Read only memory (ROM)
Programmable Read-Only Memory (PROM)
Erasable Programmable Read-Only Memory (EPROM)
Electronically Erasable Programmable Read-Only Memory
(EEPROM)
Flash
Random access memory (RAM)
Real
Cache
Registers
Memory Addressing
Register
Immediate
Related to a register or as part of an instruction
Direct
Actual address of memory location
Indirect
An address of memory location which holds the address of the
target data
Base plus Offset
Base address stored in a register, offset is relative location

4. Secondary Memory 1/2
Magnetic, optical, or flash media
Not immediately available to CPU
Virtual memory
Paging
Security issues
Theft, purging, physical access
Primary vs. secondary
Volatile vs. nonvolatile
Random vs. sequential
Secondary Memory 2/2
Data remanence
SSD wear leveling
Theft – encryption
Device access control
Data retention over use lifetime - availaibility
Input/Output Devices
Monitors
Printers
Keyboards and mice
Modems
Firmware

5. Microcode
Basic Input/Output System (BIOS)
Unified Extensible Firmware Interface (UEFI)
Phlashing
Device firmware
EEPROM
Client-Based Systems 1/2
Applets
Java and JVM
ActiveX
Local Caches 1/2
ARP
ARP cache poisoning
Client-Based Systems 2/2
Local Caches 2/2
DNS
DNS cache poisoning:
HOSTS file
Authorized DNS
Caching DNS
DNS lookup address change
DNS query spoofing
Defence: split DNS, IDS
Internet files
Temporary Internet files and cache

6. Server Based Systems
Data flow control
Load balancing
Management between processes, devices, networks, or
communication channels
Efficient transmission with minimal delays or latency
Reliable throughput using hashing and confidentiality
protection with encryption
Database Systems Security
Aggregation
Inference
Data Mining and Data Warehousing
Data dictionary
Meta data
Data mart
Data Analytics
Big Data
Large-Scale Parallel Data Systems
AMP, SMP, MPP
Distributed Systems and
Endpoint Security
-server model
Distributed architectures
Endpoint security
Screening/filtering email

7. Download/upload policies
Robust access controls
Restricted user-interfaces
File encryption
(see list in book)
Cloud-Based Systems and
Cloud Computing 1/3
Hypervisor, virtual machine monitor (VMM)
Type I hypervisor (native or bare-metal hypervisor)
Type II hypervisor (hosted hypervisor)
Cloud storage
Elasticity
Cloud computing
PaaS
SaaS
IaaS
Cloud-Based Systems and
Cloud Computing 2/3
On-premise vs. hosted vs. cloud
Private, public, hybrid, community
Issues:
Privacy concerns
Regulation compliance difficulties
Use of open/closed-source solutions
Adoption of open standards
Whether or not cloud-based data is actually secured (or even
securable)

8. Cloud-Based Systems and
Cloud Computing 3/3
Cloud access security broker (CASB)
Security as a service (SECaaS)
Cloud shared responsibility model
Grid and Peer to Peer
Grid Computing
Parallel distributed processing
Members can enter and leave at will
Work content is potentially exposed publicly
Work packets are sometimes not returned, returned late, or
returned corrupted
Peer to Peer
No central management system
Services provided are usually real time
VoIP, file distribution, A/V streaming/distribution
Internet of Things
Smart devices
Automation, remote control, or AI processing
Extensions or replacements of existing devices, equipment, or
systems
Security may not be integrated
Top concerns: access and encryption
Consider deploying in isolated subnet

9. Industrial Control Systems
Distributed Control Systems (DCS)
Manage/control industrial processes over a large-scale
deployment from a single location
Programmable Logic Controllers (PLC)
Single-purpose or focused-purpose digital computers
Supervisory Control and Data Acquisition (SCADA)
Stand-alone or internetworked
Does not always properly address security
Assess and Mitigate Vulnerabili ties in Web-Based Systems 1/2
eXtensible Markup Language (XML)
Security Association Markup Language (SAML)
Web-based authentication
Singe sign-on
Open Web Application Security Project (OWASP)
Secure Sockets Layer (SSL)/
Transport Layer Security (TLS)
Injections (SQL, LDAP, XML), XML exploitation,
Cross-site scripting (XSS),
Cross-site request forgery (XSRF)
Assess and Mitigate Vulnerabilities in Web-Based Systems 2/2
Static vs. dynamic content
Web applications
Server side executables, scripts, databases
Publicly accessed Web servers should be hosted outside of LAN

10. DMZ, co-location, cloud hosting
Input validation
Length, patterns, metacharacters
Limit account privileges
Assess and Mitigate Vulnerabilities in Mobile Systems
Device Security
Application Security
BYOD Concerns
overview
Device Security 1/2
Full device encryption
Remote wiping
Lockout
Screen locks
GPS
Application control
Storage segmentation
Asset tracking
Device Security 2/2
Inventory control
Mobile Device Management (MDM)
Device access control
Removable storage

11. Disabling unused features
Application Security
Key management
Credential management
Authentication
Geotagging
Encryption
Application whitelisting
BYOD Concerns 1/3
Bring your own device (BYOD)
Company owned, personally enabled (COPE)
Choose your own device (CYOD)
Corporate-owned mobile strategy
Virtual desktop infrastructure (VDI)
virtual mobile infrastructure (VMI)
BYOD Concerns 2/3
Data ownership
Support ownership
Patch management
Antivirus management
Forensics
Privacy

12. Onboarding/offboarding
Adherence to corporate policies
BYOD Concerns 3/3
User acceptance
Architecture/infrastructure considerations
Legal concerns
Acceptable use policy
Onboard camera/video
Assess and Mitigate Vulnerabilities in
Embedded Devices and Cyber-Physical Systems
Embedded system
Stand system, static environment
Examples of embedded and static systems
Methods of securing
overview
Examples of
Embedded and Static Systems
Network-enabled devices
Cyber-physical systems

13. Internet of Things (IoT)
Mainframes
Game consoles
In-vehicle computing systems
Methods of Securing
Network segmentation
Security layers
Application firewalls
Manual updates
Firmware version control
Wrappers
Monitoring
Control redundancy and diversity
Essential
Security Protection Mechanisms
Technical Mechanisms
Security Policy and Computer Architecture
Policy Mechanisms
overview
Technical Mechanisms
Layering
Abstraction
Data hiding

14. Process isolation
Hardware segmentation
Security Policy and
Computer Architecture
Informs and guides design, development, implementation,
testing, and maintenance
Define rules and practices
Addresses hardware and software
Policy Mechanisms
Principle of least privilege
Separation of privilege
Accountability
Common Architecture Flaws and Security Issues 1/2
Covert Channels
Covert timing channels
Covert storage channels
Attacks Based on Design or Coding Flaws and Security Issues
Trusted recovery
Input and parameter checking
Maintenance hooks and privileged programs
Incremental attacks
Data diddling, salami (aggregation) attack

15. Common Architecture Flaws and Security Issues 2/2
Programming
Sanitize input, buffer overflow, exceptions, testing
Timing, State Changes, and Communication Disconnects
Time of check to time of use (TOCTOU) attacks
Technology and Process Integration
Service-oriented architecture (SOA)
Electromagnetic Radiation
TEMPEST
Faraday cage
Jamming, noise generators, control zones
Conclusion
Read the Exam Essentials
Review the Chapter
Perform the Written Labs
Answer the Review Questions