cissp

1. - The scope and focus of a BCP is mostly dependant on the ​BIA (business
impact analysis)
- ​El Gamal​​is an unpatented, asymmetric key algorithm based on the discrete
logarithm problem used in Diffie-Hellman. It extends the functionality of
Diffie-Hellman to include encryption and digital signatures.
- ​Function Point (FP) analysis​is a measure of the size of an information
system based on the number and complexity of the inputs, outputs and files that
a user sees and interacts with
- ​PGP​uses the IDEA algorithm (symmetric) for encryption and the RSA algorithm
(asymmetric) for key distribution and digital signatures.
- ​Program Evaluation Review Technique (PERT) charts.​PERT charts are
project management tools used for time/progress estimation and resource
allocation, NOT for estimating the financial burden of the project
- Because of the amount of computation involved in public key cryptography, a
DES hardware implementation of secret key cryptography is on the order of ​1000
to 10000 times faster ​than RSA public key cryptography.
- A ​SA ​is a one-way connection between two communicating parties, meaning
that two SAs are required for each pair of communicating hosts. Additionally,
each SA only supports a single protocol (AH or ESP). Thus, if both AH and ESP are
used between two communicating hosts, a total of four SAs is required.
- ​SESAME​is subject to password guessing like Kerberos.
The Basic Mechanism in Sesame for strong authentication is as follows:
The user sends a request for authentication to the Authentication Server as in
Kerberos, except that ​SESAME makes use of public key cryptography ​for
authentication where the client will present his digital certificate and the request
will be signed using a digital signature. The signature is communicated to the
authentication server through the preauthentication fields. Upon receipt of this
request, the authentication server will verify the certificate, then validate the
signature, and if all is fine the AS will issue a ticket granting ticket (TGT) as in
Kerberos. This TGT will be use to communicate with the privilage attribute server
(PAS) when access to a resource is needed.
Users may authenticate using either a public key pair or a conventional
(symmetric) key. If public key cryptography is used, public key data is
transported in preauthentication data fields to help establish identity. Kerberos
uses tickets for authenticating subjects to objects and SESAME uses ​Privileged
Attribute Certificates (PAC)​, which contain the subject’s identity, access
capabilities for the object, access time period, and lifetime of the PAC. The PAC is
digitally signed so that the object can validate that it came from the trusted
authentication server, which is referred to as the privilege attribute server (PAS).
The PAS holds a similar role as the KDC within Kerberos. After a user successfully
authenticates to the authentication service (AS), he is presented with a token to
give to the PAS. The PAS then creates a PAC for the user to present to the
resource he is trying to access.

2. -The northbridge bus connects the CPU to the VIDEO and RAM
- ​Continuous authentication ​provides protection against attacks that happen in
a connection ​even after authentication is complete​. This is usually done by
applying a digital signature to every bit of data sent (eg applying some sort of
cryptography to every bit sent)
- The only difference between a circuit-level gateway and a simple port
forwarding mechanism is that with a circuit-level gateway, the client is aware of
the intermediate system, whereas in the case of a simple port-forwarding
mechanism, the client must not be aware and may be completely oblivious of the
existence of the intermediary
- ​DDE (Dynamic Data Exchange)​enables different applications to share data
and send commands to each other directly.
- Objects sensitivity label = ​single classificiation + compartement set
- ​Physical cable lengths: ​10Base2, also known as RG58, or thinnet, is limited to
185 meters. 10Base5, also known as RG8/RG11 or thicknet, is limited to 500
meters. 10BaseT is only limited to 100 meters. Note that the 2 in 10Base2 refers
to the maximum cable length (200 meters, 185, actually) and the 5 in 10Base5 is
for 500 meters.
- The ​WAP GAP​is a specific security issue associated with WAP results from the
requirement to change security protocols at the carrier's WAP gateway from the
wireless WTLS to SSL for use over the wired network. WTLS is replaced by TLS in
WAP 2.0. The gateway described above is no longer needed to translate (decrypt
from one standard and re-encrypt to another) since the Internet servers are able
to interpret the TLS transmission directly. All data remains encrypted as it passes
through the gateway.
At the WAP gateway, the transmission, which is protected by WTLS, is decrypted
and then re-encrypted for transmission using SSL, leaving data temporarily in the
clear on the gateway.
- ​National Information Assurance Certification and Accreditation Process
(NIACAP),​establishes the minimum national standards for certifying and
accrediting national security systems. This process provides a standard set of
activities, general tasks, and a management structure to certify and accredit
systems that will maintain the Information Assurance (IA) and security posture of
a system or site.
- The ​object-relational database​is the marriage of object-oriented and
relational technologies and combines the attributes of both.
- A ​system reboot ​is performed after shutting down the system in a controlled
manner in response to a TCB failure.
- An ​emergency system restart ​is done after a system fails in an uncontrolled
manner but consistency can be brought back automatically to the system.
- A ​system cold start ​takes place when unexpected TCB or media failures take
place and the recovery procedures cannot bring the system to a consistent state.
Intervention of administrative personnel is required to bring the system to a

3. consistent state from maintenance mode.
- ​Information Labels ​are similar to Sensitivity Labels, but in addition to the
classification and the category set of the Sensitivity Labels, they also have the
necessary controls to be able to operate as a trusted computer. One other
important difference is that the Reference Monitor does not use Information
Labels for access permissions
- ​DCE ​does provide the same functionality as DCOM, but DCE is an open standard
developed by the Open Software Foundation (OSF) and DCOM, developed by
Microsoft, is more proprietary in nature
- Risk management consists of two primary and one underlying activity; risk
assessment and risk mitigation are the primary activities and ​uncertainty
analysis is the underlying one​. After having performed risk assessment and
mitigation, an uncertainty analysis should be performed. Risk management must
often rely on speculation, best guesses, incomplete data, and many unproven
assumptions. A ​documented uncertainty analysis allows the risk
management results to be used knowledgeably​. A vulnerability analysis,
likelihood assessment and threat identification are all parts of the collection and
analysis of data part of the risk assessment, one of the primary activities of risk
management.
- ​BIA ​should emphasize ​system dependancies.​Then, prioritization can occur.
- The ​Authentication Header​is a mechanism for providing strong ​integrity
and authentication​for IP datagrams. It might also provide non-repudiation,
depending on which cryptographic algorithm is used and how keying is
performed. For example, use of an asymmetric digital signature algorithm, such
as RSA, could provide non-repudiation."
ESP is a mechanism for providing integrity and confidentiality to IP datagrams. It
may also provide authentication, depending on which logarithm and algorithm
mode are used. ​Non-repudiation​and ​protection from traffic analysis​are ​not
provided​by ESP
- ​Extensible Authentication Protocol​as a framework that supports multiple,
optional authentication mechanisms for​PPP​, including cleartext passwords,
challenge-response, and arbitrary dialog sequences
- SSL : Presentation + transport layer. (recall presentation layer is to do with
compression and encryption). Also remember successor is TLS = ​transport layer
security
- Individual accountability includes:
* unique IDs (for ID)
* access rules (to determine violations)
* audit trails (detective, for logging)
- ​Padded cells ​are simulated environments to which IDSs seamlessly transfer
detected attackers and are designed to convince an attacker that the attack is
going according to the plan.
- ​FRAP ​(facilitated risk analysis process) : business managers and technical staff.

4. Brainstorm and identify risk, and apply a group of 26 common controls to
categorize risk
- The ​functional design analysis and planning stage ​of an SDLC is the point
at which a project plan is developed, test schedules assigned, and expectations
outlined
- ​default open​is not a prefered security model
- ​External consistency ​ensures that the data stored in the database is
consistent with the real world
-DBMS: ​Cell suppression ​is a technique used against inference attacks by not
revealing information in the case where a statistical query produces a very small
result set. ​Perturbation ​also addresses inference attacks but involves making
minor modifications to the results to a query. ​Partitioning ​involves splitting a
database into two or more physical or logical parts; especially relevant for
multilevel secure databases.
- System development + system maintenance can be done by same people
- The running key cipher is based on modular arithmetic
- Telnet’s primary use is terminal emulation
- Root cause analysis needed for ​eradication​phase
- Flash can be read/written multiple times quickly, but at the cost of only writing
large blocks at a time.
- As relates to operations security and TB : trusted paths are trustworthy
interfaces into privileged user functions, i.e. they are pathways through the
security boundary which separates the TCB components and untrusted
components. trusted paths would be a form of API
- In an online transaction processing system, if an invalid or erroneous
transaction is detected, it should be written to a report and reviewed
- ​limited privilege ​: trusted process characteristic where operations are
performed without allowing the user direct access to unauthorized sensitive data
- ​DAC ​and ​MAC​both employ least privilege. But only MAC employs need to know
(compartmentalization)
- The reference monitor must meet three conditions:
(1) it must be tamperproof (isolation)
(2) it must be invoked on every access to every object (completeness) and
(3) it must be small enough for thorough validation of its operation through
analysis and tests, in order to verify completeness (v
- ​MSR minimum security requirements​state that a password should have
minimum length of ​8 characters.
- ​One time pads​to be unbreakable the pads must:
* have completely random characters
* be secure
* must not be re-used
* key must be as long as the message
- Detection capabilities of host based IDS systems are usually limited by the audit

5. logging capabilities of the host
- Software librarian can enforce separation of duties to ensure programmers do
not have access to production code
- MTD = RTO + WRT ; Maximum Tolerable Downtime = Recovery Time Objective
+ Work Recovery Time
- An ​interoperable​, or ​cooperative​, database is defined as ​interconnected
platforms running independent copies of software with independent copies of
data. Not to be confused with a ​decentralized​database, involving ​connected or
unconnected​but related platforms running independent copies of software with
independent copies of data. A ​dispersed​database involves interconnected and
related platforms running the same software and using the same data, one of
which is centralized (software or data).
- Graham-Denning model has 8 rules
- One technique of process isolation is time-multiplexing
- Data or information owner can determine if controls in place protect sensitive
data sufficiently
- ​Diffie Hellmann ​: protocol used to enable two users using symmetric
encryption to exchange a secret key (session key) over an insecure medium
without any prior secrets. The negotiated key will subsequently be used for
message encryption
- ITSEC vs Orange book : One major difference between the two is ITSEC’s
inclusion of integrity and availability as security goals, along with confidentiality.
- IPSec peer authentication performed at phase 1
- IPSec:
In ​phase 1​of this process, IKE creates an authenticated, secure channel between
the two IKE peers, called the IKE security association. The Diffie-Hellman key
agreement is always performed in this phase. (bi-directional SA)
In ​phase 2​IKE negotiates the IPSec security associations and generates the
required key material for IPSec. The sender offers one or more transform sets
that are used to specify an allowed combination of transforms with their
respective settings. (Simplex SA x2)
- SET = ​Secure Electronic Transaction​: OSI L7 application layer protocol
- ​Quality assurance​can also be an additional responsibility of the security
administrator. The security administrator, being responsible for application
programming, systems programming or data entry, does not provide for proper
segregation of duties
- ​Linear cryptanalysis​: attempt to determine key from large amounts of plain /
cipher text pairs
- ​Output controls​are used for two things: for verifying the integrity and
protecting the confidentiality of an output
- ​Input controls​are used to validate input (correct range, etc), helps prevent
certain types of attacks eg bugger overflow
- Max key size for Rijandael is 256 bits

6. - ​ISO 27001:2005​: standard for Information Security management
- DES key length = 56 bits , parity or key sequence of 8 bits = 64bit. Uses 64-bit
blocks and output 64-bit ciphertext
- The main advantage of the qualitative impact analysis is that it prioritizes the
risks and identifies areas for immediate improvement in addressing the
vulnerabilities.
- ​Differential cryptanalysis ​: attempt to determine key by statistically
analysing a few plain - cipher text pairs
- SQL = ​DDL (data definition language) + DML​​(data manipulation
language)
- polymorphism ​: object acts differently, depending on the input message
- ​polyinstantiation ​: same object, different data (eg secret data, top secret
data)
- ​Digital envelope:​message encrypted with secret key, which is in turn
encrypted with public key of reciever
- ​UTP categories​based on how tightly a cable is twisted
- Coaxial cables need fixed spacing between connections (termination / reflection,
etc)
- ​Degree ​of a table represents number of columns therefore not related to
number of primary keys
- A ​protection domain ​consists of the execution and memory space assigned to
each process. The purpose of establishing a protection domain is to protect
programs from all unauthorized modification or executional interference. The
security perimeter ​is the boundary that separates the ​Trusted Computing Base
(TCB)​from the remainder of the system
- ​RC4 is not a block cipher​(variable-key-length stream cipher)
- ​A stream cipher generates what is called a ​keystream​(a sequence of bits
used as a key).
- ​data diddling​: active form of attack that alters existing data, ​most common
insider attack
- ​Elliptic Curve Cryptography​has the highest strength per bit of key length of
any asymmetric algo, hence less key length is needed, used for mobile devices
- ​Trusted recovery​ensures that security is not breached when a system crash
or other system failure occurs. When the system crashes, it must be able to
restart without compromising its required protection scheme and to recover and
rollback without being compromised after the failure. Trusted recovery is only
required for B3 and A1 level systems.
- ​secondary evidence : ​copy of a piece of evidence or oral description
- ​direct evidence :​can prove a fact by itself (does not need backup), for
example oral testimony based on info gathered through a witness’s five senses
- ​Auxiliary station​alarms automatically cause an alarm originating in a data
center to be transmitted over the local municipal fire or police alarm circuits for
relaying to both the local police/fire station and the appropriate headquarters.

7. Central station​alarms are operated by private security organizations
- A ​data dictionary ​is a central collection of data element definitions, schema
objects, and reference keys.
- A single account on the system has the administrative rights to all the
security-related functions of the system.​​This demonstrates ​Trusted Facility
Management​because you restrict access to administrative functions.
A failure or crash of the system cannot be used to breach security.​​This would fall
under ​Trusted Recovery​.
- ​clapper valve ​holds back water in dry system (fire suppression)
- Regarding SSL: Once the server has been authenticated by the browser client,
the browser generates a master secret that is to be shared only between the
server and client. This secret serves as a seed to generate the session (private)
keys. The master secret is then encrypted with the server's public key and sent to
the server. The fact that the master secret is generated by the client's browser
provides the client assurance that the server is not reusing keys that would have
been used in a previous session with another client.
- ​Evaluation​is the process of independently assessing a system against a
standard of comparison, such as evaluation criteria. ​Certification​is the process
of performing a comprehensive analysis of the security features and safeguards of
a system to establish the extent to which the security requirements are satisfied.
Accreditation​is the official management decision to operate a system (achieved
during ​implementation phase​.
Acceptance​testing refers to user testing of a system before accepting delivery.
- The ​operation/ maintenance​phase of an IT system is concerned with user
authentication
- ​attribute certificate ​is a digital certificate that binds a set of descriptive data
items, other than a public key, either directly to a subject name or to the
identifier of another certificate that is a public-key certificate
- CER : crossover error rate, FRR : false rejection rate
- ​Clark_Wilson model​: achieves data integrity through well-formed
transactions and seperation of duties (eg using middleware)
- RADIUS and DIAMETER are only backward compatible. DIAMETER is compatible
with radius, but not vie-versa
- The ​security perimeter ​is the imaginary line that separates the trusted
components of the kernel and the Trusted Computing Base (TCB) from those
elements that are not trusted
- ​Software plans and requirements​usually addresses due care and due
diligence
- When access control is on what is contained in the database it is considered to
be ​content-dependent access control
- ​BIA primary objectives:
* Criticality prioritization
* downtime estimation

8. * resource requirements
- BIA objectives:
* interviews for data gathering
* create data gathering techniques
* identify critical business functions
* identify resources that the above functions depend upon
* how long can functions survive without the resources
* identify vulnerabilities and threats to the resources
* calculate risk to resources
* document and report
- In IPSec, an SA is ​simplex ​in operation, not duplex
- ​soda acid​removes the fuel supply of a fire
- Operational controls are concerned most with personnel safety
- ​ARL​vs ​CRL​= ​Authority Revocation List​vs ​Certificate Revocation List
- ​Pipelining : ​overlapping steps of different instructions
- ​SSL session key length ​vary from 40bit to 256bit
- ​S-RPC​provides authentication
- ​Secure HTTP (S-HTTP)​is designed to send individual messages securely
- For authentication via DES, ​Cipher Block Chaining​and ​Cipher Feedback​can be
used since they create a key that is dependent of the previous block and the final
block serves as a ​Message Authentication Code​. Output feedback does not allow
any sort of MAC
- ​Wireless Transport Layer Security (WTLS)​is a communication protocol that
allows wireless devices to send and receive encrypted information over the
Internet.
- Keyed hash also called a ​MAC (message authentication code)​is used for
integrity protection, and authentication. Eg of MAC : encrypt message with secret
key DES, and hash the output.
- In order to protect against fraud in electronic fund transfers (EFT), the Message
Authentication Code (MAC), ANSI X9.9, was developed. The MAC is a check value,
which is derived from the contents of the message itself, that is sensitive to the
bit changes in a message. It is similar to a ​Cyclic Redundancy Check (CRC)​. The
Secure Electronic Transaction (SET)​was developed by a consortium including
MasterCard and VISA as a means of preventing fraud from occurring ​during
electronic payment
- Capacitance detectors ​ ​is used for spot protection within a few inches of the
object, rather than for overall room security monitoring.
- Internet refers to the global network of public networks and ISP
- Communications security management prevents,detects and corrects errors so
CIA of network transaction may be maintained
- The computations involved in selecting keys and in enciphering data are
complex, and are not practical for manual use. However, using mathematical
properties of modular arithmetic and a method known as ​computing in Galois

9. fields​, RSA is quite feasible for computer use.
- ​known-plaintext attack​: a cryptanalysis technique in which the analyst tries
to determine the key from knowledge of some plaintext-ciphertext pairs (although
the analyst may also have other clues, such as the knowing the cryptographic
algorithm).
- ​chosen-ciphertext attack ​is defined as a cryptanalysis technique in which the
analyst tries to determine the key from knowledge of plaintext that corresponds
to ciphertext selected (i.e., dictated) by the analyst.
- ​chosen-plaintext attack ​is a cryptanalysis technique in which the analyst tries
to determine the key from knowledge of ciphertext that corresponds to plaintext
selected (i.e., dictated) by the analyst.
- ​Stream cipher​is most suited to hardware implementations
- A central authority that determines which subjects have access to which objects
is a fom of ​non-discretionary access control
- ​cardinality of a database ​refers to the number of rows in a relation (eg 1 to
1, 1 to many, etc)
- ​X.400​is used in e-mail as a message handling protocol. ​X.500​is used in
directory services. ​X.509​is used in digital certificates and​X.800 ​is used a
network security standard
- ​Split knowledge​involves encryption keys being separated into two
components, each of which does not reveal the other
- Reasonableness checks, range checks, syntax checks and check digits are
common program controls
- An ​analytic attack​refers to using algorithm and algebraic manipulation
weakness to reduce complexity.
- Content dependant protection of info increases processing overhead
- Simple Security property in Bell-LaPadula = ​no read up
- Simple Security property in Biba = ​no read down
- star property in Bell-LaPadula = ​confinement property
- to remember : ​simple = read, *(star) = write
- A ​reference monitor ​compares the security labels on a subject and object
- ​Phreaking:
RED BOX
A ​red box​is a ​phreaking​device that generates tones to simulate inserting coins
in ​pay phones​, thus fooling the system into completing free calls. In the US, a
dime is represented by two tones, a nickel by one, and a quarter by a set of 5
tones. Any device capable of playing back recorded sounds can potentially be
used as a red box. Commonly used devices include modified Radio Shack tone
dialers, personal MP3 players, and audio-recording greeting cards.
BLUE BOX
An early ​phreaking​tool, the ​blue box​is an ​electronic device​that simulates a
telephone operator​'s dialing console. It functions by replicating the tones used to

10. switch long-distance calls and using them to route the user's own call, bypassing
the normal switching mechanism. The most typical use of a blue box was to place
free telephone calls - inversely, the ​Black Box​enabled one to receive calls which
were free to the caller. The blue box no longer works in most western nations, as
modern ​switching systems​are now digital and no longer use the ​in-band signaling
which the blue box emulates. Instead, signaling occurs on an ​out-of-band​channel
which cannot be accessed from the line the caller is using (called ​Common
Channel Interoffice Signaling​(CCIS)).
BLACK BOX
The ​black box​(as distinguished from ​blue boxes​and ​red boxes​), sometimes
called an ​Agnew​(see ​Spiro (device)​for the origin of the nickname), was a device
built by phone ​phreaks​during the 1960s and 1970s in order to defeat long
distance phone call toll charges, and specifically to block the ​supervision​signal
sent by the receiving telephone handset when the call was answered at the
receiving end of the call.
The act of picking up the handset of a telephone causes a load to be put on the
telephone line, so that the ​DC voltage​on the line drops below the approximately
45 volts present when the phone is disconnected. The ​black box​consisted of a
large capacitor which was inserted in series with the telephone, thereby blocking
DC current​but allowing ​AC current​(​i.e.​, ringing signal and also audio signal) to
pass. When the ​black box​was switched into the telephone line, the handset
could be picked up without the telephone system knowing and starting the billing
process.
In other words, the box fooled the phone company into thinking no one had
answered at the receiving end, and therefore billing was never started on the call.
WHITE BOX
The white box is simply a portable Touch-Tone Keypad.
- ISO has defined five basic tasks related to network management :
* Fault management​: Detects the devices that present some kind of
fault.
* Configuration management​: Allows users to know, define and change
remotely the configuration of any device.
* Accounting resources​: Holds the records of the resource usage in the
WAN.
* Performance management​: Monitors usage levels and sets alarms
when a threshold has been surpassed.
* Security management​: Detects suspicious traffic or users and
generates alarms accordingly.
- ​PPTP (works at L2, modified version of GRE)
* can tunnel non-IP traffic

11. * does not provide token based authentication
* does not provide strong encryption
- ​L2TP = L2F + PPTP
- How hardware / software should be used : standards not policy
- The following measures are used to compensate for both internal and external
access violations:
* Backups
* RAID (Redundant Array of Independent Disks) technology
* Fault tolerance
* Business Continuity Planning
* Insurance
-​Application firewall = Circuit Level firewall
- Edit controls ​are considered to be preventive controls since they are used in a
program before data is processed. Buffer overflows can be eliminated through the
use of proper edit controls.
- ​System configuration management ​is geared towards providing system
stability
- ​Configuration management​is the process of tracking and approving changes
to a system. It is only required for ​B2, B3 and A1​level system
- D – Minimal protection
C – Discretionary protection
C1 – Discretionary Security Protection
C2 – Controlled Access Protection vs object reuse (object isolation)
B – Mandatory Protection
B1 – Labeled Security
B2 – Structured Protection
B3 – Security Domains
A – Verified Protection
A1 – Verified Design
- When an intrusion has been detected and confirmed, if you wish to prosecute
the attacker in court, the following actions should be performed in the following
order:
1. Capture and record system information and evidence that may be lost,
modified, or not captured during the execution of a backup procedure. Start
with the most volative memory areas first.
2. Make at least two full backups of the compromised systems, using
hardware-write-protectable or write-once media. A first backup may be used
to re-install the compromised system for further analysis and the second one
should be preserved in a secure location to preserve the chain of custody of
evidence.
3. Isolate the compromised systems.
4. Search for signs of intrusions on other systems.
5. Examine logs in order to gather more information and better identify

12. other systems to which the intruder might have gained access.
6. Search through logs of compromised systems for information that would
reveal the kind of attacks used to gain access.
7. Identify what the intruder did, for example by analyzing various log
files, comparing checksums of known, trusted files to those on the
compromised machine and by using other intrusion analysis tools.
- ​Full interrution test ​is the most complete DRP test (but it does stop business)
- ​Named perils​is the burden of proof that particular loss is covered on insured
- ​Elements of risk:
* threats
* assets
* mitigating controls
- audit logs are a form of detective logs
- BIA establishes effect of disruptions on the organization
- Two co-operating processes that simultaneously compete for a shared resource
in defiance of security policy create a covert channel
- BCP is a corporate issue and should include all parts and functions of a company
- BCP usually fails due to lack of management support
- ​SP-network​is used to increase the strength of block ciphers (Substitution
Permutation)
- Worm - no human interaction. Symptoms : high network / CPU utilization
- Ciphers should be
* functionally complex
* statistically unbiased
* long periods of non-repetition
- BCP exersizes include (should always identify BCP strengths and weaknesses):
* table-top exercise (theoretical exercise “how do we react if such
happens?”)
* call exersize (if the emergence personnel are reachable)
* simulated exersize (simulated)
- Expert system gather knowledge from human SMEs and this knowledge is
programmed in, and problem analysis using algorithms is done to suggest
solutions, usually in conjunction with an inference engine
- ​DSS : digital signature standard​: allows for digital signing (asymmetric)
- RTO = ​recovery time objective​aka MTD = maximum tolerable downtime
- During BIA, RTO is not performed. In BIA, estimate the financial and operational
impacts of a disruption, identify regulatory/compliance exposure and determine
the impact upon the organization's market share and corporate image.
- The ​read privilege​is the most problematic privilege regarding information
flows. The privilege essentially allows the subject to create a copy of the object in
memory
- Data warehouse : consolidate / manage data in central location
- Email source verification : client should add signature block and digital signature

13. to the email
- Disaster recovery typically refers to the recovery of the technology enviornment
- Full backup is the most efficient recovery
- SSH 2 is a strong method of performing ​client authentication​. Does not
provide good host / server authentication
- ​Von neumann ​- no inherent difference in memory between data and
programming (instructions) representations in memory
- symmetric and asymmetric are two methods of encrypting data
- one-time pad : unbreakable by brute force
- vs brute force, use of session keys
- asynchronous time-division multiplexing: dynamically assigned time slots as
needed
- deadlocking = stalemate, two subjects try to modify the same object,integrity
issues, so enable write access to only one subject
- CA validates that a particular public key is associated with the correct user
- cleanroom methodology = prevent rather than remove software defects
- ​ANSI X9.17​is concerned primarily with the protection and secrecy of keys
- In order to defeat frequency analysis, use polyalphabetic ciphers
- Primary key must contain a non-null value to uniquely identify the tuple
- best way to prevent MITM is to use r​andom and unique ​identification
- ​bytecode ​is faster than interpreted languages (it is already “compiled”)
- RSA allows for the mutual identification of parties, is not based on discrete
algorithms, rather it is based on difficulty of factorisation into the original prime
numbers
- Concealment cipher, every X number of words within a text, is a part of the real
message.
- First step for CIRT: determine to what extent systems and data are
compromised
- DBMS consistency ensures databases leaves one valid state to enter another
valid state
- The ​presentation layer​contains no protocols only services.
- Eg of application protocols: SMTP
- ​Constrained user interface​offers limited functionality depending on the user
accessing
- most effective defence vs buffer overflow = bounds checking
- certification is the technical evaluation of a program to ensure that security
requirements have been met
- ​noninterference model​strictly separates differing security levels to assure
that higher-level actions do not determine what lower-level users can see (no
data flow considered, actions considered
- Least Privilege has three basic levels of privilege; read only, read/write and
access change. Access Change​is the highest level, this level enables operators
the right to modify data directly in its original location, in addition to data copied

14. from the original location.
- Diffie Hellman = most common form of asymmetric key cyrpto
- Recovery strategies are concerned with meeting the pre-determined time
frames for recovery
- Prudent man rule == due care
- Orange Book divisions:
* C deals with discretionary protection.
* D deals with minimal security.
* B deals with mandatory protection.
* A deals with verified protection.
- Orange book does not cover integrity (TCSEC)
- Orange book based on ​Bell LaPadula​model
- Organge book objectives:
Policy
The security policy must be explicit, well-defined and enforced by the computer
system. There are two basic security policies:
● Mandatory Security Policy​- Enforces ​access control​rules based
directly on an individual's clearance, authorization for the information and
the confidentiality level of the information being sought. Other indirect
factors are physical and environmental. This policy must also accurately
reflect the laws, general policies and other relevant guidance from which
the rules are derived.
○ Marking​- Systems designed to enforce a mandatory security policy
must store and preserve the integrity of access control labels and
retain the labels if the object is exported.
● Discretionary Security Policy​- Enforces a consistent set of rules
for controlling and limiting access based on identified individuals who have
been determined to have a need-to-know for the information.
Accountability
Individual accountability regardless of policy must be enforced. A secure means
must exist to ensure the access of an authorized and competent agent which can
then evaluate the accountability information within a reasonable amount of time
and without undue difficulty. There are three requirements under the
accountability objective:
● Identification​- The process used to recognize an individual user.
● Authentication​- The verification of an individual user's authorization to
specific categories of information.
● Auditing​- ​Audit​information must be selectively kept and protected so

15. that actions affecting security can be traced to the authenticated individual.
Assurance
The computer system must contain hardware/software mechanisms that can be
independently evaluated to provide sufficient assurance that the system enforces
the above requirements. By extension, assurance must include a guarantee that
the trusted portion of the system works only as intended. To accomplish these
objectives, two types of assurance are needed with their respective elements:
● Assurance Mechanisms
○ Operational Assurance:​System Architecture, System Integrity,
Covert Channel Analysis, Trusted Facility Management and Trusted
Recovery
○ Life-cycle Assurance :​Security Testing, Design Specification and
Verification, Configuration Management and Trusted System
Distribution
● Continuous Protection Assurance​- The trusted mechanisms that
enforce these basic requirements must be continuously protected against
tampering and/or unauthorized changes.
Documentation
Within each class there is additional documentation set which addresses the
development, deployment and management of the system rather than its
capabilities. This documentation includes:
● Security Features User's Guide, Trusted Facility Manual, Test
Documentation and Design Documentation
- A1 level requires ​trusted distribution
- ​Common-mode noise ​is electrical noise between the hot and ground wire and
between the neutral and ground wire.
- ​critical-path analysis​is the process of determining the value of company
assets
- Controls and safeguards reduce the impact of a threat
- Symmetric stream cipher is most effective to implement in hardware
- A ​cryptovariable​or key controls the operation of the cryptographic algorithm
- Aggregation and inference are the two most common forms of attack vs DBs
- Should move least critical systems from backup to primary site first
- ​ISAKMP​defines procedures and packet formats to establish, negotiate, modify
and delete security associations. However, ​it does not define the actual
protocols to be used​(such as key exchange protocols and hash functions),
these are implementation specific. One example of the ISAKMP implementation is
the ​Internet Key Exchange (IKE), ​defined as an Internet, IPsec,

16. key-establishment protocol (partly based on OAKLEY) that is intended for putting
in place authenticated keying material for use with ISAKMP and for other security
associations, such as in AH and ESP
- Key encapsulation​is one class of key recovery techniques and is defined as ​a
key recovery technique for storing knowledge of a cryptographic key by
encrypting it with another key and ensuring that that only certain third parties
called "recovery agents" can perform the decryption operation to retrieve the
stored key​.
- In MAC, system controls and data owner determine the need to know
- Pattern matching IDS is best vs frequently morphing malware. Malware that
frequently morphs will evade statistical IDS that collects info over time
- Access controls help protects vs threats and vulnerabilities by reducing exposure
to unauthorized activities and providing access to information and systems to only
those that have been approved
- Ethernet cabling uses 4-pairs (8 strands)
- Operation security trple : ​{assets, threats, vulnerabilities}
- DES uses 16 rounds of transposition and substitution functions. Triple DES uses
48 rounds
- con of Kerberos server : single point of failure
- Access control ​dominate ​means a subject with equal or higher access class
- Kerberos Auth Server grants a service ticket once it validates the timestamp
from the client (can decrypt timestamp because it stores the client’s key)
- HIDS can usually detect encrypted traffic because host will decrypt it
- Least significant issue for biometrics is technology type
- Least effective dept to report to is the ​IS operations​since they usually do not
rank high enough
- Data centre should be located ​in the middle​of a building
- ​Hand geometry​uses the smallest file size
- ​smart cards​have processing power, memory cards do not
- Primary purpose of honeypots is to observer the behaviour of attackers to fortify
the network
- ​Rate of rise sensors​provide earlier warning than fixed temperature
thresholds, but also have greater false positives
- ​access control list​related to object, ​capability tables​related to subjects
- it is important for an identity management system is that it must support high
volumes of data and peak transaction rates
- A database system would be denormalised to increase processing efficiency, but
reduces integrity and storage. (normalise = reduce duplicates)
- Justifications should be provided when data is denormalized, not when it is
normalized, because it introduces risk of data inconsistency. Denormalization is
usually introduced for performance purposes.
- ​IKE = IPSec not PKI!
- ​clipper chip​uses 80-bit key size, works on the principle of key escrow

17. - PKI provides authentication, integrity and access control, ​not reliability.
- ​TGS principal ​= resource or server
- ​teardrop attack​consists of modifying the length and fragmentation offset
fields in sequential IP packets, causing overlap of packets once re-assembled
- ​BIND variables​are used as placeholders for literal values in SQL
- All internal walls must have 1 hour min fire rating, unless next to records where
2 hour min fire rating needed
- ​Reciprocal agreements ​are often not legally binding
- The ​program evaluation review technique (PERT)​defines activities,
assigned resources, controls advance, and allows on-time decision making, used
as Project Management
- The ​domain of a relation​is the set of allowable values that an attribute can
take.
- Common database models : ​hierarchical, network and relational
- Three types of access control : ​administrative, technical, and physical
- Seven main categories of access control:
*Directive
*Deterrent
*Preventative
*Detective
*Corrective
*Compensating
*Recovery
- Access control systems do ​not​specify how a user can access a resource
- Identity management is a set of technologies and processes intended to offer
greater efficiency in the management of a diverse user and technical environment
- Preliminary step sin managing resources is to define who has access to a given
resource
- Physical locks are intended as a ​delay device
- Proxy server is not considered as perimeter defence, rather boundary defence
- ​clipping level : ​only necessary logs are collected for monitoring
- ​ISO 15408 = common criteria
* EAL 1 : functionally tested
* EAL 2 : structurally tested
* EAL 3 : methodically tested and checked
* EAL 4 : methodically designed, tested and reviewed
* EAL 5 : semifomally designed and tested
* EAL 6 : semifomally verified design and tested
* EAL 7 : fomally verified design and tested.
- ​qualitative risk assessment ​is usually earmarked by ease of implementation
and can be completed by personnel with limited understanding of the risk
assessment process
- Long-duration security projects ​increase completion risk

18. - ​SLE (single loss expectancy) = asset value x exposure rate
- ​civil law​is influences by abstract concepts of law (writings of academics),
rather than precedent and reasoning as in ​common law
- ​security event managment (SEM)​is used for log collection, collation and
analysis in real time, vs ​log management system​that is more used for
historical purposes
- ​Computer Game Fallacy​: computers will prevent us from doing wrong
- ​abstraction​: giving rights to group rather than individual users (abstraction of
users into groups)
- ​link encryption ​is not suitable for high risk environments due to possible loss
of privacy at each node (link termination point). ​point to point encryption​is
more secure
- ​Auditors​help identify control gaps
- A ​trusted shell​means that someone who is working in that shell cannot "bust
out of it", and other processes cannot "bust into it".
- ​continuous authentication ​best defends vs hijacking
- re databases: Five operations are primitives (Select, Project, Union, Difference
and Product) and the other operations can be defined in terms of those five. A
View is defined from the operations of ​Join, Project, and Select
The ​select​operator serves to shrink the table vertically by eliminating unwanted
rows (tuples). The ​project​operator serves to shrink the table horizontally by
removing unwanted columns. And the ​join​operator allows the dynamic linking of
two tables that share a common column value
- Expert System Operating Modes:
Backward-chaining​mode - the expert system backtracks to determine if a
given hypothesis is valid. Backward-chaining is generally used when there are a
large number of possible solutions relative to the number of inputs.
Incorrect answers are:
In a ​forward-chaining​mode, the expert system acquires information and comes
to a conclusion based on that information. Forward-chaining is the reasoning
approach that can be used when there is a small number of solutions relative to
the number of inputs.
Blackboard​is an expert system-reasoning methodology in which a solution is
generated by the use of a virtual ​blackboard, wherein information or potential
solutions are placed on the blackboard by a plurality of individuals or expert
knowledge sources. As more information is placed on the blackboard in an
iterative process, a solution is generated.
- ​problem management : ​identify root cause and address underlying issue
- configuration management is a requirement for level B2 and above
- B3 vs covert timing attacks. B2 vs covert storage attacks
- The life cycle assurance requirements specified in the Orange Book are:
security testing, design specification and testing, configuration
management and trusted distribution​. System integrity is also defined in the

19. Orange Book but is an operational assurance requirement, not a life cycle
assurance requirement.
- ​Tn3270 ​is a terminal emulation program for connecting to computers which use
IBM 3270 terminals. It supports SSL Version 2, SSL Version 3 and TLS version 1.
TN3270 Plus also supports up to 128-bit encryption. Most TN3270 servers today
has support for secured connections over SSL or SSH.
- Controlled Access Protection is Level C2
- 5 rules of evidence:
* complete
* authentic
* accurate
* convincing
* admissible
- SABSA : chain of traceability
- Bell-laPadula (confidentiality / disclosure) vs biba (integrity / accuracy)
- ​trusted computing base​: totality of protection mechanisms within computer
system
- ​due diligence : ​compliance
- ​PR : ​not essential in BIA but important in BCP
- Common Criteria evaluations are performed on computer security products and
systems.
● Target Of Evaluation (TOE)​- the product or system that is the subject
of the evaluation.
The evaluation serves to validate claims made about the target. To be of practical
use, the evaluation must verify the target's security features. This is done
through the following:
● Protection Profile​(PP)​- a document, typically created by a user or user
community, which identifies security requirements for a class of security
devices (for example, ​smart cards​used to provide ​digital signatures​, or
network ​firewalls​) relevant to that user for a particular purpose. Product
vendors can choose to implement products that comply with one or more
PPs, and have their products evaluated against those PPs. In such a case, a
PP may serve as a template for the product's ST (Security Target, as
defined below), or the authors of the ST will at least ensure that all
requirements in relevant PPs also appear in the target's ST document.
Customers looking for particular types of products can focus on those
certified against the PP that meets their requirements.
● Security Target​(ST)​- the document that identifies the security
properties​of the target of evaluation. It may refer to one or more PPs. The
TOE is evaluated against the SFRs (see below) established in its ST, no
more and no less. This allows vendors to tailor the evaluation to accurately
match the intended capabilities of their product. This means that a network

20. firewall does not have to meet the same functional requirements as a
database​management system, and that different firewalls may in fact be
evaluated against completely different lists of requirements. The ST is
usually published so that potential customers may determine the specific
security features that have been certified by the evaluation.
● Security Functional Requirements (SFRs)​- specify individual security
functions​which may be provided by a product. The Common Criteria
presents a standard catalogue of such functions. For example, an SFR may
state ​how​a user acting a particular ​role​might be ​authenticated​. The list of
SFRs can vary from one evaluation to the next, even if two targets are the
same type of product. Although Common Criteria does not prescribe any
SFRs to be included in an ST, it identifies dependencies where the correct
operation of one function (such as the ability to limit access according to
roles) is dependent on another (such as the ability to identify individual
roles).
The evaluation process also tries to establish the level of confidence that may be
placed in the product's security features through ​quality assurance​processes:
● Security Assurance Requirements (SARs)​- descriptions of the
measures taken during development and evaluation of the product to
assure compliance with the claimed security functionality. For example, an
evaluation may require that all source code is kept in a change
management system, or that full functional testing is performed. The
Common Criteria provides a catalogue of these, and the requirements may
vary from one evaluation to the next. The requirements for particular
targets or types of products are documented in the ST and PP,
respectively.
● Evaluation Assurance Level​(EAL)​- the numerical rating describing the
depth and rigor of an evaluation. Each EAL corresponds to a package of
security assurance requirements (SARs, see above) which covers the
complete development of a product, with a given level of strictness.
Common Criteria lists seven levels, with EAL 1 being the most basic (and
therefore cheapest to implement and evaluate) and EAL 7 being the most
stringent (and most expensive). Normally, an ST or PP author will not
select assurance requirements individually but choose one of these
packages, possibly 'augmenting' requirements in a few areas with
requirements from a higher level. Higher EALs ​do not​necessarily imply
"better security", they only mean that the claimed security assurance of
the TOE has been more extensively ​verified​.
- ​Packages (Common Criteria)
According to the Common Criteria, an intermediate combination of security
requirement components is termed a ​package​. The package permits the
expression of a set of either functional or assurance requirements that meet some

21. particular need, expressed as a set of security objectives. A package may be used
in the construction of more complex packages or Protection Profiles and Security
Targets
- A ​Protection Profile​(PP) is a document used as part of the certification
process according to the ​Common Criteria​(CC). As the generic form of a ​Security
Target​(ST), it is typically created by a user or user community and provides an
implementation independent specification of ​information assurance​security
requirements. A PP is a combination of threats, security objectives, assumptions,
security functional requirements (SFRs), security assurance requirements (SARs)
and rationales.
- ​Capability Maturity Model CMM ​:
* initial : processes are reactive, poorly controlled, unpredictable
* reproducible: processes characterised for projects, not organisation wide,
still reactive
* defined : organisation wide characterization, proactive
* managed : metrics and measurements of processes
* optimization : process improvement
- ​MOM​= means, opportunity, motive
- ​Tactical security plans​: mid-term plans, eg rolling out new security policy
- ​Transport mode ​usually used when communications terminates at end points.
Tunnel mode​usually used at gateway to give access to internal systems
- ​Common criteria > protection profiles >​common set of functional and
assurance requirements for a category of vendor products in a particular
enviornment
- Hardware RAID implementation is usually platform independent
- ​Test environment using live workloads ​The best way to properly verify an
application or system during a stress test would be to expose it to "live" data
while in a testing environment. Fabricated test data may not be as varied,
complex or computationally demanding as "live" data. A production environment
should never be used to test a product, as a production environment is one where
the application or system is being put to commercial use. It is a best practice to
perform testing in a non-production environment
- From a security standpoint, ​a compiled program is less desirable than an
interpreted one​because malicious code can be resident somewhere in the
compiled code, and it is difficult to detect in a very large program.
- CCTV :
* visual assessment of incidents
* surveillance
* deterrence
* evidential archives
- The invocation property is unique to the BIBA model
- ​Database shadowing: ​copying an entire database or updating records in
multiple locations to ensure fault-tolerance

22. - ​L2TP ​alone does not guarantee encryption
- Bell laPadula : * (star) property ensures no write down
- Biba : * (star) property ensures no write up
- The ​Orange book​requires Hardware and/or software features shall be provided
that can be used to periodically validate the correct operation of the on-site
hardware and firmware elements of the TCB for ​System Integrity​.
- The ​Federal Sentencing Guidelines for Organisations​require that an
organisation provides ethics training
- ​Competitive intelligence​attack is a ​business attack​, loss of trade secrets
and so on.
- Inappropriate disclosure is a confidentiality, not an integrity goal.
- ​FIPS 140​is the standard for the security of hardware / software cryptographic
modules
- ​System high ​security policy means that all users in that system are cleared to
view the most highly classified info on the system
- ​Two-man control:​Two individuals review and approve the work of each other.
(detective or preventative)
- ​Dual control:​Both individuals are needed to perform a task (detective or
preventative). Separation of duties enables dual control
- Elements of a physical protection system:
* deter
* detect
* delay
* responsd
- ​Brewer-Nash ​a.k.a chinese wall model, prevents disclosure to competitors
- ​High-rate Digital Subscriber Line (HDSL) ​delivers 1.544 Mbps of bandwidth
each way over two copper twisted pairs. ​SDSL​also delivers 1.544 Mbps but over
a single copper twisted pair.
- Due care is ​not related to profit
- An identity-based access control is an example of discretionary access control
that is based on an individual's identity. Task-based and role-based access
controls are examples of non-discretionary access controls. Rule-based access
control is another example.
- Note: Mandatory Access Controls use ​labels.​If rules exist without labels, it
cannot be MAC, must be NDAC
- ​Referential Integrity​requires that for any foreign key attribute, the
referenced relation must have a tuple with the same value for its primary key.
- ​Security testing and trusted distribution ​are needed for Life-Cycle
Assurance
- ​Graham-Denning​: sets of objects, subjects and rights, concerned with how
subjects are assigned rights, how objects are created
- ​Circumstantial evidence ​is defined as inference of information from other,
intermediate, relevant facts

23. - ​Symmetric stream ​lends itself best to implementation in hardware. Stream
ciphers can be designed to be exceptionally fast. This requires ​more processing
power than block ciphers require, which is why stream ciphers are better suited to
be implemented at the hardware level.
- ​Business Impact analysis ​identifies the exposures to loss to the organisation
- The ​primary key​must contain a non-null value to uniquely identify the tuple
- Cryptography does not ​directly​support ​availability, does not ​directly support
authenticity ​either.
- Access controls support CIA triad.
- Provide message integrity:
1. Create checksum
2. append
3. encrypt and send
- Provide authentication and integrity:
as above but encrypt with private key
- ​Hot site ​is not instantly available
- rame relay and X.25 are both examples of ​packet-switching technologies
- ISDN and PPP are examples of ​circuit-switching technologies
- Running key cipher is based on ​modular arithmetic
- Non repudation is provided by the asymmetric private key since in theory only 1
person should know this
- Non repudation is considered a preventative control
- ​IGMP​has a protocol value of ​2
- ICMP ​has an IP protocol value of ​1
- ​TCP ​has an IP protocol value of ​6
- ​UDP​has an IP protocol value of ​17
- An authentication system ​should not​return information on which part of the
auth control failed
- The more a key is used, the shorter it’s lifetime should be
- ​Cable length​is the most common failure issue with twisted pair cabling.
- ​PPP ​: support of multiple network types over the same serial link
- Users can obtain certificates with various levels of assurance. Here is a list
that describe each of them:
* Class 1/Level 1 for individuals, intended for email, no proof of
identity
* Class 2/Level 2 is for organizations and companies for which
proof of identity is required
* ​Class 3/Level 3 is for servers and software signing, for which
independent verification and checking of identity and authority is
done by the issuing certificate authority
*​Class 4 for online business transactions between companies
* Class 5 for private organizations or governmental security
- ​IDEA = 128 bits

24. - iris scanners must be positioned so as not to allow sunlight to enter the aperture
- Kerberos primarily provides authentication (authorization provided by other
subsytems)
- ​diverse routing ​: routes traffic through split cable facilities or duplicate cable
facilities. This can be accomplished with different and/or duplicate cable sheaths.
With diverse routing, you can protect not only against cable failure but also
against local exchange failure as there are two separate routes from two
exchanges to your site.
alternative routing ​:​​is a method of routing information via an alternate
medium such as copper cable or fiber optics. This involves use of different
networks, circuits or end points should the normal network be unavailable.
Alternative routing ​provides two different cables from the local exchange to
your site, so you can protect against cable failure as your service will be
maintained on the alternative route.
- Monitoring techniques include Intrusion detection, Penetration testing and
Violation processing using clipping levels.
- A memory dump can be admitted as evidence if it acts merely as a statement of
fact. (identifies system state)
- ​DSS (decision support system) ​emphasizes flexibility in the decision-making
approach of users. It is aimed at solving less structured problems, combines the
use of models and analytic techniques with traditional data access and retrieval
functions and supports semi-structured decision-making tasks
- The RAID Advisory Board has defined three classifications of RAID:
* Failure Resistant Disk Systems (FRDSs)
* Failure Tolerant Disk Systems
* Disaster Tolerant Disk Systems.
- The broad categories for security standards in the OSI architecture are:
● Security Attack: ​Any action that compromise the security of information
owned by an organization.
● Security Mechanism:​A process that is designed to detect, prevent or
recover from a security attack. And security mechanism is a method which
is used to protect your message from unauthorized entity.
- Specific Security Mechanisms:
Encipherment (encryption)
Digital signature mechanisms
Access control mechanisms
Data integrity mechanisms
Authentication exchange mechanism
Traffic padding mechanism
Routing control mechanism
Notarization mechanism (assurance : eg CA)
- Pervasive Security Mechanisms:

25. Trusted functionality
Security labels
Event detection
Security audit trail
Security recovery
● Security Services: ​Security Services is the services to implement security
policies and implemented by security mechanism.
Basic security services defined:
* ​authentication
* access control
* data confidentiality
* data integrity
* non-repudation
* availability service
- Typically ​estimating the cost of changes requested ​is not included in
change maintenance (change control) phase
- Consulting local fire safety codes is one of the most important fire safety steps
- Wet chemical vs Kitchen/grease fire
- ​FE-13​considered best alternative the halon, breathable up to 30%
concentration
- ​open system is not open source. ​open system = built from industry standard
parts
- ​PROM ​: only programmable once
- ​EPROM​: erasable programmable ROM, uses UV to erase
- ​EEPROM ​: electrically erasable PROM
- In building construction, a plenum is a separate space provided for air
circulation for heating, ventilation, and air-conditioning (sometimes referred to as
HVAC) and typically provided in the space between the structural ceiling and a
drop-down ceiling. A plenum may also be under a raised floor. In buildings with
computer installations, the plenum space is often used to house connecting
communication cables. Because ordinary cable introduces a toxic hazard in the
event of fire, special plenum cabling is required in plenum area
- ​ECB ​is the best encryption mode for databases since data within a file does not
need to be encrypted in any certain order (ECB : same plaintext = same
ciphertext)
- ​Normalization ​is an important part of database design that ensures that
attributes in a table depend only on the primary key, reducing duplicity
- ​Hearsay evidence​must be generated / collected in the normal, regular
conduct of business
- Token ring is more fault-tolerant than ethernet
- BCP committee does ​not need to include HR

26. - Hacking is usually classed as a ​human threat ​to IT systems
- ​Call-back ​authentication methods require fixed numbers hence not appropriate
for mobile users
- The​Digital Linear Tape (DLT​) is only 0.498 inches in size, yet the
compression techniques and head scanning process make it a large capacity and
fast tape
- The ​Secure Electronic Transaction (SET)​protocol developed by vias and
masterdcar, uses digital signatures, and requires two pairs of asymmetric keys
and two digital certificates
- ​Fraggle ​vs ​Smurf ​= ​UDP​vs ​ICMP
- ​Security modes of operation (MAC):
Signed
NDA for
Proper
clearance
for
Formal
access
approval
for
A valid
need to
know fo
Dedicate
d
security
mode
ALL
informatio
n on the
system.
ALL
informatio
n on the
system.
ALL
informatio
n on the
system.
ALL
informatio
n on the
system.
System
high
security
mode
ALL
informatio
n on the
system
ALL
informatio
n on the
system
ALL
informatio
n on the
system
SOME
informatio
n on the
system
Compart
mented /
partition
ed
security
mode
ALL
informatio
n on the
system
ALL
informatio
n on the
system
SOME
informatio
n on the
system
SOME
informatio
n on the
system
Multileve
l security
mode
ALL
informatio
n on the
SOME
informatio
n on the
SOME
informatio
n on the
SOME
informatio
n on the

27. system system system system
Multilevel : highest risk
Partitioned : aka controlled security mode
- ​DAT : digital audio tape : ​allows for audio + data backup
- ​TCB ​assures that system meets security requirements sufficiently and
effectively, but not necessarily efficiently
- A relational database model has three parts:
* Data structures called tables or relations
* Integrity rules on allowable values and value combinations in the tables
* Operators on the data in the tables
- The ​spiral model​is actually a meta-model that incorporates a number of the
software development models.
- Non-discretionary access control is ​lattice-based access control​. To apply this
concept to access control, the pair of elements is the subject and object, and the
subject has to have an upper bound equal or higher than the object being
accessed.
- SQL is considered a data definition language
- TACACS+ is a total new protocol and incompatible with TACACS. Allows the use
of two-factor auth, user changing passwords
- PGP uses symmetric encryption
- ESP authentication capabilities are limited due to non-inclusion of IP header info
in authentication process
- Incident handling:
1. Analyse information, raise incident, determine to what extent systems
and data is compromised (identify)
2. Communicate to parties
3. Collect / record info
4. Contain
5. Recover
- Corrective controls are concerned with remedying circumstances and restoring
controls whereas recovery controls are concerned with restoring resources,
capabilities or losses. Compensating controls are alternative controls, used to
compensate weaknesses in other controls and preventive controls are concerned
with avoiding occurrences of risks.
- A ​chosen-ciphertext​attack is one in which cryptanalyst may choose a piece of
ciphertext and attempt to obtain the corresponding decrypted plaintext. This type
of attack is generally most applicable to public-key cryptosystems.
- Cross certification : creating trust between PKI
- ​Risk is the likelihood of a threat exploiting a vulnerabilit​y
- ​Tunnel mode​is most commonly used between gateways, or at an
end-station to a gateway, the gateway acting as a proxy for the hosts
behind it.

28. Transport mode​is used between end-stations or between an end-station
and a gateway, if the gateway is being treated as a host—for example,
an encrypted Telnet session from a workstation to a router, in which
the router is the actual destination.
Basically transport mode should be used for end-to-end sessions and
tunnel mode should be used for everything else. (Refer to the figure
for the following discussion.)
- ​blowfish​is an open, royalty free encryption algorithm
- lattice based access control is an example of mandatory access control
- ​assurance procedures​ensure that technical controls conform to the
security policy and that they are correctly implemented
- testing using live data is not recommended since it does not cover
the full range of possible inputs
- C2 introduces object reuse protection
- only A1 has formal definitions of roles
- ​1500v​minimum static electricity to cause HDD damage
- Kerberos does not address availability
- ssh operates at transport layer like SSL. Remember SSH tunnelling (port based)
- ​cmw : compartmented mode workstation​, provides a trusted workstation or
OS. Depends on information labels, which are similar to sensitivity labels but
include controls to run as a trusted computer
- motion sensor categories : passive infrared, microwave, ultrasonic,
NOT photoelectric
- ​database definitions​:
Table - relation
Column - attribute
Row - tuple
Cardinality - no of rows
Degree - no of column
- transaction oriented processing = atomicity = all or none
- ISE 27001 code of practice for operations security.
- ISO 27002 specs for ISMS .. Information security management System, basis
for audit and certification
- ​change management ​: approval (what)
- ​configuration management​: documentation (how)
- BIA ... Primary obj is to determine MTD max tolerable downtime.
Includes two processes
1. Identify critical assets
2. Perform risk assessment
- after BIA, identify the preventative measures. This is when rto is identified
- MTD = rto + wrt
- ​S/MIME ​is a public key system , uses certificates signed by CAs, but
responsibility of keeping certificates up to date and

29. encrypting/decrypting outgoing/incoming messages is local to each
client so it is considered a public hybrid system
- ​Host.equiv unix​: authorized / trusted hosts or users, no need for passwords
- Chief among the documents is the ​Trusted Network Interpretation​​(the Red
Book)​, which covers networks and network components.
Another important book is the ​Trusted Database Management System
Interpretation​(the ​Lavender Book​), interpreting Orange Book requirements for
DBMS products.
Other books include the ​Password Management Guideline​(​Green Book​)
- Weakness of callback systems : ​call forwarding
- All recovery plans become obsolete quickly. Should be tested ​at least once a
year minimum
- WAP protocol stack:
WDP = wireless datagram protocol
- In MAC, the sensitivity label contains the classification and category (need to
know)
- The ​exclusionary rule​mentions that evidence must be gathered legally or it
can't be used. The best evidence rule concerns limiting potential for alteration.
- ​Public Key Cyrpto Standards
PKCS #1 RSA Cryptography Standard Defines the mathematical properties
and format of RSA public and private keys (ASN.1-encoded in clear-text), and the
basic algorithms and encoding/padding schemes for performing RSA encryption,
decryption, and producing and verifying signatures.
PKCS #3 Diffie-Hellman Key Agreement Standard A cryptographic
protocol that allows two parties that have no prior knowledge of each other to
jointly establish a shared secret key over an insecure communications channel.
PKCS #5 Password-based Encryption Standard See RFC 2898 and PBKDF2.

30. PKCS #6 Extended-Certificate Syntax StandardDefines extensions to the old
v1 X.509 certificate specification. Obsoleted by v3 of the same.
PKCS #7 Cryptographic Message Syntax Standard Used to sign
and/or encrypt messages under a PKI. Used also for certificate dissemination (for
instance as a response to a PKCS#10 message). Formed the basis for S/MIME,
which is as of 2010 based on RFC 5652, an updated Cryptographic Message
Syntax Standard (CMS). Often used for single sign-on.
PKCS #8 Private-Key Information Syntax Standard. Used to carry private
certificate keypairs (encrypted or unencrypted).
PKCS #9 Selected Attribute Types Defines selected attribute types for use in
PKCS #6 extended certificates, PKCS #7 digitally signed messages, PKCS #8
private-key information, and PKCS #10 certificate-signing requests.
PKCS #10​Certification Request Standard See RFC 2986. Format of messages
sent to a certification authority to request certification of a public key. See
certificate signing request.
PKCS #11 ​Cryptographic Token Interface (Cryptoki) An API defining a generic
interface to cryptographic tokens (see also Hardware Security Module). Often
used in single sign-on, Public-key cryptography and disk encryption[1] systems.
PKCS #12​Personal Information Exchange Syntax Standard Defines a file
format commonly used to store private keys with accompanying public key
certificates, protected with a password-based symmetric key. This container
format can contain multiple embedded objects, such as multiple certificates.
Usually protected/encrypted with a password. Usable as a format for the Java key
store. Usable by Tomcat, but not by Apache.
PKCS #13​Elliptic Curve Cryptography Standard
PKCS #14​Pseudo-random Number Generation
PKCS #15​Cryptographic Token Information Format Standard
- ​"First generation firewall" ​packet filtering firewall
-​"Second generation firewall" ​proxy (application layer firewall, circuit level
proxy, or application proxy )
- ​"Third generation firewall" ​stateful Firewall
- ​"Fourth generation firewall" ​dynamic packet filtering firewalls
- ​CHAP is not used ​in IKE/IPSEC
- ​Revision Tables:

34. - ISC code of ethics:
Protect society, the commonwealth, and the infrastructure
● Promote and preserve public trust and confidence in information and
systems.
● Promote the understanding and acceptance of prudent information security
measures.
● Preserve and strengthen the integrity of the public infrastructure.
● Discourage unsafe practice.
Act honorably, honestly, justly, responsibly, and legally
● Tell the truth; make all stakeholders aware of your actions on a timely
basis.
● Observe all contracts and agreements, express or implied.
● Treat all members fairly. In resolving conflicts, consider public safety and
duties to principals, individuals, and the profession in that order.
● Give prudent advice; avoid raising unnecessary alarm or giving
unwarranted comfort. Take care to be truthful, objective, cautious, and
within your competence.
● When resolving differing laws in different jurisdictions, give preference to
the laws of the jurisdiction in which you render your service.
Provide diligent and competent service to principals
● Preserve the value of their systems, applications, and information.
● Respect their trust and the privileges that they grant you.
● Avoid conflicts of interest or the appearance thereof.
● Render only those services for which you are fully competent and qualified.
Advance and protect the profession
● Sponsor for professional advancement those best qualified. All other things
equal, prefer those who are certified and who adhere to these canons.
Avoid professional association with those whose practices or reputation
might diminish the profession.
● Take care not to injure the reputation of other professionals through malice

35. or indifference.
● Maintain your competence; keep your skills and know​ledge current. Give
generously of your time and knowledge in training others.