CISSP - Domain 3: Security Architecture and Engineering
The Digital Signature Standard approves three encryption algorithms for use in digital
signatures: the Digital Signature Algorithm (DSA); the Rivest, Shamir, Adleman (RSA)
algorithm; and the Elliptic Curve DSA (ECDSA) algorithm.
HAVAL is a hash function, not an encryption algorithm. While hash functions are used
as part of the digital signature process, they do not provide encryption.
Supervisory control and data acquisition (SCADA) systems are used to control and
gather data from industrial processes. They are commonly found in power plants and
other industrial environments
Bell–LaPadula Model
The Simple Security Property states that a subject at a given security level may not
read an object at a higher security level.
Biba Security Model
The Simple Integrity Property states that an individual may not read a file
classified at a lower security level than the individual’s security clearance.
The * (star) Integrity Property states that a subject cannot modify an object
a higher integrity level (no write-up).
The idea of the "no read down" principle is simply that information produced at
a lower level may be tainted, and should not be consumed by a member of a higher
tier in the hierarchy. A classical example is that a priest may write a prayerbook
for a farmer, but should not accept religious ideas from the farmer.
The Biba model focuses only on protecting integrity and does not provide protection
against confidentiality or availability threats. It also does not provide protection against
covert channel attacks. The Biba model focuses on external threats and assumes that
internal threats are addressed programmatically
The Trusted Platform Module (TPM) is a hardware security technique that stores an
encryption key on a chip on the motherboard and prevents someone from accessing an
encrypted drive by installing it in another computer.
Hash functions do not include any element of secrecy and, therefore, do not require a
cryptographic key
IPSec: The Encapsulating Security Payload (ESP) protocol provides confidentiality
and integrity for packet contents. It encrypts packet payloads and provides limited
authentication and protection against replay attacks.
Florian and Tobias would like to begin communicating using a symmetric cryptosystem,
but they have no prearranged secret and are not able to meet in person to exchange keys.
What algorithm can they use to securely exchange the secret key?
The Diffie-Hellman algorithm allows for the secure exchange of symmetric encryption
keys over a public network.
Protection Profiles (PPs) specify the security requirements and protections that must be
in place for a product to be accepted under the Common Criteria
Kerckhoff’s principle says that a cryptographic system should be secure even if
everything about the system, except the key, is public knowledge
The Ready state is used when a process is prepared to execute but the CPU is not
available. The Running state is used when a process is executing on the CPU. The Waiting
state is used when a process is blocked waiting for an external event. The Stopped state is
used when a process terminates.
EAL1 assurance applies when the system in question has been functionally tested. It is
the lowest level of assurance under the Common Criteria
In the Ring Protection Model, the kernel lies within the central ring, Ring 0.
Conceptually, Ring 1 contains other operating system components. Ring 2 is used for
drivers and protocols. User-level programs and applications run at Ring 3. Rings 0
through 2 run in privileged mode while Ring 3 runs in user mode. It is important to
note that many modern operating systems do not fully implement this model.
These are 4 modes of operation in the mandatory access control.
(It’s a game of All & Some)
1. Dedicated Security Mode:
In any mode, you need to know about 3 aspects. Hence mentioning these 3 important factors for you to remember from an exam point of view too:
User must have a security clearance that permits access to ALL information.
User must have Access approval or authorization to access ALL information.
User must have valid Need to Know for ALL information.
In one line, for dedicated mode, all users can access ALL data.
2. System High Security Mode
User must have a security clearance that permits access to ALL information.
User must have Access approval or authorization to access ALL information.
User must have valid Need to Know for SOME information.
In one line, all users can access SOME data, based on their need to know.
3. Compartmented security mode
User must have a security clearance that permits access to ALL information.
User must have Access approval or authorization to access SOME information.
User must have valid Need to Know for SOME information.
In one line, all users can access SOME data, based on their need to know and formal access approval.
4. Multilevel Security Mode
User must have a security clearance that permits access to SOME information.
User must have Access approval or authorization to access SOME information.
User must have valid Need to Know for SOME information.
In one line, all users can access SOME data, based on their need to know, clearance and formal access approval.
The verification process is similar to the certification process in that it validates
security controls. Verification may go a step further by involving a third-party testing
service and compiling results that may be trusted by many different organizations.
Accreditation is the act of management formally accepting an evaluating system, not
evaluating the system itself.
Accreditation is the formal approval by a designated approving authority (DAA) that
an IT system may operate in a described risk environment.
Class A fire extinguishers are useful only against common combustible materials. They
use water or soda acid as their suppressant. Class B extinguishers are for liquid fires. Class
C extinguishers are for electrical fires, and Class D fire extinguishers are for combustible
metals.
Blowfish allows the user to select any key length between 32 and 448 bits.
Phreaking = Phone + Breaking
Phreaking is a slang term coined to describe the activity of a culture of people who study,
experiment with, or explore telecommunication systems, such as equipment and systems connected
to public telephone networks
The Trusted Computing Base (TCB) is a small subset of the system contained within
the kernel that carries out critical system activities
Data diddling is a type of cybercrime in which data is altered as it is entered into a
computer system, most often by a data entry clerk or a computer virus
Soda acid and other dry powder extinguishers work to remove the fuel supply. Water
suppresses temperature, while halon and carbon dioxide remove the oxygen supply from
a fire.
The Open Web Application Security Project (OWASP) produces an annual list of the
top ten web application security issues that developers and security professionals around
the world rely upon for education and training purposes. The OWASP vulnerabilities form
the basis for many web application security testing products.
In TLS, both the server and the client first communicate using an ephemeral symmetric
session key. They exchange this key using asymmetric cryptography, but all encrypted
content is protected using symmetric cryptography
Data center humidity should be maintained between 40% and 60%. Values below
this range increase the risk of static electricity, while values above this range may generate
moisture that damages equipment.
Digital certificate provide integrity and nonrepudiation to the extent you trust its
issuer, since it is the only entity that could verify it. Self-signed digital certificates
should be used only for internal-facing applications, where the user base trusts the
internally generated digital certificate
Address Space Layout Randomization (ADLR) is a memory protection methodology that
randomizes memory locations, which prevents attackers from using known address spaces
and contiguous memory regions to execute code via overflow or stack smashing attacks.
Bell-LaPadula: This model blocks lower-classified objects from accessing higher classified
objects, thus ensuring confidentiality.
Biba: The * property of this model can be summarized as “no write-up.”
Clark-Wilson: This model uses security labels to grant access to objects via
transformation procedures and a restricted interface model. Focus is separation of
duties.
Brewer-Nash: The Brewer-Nash model allows access controls to change
dynamically based upon a user’s actions. It is often used in environments
to implement a “Chinese wall” between data belonging to different clients
and to avoid conflict of interest.
Goguen-Meseguer: The subjects are allowed to perform pre-determined actions
against pre-determined subjects becasue they have pre-determined access laid out.
Sutherland: This integrity model focuses on preventing interference in support of
integrity.
Graham-Denning: This model focuses on the secure creation and deletion of
subjects and objects using eight primary protection rules or actions.
signatures: the Digital Signature Algorithm (DSA); the Rivest, Shamir, Adleman (RSA)
algorithm; and the Elliptic Curve DSA (ECDSA) algorithm.
HAVAL is a hash function, not an encryption algorithm. While hash functions are used
as part of the digital signature process, they do not provide encryption.
Supervisory control and data acquisition (SCADA) systems are used to control and
gather data from industrial processes. They are commonly found in power plants and
other industrial environments
Bell–LaPadula Model
The Simple Security Property states that a subject at a given security level may not
read an object at a higher security level.
Biba Security Model
The Simple Integrity Property states that an individual may not read a file
classified at a lower security level than the individual’s security clearance.
The * (star) Integrity Property states that a subject cannot modify an object
a higher integrity level (no write-up).
The idea of the "no read down" principle is simply that information produced at
a lower level may be tainted, and should not be consumed by a member of a higher
tier in the hierarchy. A classical example is that a priest may write a prayerbook
for a farmer, but should not accept religious ideas from the farmer.
The Biba model focuses only on protecting integrity and does not provide protection
against confidentiality or availability threats. It also does not provide protection against
covert channel attacks. The Biba model focuses on external threats and assumes that
internal threats are addressed programmatically
The Trusted Platform Module (TPM) is a hardware security technique that stores an
encryption key on a chip on the motherboard and prevents someone from accessing an
encrypted drive by installing it in another computer.
Hash functions do not include any element of secrecy and, therefore, do not require a
cryptographic key
IPSec: The Encapsulating Security Payload (ESP) protocol provides confidentiality
and integrity for packet contents. It encrypts packet payloads and provides limited
authentication and protection against replay attacks.
Florian and Tobias would like to begin communicating using a symmetric cryptosystem,
but they have no prearranged secret and are not able to meet in person to exchange keys.
What algorithm can they use to securely exchange the secret key?
The Diffie-Hellman algorithm allows for the secure exchange of symmetric encryption
keys over a public network.
Protection Profiles (PPs) specify the security requirements and protections that must be
in place for a product to be accepted under the Common Criteria
Kerckhoff’s principle says that a cryptographic system should be secure even if
everything about the system, except the key, is public knowledge
The Ready state is used when a process is prepared to execute but the CPU is not
available. The Running state is used when a process is executing on the CPU. The Waiting
state is used when a process is blocked waiting for an external event. The Stopped state is
used when a process terminates.
EAL1 assurance applies when the system in question has been functionally tested. It is
the lowest level of assurance under the Common Criteria
In the Ring Protection Model, the kernel lies within the central ring, Ring 0.
Conceptually, Ring 1 contains other operating system components. Ring 2 is used for
drivers and protocols. User-level programs and applications run at Ring 3. Rings 0
through 2 run in privileged mode while Ring 3 runs in user mode. It is important to
note that many modern operating systems do not fully implement this model.
These are 4 modes of operation in the mandatory access control.
(It’s a game of All & Some)
1. Dedicated Security Mode:
In any mode, you need to know about 3 aspects. Hence mentioning these 3 important factors for you to remember from an exam point of view too:
User must have a security clearance that permits access to ALL information.
User must have Access approval or authorization to access ALL information.
User must have valid Need to Know for ALL information.
In one line, for dedicated mode, all users can access ALL data.
2. System High Security Mode
User must have a security clearance that permits access to ALL information.
User must have Access approval or authorization to access ALL information.
User must have valid Need to Know for SOME information.
In one line, all users can access SOME data, based on their need to know.
3. Compartmented security mode
User must have a security clearance that permits access to ALL information.
User must have Access approval or authorization to access SOME information.
User must have valid Need to Know for SOME information.
In one line, all users can access SOME data, based on their need to know and formal access approval.
4. Multilevel Security Mode
User must have a security clearance that permits access to SOME information.
User must have Access approval or authorization to access SOME information.
User must have valid Need to Know for SOME information.
In one line, all users can access SOME data, based on their need to know, clearance and formal access approval.
The verification process is similar to the certification process in that it validates
security controls. Verification may go a step further by involving a third-party testing
service and compiling results that may be trusted by many different organizations.
Accreditation is the act of management formally accepting an evaluating system, not
evaluating the system itself.
Accreditation is the formal approval by a designated approving authority (DAA) that
an IT system may operate in a described risk environment.
Class A fire extinguishers are useful only against common combustible materials. They
use water or soda acid as their suppressant. Class B extinguishers are for liquid fires. Class
C extinguishers are for electrical fires, and Class D fire extinguishers are for combustible
metals.
Blowfish allows the user to select any key length between 32 and 448 bits.
Phreaking = Phone + Breaking
Phreaking is a slang term coined to describe the activity of a culture of people who study,
experiment with, or explore telecommunication systems, such as equipment and systems connected
to public telephone networks
The Trusted Computing Base (TCB) is a small subset of the system contained within
the kernel that carries out critical system activities
Data diddling is a type of cybercrime in which data is altered as it is entered into a
computer system, most often by a data entry clerk or a computer virus
Soda acid and other dry powder extinguishers work to remove the fuel supply. Water
suppresses temperature, while halon and carbon dioxide remove the oxygen supply from
a fire.
The Open Web Application Security Project (OWASP) produces an annual list of the
top ten web application security issues that developers and security professionals around
the world rely upon for education and training purposes. The OWASP vulnerabilities form
the basis for many web application security testing products.
In TLS, both the server and the client first communicate using an ephemeral symmetric
session key. They exchange this key using asymmetric cryptography, but all encrypted
content is protected using symmetric cryptography
Data center humidity should be maintained between 40% and 60%. Values below
this range increase the risk of static electricity, while values above this range may generate
moisture that damages equipment.
Digital certificate provide integrity and nonrepudiation to the extent you trust its
issuer, since it is the only entity that could verify it. Self-signed digital certificates
should be used only for internal-facing applications, where the user base trusts the
internally generated digital certificate
Address Space Layout Randomization (ADLR) is a memory protection methodology that
randomizes memory locations, which prevents attackers from using known address spaces
and contiguous memory regions to execute code via overflow or stack smashing attacks.
Bell-LaPadula: This model blocks lower-classified objects from accessing higher classified
objects, thus ensuring confidentiality.
Biba: The * property of this model can be summarized as “no write-up.”
Clark-Wilson: This model uses security labels to grant access to objects via
transformation procedures and a restricted interface model. Focus is separation of
duties.
Brewer-Nash: The Brewer-Nash model allows access controls to change
dynamically based upon a user’s actions. It is often used in environments
to implement a “Chinese wall” between data belonging to different clients
and to avoid conflict of interest.
Goguen-Meseguer: The subjects are allowed to perform pre-determined actions
against pre-determined subjects becasue they have pre-determined access laid out.
Sutherland: This integrity model focuses on preventing interference in support of
integrity.
Graham-Denning: This model focuses on the secure creation and deletion of
subjects and objects using eight primary protection rules or actions.
Comments
Post a Comment