CISSP Conrad 11th Hour Notes

DOMAIN 1

.___ _______ ___________________ _____________________________

| |\ \ \_ _____/\_____ \ / _____/\_ _____/\_ ___ \

| |/ | \ | __) / | \ \_____ \ | __)_ / \ \/

| / | \| \ / | \/ \ | \\ \____

|___\____|__ /\___ / \_______ /_______ //_______ / \______ /

\/ \/ \/ \/ \/ \/

________ ____________ _________________________ _______ _____ _______ _________ ___________

/ _____/ \_____ \ \ / /\_ _____/\______ \ \ \ / _ \ \ \ \_ ___ \\_ _____/

/ \ ___ / | \ Y / | __)_ | _/ / | \ / /_\ \ / | \/ \ \/ | __)_

\ \_\ \/ | \ / | \ | | \/ | \/ | \/ | \ \____| \

\______ /\_______ /\___/ /_______ / |____|_ /\____|__ /\____|__ /\____|__ /\______ /_______ /

\/ \/ \/ \/ \/ \/ \/ \/ \/

Risk = Threat * Vulnerability

ALE = Annualized Loss Expectancy

AV = Asset Value

EF = Exposure Factor - % of value lost

SLE = Single Loss Expectancy, the cost of a single loss

ARO = Annual Rate of Occurrence (number of losses)

TCO = Total Cost of Ownership combining upfront costs and annual costs of maintenance

Risk management - NIST Special Publication 800-30

1. System Characterization

2. Threat Identification

3. Vulnerability Identification

4. Control Analysis

5. Likelihood Determination

6. Impact Analysis

7. Risk Determination

8. Control Recommendations

9. Results Documentation1

Policies are high-level management directives that don't go into specifics.

Procedures are step-by-step guides for accomplishing a task

Standard: describes specific use of technology

Guideline: recommendations (discretionary)

Baseline: uniform ways of implementing a safeguard

Data Owner = management employee responsible for ensuring protection of specific data

AUDITING AND CONTROL FRAMEWORKS:

OCTAVE = Operationally Critical Threat, Asset, and Vulnerability Evaluation from Carnegie Mellon

Phase 1: Staff knowledge, assets, and threats

Phase 2: Identifies vulnerabilities and evaluates safeguards

Phase 3: Conducts Risk Analysis and develops risk mitigation strategy

ISO 17799 - 11 areas, renumbered as ISO 27002. Broad-based approach for infosec code of practice

1. Policy

2. Organization of information security

3. Asset management

4. Human resources security

5. Physical and environmental security

6. Communications and operations management

7. Access control

8. Information systems acquisition, development, and maintenance

9. Information security incident management

10. Business continuity management

11. Compliance

COBIT (Control Objectives for Information and Related Technology): control framework to manage IT risk and governance

34 processes

ITIL (Information Technology Infrastructure Library) - Framework for providing IT service management:

Service strategy

Service design

Service transition

Service operation

Continual service improvement

NIST SP 800-37: four-step certification and accreditation process:

Initiation Phase

Security Certification Phase

Security Accreditation Phase

Continuous Monitoring Phase

--

DOMAIN 2:

_____ _________ _________ ___________ _________ _________

/ _ \ \_ ___ \\_ ___ \\_ _____// _____// _____/

/ /_\ \/ \ \// \ \/ | __)_ \_____ \ \_____ \

/ | \ \___\ \____| \/ \/ \

\____|__ /\______ /\______ /_______ /_______ /_______ /

\/ \/ \/ \/ \/ \/

_________ ________ ____________________________ ________ .____

\_ ___ \ \_____ \ \ \__ ___/\______ \\_____ \ | |

/ \ \/ / | \ / | \| | | _/ / | \| |

\ \____/ | \/ | \ | | | \/ | \ |___

\______ /\_______ /\____|__ /____| |____|_ /\_______ /_______ \

\/ \/ \/ \/ \/ \/

DAD = opposite of CIA

AAA = authentication, authorization, and accountability - provides nonrepudiation

Least privilege and need to know:

Least privilege says minimum amount required to do jobs

Need to know is more granular

Subject = active entity on a data system

Object = passive data within the system

Discretionary = full control of objects they have access to

Mandatory = system-enforced based on labels

RBAC = role based, nondiscretionary

Task-based = another nondiscretionary method

Centralized versus decentralized access control

RADIUS = Uses UDP 1812 and 1813. AAA system. RADIUS request and response data is carried in 8-bit AVPs (Attritbute Value Pairs)

Diameter = RADIUS' successor with more accountability and a 32-bit AVP field.

TACACS - centralized access control system that uses UDP port 49 and may use TCP

PAP and CHAP = PAP is plaintext, CHAP is better

Objects have labels, and you have to have clearance to see them

Access control types:

Preventive - prevent actions and restrict users' access

Detective - send alerts during attack

Corrective - correct a damaged system

Recovery - restore functionality

Deterrent - deter uses from performing actions

Compensating - compensating for weakness in another control system

Autthentication methods:

Type 1: Something you know

Type 2: Something you have

Type 3: Something you are.

(Type 4: Somewhere you are.)

Synchronous Dynamic Tokens - refresh every 60 seconds. Use time or counters to synchronize a code with the AS

Asynchronous Tokens - not synchronized with central server. Challenge-response.

Throughput - biometric system response time

False Reject Rate (FRR): Type 1 Error

False Accept Rate (FAR): Type 2 Error

Crossover Error Rate (CER): Where the two rates meet

SSO:

Kerberos: secret key encryption and mutual authentication

Principal: client (user) or service

Realm: logical Kerberos network

Ticket: data that authenticates a principal’s identity

Credentials: a ticket and a service key

KDC: Key Distribution Center, which authenticates principals

TGS: Ticket Granting Service

TGT: Ticket Granting Ticket

C/S: Client/Server, regarding communications between the two

1. Connect to KDC.

2. KDC sends a session key encrypted with my secret key. KDC sends a TGT, encrypted with the TGS' key

3. I decrypt the session key and use it to request permission to print from the TGS.

4. TGS sends a C/S session key so I can print. Sends a service ticket encrypted with the printer's key.

5. I connect to the printer, and it sees my C/S session key, so it knows I'm legit.

SESAME - Secure European System for Applications in a Multi-vendor Environment

Single sign-on system, sequel to Kerberos

Adds heterogeneity, access control features, scalability of public key systems

Uses PACs (Privilege Attribute Certificates) instead of tickets.

--

DOMAIN 3

________________________.___._____________________________ __________________ _____ __________ ___ ___ _____.___.

\_ ___ \______ \__ | |\______ \__ ___/\_____ \ / _____/\______ \ / _ \\______ \/ | \\__ | |

/ \ \/| _// | | | ___/ | | / | \/ \ ___ | _/ / /_\ \| ___/ ~ \/ | |

\ \___| | \\____ | | | | | / | \ \_\ \| | \/ | \ | \ Y /\____ |

\______ /____|_ // ______| |____| |____| \_______ /\______ /|____|_ /\____|__ /____| \___|_ / / ______|

\/ \/ \/ \/ \/ \/ \/ \/ \/

Cryptology encompasses cryptography and cryptanalysis

Cryptography provides confidentiality and integrity, but it doesn't provide availability.

TDES and AES are the strongest public algos

XOR = exclusive or

X Y X XOR Y

0 0 0

0 1 1

1 0 1

1 1 0

Three types of cryptography:

Symmetric Encryption

Uses one key to encrypt and decrypt. Key must be securely shared before two people can communicate.

Stream and block ciphers:

Stream means that each bit is independently encrypted in a stream.

Block mode ciphers encrypt blocks of data each round.

DES - Data Encryption Standard (Algorithm itself is called DEA)

Uses five different modes to encrypt data:

Electronic Code Book (ECB) - weakest form of DES. Identical plaintexts, identical keys, identical ciphertexts.

Cipher Block Chaining (CBC) - Block mode that XORs the previous block of ciphertext to the next block of plaintext

Cipher Feedback (CFB) - CFB is similar to CBC but uses stream mode

Output Feedback (OFB) - OFB uses the subkey before it's XORed to the plaintext

Counter (CTR) - CTR encryption can be done in parallel and uses a calendar

Single DES - insecure

Triple DES - does encryption three times per block - encrypt/decrypt/encrypt

IDEA - symmetric block cipher as a replacement for DES. Uses a 128-bit key and 64-bit block size

AES - Advanced Encryption Standard. Uses 128-bit keys, 192-bit keys, or 256-bit keys to encrypt 128-bit blocks of data.

Four functions: SubBytes, ShiftRows, MixColumns, and AddRoundKey

Rijndael was chosen. Beat out MARS, RC6, Serpent, and Twofish

Blowfish/Twofish - symmetric ciphers created by Bruce Schneier. Blowfish uses 32-bit through 448-bit keys.

RC5 and RC6 - symmetric block ciphers created by RSA.

Asymmetric Encryption

Uses two keys. If you encrypt with one, you can decrypt with the other.

Public key and private key.

Relies on one-way functions which are easy to compute one way and difficult to compute in the reverse direction.

Factoring prime numbers

Discrete logarithms

Diffie-Hellman Key Agreement Protocol - allows two parties to agree on a symmetric key using a public channel

Elliptic Curve Cryptography - one-way function that uses discrete logarithms.

Slower and weaker that symmetric encryption

MD5 - 128-bit hash value based on any input length

SHA-2 - new hash algorithm

HAVAL - Hash of Variable Length - creates message digests and is faster than MD5.

Known plaintext attack

Chosen plaintext and adaptive chosen plaintext attack - encryption oracle that encrypts without revealing the key

Chosen ciphertext and adaptive chosen ciphertext: Launched against asymmetric cryptosystems

Meet-in-the-middle attack - encrypts on one side, decrypts on the other side, and meets in the middle.

Known key attack - cryptanalyst understands something about the key

Differential cryptanalysis - difference between related encrypted plaintexts which only differ by a few bits

Linear cryptanalysis - large amount of pairs created with the same key

Side-channel attacks - physical data used to break a cryptosystem by monitoring CPU cycles

Birthday attack - named after birthday paradox

Implementing cryptography

Digital signatures - provides non-repudiation

HMAC - Hashed Message Authentication Code which combines symmetric encryption with hashing

Used by IPsec

CBC-MAC - Cipher Block Chain Message Authentication Code. CBC-MAC uses the CBC mode of a symmetric block cipher like DES to create a message authentication code to provide integrity.

PKI - Public Key Infrastructure

Leverages all three forms of encryption. Digital certificate is a public key signed with a digital signature

This provides mutual authentication and encryption. The default cert format is X.509.

Certs are issued by CAs which authenticate identity

CAs maintain Certificate Revocation Lists (CRLs) which list certs that have been revoked or stolen

IPsec - method of providing VPN access.

Supports two protocols:

AH (Authentication Header): authentication and integrity, no confidentiality.

ESP (Encapsulating Security Paylod): provides confidentiality by encrypting packet data. Sometimes provides authentication and integrity

Other IPsec protocols:

Internet Security Association and Key Management Protocol (ISAKMP): Manages Security Associations to negotiate ESP or AH parameters

Internet Key Exchange (IKE): key exchange process for IPsec. Decides which algo to use.

Tunnel mode: used by security gateways. Encrypts entire packet, including packet headers

ESP transport mode: only encrypts data, commonly used when sending/receiving system speaks IPsec natively

AH authenticates the original IP headers, so it's usually used (along with ESP) in transport mode because the original headers are not encrypted. Tunnel mode typically uses ESP alone (the original headers are encrypted, and protected by ESP)

SSL & TLS

SSL then TLS. They're both used as part of HTTPS

PGP: brought asymmetric encryption to the masses

S/MIME: Secure MIME which uses PKI to encrypt and authenticate MIME-encoded email

Escrowed encryption: divides a private key into two or more parts. Clipper chip was one of the possible uses.

DOMAIN 4

__________ ___ ___ _____.___. _________.____________ _____ .____

\______ \/ | \\__ | |/ _____/| \_ ___ \ / _ \ | |

| ___/ ~ \/ | |\_____ \ | / \ \/ / /_\ \| |

| | \ Y /\____ |/ \| \ \____/ | \ |___

|____| \___|_ / / ______/_______ /|___|\______ /\____|__ /_______ \

\/ \/ \/ \/ \/ \/

_____________________________ ____ _____________.___________________.___.

/ _____/\_ _____/\_ ___ \| | \______ \ \__ ___/\__ | |

\_____ \ | __)_ / \ \/| | /| _/ | | | / | |

/ \ | \\ \___| | / | | \ | | | \____ |

/_______ //_______ / \______ /______/ |____|_ /___| |____| / ______|

\/ \/ \/ \/ \/

Physical Security Methodologies

Fences: preventive 8-foot fence with barbed wire

Gates: Class I are ornamental to Class IV (prison grade)

Bollard: post to stop a car

Lights: detective and deterrent control. Fresnel lighting is used for lighthouses

CCTV: detective device. Modern ones use CCD (Charged Couple Discharge, which is digital)

Locks:

Ward locks have to turn a key through channels which are called wards. A skeleton key opens them.

In a spring-bolt lock, the mechanism springs in and out of the door jamb.

Combination locks: Have dials that have to be turned to specific numbers to be opened.

Tailgating/piggybacking - following someone into a building

Mantrap/turnstile - physical control with two doors

Motion detectors:

ultrasonic/microwave motion detectors return an echo when they bounce off an object

photoelectric motion sensor - sends beam of light across a space to an electric sensor

ultrasonic/microwave/infrared motion sensors - actively send energy. Infrared sensors are passive.

Door hinges should always face inward or be protected.

Walls should be slab to slab and have an appropriate fire rating.

Guards are a dynamic control

Dogs are a deterrent and detective control

Site selection:

Topography - steer ingress and egress to controlled points

Utility reliability

Crime

Other defenses

EMI - can create crosstalk. UTP cabling is more susceptible than STP or coax. Fiber isn't susceptible to EMI

HVAC - should use positive pressure and drainage. Recommended humidity of 40-55% and temperature of 68-77°.

Humidity causes corrosion

Heat detectors - trigger at a temperature

Smoke detectors - ionization and photoelectric - detect the light

Flame detector - detects infrared or ultraviolet light emitted by fire

Evacuation routes should be posted

Fires:

Class A: Wood and paper

Class B: Gasoline

Class C: Electrical

Class D: Electronics

Class K: Kitchen fires

Extinguishers:

Class A: Water or soda acid

Class B: Soda acid or halon substitute, CO2

Class C: Soda acid or halon substitute, CO2

Class D: Dry powder

Class K: Wet chemicals

Use Argon, FE-13, FM-200, or Inergen instead of Halon.

Sprinkler systems:

Wet pipes: water up to the sprinkler heads

Small glass bulb breaks or melts at a specific temperature

Dry pipes: systems filled with compressed air

Deluge systems: similar to dry pipes with open sprinkler heads

Chapter End Questions

DOMAIN 5:

_____________________________ ____ _____________.___________________.___.

/ _____/\_ _____/\_ ___ \| | \______ \ \__ ___/\__ | |

\_____ \ | __)_ / \ \/| | /| _/ | | | / | |

/ \ | \\ \___| | / | | \ | | | \____ |

/_______ //_______ / \______ /______/ |____|_ /___| |____| / ______|

\/ \/ \/ \/ \/

_____ ___________________ ___ ___ ._________________________________________________ ________________________

/ _ \\______ \_ ___ \ / | \| \__ ___/\_ _____/\_ ___ \__ ___/ | \______ \_ _____/

/ /_\ \| _/ \ \// ~ \ | | | | __)_ / \ \/ | | | | /| _/| __)_

/ | \ | \ \___\ Y / | | | | \\ \____| | | | / | | \| \

\____|__ /____|_ /\______ /\___|_ /|___| |____| /_______ / \______ /|____| |______/ |____|_ /_______ /

\/ \/ \/ \/ \/ \/ \/ \/

____ ________ ___________ _________.___ ________ _______

/ _ \ \______ \ \_ _____// _____/| |/ _____/ \ \

> _ </\ | | \ | __)_ \_____ \ | / \ ___ / | \

/ <_\ \/ | ` \| \/ \| \ \_\ \/ | \

\_____\ \ /_______ /_______ /_______ /|___|\______ /\____|__ /

\/ \/ \/ \/ \/ \/

Layering: separates hardware and software into modular tiers

Security domain: list of objects a subject can access

Ring model: CPU hardware layering. Ring 0 = kernel. Ring 3 = User.

SECURE HARDWARE ARCHITECTURE:

Computer bus: primary communication channel to CPU, memory, and I/O

CPU: Performs logical operation and accesses memory locations

ALU (Arithmetic Logic Unit): computes

Control unit: sends instructions to ALU

CPUs fetch, decode, and execute.

Pipelining: combines multiple steps into one process. Multiple calculations at a time

Interrupt: cause CPU to stop processing requests

Process: executable

Threads: child processes

Multitasking, multiprogramming, and multithreading: what they sound like

Multiprocessing: runs multiple processes on multiple CPUs

CISC: x86

RISC: ARM

Cache memory: fastest memory ini the system

Register file holds multiple registers

RAM is volatile, ROM is nonvolatile

SRAM: expensive and fast

DRAM: slower and cheaper

Hardware segmentation: takes process isolation one step further

Virtual memory: provides virtual address mapping between applications and hardware memory

Swapping: uses virtual memory to copy contents onto disk

EEPROM: Electrically Erasable Programmable Read Only Memory

WORM: Write Once Read Many

Monolithic kernel: everything runs in supervisor mode

Microkernel; smaller with less native functionality, but modular

Reference monitor: mediates access between subjects and objects

Covert channel: communication that violates security policy

Storage channel: temporary directory to allow subjects to signal to each other. Timing channel relies on system clock.

TOCTOU (Time of Check/Time of Use) attacks: race conditions where a condition is altered after it's been checked by the operating system

Maintenance hooks: backdoor put in by developers

Logic bomb: starts working at a specific time

SAML: XML for security information

Polyinstantiation: allows two objects to have different names

Inference/aggregation: when a user can use lower-level access to uncover restricted information

SECURITY MODELS:

Bell-LaPadula - confidentiality

Biba - integrity

Clark-Wilson: real-world integrity

Lattice-based AC: subjects have a Least Upper Bound and Greatest Lower Bound

EVALUATION METHODS AND CERTIFICATION

The Orange Book: TCSEC - A-D divisions of protection. A is verified, D is minimal protection

ITSEC - refers to TCSEC. Assurance correcteness ratings range from E0 (inadequate) to E6 (formal model of security policy)

ICC: International Common Criteria from EAL 1 - functionally tested to EAL 7: formally verified, designed, and tested

DOMAIN 6:

_____________________________ ____ ________ __________

\______ \_ ___ \______ \ / _ \ \______ \\______ \

| | _/ \ \/| ___/ > _ </\ | | \| _/

| | \ \___| | / <_\ \/ | ` \ | \

|______ /\______ /____| \_____\ \ /_______ /____|_ /

\/ \/ \/ \/ \/

Official definitions:

BCP: business will operate before, throughout, and after a disaster event

DR: short-term plan for dealing with specific IT disruptions

NIST 800-34 describes the similarities and differences

Project initiation

Project scoping

Business impact analysis

Preventive controls identification

Recovery strategy

Plan design and development

Implementation, training, and testing

BCP/DRP maintenance

ALPHABET SOUP

BIA: Business Impact Analysis - formal method for determining how a disruption to the firm's IT systems affects it.

1. Identify critical assets.

2. Comprehensive risk management

MTD: Maximum Tolerable Downtime - how long can we stand things being down? Similar acronyms: MAD, MTO, and MAO

MTO=RTO+WRT

RTO: Recovery Time Objective - maximum time allowed to recover IT systems

WRT: Work Recovery Time - time required to configure a recovered system

RPO: Recovery Point Objective - level of data loss or system downtime that an organization can stand

MTBF: Mean Time Between Failures - how long will a new or repaired system run before failing?

MTTR: Mean Time to Repair - How long does it take to fix?

MOR: Minimum Operating Requirements - What do we need to run things?

COOP: Continuity of Operations Plan

BRP: Business Resumption/Recovery Plan

CSP: Continuity of Support Plan

CIRP: Cyber Incident Response Plan

OEP: Occupant Emergency Plan

CMP: Crisis Management Plan

Structured walkthrough and tabletop are the same thing

Simulation test/walkthrough drill - actually testing

Parallel Processing: regular production systems not interrupted

SPECIFIC BCP/DRP FRAMEWORKS

NIST SP 800-34

Planning guide for IT systems

ISO/IEC-27031 - includes ISO 27001 and ISO 27002 - full resource for studying BCP/DR

BS-25999 (British Standards Institution)

Part 1: Code of Practice provides business continuity best practices

Part 2: Requirements for a Business Continuity Management System

BCI: Business Continuity Institute - 6 step Good Practice Guidelines

DOMAIN 7

_______ ________________________ __________ __________ ____ __.

\ \ \_ _____/\__ ___/ \ / \_____ \\______ \ |/ _|

/ | \ | __)_ | | \ \/\/ // | \| _/ <

/ | \| \ | | \ // | \ | \ | \

\____|__ /_______ / |____| \__/\ / \_______ /____|_ /____|__ \

\/ \/ \/ \/ \/ \/

_____________________________ ____ _____________.___________________.___.

/ _____/\_ _____/\_ ___ \| | \______ \ \__ ___/\__ | |

\_____ \ | __)_ / \ \/| | /| _/ | | | / | |

/ \ | \\ \___| | / | | \ | | | \____ |

/_______ //_______ / \______ /______/ |____|_ /___| |____| / ______|

\/ \/ \/ \/ \/

NETWORK ARCHITECTURE AND DESIGN

Simplex/Half-Duplex/Full-Duplex

Baseband versus Broadband

LANS, MANS, WANS, GANS, and PANS

Circuit-switched: old voice networks - CIRCUITS

Packet-switched: data divided into PACKETS

PORTS

Host-to-Host Transport Layer - connects Internet layer to the application layer

Telnet: 23

FTP: 21

TFTP: 69

SSH: 22

SMTP: 25

IMAP: 110/143

DNS: 53

Frame Relay - packet-switched with PVC and SVC

X.25 - old packet switching protocol

ATM - WAN technology that uses fixed-length cells

Circuit-Level Proxies (SOCKS): operates at layers 5-7

CHAP and EAP (802.1X) are for access control.

EAP types:

LEAP (Cisco proprietary, old)

EAP-TLS - uses PKI but costs a lot

EAP-TTLS - drops client-side certificate but is less secure

PEAP - New Cisco, Microsoft, and RSA system that doesn't require certificates

VPN

SLIP: Layer 2 protocol that stays at Layer 2. No built-in CIA

PPP - replaced SLIP, adds CIA

IPsec - uses ESP on port 50 and AH on port 51

Wireless

FHSS and DSSS - maximize throughput and minimize interference

DSSS - uses the entire band

FHSS - uses a number of small frequency channel and goes through them pseudorandomly

OFDM - multiplexing method

RSN is known as WPA2. Uses AES and CCMP for Message Integrity Check.

REMOTE ACCESS

ISDN: replaced old POTS lines

DSL: last mile solution similar to ISDN

--

_____ ____________________.____ .____________ ________________.___________ _______

/ _ \\______ \______ \ | | \_ ___ \ / _ \__ ___/| \_____ \ \ \

/ /_\ \| ___/| ___/ | | / \ \/ / /_\ \| | | |/ | \ / | \

/ | \ | | | | |___| \ \____/ | \ | | / | \/ | \

\____|__ /____| |____| |_______ \___|\______ /\____|__ /____| |___\_______ /\____|__ /

\/ \/ \/ \/ \/ \/

________ _______________ _______________.____ ________ __________ _____ ___________ __________________

\______ \ \_ _____/\ \ / /\_ _____/| | \_____ \\______ \/ \ \_ _____/ \ \__ ___/

| | \ | __)_ \ Y / | __)_ | | / | \| ___/ \ / \ | __)_ / | \| |

| ` \| \ \ / | \| |___/ | \ | / Y \| \/ | \ |

/_______ /_______ / \___/ /_______ /|_______ \_______ /____| \____|__ /_______ /\____|__ /____|

\/ \/ \/ \/ \/ \/ \/ \/

_____________________________ ____ _____________.___________________.___.

/ _____/\_ _____/\_ ___ \| | \______ \ \__ ___/\__ | |

\_____ \ | __)_ / \ \/| | /| _/ | | | / | |

/ \ | \\ \___| | / | | \ | | | \____ |

/_______ //_______ / \______ /______/ |____|_ /___| |____| / ______|

\/ \/ \/ \/ \/

APPLICATION DEVELOPMENT METHODS

Know difference between compiled and interpreted languages

Waterfall Model: linear application development model that uses rigid phases

Spiral Method: designed to control risk. Repeats steps of a project

XP (Xtreme Programming) - Agile development method with pairs of programmers

Rapid Application Development (RAD): prototypes, dummy GUIs, back-end databases

SDLC: Systems Development Life Cycle

Prepare a Security Plan, Initiation, Development, Implementation, Operation/Maintenance, Disposal

Polymorphism: it can perform different methods depending on the context of the input message (adding and concatenating with the plus sign is an example)

Polyinstantiation: Multiple instances with the same name that contain different data

OBJECT REQUEST BROKERS (ORB)

Used to locate objects and act as object search engines

COM and DCOM are the two Microsoft technologies. DCOM is newer.

CORBA is the open source version that uses IDL (Interface Definition Language)

SOFTWARE VULNERABILITIES

15-50 errors per 1,000 lines of delivered code. KLOC = a thousand lines of code.

Full Disclosure versus Responsible Disclosure

CMM: Software Capability Maturity Model - Carnegie Mellon framework for improving development cycle

DATABASES

Tuple - row (record) in a database

Attribute - column in a database

Value - single cell in a database

Data Integrity

Referential: every foreign key in a secondary table matches a primary key

Semantic: every attribute is consistent with the attribute data type

Entity: every tuple has a unique primary key that isn't null

DDL - Data Definition Language

DML - Data Manipulation Language

--

DOMAIN 9

________ _______________________________ ________________.___________ _______ _________

\_____ \\______ \_ _____/\______ \ / _ \__ ___/| \_____ \ \ \ / _____/

/ | \| ___/| __)_ | _/ / /_\ \| | | |/ | \ / | \ \_____ \

/ | \ | | \ | | \/ | \ | | / | \/ | \/ \

\_______ /____| /_______ / |____|_ /\____|__ /____| |___\_______ /\____|__ /_______ /

\/ \/ \/ \/ \/ \/ \/

_____________________________ ____ _____________.___________________.___.

/ _____/\_ _____/\_ ___ \| | \______ \ \__ ___/\__ | |

\_____ \ | __)_ / \ \/| | /| _/ | | | / | |

/ \ | \\ \___| | / | | \ | | | \____ |

/_______ //_______ / \______ /______/ |____|_ /___| |____| / ______|

\/ \/ \/ \/ \/

ADMINISTRATIVE SECURITY

Separation of duties/rotation of duties and job rotation - prevents collusion

Data remanence - persists beyond noninvasive means to delete it

Difference between incremental and differential is that differential backups archive anything changed since the last full backup. Incremental only archives files that have changed since the last backuop

Parity - achieves data redundancy without mirroring

RAID TYPES

RAID 0 - Striped

RAID 1 - Mirrored

RAID 2 - Hamming Code requiring either 14 or 39 disks

RAID 3 - Striped Set with Dedicated Parity (Byte Level)

RAID 4 - Striped Set with Dedicated Parity (Block Level)

RAID 5 - Striped Set with Distributed Parity - one drive down, still working

RAID 6 - Striped Set with Dual Distributed Parity - two drives down, still working

RAID 1+0 - striped set of mirrored disks

MALWARE TYPES

Worm - self-propagating without user interaction

Land DoS - malformed packet

Smurf DoS - ICMP flooding, requires third-party network for SMURF AMPLIFICATION

Teardrop - malformed packet with fragment reassembly

Ping of Death - malformed ICMP Echo Request larger than the size of an IP packet

Fraggle - Variation on Smurf that uses UDP for the request portion

DNS Reflection - spoofs third-party DNS

DOMAIN 10

.____ ___________ ________ _____ .____

| | \_ _____// _____/ / _ \ | |

| | | __)_/ \ ___ / /_\ \| |

| |___ | \ \_\ \/ | \ |___

|_______ \/_______ /\______ /\____|__ /_______ \

\/ \/ \/ \/ \/

____ _________ ________ _____ __________.____ .___ _____ _______ _________ ___________

/ _ \ \_ ___ \ \_____ \ / \\______ \ | | | / _ \ \ \ \_ ___ \\_ _____/

> _ </\ / \ \/ / | \ / \ / \| ___/ | | |/ /_\ \ / | \/ \ \/ | __)_

/ <_\ \/ \ \____/ | \/ Y \ | | |___| / | \/ | \ \____| \

\_____\ \ \______ /\_______ /\____|__ /____| |_______ \___\____|__ /\____|__ /\______ /_______ /

\/ \/ \/ \/ \/ \/ \/ \/ \/

MAJOR LEGAL SYSTEMS

Civil law - legislative and judicial

Common law - precedent

Criminal law - victim is society

Civil law - tort law included

Administrative law - government agency enacted

INFORMATION SECURITY ASPECTS OF LAW

Computers are either targets or tools

International Cooperation: Council of Europe Convention on Cybercrime - Europe & US

Due care/due diligence: due care is bare minimum

EVIDENCE

Checksums - no data changes

Ensure that chain of custody is preserved

IMPORTANT LAWS AND REGULATIONS

Computer Fraud and Abuse Act - Title 18 of the US Code Section 1030

Privacy Act of 1974 - created to codify PII information

European Union Privacy - aggressive pro-privacy stance

OECD - European forum for discussion of economic issues and privacy

EU-US Safe Harbor - authorized data sharing between the US and Europe

ETHICS

Computer Ethics Institute - 10 Commandments

IAB - Internet Activities Board - RFC for ethical/unethical behavior

ISC² Code of Ethics

1. Protect society, the commonwealth, and the infrastructure.

2. Act honorably, honestly, justly, responsibly, and legally.

3. Provide diligent and competent service to principals.