Revised by Christian Reina
Version: 1.1
Date: September 18, 2009
Change log:
-Risk Based Audit approach
-Things to know
-Penetration Testing Stages
-OSI Model protocols
-Firewall generations
-Wireless
-Common Criteria ISO 15408
-Problem Management
-System Development Life Cycle
-Software Life Cycle
-Five rules of evidence
-Incident Response framework
-Evidence Lifecycle
-Fair Information Practices
This document provides study notes for the CISSP certification exam. It summarizes key concepts from 10 domains of computer security including:
- Security management practices such as risk analysis, data classification, roles and responsibilities, and policies/standards.
- Access control systems including authentication, authorization, and accountability.
- Telecommunications and network security including cryptography standards.
- Other domains covered include security architecture/models, operations security, applications security, business continuity planning, legal/ethics issues, and physical security.
The notes are intended to help study for the CISSP exam and are based on resources including the CISSP Prep Guide book and other study materials.
Information Security Governance and Strategy - 3Dam Frank
The document discusses information security governance and strategy. It defines governance and management, with governance determining decision rights and providing oversight, while management implements controls. Effective governance is risk-based, defines roles and responsibilities, and commits adequate resources. Challenges include understanding security implications and establishing proper structures. Outcomes include strategic alignment of security and risk management. Governance structures depend on desired outcomes such as revenue growth or profit.
IBM's security strategy focuses on providing integrated security solutions to address modern security challenges posed by compliance needs, human error, skills gaps, and advanced attacks. IBM's portfolio includes security transformation services, security operations and response, and information risk and protection solutions. The company aims to help customers optimize their security programs, orchestrate defenses throughout the attack lifecycle, and keep critical information protected.
How to prepare for the CISSP Exam. A presentation created by the (ISC)2 Hellenic Chapter to assist and instruct those in Greece interested in pursuing the CISSP Certification.
The (ISC)2 Hellenic Chapter Team
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and DifferencesPECB
After the last 2020 Global Leading voices webinar, comparing ISO27001 with CCPA and NYC Shield Act, we're taking a look at the next level of information and cybersecurity management.
How can you assess your security management? The CMMI model (using the 1 to 5 grading) is a well-known system. Early 2020 the US DOD launched the CMMC, Cybersecurity Maturity Model Certification which matches the same levels for cybersecurity. This session we'll discuss the maturity evaluation principles for information security, cybersecurity and application security and how you can use it in practice.
The webinar covers:
- What's the CMMI?
- What's the CMMC?
- Maturity in security governance (ISMS, cyber, application)
- Security maturity vs audit cycles
Recorded Webinar: https://youtu.be/9BpETh_nAOw
Building an effective Information Security RoadmapElliott Franklin
As company information security functions continue to grow each year with increasing attacks and regulations, how are you handling the
pressure? Are you constantly battling to run the business projects and reacting to customer requests? Have you blocked off a few hours each week
on your calendar to close your email, turn off your phone and try to build, assess and maintain an effective vision for your security team? This
presentation will discuss a cascading approach to creating such a roadmap that is easily understood by executives and has helped gain quick buy
in for multiple enterprise wide security projects.
Access control is the process of granting or denying access to resources or services on a computer system or network. There are four main access control models: mandatory access control, discretionary access control, role-based access control, and rule-based access control. Access control can be implemented through logical methods like access control lists, group policies, account restrictions, and passwords or through physical methods such as locks, mantraps, video surveillance, and access logs. Strong access control policies and practices help ensure only authorized access and prevent security breaches.
Security Information and Event Management (SIEM)k33a
This document provides an overview of security information and event management (SIEM). It defines SIEM as software and services that combine security information management (SIM) and security event management (SEM). The key objectives of SIEM are to identify threats and breaches, collect audit logs for security and compliance, and conduct investigations. SIEM solutions centralize log collection, correlate events in real-time, generate reports, and provide log retention, forensics and compliance reporting capabilities. The document discusses typical SIEM features, architecture, deployment options, and reasons for SIEM implementation failures.
This document provides study notes for the CISSP certification exam. It summarizes key concepts from 10 domains of computer security including:
- Security management practices such as risk analysis, data classification, roles and responsibilities, and policies/standards.
- Access control systems including authentication, authorization, and accountability.
- Telecommunications and network security including cryptography standards.
- Other domains covered include security architecture/models, operations security, applications security, business continuity planning, legal/ethics issues, and physical security.
The notes are intended to help study for the CISSP exam and are based on resources including the CISSP Prep Guide book and other study materials.
Information Security Governance and Strategy - 3Dam Frank
The document discusses information security governance and strategy. It defines governance and management, with governance determining decision rights and providing oversight, while management implements controls. Effective governance is risk-based, defines roles and responsibilities, and commits adequate resources. Challenges include understanding security implications and establishing proper structures. Outcomes include strategic alignment of security and risk management. Governance structures depend on desired outcomes such as revenue growth or profit.
IBM's security strategy focuses on providing integrated security solutions to address modern security challenges posed by compliance needs, human error, skills gaps, and advanced attacks. IBM's portfolio includes security transformation services, security operations and response, and information risk and protection solutions. The company aims to help customers optimize their security programs, orchestrate defenses throughout the attack lifecycle, and keep critical information protected.
How to prepare for the CISSP Exam. A presentation created by the (ISC)2 Hellenic Chapter to assist and instruct those in Greece interested in pursuing the CISSP Certification.
The (ISC)2 Hellenic Chapter Team
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and DifferencesPECB
After the last 2020 Global Leading voices webinar, comparing ISO27001 with CCPA and NYC Shield Act, we're taking a look at the next level of information and cybersecurity management.
How can you assess your security management? The CMMI model (using the 1 to 5 grading) is a well-known system. Early 2020 the US DOD launched the CMMC, Cybersecurity Maturity Model Certification which matches the same levels for cybersecurity. This session we'll discuss the maturity evaluation principles for information security, cybersecurity and application security and how you can use it in practice.
The webinar covers:
- What's the CMMI?
- What's the CMMC?
- Maturity in security governance (ISMS, cyber, application)
- Security maturity vs audit cycles
Recorded Webinar: https://youtu.be/9BpETh_nAOw
Building an effective Information Security RoadmapElliott Franklin
As company information security functions continue to grow each year with increasing attacks and regulations, how are you handling the
pressure? Are you constantly battling to run the business projects and reacting to customer requests? Have you blocked off a few hours each week
on your calendar to close your email, turn off your phone and try to build, assess and maintain an effective vision for your security team? This
presentation will discuss a cascading approach to creating such a roadmap that is easily understood by executives and has helped gain quick buy
in for multiple enterprise wide security projects.
Access control is the process of granting or denying access to resources or services on a computer system or network. There are four main access control models: mandatory access control, discretionary access control, role-based access control, and rule-based access control. Access control can be implemented through logical methods like access control lists, group policies, account restrictions, and passwords or through physical methods such as locks, mantraps, video surveillance, and access logs. Strong access control policies and practices help ensure only authorized access and prevent security breaches.
Security Information and Event Management (SIEM)k33a
This document provides an overview of security information and event management (SIEM). It defines SIEM as software and services that combine security information management (SIM) and security event management (SEM). The key objectives of SIEM are to identify threats and breaches, collect audit logs for security and compliance, and conduct investigations. SIEM solutions centralize log collection, correlate events in real-time, generate reports, and provide log retention, forensics and compliance reporting capabilities. The document discusses typical SIEM features, architecture, deployment options, and reasons for SIEM implementation failures.
Welcome to Cyber Threat Simulation Training powered by Tonex. Cyber Threat Simulation Training covers standards of cyber threats, progressed cyber fighting and threat simulation standards.
Cyber Threat Simulation Training is splitted into different parts comprising of essential cyber security, progressed cyber security, standards of cyber threat and hands-on threat simulation works out.
Learn about:
Basic cyber threat principles
Principles on threat environment
Principles of cyber simulation and modeling
Cyber threat simulation principles
Web application cyber threat fundamentals
Network and application reconnaissance
Data exfiltration & privilege escalation
Exploit application misconfigurations and more
Firewall and Threat Prevention at work
Tools to model and simulate cyber threat
Tools to monitor attack traffic
Who Should Attend:
Cyber Threat Analysts
Digital Forensic Analysts
Incident Response Team Members
Threat Hunters
Federal Agents
Law Enforcement Officials
Military Officials
Course Modules:
Cyberwarfare and Cyberterrorism
Overview of Global Cyber Threats
Principles of Cyber Threat Simulation
Cyber Threat Intelligence
Simulating Cyber Threats
Incident Detection
Response Threat Simulation
Cyber Threat Simulation Training.Price: $3,999.00 . Length: 3 Days.
Request more info about this Cyber Threat Simulation Training. Call +1-972-665-9786. Visit www.tonex.com/training-courses/cyber-threat-simulation-training/
Cyber Security Layers - Defense in Depth
7P's, 2D's & 1 N
People
Process
Perimeter
Physical
Points (End)
Network
Platform
Programs (Apps)
Database
Data
The latest Cybsersecurity Framework (Version 1) has been released by NIST(USA) and I have taken the key features of this critical Framework on Cybersecurity and converted into Mindmap for ease of readers.Please share your comments at my Email Id: Wajahat_Iqbal@Yahoo.com.Thank You
Note: The Source of Information are the Internet repositories and the Author does not take any responsibility for any Errors
This document discusses the Honeynet Project and cyber security governance frameworks. It provides an overview of Honeynet, a non-profit focused on computer security research. It then discusses the importance of cyber security governance and introduces the NIST Cybersecurity Framework. The framework consists of five functions (Identify, Protect, Detect, Respond, Recover), categories within each function, and implementation tiers that describe an organization's cybersecurity risk management practices. The document emphasizes that effective cyber security requires leadership and continuous risk management to address evolving threats.
2023.06 - CompTIA Security+ Everything you need to know about the new exam .pptxInfosec
Watch the webinar here: https://www.infosecinstitute.com/webinar/comptia-security-everything-you-need-to-know-about-the-sy0-701-update/
CompTIA’s Security+, the most popular cybersecurity certification in the world, is getting an overhaul! The updated exam (from SY0-601 to SY0-701) re-aligns the certification to match the most in-demand entry-level cybersecurity skills and trends heading into 2024.
Join Patrick Lane, Director of Certification Product Management at CompTIA, to learn how the Security+ certification is evolving so it remains the “go-to” certification for anyone trying to break into cybersecurity. You’ll learn about:
- Evolving Security+ domain areas and job skills
- Common job roles for Security+ holders
- SY0-601 and SY0-701 exam timelines
- Tips to pass the updated Security+ exam
- Plus Security+ questions from live viewers
The document discusses information life cycle and asset security. It covers the following key points:
1. Information goes through a 4 phase life cycle of acquisition, use, archival, and disposal. Controls are needed at each phase to protect the information.
2. Data classification and categorization help determine the appropriate security controls for different types of sensitive data based on their value, sensitivity, and criticality.
3. Roles such as data owner, data custodian, and system owner are defined along with their responsibilities to ensure proper management and protection of data throughout its life cycle.
This document provides an overview of chapter 1 of the CNIT 125 course on information security and CISSP preparation. It covers key security terms like confidentiality, integrity, and availability that make up the CIA triad. It also discusses security governance principles such as strategic planning, change management, data classification, and defining security roles and responsibilities. Finally, it introduces several common security control frameworks and standards like ISO 27000, NIST 800 series, and COSO that are used to implement controls and ensure compliance.
Information Security Management System ISO/IEC 27001:2005ControlCase
The document provides an overview of the ISO/IEC 27001 standard for information security management systems. It defines what ISO 27001 is, its history and development over time. It outlines the key parts of ISO 27001 including establishing an ISMS framework, conducting risk assessments, implementing controls, and monitoring/reviewing the system. The document explains benefits of ISO 27001 certification include improving security, ensuring regulatory compliance, and gaining external validation of security practices. It provides examples of specific controls defined in Annex A of the standard related to security policies, asset management, access control, and more.
This document discusses business continuity planning (BCP). It outlines the key steps in developing an effective BCP, including: project scope and planning, business impact assessment, continuity planning, and approval/implementation. The project scope and planning phase involves analyzing the business organization, selecting a BCP team, assessing resource needs, and analyzing legal requirements. The business impact assessment identifies critical business functions, resources they depend on, risks/vulnerabilities, and calculates downtime tolerances. Continuity planning develops strategies to address identified risks and minimize their impact. The overall goal is to maintain business operations during a disaster through preparedness and recovery planning.
Here is an easy to use checklist for ISO 27001
if you require any advise please call CAW Consultancy Business Solutions on 01772 932058 or our 24 hour hotline 07427535662
This document provides an overview of risk management concepts and processes. It discusses risk analysis methods like NIST 800-30, FRAP, OCTAVE, and qualitative vs quantitative approaches. Key terms in risk analysis like assets, threats, vulnerabilities, and controls are defined. The risk management process involves framing, assessing, responding to, and monitoring risks. Risk can be handled through reduction, transfer, acceptance, avoidance, or rejection.
This document provides an overview of information security management systems (ISMS) and the ISO/IEC 27001 standard. It discusses how ISMS establishes a top-down, risk-based approach to securely managing an organization's information assets. Key points covered include the business drivers for ISMS, the components of an effective ISMS based on ISO 27001, and the steps involved in implementing, certifying and maintaining an ISMS over time.
Presentation for March 2017 webcast by NIST.
www.nist.gov/cyberframework
Webcast video: https://www.nist.gov/news-events/events/2017/03/cybersecurity-framework-virtual-events
This presentation introduces the audience to the Framework for Improving Critical Infrastructure Cybersecurity (“The Framework”). It provides a brief history about why and how the Framework was developed, and an understanding of each of the three primary Framework components (the Core, Implementation Tiers, and Profiles). It covers potential benefits of Framework, and how the Framework can be used. It highlights industry resources, progress in Roadmap areas, and future direction of the Framework program.
The security of information systems and business-critical information needs constant managing to ensure your operational continuity and data protection. ISO 27001 Information Security Management Systems certification allows you to stand out from the competition through strong information security measurement.
The document discusses network security policies and regulations. It begins with introducing the presenters and defines the challenges in defining security policies, measuring against policies, reporting and correcting violations, and summarizing compliance. It then covers the foundation, functions, and management of information security. The document outlines the purpose and elements of policies, and a 10-step approach to developing policies which includes risk assessment, creating a review board, developing a security plan, implementing policies and standards, training, compliance monitoring, evaluation, and modification. Minimum HIPAA security requirements and Creighton-specific policies are also summarized.
The document discusses an Information Security Management System (ISMS) and its key components. It describes ISMS as a structured methodology to evaluate, implement, maintain and manage information security controls to protect an organization's information assets. The main elements of an ISMS include:
- Defining the scope, conducting a risk assessment, and preparing a statement of applicability and risk treatment plan.
- Implementing security controls and an implementation program based on the risk treatment plan.
- Monitoring the system through compliance reviews, corrective actions, and continual improvement to ensure security objectives are met.
- Undergoing pre-certification assessment and certification audits to obtain independent verification that the ISMS is compliant with ISO 27
Priyanka Singh presented on cyber security. As computer usage has grown since the 1970s, so too have security threats. Cyber security now protects computers and networks from theft, damage, disruption or information disclosure of electronic data, software or hardware. It covers various elements like data, application, mobile, network, endpoint, cloud, database and infrastructure security. Cyber threats include cybercrime, cyberattacks and cyberterrorism. Common threat methods are phishing, malware, SQL injection, and backdoors. The presentation provided tips for building cyber security through password management, software protection, multi-factor authentication and disaster recovery planning.
This document provides an overview of access control, including identification, authentication, and authorization. It discusses different types of access controls like administrative, technical, and physical controls. It also covers specific access control methods like passwords, biometrics, smart cards, and tokens. Identification establishes a subject's identity, while authentication proves the identity. Authorization then controls the subject's access to resources based on their proven identity. The document categorizes access controls as preventive, detective, corrective, recovery, compensating, and directive. It provides examples of different administrative, technical, and physical controls that fall into each category.
The document discusses ISO 27001, ISO 27701, and information security management systems (ISMS). It provides an introduction and overview of the standards, including what is covered in ISO 27001. ISO 27701 is described as a privacy extension for ISO 27001. The certification process with ControlCase and KUMA is summarized in 3 steps: readiness assessment, ISO Stage 1 audit, and ISO Stage 2 audit. Common challenges around ISO 27001/27701 certification are listed. Benefits of partnering with ControlCase/Kuma are presented, including their expertise and delivering value beyond compliance.
The document discusses the components of an information security blueprint, including policies, standards, practices, and a security education program. It describes developing an enterprise security policy and issue-specific policies. The blueprint provides a plan for security controls, technologies, and training to ensure the organization's information is protected. It is the basis for designing and implementing all aspects of the security program.
The document discusses the differences between ePub 2 and ePub 3 formats. ePub 3 includes new features such as support for HTML5, CSS3, SVG, audio and video, JavaScript, and alternative navigation documents. It also describes layout types in ePub including reflowable and fixed layout. Fixed layout does not reflow content to fit different screens and may require metadata for proper display on devices.
Welcome to Cyber Threat Simulation Training powered by Tonex. Cyber Threat Simulation Training covers standards of cyber threats, progressed cyber fighting and threat simulation standards.
Cyber Threat Simulation Training is splitted into different parts comprising of essential cyber security, progressed cyber security, standards of cyber threat and hands-on threat simulation works out.
Learn about:
Basic cyber threat principles
Principles on threat environment
Principles of cyber simulation and modeling
Cyber threat simulation principles
Web application cyber threat fundamentals
Network and application reconnaissance
Data exfiltration & privilege escalation
Exploit application misconfigurations and more
Firewall and Threat Prevention at work
Tools to model and simulate cyber threat
Tools to monitor attack traffic
Who Should Attend:
Cyber Threat Analysts
Digital Forensic Analysts
Incident Response Team Members
Threat Hunters
Federal Agents
Law Enforcement Officials
Military Officials
Course Modules:
Cyberwarfare and Cyberterrorism
Overview of Global Cyber Threats
Principles of Cyber Threat Simulation
Cyber Threat Intelligence
Simulating Cyber Threats
Incident Detection
Response Threat Simulation
Cyber Threat Simulation Training.Price: $3,999.00 . Length: 3 Days.
Request more info about this Cyber Threat Simulation Training. Call +1-972-665-9786. Visit www.tonex.com/training-courses/cyber-threat-simulation-training/
Cyber Security Layers - Defense in Depth
7P's, 2D's & 1 N
People
Process
Perimeter
Physical
Points (End)
Network
Platform
Programs (Apps)
Database
Data
The latest Cybsersecurity Framework (Version 1) has been released by NIST(USA) and I have taken the key features of this critical Framework on Cybersecurity and converted into Mindmap for ease of readers.Please share your comments at my Email Id: Wajahat_Iqbal@Yahoo.com.Thank You
Note: The Source of Information are the Internet repositories and the Author does not take any responsibility for any Errors
This document discusses the Honeynet Project and cyber security governance frameworks. It provides an overview of Honeynet, a non-profit focused on computer security research. It then discusses the importance of cyber security governance and introduces the NIST Cybersecurity Framework. The framework consists of five functions (Identify, Protect, Detect, Respond, Recover), categories within each function, and implementation tiers that describe an organization's cybersecurity risk management practices. The document emphasizes that effective cyber security requires leadership and continuous risk management to address evolving threats.
2023.06 - CompTIA Security+ Everything you need to know about the new exam .pptxInfosec
Watch the webinar here: https://www.infosecinstitute.com/webinar/comptia-security-everything-you-need-to-know-about-the-sy0-701-update/
CompTIA’s Security+, the most popular cybersecurity certification in the world, is getting an overhaul! The updated exam (from SY0-601 to SY0-701) re-aligns the certification to match the most in-demand entry-level cybersecurity skills and trends heading into 2024.
Join Patrick Lane, Director of Certification Product Management at CompTIA, to learn how the Security+ certification is evolving so it remains the “go-to” certification for anyone trying to break into cybersecurity. You’ll learn about:
- Evolving Security+ domain areas and job skills
- Common job roles for Security+ holders
- SY0-601 and SY0-701 exam timelines
- Tips to pass the updated Security+ exam
- Plus Security+ questions from live viewers
The document discusses information life cycle and asset security. It covers the following key points:
1. Information goes through a 4 phase life cycle of acquisition, use, archival, and disposal. Controls are needed at each phase to protect the information.
2. Data classification and categorization help determine the appropriate security controls for different types of sensitive data based on their value, sensitivity, and criticality.
3. Roles such as data owner, data custodian, and system owner are defined along with their responsibilities to ensure proper management and protection of data throughout its life cycle.
This document provides an overview of chapter 1 of the CNIT 125 course on information security and CISSP preparation. It covers key security terms like confidentiality, integrity, and availability that make up the CIA triad. It also discusses security governance principles such as strategic planning, change management, data classification, and defining security roles and responsibilities. Finally, it introduces several common security control frameworks and standards like ISO 27000, NIST 800 series, and COSO that are used to implement controls and ensure compliance.
Information Security Management System ISO/IEC 27001:2005ControlCase
The document provides an overview of the ISO/IEC 27001 standard for information security management systems. It defines what ISO 27001 is, its history and development over time. It outlines the key parts of ISO 27001 including establishing an ISMS framework, conducting risk assessments, implementing controls, and monitoring/reviewing the system. The document explains benefits of ISO 27001 certification include improving security, ensuring regulatory compliance, and gaining external validation of security practices. It provides examples of specific controls defined in Annex A of the standard related to security policies, asset management, access control, and more.
This document discusses business continuity planning (BCP). It outlines the key steps in developing an effective BCP, including: project scope and planning, business impact assessment, continuity planning, and approval/implementation. The project scope and planning phase involves analyzing the business organization, selecting a BCP team, assessing resource needs, and analyzing legal requirements. The business impact assessment identifies critical business functions, resources they depend on, risks/vulnerabilities, and calculates downtime tolerances. Continuity planning develops strategies to address identified risks and minimize their impact. The overall goal is to maintain business operations during a disaster through preparedness and recovery planning.
Here is an easy to use checklist for ISO 27001
if you require any advise please call CAW Consultancy Business Solutions on 01772 932058 or our 24 hour hotline 07427535662
This document provides an overview of risk management concepts and processes. It discusses risk analysis methods like NIST 800-30, FRAP, OCTAVE, and qualitative vs quantitative approaches. Key terms in risk analysis like assets, threats, vulnerabilities, and controls are defined. The risk management process involves framing, assessing, responding to, and monitoring risks. Risk can be handled through reduction, transfer, acceptance, avoidance, or rejection.
This document provides an overview of information security management systems (ISMS) and the ISO/IEC 27001 standard. It discusses how ISMS establishes a top-down, risk-based approach to securely managing an organization's information assets. Key points covered include the business drivers for ISMS, the components of an effective ISMS based on ISO 27001, and the steps involved in implementing, certifying and maintaining an ISMS over time.
Presentation for March 2017 webcast by NIST.
www.nist.gov/cyberframework
Webcast video: https://www.nist.gov/news-events/events/2017/03/cybersecurity-framework-virtual-events
This presentation introduces the audience to the Framework for Improving Critical Infrastructure Cybersecurity (“The Framework”). It provides a brief history about why and how the Framework was developed, and an understanding of each of the three primary Framework components (the Core, Implementation Tiers, and Profiles). It covers potential benefits of Framework, and how the Framework can be used. It highlights industry resources, progress in Roadmap areas, and future direction of the Framework program.
The security of information systems and business-critical information needs constant managing to ensure your operational continuity and data protection. ISO 27001 Information Security Management Systems certification allows you to stand out from the competition through strong information security measurement.
The document discusses network security policies and regulations. It begins with introducing the presenters and defines the challenges in defining security policies, measuring against policies, reporting and correcting violations, and summarizing compliance. It then covers the foundation, functions, and management of information security. The document outlines the purpose and elements of policies, and a 10-step approach to developing policies which includes risk assessment, creating a review board, developing a security plan, implementing policies and standards, training, compliance monitoring, evaluation, and modification. Minimum HIPAA security requirements and Creighton-specific policies are also summarized.
The document discusses an Information Security Management System (ISMS) and its key components. It describes ISMS as a structured methodology to evaluate, implement, maintain and manage information security controls to protect an organization's information assets. The main elements of an ISMS include:
- Defining the scope, conducting a risk assessment, and preparing a statement of applicability and risk treatment plan.
- Implementing security controls and an implementation program based on the risk treatment plan.
- Monitoring the system through compliance reviews, corrective actions, and continual improvement to ensure security objectives are met.
- Undergoing pre-certification assessment and certification audits to obtain independent verification that the ISMS is compliant with ISO 27
Priyanka Singh presented on cyber security. As computer usage has grown since the 1970s, so too have security threats. Cyber security now protects computers and networks from theft, damage, disruption or information disclosure of electronic data, software or hardware. It covers various elements like data, application, mobile, network, endpoint, cloud, database and infrastructure security. Cyber threats include cybercrime, cyberattacks and cyberterrorism. Common threat methods are phishing, malware, SQL injection, and backdoors. The presentation provided tips for building cyber security through password management, software protection, multi-factor authentication and disaster recovery planning.
This document provides an overview of access control, including identification, authentication, and authorization. It discusses different types of access controls like administrative, technical, and physical controls. It also covers specific access control methods like passwords, biometrics, smart cards, and tokens. Identification establishes a subject's identity, while authentication proves the identity. Authorization then controls the subject's access to resources based on their proven identity. The document categorizes access controls as preventive, detective, corrective, recovery, compensating, and directive. It provides examples of different administrative, technical, and physical controls that fall into each category.
The document discusses ISO 27001, ISO 27701, and information security management systems (ISMS). It provides an introduction and overview of the standards, including what is covered in ISO 27001. ISO 27701 is described as a privacy extension for ISO 27001. The certification process with ControlCase and KUMA is summarized in 3 steps: readiness assessment, ISO Stage 1 audit, and ISO Stage 2 audit. Common challenges around ISO 27001/27701 certification are listed. Benefits of partnering with ControlCase/Kuma are presented, including their expertise and delivering value beyond compliance.
The document discusses the components of an information security blueprint, including policies, standards, practices, and a security education program. It describes developing an enterprise security policy and issue-specific policies. The blueprint provides a plan for security controls, technologies, and training to ensure the organization's information is protected. It is the basis for designing and implementing all aspects of the security program.
The document discusses the differences between ePub 2 and ePub 3 formats. ePub 3 includes new features such as support for HTML5, CSS3, SVG, audio and video, JavaScript, and alternative navigation documents. It also describes layout types in ePub including reflowable and fixed layout. Fixed layout does not reflow content to fit different screens and may require metadata for proper display on devices.
El documento trata sobre plásticos y polímeros. Explica que los plásticos son sustancias que pueden moldearse y tomar diferentes formas, y que los polímeros son moléculas grandes formadas por la unión de monómeros. Describe también algunos tipos comunes de plásticos como el PVC y polietileno, así como polímeros como el nylon y polipropileno. Finalmente, resume distintos métodos para procesar plásticos, como la extrusión, inyección y soplado.
Messenger wars 2: How Facebook climbed back to number 1On Device Research
In the 2 years since our last report, Facebook has strategically climbed its way back to be number one of social messengers. With competition from super secret Snapchat and social messaging ecosystems, WeChat and Line - who will win the battle? Our research of smartphone users in USA, UK, Germany, Japan and China explores the best of social messaging.
This document provides an overview of the temporomandibular joint (TMJ). It begins by defining the TMJ as the joint connecting the mandible to the skull and regulating mandibular movement. It then describes the different types of joints in the body before focusing on the specifics of the TMJ. Key points include that the TMJ is a complex synovial joint that allows for both hinging and gliding movements. An articular disc separates the condyle of the mandible and fossa of the temporal bone. The document outlines the development, structures, innervation, vascularization and biomechanics of the TMJ.
The document discusses various psychological and physiological factors that affect learning. Some key psychological factors include readiness, interest, intelligence, motivation, attitudes, feelings, frustration, aptitude, mental health, natural ability to learn, individual differences, ability, orientation, and fear of failure. Physiological factors discussed include maturity, needs, physical health, self-concept, proper nutrition, proper sleep, and tiredness. The document emphasizes that teachers should understand these factors and how they influence learning in order to best support their students' education.
The NEW Way to Win Friends & Influence People (social media in events)Lara McCulloch-Carter
The document discusses how to use social media to make friends and influence people. It provides Dale Carnegie's six ways to make people like you and explains how these principles still apply online. It then discusses specific social media platforms like blogging, microblogging on Twitter, and professional networking on LinkedIn as ways for event planners to engage others and spread ideas. Throughout, it emphasizes listening to what others are saying and adding value to conversations.
This document provides tips and best practices for using LinkedIn for marketing purposes. It discusses how to create an effective company presence on LinkedIn by adding company information and customizing profile tabs. It also offers strategies for attracting and engaging followers, such as inviting connections, using groups, and sharing relevant content. The document recommends analyzing engagement metrics and ROI to ensure marketing efforts on LinkedIn are effective.
This document discusses how peer-to-peer (P2P) platforms are disrupting the travel industry. It outlines various P2P services focused on hospitality, experiences, transportation, and social connections. While some traditional players view P2P as competition, the document argues they could embrace it by partnering with these startups, launching complementary services, or taking inspiration from what consumers like about P2P's authentic local experiences and ability to connect and share. It also notes that P2P appeals most to millennials but could attract other generations, and that established brands have strengths around trust and convenience that P2P lacks.
Gastroenteritis is an infection or inflammation of the stomach and intestines that is commonly caused by viruses, bacteria, parasites, toxins, chemicals or drugs. Common symptoms include nausea, vomiting, diarrhea, abdominal pain and cramps, fever and weakness. The main risk is dehydration, which can be life-threatening. Treatment focuses on rehydration and may include antibiotics, antiparasitic drugs or intravenous fluids depending on the cause. Prevention involves proper handwashing and food safety practices. Most cases resolve within a few days but dehydration can prolong recovery.
The New American Dream: Why People Are Choosing to RentSuong Nguyen
As more people choose to rent apartments over buying homes, North American Properties - Atlanta (NAP) has released “The New American Dream” SlideShare that looks at who the new renter is, what factors are contributing to this trend and what it means for the future of multi-housing. NAP first became interested in studying this phenomenon after receiving a flood of inquiries for its luxury rental property, Haven, at Avalon, a $600 million mixed-use development opening Oct. 30 in Alpharetta, Georgia.
Best ppt on Presentation on Coal handling plantRonak Thakare
This document provides an overview of a coal handling plant (CHP). It discusses what a CHP is, its main components and processes. The key points covered include:
- A CHP receives, processes, stores and feeds coal to boiler bunkers. Its main goal is to supply processed coal to coal mills.
- Main components include wagon tipplers, crushers, conveyor belts, feeders, bunkers. Coal is crushed to different sizes and conveyed to bunkers or storage.
- Coal is transported mainly by railways in wagons and unloaded by rotary or side tipplers. Other transport modes include ropeways and road.
- The document outlines the operating sequence,
The document discusses the selection of research problems in nursing. It outlines sources that nursing research problems can come from, such as personal experiences, literature, theories, and previous studies. Factors like ethics, significance, and feasibility must be considered when determining a research problem. The process of selecting a specific problem involves first identifying potential problems and then evaluating them based on criteria like general interest, ability to study, and implications for nursing. An example research problem and statement are provided on examining opinions about men and women entering the nursing career. Guidelines for critiquing a problem statement, like ensuring clarity and inclusion of key elements, are also outlined.
This document discusses IT governance and risk management practices. It outlines key aspects of IT governance including IT strategy committees, balanced scorecards, information security governance, and enterprise architecture. It also describes the components of a risk management program including identifying assets, analyzing risks through threat, vulnerability and impact assessments, and establishing a risk management process. The goal is to help organizations control IT from a strategic perspective, seek and manage risk, and ensure business needs are met.
Slides from a three hour tutorial presented at XTech 2008 on the 6th of May. See also <a href="http://simonwillison.net/static/2008/xtech/">the supporting notes</a>.
The document provides tips for organizations to promote idea generation and implementation among employees. It suggests that frontline staff, not management, are often the source of novel ideas. It advocates focusing on small, easy-to-implement ideas rather than large ones. Key recommendations include not rewarding individual ideas financially and measuring idea quantity/quality rather than results. Managers should promote idea sharing and hold regular idea meetings. The benefits of ideas are difficult to quantify fully, so cost-benefit analysis should be avoided. Instead, organizations should focus on being process-oriented and solving specific problems. Fostering conditions for creativity like self-initiation, unofficial activity, serendipity, diverse stimuli and communication can also increase idea generation.
This document provides a summary of the state of WordPress in 2012. It discusses key metrics like growth in users and sites on WordPress. Challenges and priorities for the future are also outlined, such as a focus on mobile, timely updates, and simplicity without being simplistic. The document ends by thanking Matt Mullenweg for his leadership as co-founder of WordPress.
This is First Round's effort to provide an in-depth snapshot of what founders across the entire tech ecosystem are thinking and doing, what they're excited about and worried about, and how they're seeing the market. We surveyed venture-backed founders from within and beyond the First Round community — and received over 700 responses, volunteering their experience and opinions.
The vertical raw mill uses compression, shear and impact forces for grinding raw materials into powder. Materials are fed into the center of a grinding plate and distributed under rolling pressure from grinding rollers. Grinding creates friction that breaks down materials into a fine powder. Ground material is transported to a separator by gas flow where coarse particles fall back to regrinding. Process parameters like grinding pressure, material layer thickness and temperature are controlled to maintain operation. Vibrations are monitored and addressed if excessive. The mill can experience issues like uneven feeding or metal contamination that require corrective measures.
SlideShare is a global platform for sharing presentations, infographics, videos and documents. It has over 18 million pieces of professional content uploaded by experts like Eric Schmidt and Guy Kawasaki. The document provides tips for setting up an account on SlideShare, uploading content, optimizing it for searchability, and sharing it on social media to build an audience and reputation as a subject matter expert.
Gainful Information Security is an information security and systems development firm established in Harare, Zimbabwe in 2007 to partner with African private and public sectors for a secure, efficient and cost-effective information lifecycle.
This document provides an overview of ISO27001's risk assessment approach, which involves identifying assets, threats, vulnerabilities and controls to determine inherent and residual risks. Key steps include identifying high value assets, threats against those assets, vulnerabilities that could be exploited by threats, inherent risk levels without controls, existing controls, and residual risk levels with controls in place. Risks still above thresholds after controls would be added to an information security risk register for ongoing treatment and monitoring.
Tech Alliance provides five cybersecurity services: 1) Enterprise Security Program Design and Implementation to assess risks, identify gaps, and create a security roadmap; 2) IT Risk Assessment to identify threats, vulnerabilities, impacts, and recommend controls; 3) Disaster Recovery Planning and Implementation to design technology solutions and processes to ensure business continuity; 4) Vulnerability Assessment and Penetration Testing to identify and prioritize vulnerabilities and validate fixes; 5) a Security Operations Center for 24/7 security monitoring, event correlation, and reporting.
Tech Alliance provides five cybersecurity services: 1) Enterprise Security Program Design and Implementation to assess risks, identify gaps, and create a security roadmap; 2) IT Risk Assessment to identify threats, vulnerabilities, impacts, and recommend controls; 3) Disaster Recovery Planning and Implementation to design technology solutions and processes to ensure business continuity; 4) Vulnerability Assessment and Penetration Testing to identify vulnerabilities and validate fixes; 5) a Security Operations Center for 24/7 monitoring of networks, systems, and security devices.
If you rely on your IT infrastructure to maintain data integrity and protect your business from financial losses, it’s a good idea to invest in network monitoring and maintenance, and achieve compliance with legislated standards.
Implementing a Security Framework based on ISO/IEC 27002pgpmikey
The document discusses implementing an information security framework based on ISO/IEC 27002. It outlines the sections of the ISO 27002 standard, describes how to assess the scope and maturity of an organization's security practices, and discusses developing a policy framework, benchmarking, and tracking progress. The presentation covers next steps such as addressing other audits, risk assessment, and developing an information security program.
Information Security is becoming a focus for the entire enterprise, not just IT. This need to align both business and technology is forcing IT to move Information Security from afterthought to forethought. Architects now ponder how Information Security can be integrated into the broader topic of Enterprise Architecture. This session shows how to make the integration happen. You will learn how to integrate assets and define trusts and threat models as a part of your overall EA plan. You will also understand how Information Security is traced all the way from business architecture to the technology implementation. Participants will understand the components of an Integrated EA and Information Security framework and ensuring the traceability between business goals and IT security solutions delivered from the framework.
Key Issues:
-Understand the need to think early about Information Security
-Learn to incorporate Information Security into your EA blueprint and roadmap
-Integrate Informatoin Security Goals, objectives and capabilities with your EA view of strategy
-Integrate security policies, services and mechanisms with your EA view of solutions
-Integrate security mechanisms, standards, and guidelines into your implementations
The document provides an overview of the Information Security & Risk Management domain for the CISSP certification. It discusses key topics including information security concepts, governance, risk management, information classification, and security controls. The objectives are to understand planning and securing information assets, developing security policies and procedures, conducting risk assessments, and implementing controls to ensure confidentiality, integrity and availability. New requirements for 2012 include project management knowledge and privacy compliance.
Health Informatics – Application of Clinical Risk Management to the Manufacture and Deployment of Health Software. Thick M. eHealth week 2010 (Barcelona: CCIB Convention Centre; 2010)
Strategic Leadership for Managing Evolving Cybersecurity RisksMatthew Rosenquist
2014 NSF Cybersecurity Summit keynote presentation from Matthew Rosenquist, Cybersecurity Strategist for Intel Corp.
Cybersecurity is difficult. It is a serious endeavor which strives to find a balance in managing the security of computing capabilities to protect the technology which connects and enriches the lives of everyone. Characteristics of cyber risk have matured and expanded on the successes of technology innovation, integration, and adoption. It is no longer a game of tactics, but rather a professional discipline, continuous in nature, where to be effective strategic leadership must establish effective and efficient structures for evolving controls to sustain an optimal level of security.
This presentation will discuss the challenges, organizational opportunities, and explore best practices to align investments in security to the risk appetite of an organization.
The document discusses risk management on high technology programs. It outlines the agenda for a 4 hour session which will cover the principles of risk management, introduce Continuous Risk Management (CRM), illustrate each CRM process area with examples, and familiarize participants with identifying risks. The document then discusses the five principles of risk management and explains concepts like the Mission-Oriented Success Analysis and Improvement Criteria (MOSAIC) framework for assessing project risk.
This presentation was given at the BSidesMemphis 2012 and DerbyCon 2012 information security conferences. It lays out the process that a person should follow to implement a database security program specific to their organization.
The document discusses predictive security intelligence and how it can drive productive partnerships between security, audit, and risk teams. It outlines FICO's security analytics journey and how their business challenges parallel those in security. Core Security's CORE Insight solution provides predictive threat analysis and visualization to help prioritize vulnerabilities and understand an organization's overall security posture. Intelligence and metrics can bridge gaps between teams by conveying risk in a common language and validating security controls.
This comprehensive guide delves into the essential types of testing used in cybersecurity to ensure the resilience of digital systems against malicious attacks. From vulnerability assessments and penetration testing to social engineering and security audits, each testing method is examined in detail, providing insights into their purpose, methodology, and significance in safeguarding against cyber threats. Whether you're a cybersecurity professional seeking to deepen your knowledge or a novice looking to understand the fundamentals, this guide offers valuable insights into the world of cybersecurity testing. for more cybersecurity knowledge visit https://bostoninstituteofanalytics.org/data-science-and-artificial-intelligence/#
The document provides an overview of the CISSP certification course. It outlines the 8 domains that will be covered in the CISSP certification exam: Security and Risk Management, Asset Security, Security Engineering, Communications and Network Security, Identity and Access Management, Security Assessment and Testing, Security Operations, and Software Development Security. It also provides details about the exam such as the number of questions, time limit, and materials allowed.
This document discusses several challenges in implementing cyber security including the information security model, risk management, and survivability. It outlines various opportunities for intrusion such as rapidly adopted networks and exploitable vulnerabilities. The document also discusses internal and external intruders as well as the information security model. Risk is defined and risk management processes are outlined including risk assessment. The concept of survivability and an approach using multiple layers of protection for critical assets is presented.
Outlook emerging security_technology_trendswardell henley
This document outlines 9 emerging security technology trends that are expected to impact organizations in the next 2-5 years. These trends include securing virtualized environments, alternative ways to deliver security, managing risk and compliance, trusted identity, information security, predictable security of applications, protecting the evolving network, securing mobile devices, and sense-and-response physical security. The document was published by IBM in October 2008 to provide organizations with insights on upcoming trends so they can strategically balance security risks and opportunities.
1. 2009
CISSP summary
Version 1.1
Maarten de Frankrijker
Revised by Christian Reina, CISSP
This document may be used only for informational, training and noncommercial purposes. You are free to copy, distribute, publish and alter this document under the conditions that you give credit to the original author.
2009 ‐ Maarten de Frankrijker. Revised by Christian Reina, CISSP.
2. Concepts Security policies, standards and guidelines Legislative drivers
CIA Negative: (DAD disclosure alteration and destruction) Policies first and highest level of documentation FISMA(federal agencies)
Confidentiality prevent unauthorized disclosure Phase 1 categorizing, selecting minimum controls, assessment
Integrity no unauthorized modifications, consistent data Very first is called Senior management Statement of Policy, Phase 2: create national network of secures services to assess
Availability reliable and timely accessible Stating importance, support and commitment NIST
Types 8 elements reassessments owners have responsibilities. Benefits:
Identification user claims identity, used for user access control - Regulatory (required due to laws, regulations, consistent; comparable; repeatable
Authentication testing of evidence of users identity compliance and specific industry standards!) OECD
Accountability determine actions to an individual person - Advisory (not mandatory but strongly suggested) accountability, awareness, ethics, etc loads of one word things
Authorization rights and permissions granted - Informative to inform the reader
privacy level of confidentiality and privacy protections Risk Management
Information policy has classifications and defines level of access GOAL
Controls and method to store and transmit information Determine impact of the threat and risk of threat occurring
Prime objective is to reduce the effects of security threats and Security policies has Authentications and defines technology
vulnerabilities to a tolerable level used to control information access and distribution ACTIVITIES
Risk analysis process that analyses threat scenarios and SYSTEM security policy lists hard software to be used and steps Primary (risk assessment, mitigation methodology)
produces a representation of the estimated Potential loss to undertake to protect infrastructure Secondary (data collection and sources for risk analysis)
Types Physical, Technical and Administrative
Standards Specify use of specific technologies in a uniform way Types of Risk
Guidelines same as standards but not forced to follow Inherent chance of making an error with no controls in place
Information classification Procedures Detailed steps to perform a task Control chance that controls in place with prevent, detect or
WHY? Not all data has same value, demonstrates business Baseline Minimum level of security
Domain 1 Security Management
control errors
commitment to security, Identify which information is most
Detection chance that auditors won’t find an error
sensitive and vital Security planning Residual risk remaining after control in place
Criteria Value, age, useful life, personal association Security Planning involves security scope, providing security Business concerns about effects of unforeseen circumstances
Levels management responsibilities and testing security measures for Overall combination of all risks aka Audit risk
Government, military effectiveness. Strategic 5 years Tactical shorter than strategic
- Unclassified Operational day to day, short term
- Sensitive but unclassified (answers to test, Healthcare) Preliminary Security Examination (PSE): Helps to gather the
- Confidential (some damage) elements that you will need when the actual Risk Analysis takes
- Secret (Serious damage)
Roles and responsibilities
place.
Senior Manager ultimate responsibility
- Top Secret (Grave damage)
Information security Officer functional responsibility
Private sector ANALYSIS
Security Analyst Strategic, develops policies and guidelines
- Public Steps: Identify assets, identify threats, and calculate risk.
Owner
- Sensitive
- Responsible for asset Qualitative HAPPY FACES
- Private
- Determine level of classification - Higher level , brainstorming, focus groups etc
- Confidential
- Review and change classification Quantitative VALUES!!
- Can delegate responsibility to data custodian
- SLE (single Loss Expectancy) = Asset Value * Exposure
Security Awareness - Authorize user privileges
Technical training to react to situations, best practices for Security Custodian factor (% lost of asset)
and network personnel - Run regular backups/restores and validity of them - ALE (Annual loss expectancy) = SLE * ARO
Employees, need to understand policies then use presentations - Insuring data integrity and security (CIA) (Annualized Rate of occurrence)
and posters etc to get them aware - Maintaining records in accordance to classification Remedies: Accept, mitigate(reduce by implementing controls
- Applies user authorization calculate costs-), Assign (insure the risk to transfer it), Avoid (stop
Losses End-user business activity)
staff members pose more threat than external hackers - Uses information as their job
- Follow instructions in policies and guidelines Loss= probability * cost
loss of money stolen equipment,
loss of time work hours - Due care (prevent open view by e.g. Clean desk)
loss off reputation declining trusts and - Use corporation resources for corporation use Risk Based Audit approach
loss of resources bandwidth theft Auditor examines security controls - Planning and information gathering
- Access internal controls
- Compliancy testing
- Substantive tests
- Finalize the audit
3. Access control Controls Something a user knows
ACCESS is flow of information between a subject and an object Primary controls
CONTROL security features that control how users and systems Administrative PASSWORDS
communicate and interact with other systems and resources - Preventive: hiring policies, screening security cheap and commonly used
Subject is active entity that requests access to an object or data awareness (also called soft-measures!) password generators
within the object (user, program) - Detective: screening behavior, job rotation, review of user chooses own (do triviality and policy checking)
Object is a passive entity that contains information (computer, audit records
database, file, program) Technical (aka Logical) One-time password aka dynamic password used only once
access control techniques support the access control models - Preventive: protocols, encryption, biometrics Static password Same for each logon
smartcards, routers, firewalls Passphrase easiest to remember. Converted to a virtual
CIA - Detective: IDS and automatic generated violation password by the system.
Confidentiality reports, audit logs Cognitive password: easy to remember like your mother’s
assurance that information is not disclosure to Physical maiden name
unauthorized programs, users, processes - Preventive: fences, guards, locks
encryption, logical and physical access control, - Detective: motion detectors, thermal detectors video Hacking
The data needs to be classified cameras - access password file
Integrity - brute force attack (try many different characters) aka
- protecting data or a resource from being altered in an Operational controls exhaustive
unauthorized fashion Detective, Preventive (PASSWORDS TOO), Corrective(restore - dictionary attack (try many different words)
Availability controls), Restore control (restore resources) deterrents - Social engineering (convince an individual to give
- fault tolerance and recovery procedures access)
- depends on business and value to business - Rainbow Tables (tables with passwords that are already
Types in hash format
Domain 2 – Access Control
IAAA Mandatory access control
Identification Authorization depended on security labels which indicate password checker and password hacker
- ensuring that a subject is who he says he is clearance and classification of objects (Military). Restriction: need both programs that can find passwords (checker to see if its
- Unique user name, account number etc OR an issuance to know can apply. Lattice based is part of it! (A as in compliant, hacker to use it by the hacker)
(keycard) mAndatory!). Rule based access control. Objects are: files,
- must be non descriptive (you can’t see what someone directories and devices hashing and encryption
can do by the name) - On windows system with utility SYSKEY. The hashed
- First piece of credentials Discretionary access control passwords will be encrypted in their store LM hash and
Authorization Access through ACL's. Discretionary can also mean: Controlled NT Hash
- like password, phrase key token, pin access protection (object reuse, protect audit trail). User directed - some OS’s use Seed SALT or NONCE, random values
- looking at access control matrix or comparing security access control (identity based and hybrid based are also forms of added to the encryption process to add more complexity
labels discretionary) Identity Based AC
- Stacking of authorizations is called Authorization Creep, Something a user has
too much rights is called excessive privileges Non-discretionary access control Key, swipe card, access card, badge PASSWORDS.
- Granted privileges and system granted default access A central authority determines what subjects have access based tokens
- default no access, give only access that’s needed ( = on policies. Role based/task based. Also lattice based can be
NEED TO KNOW) applied (greatest lower, least upper bounds apply) Static password token owner authenticates to token, token
- Second piece of credentials authenticates to the information system
- Strong Authentication if you use 2 out of the three Synchronous (TIME BASED) dynamic, uses time or a counter
authentications (know, has, is)AKA 2-factor between the token and the authentication server, secure-ID is an
authentication example
- Something a person KNOWS, HAS, IS (knowledge, asynchronous (NOT TIME BASED) server sends a nonce
ownership, characteristics) (random value) This goes into token device, encrypts and delivers
Accountability a one-time password, with an added PIN its strong authentication
- each subject is uniquely identified and actions are Challenge/response token generates response on a
recorded system/workstation provided challenge
Logical Access Controls: tools used for IAAA
4. Access control methodologies
Something a user is KERBEROS Centralized access control
What you do: behavioral Kerberos addresses Confidentiality and integrity and RADIUS
What you are: physical authentication, not availability Remote connectivity via dial in (user dials in to access server,
BIOMETRICS Kerberos Is based on symmetric key cryptology (and is not a access server prompt for credentials, user enters credentials and
- Most expensive propriety control) forwards to radius server, radius server accepts or rejects). USES
- Acceptable 2 minutes per person for enrollment time Time synchronization is critical UDP. Incorporates an AS and dynamic/static password
- Acceptable 10 people per minute throughput time MIT project Athena DIAMETER= remote connectivity using phone wireless etc, more
- IRIS is the same as long as you live Kerberos is included in windows now (replaced NTLM=NT-LAN secure than radius
- TYPE 1 error: False rejection rate FRR Manager) CALLBACK; system calls back to specific location (danger in user
- TYPE 2 error: False Acceptance rate FAR Passwords are never exchanged only hashes of passwords forwarding number)
- CER Crossover Error Rate or EER Equal Error rate, Benefits: inexpensive, loads of OS’s mature protocol CHAP (part of PPP) supports encryption
where FRR = FAR. The lower CER/ERR the more Disadvantage: takes time to administer, can be bottleneck or TACACS: user-id and static password for network access via TCP
accurate the system. single point of failure XTACACS separates authentication, authorization and accounting
No sunlight in iris scanner The term realm indicates an authentication administrative domain. processes
zephyr chart = iris scans Its intention is to establish the boundaries within which an TACACS+: stronger through use of tokens
Finger print: stores full fingerprint (one- to-many authentication server has the authority to authenticate a user, host
identification), finger scan only the features (one to one or service. Decentralized access control
identification). Uses symmetric Key cryptography Databases
Finger scan most widely used today - KDC Key Distribution Center, grants tickets to client for Relational databases allow queries
Acceptability Issues: privacy, physical, psychological specific servers. Knows all secret keys of all clients and Object oriented databases do not support queries
servers from the network
- AS (Authentication server) 3 parts
TGS - Ticket granting server - Data structures called tables or relations
T YPES OF B IOMETRICS
- Integrity rules
Fingerprints: Are made up of ridge endings and bifurcations Working: - Operators on the data in tables
exhibited by the friction ridges and other detailed Client authenticates to the KDC. His passwords becomes an one
characteristics that are called minutiae. way hasted + time = secret key to the AS and gets a TGT Ticket Relation: basis of the database consists of a two dimensional
Retina Scans: Scans the blood-vessel pattern of the retina Granting Ticket, table
on the backside of the eyeball. Client then accesses the TGS with the TGT he has and gets a
Iris Scans: Scan the colored portion of the eye that ticket to service. ROWS are records of tuples. Number of rows is cardinality
surrounds the pupil. Then the user can use this ticket to service to use the service
Facial Scans: Takes attributes and characteristics like bone
Domain 2 – Access Control
COLUMNS are attributes. Number of columns is the degree
structures, nose ridges, eye widths, forehead sizes and chin SESAME
shapes into account. - Public Key Cryptology PRIMARY KEY: unique identifier in a table
Palm Scans: The palm has creases, ridges and grooves - European
throughout it that are unique to a specific person. - Needham-Schroeder protocol Foreign Keys: used to enforce relationship between two tables.
Hand Geometry: The shape of a person’s hand (the length Weakness: only authenticates the first block and not the complete This is also called referentional integrity, that you don’t have a
and width of the hand and fingers) measures hand geometry. message nonexistent reference.
Voice Print: Distinguishing differences in people’s speech Two tickets:
sounds and patterns. - One authentication, like Kerberos
- Other defines the access privileges a user has
Smart Cards
Signature Dynamics: Electrical signals of speed and time IEC 14443 = smartcards
that can be captured when a person writes a signature. - Works with PACS (Privileged Attribute Certificates)
- sesame uses both symmetric as asymmetric encryption The combi-card -- also known as a dual-interface card -- has one
Keyboard Dynamics: Captures the electrical signals when a smart chip embedded in the card that can be accessed through
person types a certain phrase. (thus improvement upon Kerberos)
either contact pads or an embedded antenna.
Hand Topology: Looks at the size and width of an - Smarter than storage cards
KRYPTOKNIGHT
individual’s hand and fingers. - Storage smart card holds RSA key pairs in memory
IBM – thus RACF
Peer-to-peer relationship between KDC and parties - RSA smart cards have processor that compute (sign
Single Sign On (SSO) and verify RSA certificates) and create RSA key pairs
Advantage: ability to use stronger passwords, easier SCRIPTING
administration, less time to access resources. scripts contain logon information that authenticates users
Disadvantage: once a key is compromised all resources can be
accessed. DIRECTORY SERVICE
Thin client is also a single sign on approach Hierarchical naming schema
active directory has sophisticated security resources (group
policy, user rights accounts, DNS services)
5. Identity management - Provisioning IPS Intrusion prevention system
Performs all of IAAA o user information taken from HR Detect attack and PREVENT that attack being successful
(authoritative source)
Directory based o Identity data put in an centralized directory Penetration testing
- hierarchical x500 standard protocol like LDAP for (identity repository) Blue team had knowledge of the organization, can be done frequent
allowing subjects to interact with the directory o manager will appoint new employees, and least expensive
- Organized through name spaces (Through accounts are created automatically Red team is external and stealth
Distinguished names ) o user provisioning refers to creation, White box ethical hacker knows what to look for
- Needs client software to interact maintenance and deactivation of user Black box ethical hacker not knowing what to find
- META directory gathers information from multiple objects and attributes on systems,
sources and stores them into once central directory and directories or application in response to 4 stages: planning, discovery, attack, reporting
synchronizes business processes. vulnerabilities exploited: kernel flaws, buffer overflows, symbolic
- VIRTUAL directory only points where the data resides Profile update links, file descriptor attacks
- collection of data associated with identity is called a other model: footprint network (information gathering) port scans,
Web Access Management profile vulnerability mapping, exploitation, report
- allows administrators to control what users can access - self service is it called when a user can update his scanning tools are used in penetration tests
when browsing enterprise assets own non-sensitive data flaw hypotheses methodology = operation system penetration testing
- mostly working as stateless HTTP, during session you - digital entity is made up of different attributes (like
are authenticated, once logged of you have to re- manager, sex height etc) has clearance level yyy etc Other things to know
indentify and authenticate - Federation = sharing identity and authentication Constrained user interfaces limit the functions that can be selected
- Can also work as Single Sign on by use of SSL where behind the scenes (like booking flight --> booking by a user
through the use of COOKIES the authentication is being hotel without re authenticating) by using a federate
held in memory (preferably) or text file identity so used across business boundaries threat: something that could happen to a system,
vulnerability: is a weakness or hole in the security
Password Management Network security
- Password Synchronization. Systems synchronize the NIST 800-42 = security testing Race Condition: when two or more processes use the same
Domain 2 – Access Control
passwords to multiple systems. User has one password War driving: driving a car with notebook to find open access resource and the sequence of steps within the software can be
but has to re-authenticate at every system. Danger: if point to a network carried out in an improper order, thus like force the authorization
one password is hacked, all resources can be
step to take place before the authentication step.
accessed. Differs from legacy sign on: Users IDS intrusion detection system
authenticates once then will gain access without re- NETWORK BASED TOC/TOU Attack is an asynchronous attack when an attacker
authentication - Detects intrusions on the local area network behind a interrupts a task and changes something to affect the result
- Self-Service password reset. Personal questions (pet’s firewall.
name, mother’s maiden name). Often done by question, - Is passive while it acquires data. The system key (SYSKEY) protects security information (including
then sending mail with link so identity tied to the answer - Reviews packets and headers password information) in the Active Directory database and other
- Assisted password reset. Help Desk authenticates you - Problem with network based is that it will not detect Local Security Authority (LSA) secrets against offline attacks by
by question and answer attacks by users logged into hosts encrypting their storage on a domain controller in a Windows server
Account management HOST BASED Hardening an operation system: disable services and remove
- life cycle management (creating, modifying and deleting - monitoring servers through EVENT LOGS AND unnecessary applications
accounts) SYSTEM LOGS
- Can be automatically or by tickets for technical - as good as the completeness of the host logging allowing downloads on a honey pot = illegal (entrapment)
administrators on request of the managers
- mainly for internal accounts Signature based method (AKA Knowledge based): compared Categories within a security label are used to enforce need to know
with signature attack database (aka misuse detector)
Statistical anomaly based: defines a ‘normal’ behavior and fault generation = getting the encryption key
detects abnormal behaviors.
Response box is a part of an IDS that initiates alarm or activity
Components: Information source/sensor, centralized monitor
software, data and even report analysis, database components
and response to an event or intrusion
6. Network Availability Network abuse FRAGGLE – similar to Smurf but uses UDP
Class A : unauthorized access by circumventing access controls. Countermeasures – disable broadcast at border routers; border
Legitimate users that gain higher access or pretends to be routers should not accept packets that originate within network;
Raid levels another user (masquerading) restrict UDP traffic; employ IDS; apply appropriate patches.
RAID 0 Striped, one large disk out of several –Improved Class B – unauthorized use of network for non business
performance but no fault tolerance properties
RAID 1 Mirrored drives –fault tolerance from disk errors and single Surfing internet, porn sites, private emails Land Attack - The attack involves sending a spoofed TCP SYN
disk failure, expensive Class C – Eavesdropping packet (connection initiation) with the target host's IP address and
Domain 3 – Telecommunications and Network
RAID 2 not used commercially. Hamming Code Parity Interception of network traffic. Tapping = physical interception like an open port as both source and destination.
RAID 3 Striped on byte level with extra parity drive –Improved clipping The reason a LAND attack works is because it causes the
performance and fault tolerance, but parity drive is a single point Passive eavesdropping: monitoring or listening to transmissions machine to reply to itself continuously.
of failure and write intensive. Active eavesdropping: tampering with an transmission to create
RAID4 Same as Raid 3 but striped on block level covert channels or actively probing the network
RAID 5 Striped on block level, parity distributed over all drives – SYN FLOOD - TCP packets requesting a connection (SYN bit set)
Class D – Denial of service or other service disruptions (see under
requires all drives but one to be present to operate hot- network attacks) are sent to the target network with a spoofed source address. The
swappable. Interleave parity Class E – Network intrusion target responds with a SYN-ACK packet, but the spoofed source
RAID 6 Dual Parity, parity distributed over all drives –requires all - Spoofing: giving out incorrect information to deliberately never replies. This can quickly overwhelm a system’s resources
drives but two to be present to operate hot- swappable induce a user or device while waiting for the half-open connections to time out. This
RAID 7 is as raid5 but all drives act as one single virtual disk - Piggy backing: User leaves session open or intruder causes the system to crash or otherwise become unusable.
notes credentials by looking over shoulder
Counter: sync cookies/proxies, where connections are created
0+1 –striped sets in a mirrored set (minimum four disks; even - Back-door attacks: intrusion via dial-up or external
networks later
number of disks)
Class F – Probing
Used to gain a road map of the network by using a sniffer. (mostly Teardrop - The length and fragmentation offset fields of
in promiscuous mode where all packages are intercepted in clear sequential IP packets are modified, causing the target system to
Server fault Tolerant Systems text). Manually by using tools like telnet to see what is listening on become confused and crash.
Redundant servers – applies raid 1 mirroring concept to servers. a remote sever. Automatic by software programs that do all the
On error servers can do a fail-over. This AKA server fault probing and scanning
tolerance Common Session Hijacking Attacks:
Server clustering – group of independent servers with are
managed as a single system. All servers are online and take part Session hijacking (Spoofing) - IP spoofing involves altering a
in processing service requests. On error on a server only Network attacks – Denial of Service TCP packet so that it appears to be coming from a known, trusted
performance is affected.AKA server farm Used to overwhelm a targets resources
- Filling up hard drive by using huge email attachments or source, thus giving the attacker access to the network.
file transfers
Single point of failures TCP sequence number attack – intruder tricks target to believe it
- Sends messages to reset targets host subnets masks
Cabling
- Using up all system resources is connected to a trusted host and then hijacks the session by
Coaxial many workstations, length.
Twisted pair to long. Cat 5 better than cat3 for interference predicting the targets choice of an initial TCP sequence number
DOS - performed by sending malformed packets to a system; can
Fiber optics immune to EMI, can be broken and high-
cost/expertise interrupt service or completely deny legitimate users of system
Topology failures resources
Ethernet twisted pair more resistant than coaxial DDOS – botnet, zombie, massive dos attack using multiple
Token Ring because a token is passed by every station, a NIC computers
that’s is set to wrong speed or error can take all network down
Fiber Distributed Data Interface form of token ring that has second SMURF – ICMP requires three players (attacker, victim and
ring that activates on error
amplifying network); attacker spoofs packet header to make it
Leased lines use multiple lines and/or multiple vendors
Frame Relay WAN over a public switched network. High Fault appear that it originated on the victim system with amplifying
tolerance by relaying fault segments to working. network broadcasting the message.
Countermeasures – disable broadcast at border routers; border
routers should not accept packets that originate within network;
restrict ICMP traffic (Hint IC = Its Smurf though spelled wrong)
7. Domain 3 – Telecommunications and Network Security Network layers OSI MODEL Network layers TCP/IP Model
(later succeeded by TCP/IP) Developed by Department of Defense in the 1970s to support the Telnet terminal emulation enables user to access resources on
HINT: All People Seems to Need Data Processing construction of the internet another machine. Port 23
It encapsulates data when going through the layers HINT: AHIN File Transfer Protocol FTP for file transfers. Cannot execute
Application – layer 4 (Application/Presentation/Session) remote files as programs. Authentication. Port 20 and 21
Application – layer 7 – C, AU, I, NR Applications and processes that uses the network Trivial File Transfer Protocol TFTP stripped down, can only
FTP, SMB, TELNET, TFTP, SMTP, HTTP, NNTP, CDP, send/receive but not browse directories. No authentication thus
GOPHER, SNMP, NDS, AFP, SAP, NCP, SET. Technology: Host-to-Host – Layer 3 (Transport) insecure. Port 69
Gateways. User data End-to-end data delivery Network File System NFS protocol that supports file sharing
Presentation – layer 6 – C, AU, Encryption Protocols: TCP and UDP between two different file systems
Translations like EBCDIC/ANSI; compression/decompression and Simple Mail Transfer protocol SMTP email queuing. Port 25
encryption/decryption. Standards like JPEG, TIFF, MID. Internet – Layer 2 (corresponds to OSI network layer) Line printer daemon LPD for printing and spooling
Technology: Gateway. Messages Defines the IP datagram and handles routing of data across X Windows graphical user interface
networks Simple Networking Management Protocol SNMP collection of
Session -layer 5 -- None Protocols: IP, ARP, RARP, ICMP network information by polling the devices from a management
Inter-host communication, simplex, half duplex, full duplex. station. Sends out alerts –called traps- to an database called
Protocols as NSF, SQL, RADIUS, and RPC. Technology: Network access – Layer 1 (Data link, Physical) Management Information Bases (MIBs)
Gateway Routines for accessing physical networks and the electrical Bootstrap Protocol BootP when wireless workstation is on-lined
connection it sends out a BootP request with its MAC address to get an IP
Transport – layer 4 – C, AU, I address and the file from which it should boot. Replaced by DHCP
End-to-end data transfer services and reliability. Technology: Network Protocols DHCP: Dynamic Host Configuration Protocol
Gateways. Datagrams Transmission control protocol TCP – reliable, sequences and
Protocols: TCP, UDP, SSL, SSH-2, SPX, NetBios, ATP works with acknowledgements. Provides a manageable data flow Security Enhancement Protocols
to avoid congestions overloading and data loss. (like having a TELNET: Remote terminal access and Secure Telnet
Network – layer 3 – C, AU, I telephone conversation with someone). Connection Oriented. REMOTE PROCEDURE CALL: Secure remote procedure call
Path selection and logical addressing. Technology: Virtual circuits User datagram protocol UDP – unreliable, scaled down version (SRA)
(ATM), routers. Packets of TCP, no error correction, no sequencing. Less overhead. (like
Message routing, error detection and control of node data are sending a letter to someone). Connectionless. Security Focused Protocols
managed. IP, IPSEC, ICMP, BGP, OSPF, RIP, BOOTP, DHCP, Internet protocol IP all hosts have an IP address. Each data At application layer of OSI:
ZIP, DDP, X.25 and IGMP packet has an IP address of sender and recipient. Routing in Secure Electronic Transaction (SET) authentication for credit
network is based upon these addresses. Considered unreliable card transactions. Overtaken by SSL
Data Link – layer 2 - C datagram service because there’s no guarantee that the packet Secure HTTP S-HTTP) encrypting HTTP documents. Also
This layer deals with addressing physical hardware. will be delivered, not even that its delivered only once and no overtaken by SSL
Translates data into bits and formats them into data frames with guarantee that its delivered in the same sequence that its sent At Transport layer of OSI:
destination header and source address. Error detection via 32 bits long, IPv6 is 128 bits long Secure Shell (SSH-2) Authentication, compression, confidentiality
checksums. Address resolution protocol ARP: Used to match an IP address and integrity.
LLC: the Logical Link Control Sub layer. Flow control and error to a hardware MAC address. ARP sends out broadcast to a Uses RSA certificates for authentication and triple DES for
notification network node to reply with its hardware address. It stores the encryption
MAC: the Media Access Control layer. Physical addressing. address in a dynamic table for the duration of the session, so Secure Socket Layer (SSL) encryption technology to provide
Concerns frames, logical topologies and MAC-addresses ARP requests are only send the first time secure transactions like credit card numbers exchange. Two
Protocols: L2F, PPTP, L2TP, PPP, SLIP, ARP, RARP, SLARP, Reverse address resolution protocol RARP: When a hardware layered: SSL record protocol and handshake protocol. Same as
IARP, SNAP, BAP, CHAP, LCP, LZS, MLP, Frame Relay, Annex address is known but the IP address has to be found. (like an SSH it uses symmetric encryption for private connections and
A, Annex D, HDLC, BPDU, LAPD, ISL, MAC, Ethernet, Token diskless machine) asymmetric or public key cryptography for peer authentication.
Ring, FDDI Internet control message protocol ICMP: sends messages Also uses message authentication code for integrity checking.
between network nodes regarding the health of the network. Also Simple Key Management for Internet Protocols (SKIP)
Physical – layer 1 - C informs about rerouting incase of errors. Utility PING uses ICMP provides high availability in encrypted sessions to protect against
Coverts bits into voltages or light impulses. Hardware and messages to check physical connectivity of the network machines crashes. Exchanges keys on a session by session basis.
software drivers are on this level. It sends and receives bits.
Physical topologies: BUS, MESH, STAR, TREE, RING
8. Firewalls Virtual Private Networks VPN DATA NETWORK TYPES
TYPES A VPN is created by dynamically building a secure Local Area Network LAN
Packet filtering firewall AKA screening router communications link between two nodes using a secret Limited geographically to e.g. a building. Devices are sharing
Examines source/destination address, protocol and ports of the encapsulation method via network address translation (NAT) resources like printers, email and files. Connected through copper
incoming package. Based on ACL’s access can be denied or where internal IP addresses are translated to external IP wire or fiber optics.
accepted. Is considered a first generation of firewall and addresses. CAN: campus area network, multiple building connected to fast
backbone on a campus
Domain 3 – Telecommunications and Network
operates at Network or Transport layer of OSI
Application level firewall AKA proxy server VPN Protocols MAN: metropolitan network extends over cities
While transferring data stream to another network, it masks the Hint: TP at end for Tunneling Protocols Wide Area network WAN
data origin. Second generation firewall operating at Application Point to Point tunneling protocol (PPTP) Connects LANS over a large geographical area
layer of OSI - Works at data link layer of OSI Internet intranet and extranet
Stateful inspection firewall - Only one single point-to-point connection per session Internet is global, intranet local for use within companies and
All packages are inspected at the Networking layer so it’s faster. - Point To Point protocol (PPP) for authentication and extranet can be used e.g. by your customers and clients but is not
By examining the state and context of the data packages it helps tunneling public.
to track connectionless protocols like UDP and RPC. Third - Dial-up network use
generation firewall. Analyzed at all OSI Layers. Layer 2 tunneling protocol (L2TP) DATA NETWORK SIGNALS
Dynamic Packet Filtering firewall - Also in data-link layer of OSI Analog signal Infinite wave form, continuous signal, varied by
Enables modification of the firewall rule. It provides limited support - Single point-to-point connection per session amplification
for UDP by remembering UDP packages across the network. - Dial-up network use Digital signal Saw-tooth form, pulses, on-off only
Fourth generation. - Port 115 Asynchronous sends bits of data sequentially. Same speed on
Kernel Proxy Firewalll / Application level Firewall IPSEC both sides. Modems and dial-up remote access systems
Runs in windows NT, modular, kernel based, multiplayer session - Operates at Network Layer of OSI Synchronous very high speed governed by electronic clock
evaluation. Uses dynamic TCP/IP stacks to inspect network - Enables multiple and simultaneous tunnels timing signals
packages and enforce security policies. Fifth generation - Encrypt and authenticate
- Build into IPv6 LAN Cables
Firewall architecture - Network-to-network use Twisted pair
Packet filtering routers Shielded (STP) or unshielded (UTP) Cat 3=10BaseT,
Sits between trusted and un-trusted network, sometimes used as VPN Devices Cat5=100BaseT
boundary router. Uses ACL’s. Protects against standard generic Is hard- or software to create secure tunnels Coaxial
external attacks. Has no user authentication, has minimal IP-sec compatible More EMI resistant. Baseband: only one single channel,
auditing. - Encryption via Tunnel mode (entire data package Broadband: multiple signal types like data, video, audio
Screened-Host firewall system encrypted) or Transport mode (only datagram Fiber Optic
Has both a packet-filter router and a bastion host. Provides both encrypted) Most expensive, but hard to tap and resistant to EMI
network layer (package filtering) as application layer (proxy) - Only works with IP at Network layer of OSI
server. NON IP-sec compatible LAN Transmission Protocols
Dual homed host firewall Socks-based proxy servers Used to reach the internal network Carrier Sense Multiple Access CSMA for Ethernet.
Consists of a host with 2 NIC’s. One connected to trusted, one to from the outside. Also contains strong encryption and Workstations send out packet. If it doesn’t get an
un-trusted. Can thus be used as translator between 2 network authentication methods acknowledgement it resends
types like Ethernet/token ring. Internal routing capabilities must PTP used in windows machines. Multiprotocol, uses PAP or CSMA with Collision Avoidance workstations are attached by
not be enabled to make it impossible to circumvent inspection of CHAP 2 coax cables. In one direction only. Wireless 802.11
data. Dial-up VPN’s remote access servers using PPTP commonly CSMA with Collision Detection Only one host can send at the
Screened-subnet firewalls used by ISP’s time, using jamming signals for the rest.
Has also defined a De-Militarized Zone (DMZ) : a small network Secure Shell SSH2 not strictly a VPN product but opens a secure Polling Host can only transmit when he polls a secondary to see
between trusted an untrusted. encrypted shell session from the internet through a firewall to a if its free
Socks firewall SSH server Token-passing Used in token rings Hosts can only transit when
Every workstation gets some Socks software to reduce overhead they receive a clear to send token.
9. LAN Transmission Methods WAN Protocols Packet switching technologies
Unicast Packet is send from single source to single destination Private Circuit technologies X25 defines point-to-point communication between Data terminal
Multicast source packet is copied and send to multiple destinations Dedicated line reserved communication, always available Equipment (DTE) and Data Circuit Terminating Equipment (DCE)
Broadcast source packet is copied and send to all nodes Leased line can be reserved for communications. Type of Link Access Procedure-Balanced (LAPB) created for use with
dedicated line. X25, LAPB defines frame types and is capable of retransmitting,
- T1 1,5 Mbps through telephone line exchanging and acknowledging frames as detecting out-of-
LAN Topologies
Domain 3 – Telecommunications and Network
- T3 44,7 Mbps through telephone line sequence or missing frames
BUS all transmissions have to travel the full length of the cable
- E1 European 2048 Mbps digital transmission Frame Relay High performance WAN protocol designed for use
RING Workstations are connected to form a closed loop
Serial Line IP (SLIP) TCP/IP over slow interfaces to across ISDN interfaces. Is fast but has no error correction
STAR nodes are connected to a central LAN device
communicate with external hosts (Berkley UNIX, windows NT Switched Multimegabit DATA Service (SMDS) high speed
TREE bus type with multiple branches
RAS) communication over public switches networks for exchanging
MESH all nodes interconnected
Point to Point protocol (PPP) improvement on slip, adds ‘bursts of data’ between enterprises
login, password and error (by CHAP and PAP) and error Asynchronous Transfer mode (ATM) very high bandwidth. It
LAN Media Access correction. Data link. uses 53-byte fixed size cells instead of frames like Ethernet. It can
Ethernet IEEE 802.3 using CSMA with an BUS-topology
Integrated Services Digital Network (ISDN) combination of allocate bandwidth up on demand making it a solution for Busty
Thinnet: 10base2 with coax cables up to 185 meters
digital telephony and data transports. Overtaken by xDSL applications. Requires fiber optics.
Thicknet: 10Base5, coax up to 500 meters
xDSL Digital subscriber Line uses telephone to transport Voice over IP (VOIP) combines many types of data into a single
UTP: 10BaseT=10MBps
high bandwidth data to remote subscribers IP packet. Cost, interoperability and performance wise it’s a major
100baseT=Fast Ethernet =100MBps
- ADSL Asymmetric. More downstream bandwidth up benefit.
1000BaseT=Gigabit Ethernet=1GBps
to 18,000 feet over single copper cable pair
Ethernet networks were originally designed to work with more
- SDSL Symmetric up to 10,000 feet over single Other important WLAN protocols
sporadic traffic than token ring networks
copper cable pair Synchronous Data Link Control (SDLC) created by IBM for
- HDSL High Rate T1 speed over two copper cable mainframes to connect to their remote offices. Uses a polling
ARCnet uses token –passing in a star technology on coax
pairs up to 12,000 feet media access method. Works with dedicated leased lines
- VDSL Very High speed 13-52MBps down, 1,5-2,3 permanent up.
Token Ring IEEE 802.5 IBM created. All end stations are connected
Mbps upstream over a single copper pair over 1,00 Data link layer of OSI model
to a MAU Multi Access Unit. CAU: Controlled Access Units – for
to 4500 feet High-level Data Link Control (HDLC) extension to SDLC also for
filtering allowed MAC addresses.
mainframes. Uses data encapsulation on synchronous serial links
Circuit-switched networks using frame characters and checksums. Also data link layer
Fiber Distributed Data Interface (FDDI) token-passing dual token
There must be a dedicated physical circuit path exist during High Speed Serial Interface (HSSI) Defines electrical and
ring with fiber optic. Long distances, minimal EMI interference
transmission. The right choice for networks that have to physical interfaces to use for DTE/DCE communications. Physical
permits several tokens at the time active
communicate constantly. Typically for a telephone company layer of OSI
network Voice oriented. Sensitive to loss of connection
LAN Devices
Repeaters amplify data signals to extend range (physical) WLAN devices
Message switching networks Multiplexors device that enables more than one signal to be send
HUBS connect multiple LAN devices into a concentrator. Is actually a Involves the transmission of messages from node-to-node. out of one physical circuit
multi-port repeater (physical) Messages are stored on the network until a forwarding path is WAN switches multi-port networking devices that are used in
Bridges Forwards data to all other network segments if it’s not on the available. carrier networks. Connect private data over public data by using
local segment. Operates at level 2 (thus no IP-addressing here)
digital signals. Data link layer.
Switches Will only send data to the specific destination address. It’s Packet-switched networks (PSN or PSDN) Access servers server that provides dial-in and dial-out
actually a multi-port bridge. (Data link) Nodes share bandwidth with each other by sending small data connections to the network
Routers opens up data packet, reads hardware or network address units called packets. Packets will be send to the other network Modems transmits data over telephone lines
and then forwards it to the correct network and reassembled. Data oriented. Sensitive to loss of data. Channel Service Unit (CSU)/Data service unit (DSU) digital
Gateway software that acts as access point to another network or More cost effective than circuit switching because it creates interface device used to terminate the physical interface on a DTE
device that translates between different protocols virtual circuits only when they are needed. device. They connect to the closest telephone company switch in
LAN extenders remote access, multi layer switch that connects
a central office (CO)
LANs over a WAN
10. Domain 3 – Telecommunications and Network Security Remote Access Authentication Systems FTP, RLOGIN and TELNET never uses UDP but TCP
Remote Access Technologies
Asynchronous Dial-Up Access This is how everyone connects Terminal Access Controller Access Control System TACACS
User passwords are administrated in a central database instead of Attenuation is decrease in amplitude as a signal propagates along
to the internet. Using a public switched telephone network to
individual routers. A network device prompts user for a username a transmission medium
access an ISP
Integrated Serviced Digital Network (ISDN) communication and static password then the device queries a TACACS server to
verify the password. TACACSs does not support prompting for SSL session key length is from 40bit to 256 bit
protocol that permits telephone line to carry data, voice and other
source traffic. Two types: BRI Basic rate interface and Primary password change or use of dynamic password tokens. Port 49
TACACS+ Enhanced version with use of two factor The bridge connects multiple networks at the data link layer, while
Rate Interface (PRI)
authentication, ability to change user password, ability of security router connects multiple networks at the network layer.
xDSL uses regular telephone lines for high speed digital access
Cable Modems Via single shared coaxial cable, insecure tokens to be resynchronized and better audit trails and session
accounting Data backups addresses availability, integrity and recovery but not
because of not being filtered or firewalled
Remote Authentication Dial-In User Service RADIUS Often confidentiality
uses as stepping stone to the more robust TACACS+. Clients
Remote Access Security Technologies sends their authentication request to a central radius server that IP headers contain 32-bit addresses (in IPv4) and 128 in IPv6. In
Restricted Address incoming calls are only allowed from specific
contains all of the user authentication and network ACL’s an Ethernet local area network, however, addresses for attached
addresses on an approval list. This authenticates the node, not
RADIUS does not provide two way authentication, therefore it’s devices are 48 bits long.
the user!
Callback User initiates a connection, supplies identifying code,
not used for router-to-router authentication. Port 1812. Contains Wireless
dynamic password and network service access information
and then the system will call back a predetermined telephone
(Network ACLs) 802.11: 1 or 2 mbps, 2.4Ghz, FHSS or DSSS
number. Also less useful for travelling users
Caller ID checks incoming telephone number against an approval
802.11b: 11 mbps, only DSSS
list and then uses Callback. Less useful for travelling users.
Things to know
TCPIP Classes 802.11a: 54 mbps, 5 GHz, Orthogonal Frequency Division
Remote Node Security Protocols Class A network number values begin at 1 and end at 127
Password Authenticate Protocol PAP
Class B network number values begin at 128 and end at 191 802.11g: 20-54mbps, 2.4GHz
Provides identification and authentication of the user using static
Class C network number values begin at 192 and end at 223
replayable passwords. No encryption of user-id or password
802.11e: QoS
during communication
ISDN
Challenge Handshake Authenticate Protocol (CHAP)
BRI B-channel 64Kbps, D-channel 16Kbps 802.16: IEEE 802 Broadband Wireless Access (802 WBA)
non-replayable challenge/response dialog
PRI B- and D-channels are 64Kbps
802.11i: AES, CCMP, 802.1X authentication.
80211 has CSMA/CA as protocol. Can use DSSS and FHSS (ss
stands for spread spectrum) 802.11n: 100mbps, 2.4GHz
802.11b uses only DSSS
Before a computer can communicate with the internet, it needs an
IP-address, a default gateway and a subnet mask
To connect multiple LAN segments you can use Bridges,
Switches and Routers
Fast Ethernet 100Base-TX has as characteristics: 100Mbps data
transmission, 1 pairs Cat5 UTP and max segment of 100 meters
(328 feet)
Unsubnetted netmask is shown as /24
Other word for DMZ is screened subnet