Documente Academic
Documente Profesional
Documente Cultură
analysis)
- El Gamal is an unpatented, asymmetric key algorithm based on the discrete
logarithm problem used in Diffie-Hellman. It extends the functionality of
Diffie-Hellman to include encryption and digital signatures.
- Function Point (FP) analysis is a measure of the size of an information system
based on the number and complexity of the inputs, outputs and files that a user
sees and interacts with
- PGP uses the IDEA algorithm (symmetric) for encryption and the RSA algorithm
(asymmetric) for key distribution and digital signatures.
- Program Evaluation Review Technique (PERT) charts. PERT charts are
project management tools used for time/progress estimation and resource
allocation, NOT for estimating the financial burden of the project
- Because of the amount of computation involved in public key cryptography, a DES
hardware implementation of secret key cryptography is on the order of 1000 to
10000 times faster than RSA public key cryptography.
- A SA is a one-way connection between two communicating parties, meaning that
two SAs are required for each pair of communicating hosts. Additionally, each SA
only supports a single protocol (AH or ESP). Thus, if both AH and ESP are used
between two communicating hosts, a total of four SAs is required.
- SESAME is subject to password guessing like Kerberos.
The Basic Mechanism in Sesame for strong authentication is as follows:
The user sends a request for authentication to the Authentication Server as in
Kerberos, except that SESAME makes use of public key cryptography for
authentication where the client will present his digital certificate and the request will
be signed using a digital signature. The signature is communicated to the
authentication server through the preauthentication fields. Upon receipt of this
request, the authentication server will verify the certificate, then validate the
signature, and if all is fine the AS will issue a ticket granting ticket (TGT) as in
Kerberos. This TGT will be use to communicate with the privilage attribute server
(PAS) when access to a resource is needed.
Users may authenticate using either a public key pair or a conventional (symmetric)
key. If public key cryptography is used, public key data is transported in
preauthentication data fields to help establish identity. Kerberos uses tickets for
authenticating subjects to objects and SESAME uses Privileged Attribute
Certificates (PAC), which contain the subject’s identity, access capabilities for the
object, access time period, and lifetime of the PAC. The PAC is digitally signed so
that the object can validate that it came from the trusted authentication server,
which is referred to as the privilege attribute server (PAS). The PAS holds a similar
role as the KDC within Kerberos. After a user successfully authenticates to the
authentication service (AS), he is presented with a token to give to the PAS. The
PAS then creates a PAC for the user to present to the resource he is trying to
access.
-The northbridge bus connects the CPU to the VIDEO and RAM
- Continuous authentication provides protection against attacks that happen in a
connection even after authentication is complete. This is usually done by
applying a digital signature to every bit of data sent (eg applying some sort of
cryptography to every bit sent)
- The only difference between a circuit-level gateway and a simple port forwarding
mechanism is that with a circuit-level gateway, the client is aware of the
intermediate system, whereas in the case of a simple port-forwarding mechanism,
the client must not be aware and may be completely oblivious of the existence of
the intermediary
- DDE (Dynamic Data Exchange) enables different applications to share data and
send commands to each other directly.
- Objects sensitivity label = single classificiation + compartement set
- Physical cable lengths: 10Base2, also known as RG58, or thinnet, is limited to
185 meters. 10Base5, also known as RG8/RG11 or thicknet, is limited to 500
meters. 10BaseT is only limited to 100 meters. Note that the 2 in 10Base2 refers
to the maximum cable length (200 meters, 185, actually) and the 5 in 10Base5 is
for 500 meters.
- The WAP GAP is a specific security issue associated with WAP results from the
requirement to change security protocols at the carrier's WAP gateway from the
wireless WTLS to SSL for use over the wired network. WTLS is replaced by TLS in
WAP 2.0. The gateway described above is no longer needed to translate (decrypt
from one standard and re-encrypt to another) since the Internet servers are able
to interpret the TLS transmission directly. All data remains encrypted as it passes
through the gateway.
At the WAP gateway, the transmission, which is protected by WTLS, is decrypted
and then re-encrypted for transmission using SSL, leaving data temporarily in the
clear on the gateway.
- National Information Assurance Certification and Accreditation Process
(NIACAP), establishes the minimum national standards for certifying and
accrediting national security systems. This process provides a standard set of
activities, general tasks, and a management structure to certify and accredit
systems that will maintain the Information Assurance (IA) and security posture of a
system or site.
- The object-relational database is the marriage of object-oriented and relational
technologies and combines the attributes of both.
- A system reboot is performed after shutting down the system in a controlled
manner in response to a TCB failure.
- An emergency system restart is done after a system fails in an uncontrolled
manner but consistency can be brought back automatically to the system.
- A system cold start takes place when unexpected TCB or media failures take
place and the recovery procedures cannot bring the system to a consistent state.
Intervention of administrative personnel is required to bring the system to a
consistent state from maintenance mode.
- Information Labels are similar to Sensitivity Labels, but in addition to the
classification and the category set of the Sensitivity Labels, they also have the
necessary controls to be able to operate as a trusted computer. One other
important difference is that the Reference Monitor does not use Information Labels
for access permissions
- DCE does provide the same functionality as DCOM, but DCE is an open standard
developed by the Open Software Foundation (OSF) and DCOM, developed by
Microsoft, is more proprietary in nature
- Risk management consists of two primary and one underlying activity; risk
assessment and risk mitigation are the primary activities and uncertainty analysis
is the underlying one. After having performed risk assessment and mitigation, an
uncertainty analysis should be performed. Risk management must often rely on
speculation, best guesses, incomplete data, and many unproven assumptions. A
documented uncertainty analysis allows the risk management results to be
used knowledgeably. A vulnerability analysis, likelihood assessment and threat
identification are all parts of the collection and analysis of data part of the risk
assessment, one of the primary activities of risk management.
- BIA should emphasize system dependancies. Then, prioritization can occur.
- The Authentication Header is a mechanism for providing strong integrity and
authentication for IP datagrams. It might also provide non-repudiation, depending
on which cryptographic algorithm is used and how keying is performed. For
example, use of an asymmetric digital signature algorithm, such as RSA, could
provide non-repudiation."
ESP is a mechanism for providing integrity and confidentiality to IP datagrams. It
may also provide authentication, depending on which logarithm and algorithm mode
are used. Non-repudiation and protection from traffic analysis are not
provided by ESP
- Extensible Authentication Protocol as a framework that supports multiple,
optional authentication mechanisms for PPP, including cleartext passwords,
challenge-response, and arbitrary dialog sequences
- SSL : Presentation + transport layer. (recall presentation layer is to do with
compression and encryption). Also remember successor is TLS = transport layer
security
- Individual accountability includes:
* unique IDs (for ID)
* access rules (to determine violations)
* audit trails (detective, for logging)
- Padded cells are simulated environments to which IDSs seamlessly transfer
detected attackers and are designed to convince an attacker that the attack is
going according to the plan.
- FRAP (facilitated risk analysis process) : business managers and technical staff.
Brainstorm and identify risk, and apply a group of 26 common controls to
categorize risk
- The functional design analysis and planning stage of an SDLC is the point at
which a project plan is developed, test schedules assigned, and expectations
outlined
- default open is not a prefered security model
- External consistency ensures that the data stored in the database is consistent
with the real world
-DBMS: Cell suppression is a technique used against inference attacks by not
revealing information in the case where a statistical query produces a very small
result set. Perturbation also addresses inference attacks but involves making
minor modifications to the results to a query. Partitioning involves splitting a
database into two or more physical or logical parts; especially relevant for
multilevel secure databases.
- System development + system maintenance can be done by same people
- The running key cipher is based on modular arithmetic
- Telnet’s primary use is terminal emulation
- Root cause analysis needed for eradication phase
- Flash can be read/written multiple times quickly, but at the cost of only writing
large blocks at a time.
- As relates to operations security and TB : trusted paths are trustworthy interfaces
into privileged user functions, i.e. they are pathways through the security boundary
which separates the TCB components and untrusted components. trusted paths
would be a form of API
- In an online transaction processing system, if an invalid or erroneous transaction
is detected, it should be written to a report and reviewed
- limited privilege : trusted process characteristic where operations are
performed without allowing the user direct access to unauthorized sensitive data
- DAC and MAC both employ least privilege. But only MAC employs need to know
(compartmentalization)
- The reference monitor must meet three conditions:
(1) it must be tamperproof (isolation)
(2) it must be invoked on every access to every object (completeness) and
(3) it must be small enough for thorough validation of its operation through
analysis and tests, in order to verify completeness (v
- MSR minimum security requirements state that a password should have
minimum length of 8 characters.
- One time pads to be unbreakable the pads must:
* have completely random characters
* be secure
* must not be re-used
* key must be as long as the message
- Detection capabilities of host based IDS systems are usually limited by the audit
logging capabilities of the host
- Software librarian can enforce separation of duties to ensure programmers do not
have access to production code
- MTD = RTO + WRT ; Maximum Tolerable Downtime = Recovery Time Objective +
Work Recovery Time
- An interoperable, or cooperative, database is defined as interconnected
platforms running independent copies of software with independent copies of data.
Not to be confused with a decentralized database, involving connected or
unconnected but related platforms running independent copies of software with
independent copies of data. A dispersed database involves interconnected and
related platforms running the same software and using the same data, one of
which is centralized (software or data).
- Graham-Denning model has 8 rules
- One technique of process isolation is time-multiplexing
- Data or information owner can determine if controls in place protect sensitive
data sufficiently
- Diffie Hellmann : protocol used to enable two users using symmetric encryption
to exchange a secret key (session key) over an insecure medium without any prior
secrets. The negotiated key will subsequently be used for message encryption
- ITSEC vs Orange book : One major difference between the two is ITSEC’s
inclusion of integrity and availability as security goals, along with confidentiality.
- IPSec peer authentication performed at phase 1
- IPSec:
In phase 1 of this process, IKE creates an authenticated, secure channel between
the two IKE peers, called the IKE security association. The Diffie-Hellman key
agreement is always performed in this phase. (bi-directional SA)
In phase 2 IKE negotiates the IPSec security associations and generates the
required key material for IPSec. The sender offers one or more transform sets that
are used to specify an allowed combination of transforms with their respective
settings. (Simplex SA x2)
- SET = Secure Electronic Transaction : OSI L7 application layer protocol
- Quality assurance can also be an additional responsibility of the security
administrator. The security administrator, being responsible for application
programming, systems programming or data entry, does not provide for proper
segregation of duties
- Linear cryptanalysis : attempt to determine key from large amounts of plain /
cipher text pairs
- Output controls are used for two things: for verifying the integrity and protecting
the confidentiality of an output
- Input controls are used to validate input (correct range, etc), helps prevent
certain types of attacks eg bugger overflow
- Max key size for Rijandael is 256 bits
- ISO 27001:2005 : standard for Information Security management
- DES key length = 56 bits , parity or key sequence of 8 bits = 64bit. Uses 64-bit
blocks and output 64-bit ciphertext
- The main advantage of the qualitative impact analysis is that it prioritizes the risks
and identifies areas for immediate improvement in addressing the vulnerabilities.
- Differential cryptanalysis : attempt to determine key by statistically analysing a
few plain - cipher text pairs
- SQL = DDL (data definition language) + DML (data manipulation language)
- polymorphism : object acts differently, depending on the input message
- polyinstantiation : same object, different data (eg secret data, top secret data)
- Digital envelope: message encrypted with secret key, which is in turn encrypted
with public key of reciever
- UTP categories based on how tightly a cable is twisted
- Coaxial cables need fixed spacing between connections (termination / reflection,
etc)
- Degree of a table represents number of columns therefore not related to number
of primary keys
- A protection domain consists of the execution and memory space assigned to
each process. The purpose of establishing a protection domain is to protect
programs from all unauthorized modification or executional interference. The
security perimeter is the boundary that separates the Trusted Computing Base
(TCB) from the remainder of the system
- RC4 is not a block cipher (variable-key-length stream cipher)
- A stream cipher generates what is called a keystream (a sequence of bits
used as a key).
- data diddling : active form of attack that alters existing data, most common
insider attack
- Elliptic Curve Cryptography has the highest strength per bit of key length of any
asymmetric algo, hence less key length is needed, used for mobile devices
- Trusted recovery ensures that security is not breached when a system crash or
other system failure occurs. When the system crashes, it must be able to restart
without compromising its required protection scheme and to recover and rollback
without being compromised after the failure. Trusted recovery is only required for
B3 and A1 level systems.
- secondary evidence : copy of a piece of evidence or oral description
- direct evidence : can prove a fact by itself (does not need backup), for example
oral testimony based on info gathered through a witness’s five senses
- Auxiliary station alarms automatically cause an alarm originating in a data center
to be transmitted over the local municipal fire or police alarm circuits for relaying to
both the local police/fire station and the appropriate headquarters. Central station
alarms are operated by private security organizations
- A data dictionary is a central collection of data element definitions, schema
objects, and reference keys.
- A single account on the system has the administrative rights to all the
security-related functions of the system. This demonstrates Trusted Facility
Management because you restrict access to administrative functions.
A failure or crash of the system cannot be used to breach security. This would fall
under Trusted Recovery.
- clapper valve holds back water in dry system (fire suppression)
- Regarding SSL: Once the server has been authenticated by the browser client, the
browser generates a master secret that is to be shared only between the server
and client. This secret serves as a seed to generate the session (private) keys. The
master secret is then encrypted with the server's public key and sent to the server.
The fact that the master secret is generated by the client's browser provides the
client assurance that the server is not reusing keys that would have been used in a
previous session with another client.
- Evaluation is the process of independently assessing a system against a standard
of comparison, such as evaluation criteria. Certification is the process of
performing a comprehensive analysis of the security features and safeguards of a
system to establish the extent to which the security requirements are satisfied.
Accreditation is the official management decision to operate a system (achieved
during implementation phase.
Acceptance testing refers to user testing of a system before accepting delivery.
- The operation/ maintenance phase of an IT system is concerned with user
authentication
- attribute certificate is a digital certificate that binds a set of descriptive data
items, other than a public key, either directly to a subject name or to the identifier
of another certificate that is a public-key certificate
- CER : crossover error rate, FRR : false rejection rate
- Clark_Wilson model : achieves data integrity through well-formed transactions
and seperation of duties (eg using middleware)
- RADIUS and DIAMETER are only backward compatible. DIAMETER is compatible
with radius, but not vie-versa
- The security perimeter is the imaginary line that separates the trusted
components of the kernel and the Trusted Computing Base (TCB) from those
elements that are not trusted
- Software plans and requirements usually addresses due care and due diligence
- When access control is on what is contained in the database it is considered to be
content-dependent access control
- BIA primary objectives:
* Criticality prioritization
* downtime estimation
* resource requirements
- BIA objectives:
* interviews for data gathering
* create data gathering techniques
* identify critical business functions
* identify resources that the above functions depend upon
* how long can functions survive without the resources
* identify vulnerabilities and threats to the resources
* calculate risk to resources
* document and report
- In IPSec, an SA is simplex in operation, not duplex
- soda acid removes the fuel supply of a fire
- Operational controls are concerned most with personnel safety
- ARL vs CRL = Authority Revocation List vs Certificate Revocation List
- Pipelining : overlapping steps of different instructions
- SSL session key length vary from 40bit to 256bit
- S-RPC provides authentication
- Secure HTTP (S-HTTP) is designed to send individual messages securely
- For authentication via DES, Cipher Block Chaining and Cipher Feedback can be
used since they create a key that is dependent of the previous block and the final
block serves as a Message Authentication Code. Output feedback does not allow
any sort of MAC
- Wireless Transport Layer Security (WTLS) is a communication protocol that
allows wireless devices to send and receive encrypted information over the
Internet.
- Keyed hash also called a MAC (message authentication code) is used for
integrity protection, and authentication. Eg of MAC : encrypt message with secret
key DES, and hash the output.
- In order to protect against fraud in electronic fund transfers (EFT), the Message
Authentication Code (MAC), ANSI X9.9, was developed. The MAC is a check value,
which is derived from the contents of the message itself, that is sensitive to the bit
changes in a message. It is similar to a Cyclic Redundancy Check (CRC). The Secure
Electronic Transaction (SET) was developed by a consortium including MasterCard
and VISA as a means of preventing fraud from occurring during electronic
payment
- Capacitance detectors is used for spot protection within a few inches of the
object, rather than for overall room security monitoring.
- Internet refers to the global network of public networks and ISP
- Communications security management prevents,detects and corrects errors so
CIA of network transaction may be maintained
- The computations involved in selecting keys and in enciphering data are complex,
and are not practical for manual use. However, using mathematical properties of
modular arithmetic and a method known as computing in Galois fields, RSA is
quite feasible for computer use.
- known-plaintext attack : a cryptanalysis technique in which the analyst tries to
determine the key from knowledge of some plaintext-ciphertext pairs (although the
analyst may also have other clues, such as the knowing the cryptographic
algorithm).
- chosen-ciphertext attack is defined as a cryptanalysis technique in which the
analyst tries to determine the key from knowledge of plaintext that corresponds to
ciphertext selected (i.e., dictated) by the analyst.
- chosen-plaintext attack is a cryptanalysis technique in which the analyst tries to
determine the key from knowledge of ciphertext that corresponds to plaintext
selected (i.e., dictated) by the analyst.
- Stream cipher is most suited to hardware implementations
- A central authority that determines which subjects have access to which objects
is a fom of non-discretionary access control
- cardinality of a database refers to the number of rows in a relation (eg 1 to 1,
1 to many, etc)
- X.400 is used in e-mail as a message handling protocol. X.500 is used in
directory services. X.509 is used in digital certificates and X.800 is used a network
security standard
- Split knowledge involves encryption keys being separated into two components,
each of which does not reveal the other
- Reasonableness checks, range checks, syntax checks and check digits are
common program controls
- An analytic attack refers to using algorithm and algebraic manipulation weakness
to reduce complexity.
- Content dependant protection of info increases processing overhead
- Simple Security property in Bell-LaPadula = no read up
- Simple Security property in Biba = no read down
- star property in Bell-LaPadula = confinement property
- to remember : simple = read, *(star) = write
- A reference monitor compares the security labels on a subject and object
- Phreaking:
RED BOX
A red box is a phreaking device that generates tones to simulate inserting coins in
pay phones, thus fooling the system into completing free calls. In the US, a dime is
represented by two tones, a nickel by one, and a quarter by a set of 5 tones. Any
device capable of playing back recorded sounds can potentially be used as a red
box. Commonly used devices include modified Radio Shack tone dialers, personal
MP3 players, and audio-recording greeting cards.
BLUE BOX
An early phreaking tool, the blue box is an electronic device that simulates a
telephone operator's dialing console. It functions by replicating the tones used to
switch long-distance calls and using them to route the user's own call, bypassing
the normal switching mechanism. The most typical use of a blue box was to place
free telephone calls - inversely, the Black Box enabled one to receive calls which
were free to the caller. The blue box no longer works in most western nations, as
modern switching systems are now digital and no longer use the in-band signaling
which the blue box emulates. Instead, signaling occurs on an out-of-band channel
which cannot be accessed from the line the caller is using (called Common Channel
Interoffice Signaling (CCIS)).
BLACK BOX
The black box (as distinguished from blue boxes and red boxes), sometimes called
an Agnew (see Spiro (device) for the origin of the nickname), was a device built by
phone phreaks during the 1960s and 1970s in order to defeat long distance phone
call toll charges, and specifically to block the supervision signal sent by the receiving
telephone handset when the call was answered at the receiving end of the call.
The act of picking up the handset of a telephone causes a load to be put on the
telephone line, so that the DC voltage on the line drops below the approximately 45
volts present when the phone is disconnected. The black box consisted of a large
capacitor which was inserted in series with the telephone, thereby blocking DC
current but allowing AC current (i.e., ringing signal and also audio signal) to pass.
When the black box was switched into the telephone line, the handset could be
picked up without the telephone system knowing and starting the billing process.
In other words, the box fooled the phone company into thinking no one had
answered at the receiving end, and therefore billing was never started on the call.
WHITE BOX
The white box is simply a portable Touch-Tone Keypad.
Policy
The security policy must be explicit, well-defined and enforced by the computer
system. There are two basic security policies:
● Mandatory Security Policy - Enforces access control rules based
directly on an individual's clearance, authorization for the information and
the confidentiality level of the information being sought. Other indirect
factors are physical and environmental. This policy must also accurately
reflect the laws, general policies and other relevant guidance from which the
rules are derived.
○ Marking - Systems designed to enforce a mandatory security policy
must store and preserve the integrity of access control labels and
retain the labels if the object is exported.
● Discretionary Security Policy - Enforces a consistent set of rules for
controlling and limiting access based on identified individuals who have been
determined to have a need-to-know for the information.
Accountability
Assurance
Documentation
Within each class there is additional documentation set which addresses the
development, deployment and management of the system rather than its
capabilities. This documentation includes:
● Security Features User's Guide, Trusted Facility Manual, Test Documentation
and Design Documentation
- A1 level requires trusted distribution
- Common-mode noise is electrical noise between the hot and ground wire and
between the neutral and ground wire.
- critical-path analysis is the process of determining the value of company assets
- Controls and safeguards reduce the impact of a threat
- Symmetric stream cipher is most effective to implement in hardware
- A cryptovariable or key controls the operation of the cryptographic algorithm
- Aggregation and inference are the two most common forms of attack vs DBs
- Should move least critical systems from backup to primary site first
- ISAKMP defines procedures and packet formats to establish, negotiate, modify
and delete security associations. However, it does not define the actual
protocols to be used (such as key exchange protocols and hash functions), these
are implementation specific. One example of the ISAKMP implementation is the
Internet Key Exchange (IKE), defined as an Internet, IPsec, key-establishment
protocol (partly based on OAKLEY) that is intended for putting in place
authenticated keying material for use with ISAKMP and for other security
associations, such as in AH and ESP
- Key encapsulation is one class of key recovery techniques and is defined as a
key recovery technique for storing knowledge of a cryptographic key by encrypting
it with another key and ensuring that that only certain third parties called "recovery
agents" can perform the decryption operation to retrieve the stored key.
- In MAC, system controls and data owner determine the need to know
- Pattern matching IDS is best vs frequently morphing malware. Malware that
frequently morphs will evade statistical IDS that collects info over time
- Access controls help protects vs threats and vulnerabilities by reducing exposure
to unauthorized activities and providing access to information and systems to only
those that have been approved
- Ethernet cabling uses 4-pairs (8 strands)
- Operation security trple : {assets, threats, vulnerabilities}
- DES uses 16 rounds of transposition and substitution functions. Triple DES uses
48 rounds
- con of Kerberos server : single point of failure
- Access control dominate means a subject with equal or higher access class
- Kerberos Auth Server grants a service ticket once it validates the timestamp from
the client (can decrypt timestamp because it stores the client’s key)
- HIDS can usually detect encrypted traffic because host will decrypt it
- Least significant issue for biometrics is technology type
- Least effective dept to report to is the IS operations since they usually do not
rank high enough
- Data centre should be located in the middle of a building
- Hand geometry uses the smallest file size
- smart cards have processing power, memory cards do not
- Primary purpose of honeypots is to observer the behaviour of attackers to fortify
the network
- Rate of rise sensors provide earlier warning than fixed temperature thresholds,
but also have greater false positives
- access control list related to object, capability tables related to subjects
- it is important for an identity management system is that it must support high
volumes of data and peak transaction rates
- A database system would be denormalised to increase processing efficiency, but
reduces integrity and storage. (normalise = reduce duplicates)
- Justifications should be provided when data is denormalized, not when it is
normalized, because it introduces risk of data inconsistency. Denormalization is
usually introduced for performance purposes.
- IKE = IPSec not PKI!
- clipper chip uses 80-bit key size, works on the principle of key escrow
- PKI provides authentication, integrity and access control, not reliability.
- TGS principal = resource or server
- teardrop attack consists of modifying the length and fragmentation offset fields
in sequential IP packets, causing overlap of packets once re-assembled
- BIND variables are used as placeholders for literal values in SQL
- All internal walls must have 1 hour min fire rating, unless next to records where 2
hour min fire rating needed
- Reciprocal agreements are often not legally binding
- The program evaluation review technique (PERT) defines activities, assigned
resources, controls advance, and allows on-time decision making, used as Project
Management
- The domain of a relation is the set of allowable values that an attribute can
take.
- Common database models : hierarchical, network and relational
- Three types of access control : administrative, technical, and physical
- Seven main categories of access control:
*Directive
*Deterrent
*Preventative
*Detective
*Corrective
*Compensating
*Recovery
- Access control systems do not specify how a user can access a resource
- Identity management is a set of technologies and processes intended to offer
greater efficiency in the management of a diverse user and technical environment
- Preliminary step sin managing resources is to define who has access to a given
resource
- Physical locks are intended as a delay device
- Proxy server is not considered as perimeter defence, rather boundary defence
- clipping level : only necessary logs are collected for monitoring
- ISO 15408 = common criteria
* EAL 1 : functionally tested
* EAL 2 : structurally tested
* EAL 3 : methodically tested and checked
* EAL 4 : methodically designed, tested and reviewed
* EAL 5 : semifomally designed and tested
* EAL 6 : semifomally verified design and tested
* EAL 7 : fomally verified design and tested.
- qualitative risk assessment is usually earmarked by ease of implementation
and can be completed by personnel with limited understanding of the risk
assessment process
- Long-duration security projects increase completion risk
- SLE (single loss expectancy) = asset value x exposure rate
- civil law is influences by abstract concepts of law (writings of academics), rather
than precedent and reasoning as in common law
- security event managment (SEM) is used for log collection, collation and
analysis in real time, vs log management system that is more used for historical
purposes
- Computer Game Fallacy : computers will prevent us from doing wrong
- abstraction: giving rights to group rather than individual users (abstraction of
users into groups)
- link encryption is not suitable for high risk environments due to possible loss of
privacy at each node (link termination point). point to point encryption is more
secure
- Auditors help identify control gaps
- A trusted shell means that someone who is working in that shell cannot "bust
out of it", and other processes cannot "bust into it".
- continuous authentication best defends vs hijacking
- re databases: Five operations are primitives (Select, Project, Union, Difference
and Product) and the other operations can be defined in terms of those five. A
View is defined from the operations of Join, Project, and Select
The select operator serves to shrink the table vertically by eliminating unwanted
rows (tuples). The project operator serves to shrink the table horizontally by
removing unwanted columns. And the join operator allows the dynamic linking of
two tables that share a common column value
- Expert System Operating Modes:
Backward-chaining mode - the expert system backtracks to determine if a given
hypothesis is valid. Backward-chaining is generally used when there are a large
number of possible solutions relative to the number of inputs.
Incorrect answers are:
In a forward-chaining mode, the expert system acquires information and comes
to a conclusion based on that information. Forward-chaining is the reasoning
approach that can be used when there is a small number of solutions relative to the
number of inputs.
Blackboard is an expert system-reasoning methodology in which a solution is
generated by the use of a virtual blackboard, wherein information or potential
solutions are placed on the blackboard by a plurality of individuals or expert
knowledge sources. As more information is placed on the blackboard in an iterative
process, a solution is generated.
- problem management : identify root cause and address underlying issue
- configuration management is a requirement for level B2 and above
- B3 vs covert timing attacks. B2 vs covert storage attacks
- The life cycle assurance requirements specified in the Orange Book are: security
testing, design specification and testing, configuration management and
trusted distribution. System integrity is also defined in the Orange Book but is an
operational assurance requirement, not a life cycle assurance requirement.
- Tn3270 is a terminal emulation program for connecting to computers which use
IBM 3270 terminals. It supports SSL Version 2, SSL Version 3 and TLS version 1.
TN3270 Plus also supports up to 128-bit encryption. Most TN3270 servers today
has support for secured connections over SSL or SSH.
- Controlled Access Protection is Level C2
- 5 rules of evidence:
* complete
* authentic
* accurate
* convincing
* admissible
- SABSA : chain of traceability
- Bell-laPadula (confidentiality / disclosure) vs biba (integrity / accuracy)
- trusted computing base : totality of protection mechanisms within computer
system
- due diligence : compliance
- PR : not essential in BIA but important in BCP
- Common Criteria evaluations are performed on computer security products and
systems.
● Target Of Evaluation (TOE) - the product or system that is the subject of
the evaluation.
The evaluation serves to validate claims made about the target. To be of practical
use, the evaluation must verify the target's security features. This is done through
the following:
● Protection Profile (PP) - a document, typically created by a user or user
community, which identifies security requirements for a class of security
devices (for example, smart cards used to provide digital signatures, or
network firewalls) relevant to that user for a particular purpose. Product
vendors can choose to implement products that comply with one or more
PPs, and have their products evaluated against those PPs. In such a case, a
PP may serve as a template for the product's ST (Security Target, as defined
below), or the authors of the ST will at least ensure that all requirements in
relevant PPs also appear in the target's ST document. Customers looking for
particular types of products can focus on those certified against the PP that
meets their requirements.
● Security Target (ST) - the document that identifies the security properties
of the target of evaluation. It may refer to one or more PPs. The TOE is
evaluated against the SFRs (see below) established in its ST, no more and
no less. This allows vendors to tailor the evaluation to accurately match the
intended capabilities of their product. This means that a network firewall
does not have to meet the same functional requirements as a database
management system, and that different firewalls may in fact be evaluated
against completely different lists of requirements. The ST is usually published
so that potential customers may determine the specific security features
that have been certified by the evaluation.
● Security Functional Requirements (SFRs) - specify individual security
functions which may be provided by a product. The Common Criteria
presents a standard catalogue of such functions. For example, an SFR may
state how a user acting a particular role might be authenticated. The list of
SFRs can vary from one evaluation to the next, even if two targets are the
same type of product. Although Common Criteria does not prescribe any
SFRs to be included in an ST, it identifies dependencies where the correct
operation of one function (such as the ability to limit access according to
roles) is dependent on another (such as the ability to identify individual
roles).
The evaluation process also tries to establish the level of confidence that may be
placed in the product's security features through quality assurance processes:
● Security Assurance Requirements (SARs) - descriptions of the
measures taken during development and evaluation of the product to assure
compliance with the claimed security functionality. For example, an
evaluation may require that all source code is kept in a change management
system, or that full functional testing is performed. The Common Criteria
provides a catalogue of these, and the requirements may vary from one
evaluation to the next. The requirements for particular targets or types of
products are documented in the ST and PP, respectively.
● Evaluation Assurance Level (EAL) - the numerical rating describing the
depth and rigor of an evaluation. Each EAL corresponds to a package of
security assurance requirements (SARs, see above) which covers the
complete development of a product, with a given level of strictness.
Common Criteria lists seven levels, with EAL 1 being the most basic (and
therefore cheapest to implement and evaluate) and EAL 7 being the most
stringent (and most expensive). Normally, an ST or PP author will not select
assurance requirements individually but choose one of these packages,
possibly 'augmenting' requirements in a few areas with requirements from a
higher level. Higher EALs do not necessarily imply "better security", they only
mean that the claimed security assurance of the TOE has been more
extensively verified.
- Packages (Common Criteria)
According to the Common Criteria, an intermediate combination of security
requirement components is termed a package. The package permits the expression
of a set of either functional or assurance requirements that meet some particular
need, expressed as a set of security objectives. A package may be used in the
construction of more complex packages or Protection Profiles and Security Targets
- A Protection Profile (PP) is a document used as part of the certification process
according to the Common Criteria (CC). As the generic form of a Security Target
(ST), it is typically created by a user or user community and provides an
implementation independent specification of information assurance security
requirements. A PP is a combination of threats, security objectives, assumptions,
security functional requirements (SFRs), security assurance requirements (SARs)
and rationales.
- Capability Maturity Model CMM :
* initial : processes are reactive, poorly controlled, unpredictable
* reproducible: processes characterised for projects, not organisation wide,
still reactive
* defined : organisation wide characterization, proactive
* managed : metrics and measurements of processes
* optimization : process improvement
- MOM = means, opportunity, motive
- Tactical security plans : mid-term plans, eg rolling out new security policy
- Transport mode usually used when communications terminates at end points.
Tunnel mode usually used at gateway to give access to internal systems
- Common criteria > protection profiles > common set of functional and
assurance requirements for a category of vendor products in a particular
enviornment
- Hardware RAID implementation is usually platform independent
- Test environment using live workloads The best way to properly verify an
application or system during a stress test would be to expose it to "live" data while
in a testing environment. Fabricated test data may not be as varied, complex or
computationally demanding as "live" data. A production environment should never
be used to test a product, as a production environment is one where the
application or system is being put to commercial use. It is a best practice to
perform testing in a non-production environment
- From a security standpoint, a compiled program is less desirable than an
interpreted one because malicious code can be resident somewhere in the
compiled code, and it is difficult to detect in a very large program.
- CCTV :
* visual assessment of incidents
* surveillance
* deterrence
* evidential archives
- The invocation property is unique to the BIBA model
- Database shadowing: copying an entire database or updating records in multiple
locations to ensure fault-tolerance
- L2TP alone does not guarantee encryption
- Bell laPadula : * (star) property ensures no write down
- Biba : * (star) property ensures no write up
- The Orange book requires Hardware and/or software features shall be provided
that can be used to periodically validate the correct operation of the on-site
hardware and firmware elements of the TCB for System Integrity.
- The Federal Sentencing Guidelines for Organisations require that an
organisation provides ethics training
- Competitive intelligence attack is a business attack, loss of trade secrets and
so on.
- Inappropriate disclosure is a confidentiality, not an integrity goal.
- FIPS 140 is the standard for the security of hardware / software cryptographic
modules
- System high security policy means that all users in that system are cleared to
view the most highly classified info on the system
- Two-man control: Two individuals review and approve the work of each other.
(detective or preventative)
- Dual control: Both individuals are needed to perform a task (detective or
preventative). Separation of duties enables dual control
- Elements of a physical protection system:
* deter
* detect
* delay
* responsd
- Brewer-Nash a.k.a chinese wall model, prevents disclosure to competitors
- High-rate Digital Subscriber Line (HDSL) delivers 1.544 Mbps of bandwidth
each way over two copper twisted pairs. SDSL also delivers 1.544 Mbps but over
a single copper twisted pair.
- Due care is not related to profit
- An identity-based access control is an example of discretionary access control
that is based on an individual's identity. Task-based and role-based access controls
are examples of non-discretionary access controls. Rule-based access control is
another example.
- Note: Mandatory Access Controls use labels. If rules exist without labels, it
cannot be MAC, must be NDAC
- Referential Integrity requires that for any foreign key attribute, the referenced
relation must have a tuple with the same value for its primary key.
- Security testing and trusted distribution are needed for Life-Cycle Assurance
- Graham-Denning : sets of objects, subjects and rights, concerned with how
subjects are assigned rights, how objects are created
- Circumstantial evidence is defined as inference of information from other,
intermediate, relevant facts
- Symmetric stream lends itself best to implementation in hardware. Stream
ciphers can be designed to be exceptionally fast. This requires more processing
power than block ciphers require, which is why stream ciphers are better suited to
be implemented at the hardware level.
- Business Impact analysis identifies the exposures to loss to the organisation
- The primary key must contain a non-null value to uniquely identify the tuple
- Cryptography does not directly support availability, does not directly support
authenticity either.
- Access controls support CIA triad.
- Provide message integrity:
1. Create checksum
2. append
3. encrypt and send
- Provide authentication and integrity:
as above but encrypt with private key
- Hot site is not instantly available
- rame relay and X.25 are both examples of packet-switching technologies
- ISDN and PPP are examples of circuit-switching technologies
- Running key cipher is based on modular arithmetic
- Non repudation is provided by the asymmetric private key since in theory only 1
person should know this
- Non repudation is considered a preventative control
- IGMP has a protocol value of 2
- ICMP has an IP protocol value of 1
- TCP has an IP protocol value of 6
- UDP has an IP protocol value of 17
- An authentication system should not return information on which part of the auth
control failed
- The more a key is used, the shorter it’s lifetime should be
- Cable length is the most common failure issue with twisted pair cabling.
- PPP : support of multiple network types over the same serial link
- Users can obtain certificates with various levels of assurance. Here is a list that
describe each of them:
* Class 1/Level 1 for individuals, intended for email, no proof of
identity
* Class 2/Level 2 is for organizations and companies for which proof
of identity is required
* Class 3/Level 3 is for servers and software signing, for which
independent verification and checking of identity and authority is done
by the issuing certificate authority
* Class 4 for online business transactions between companies
* Class 5 for private organizations or governmental security
- IDEA = 128 bits
- iris scanners must be positioned so as not to allow sunlight to enter the aperture
- Kerberos primarily provides authentication (authorization provided by other
subsytems)
- diverse routing : routes traffic through split cable facilities or duplicate cable
facilities. This can be accomplished with different and/or duplicate cable sheaths.
With diverse routing, you can protect not only against cable failure but also against
local exchange failure as there are two separate routes from two exchanges to
your site.
alternative routing : is a method of routing information via an alternate medium
such as copper cable or fiber optics. This involves use of different networks, circuits
or end points should the normal network be unavailable. Alternative routing
provides two different cables from the local exchange to your site, so you can
protect against cable failure as your service will be maintained on the alternative
route.
- Monitoring techniques include Intrusion detection, Penetration testing and Violation
processing using clipping levels.
- A memory dump can be admitted as evidence if it acts merely as a statement of
fact. (identifies system state)
- DSS (decision support system) emphasizes flexibility in the decision-making
approach of users. It is aimed at solving less structured problems, combines the
use of models and analytic techniques with traditional data access and retrieval
functions and supports semi-structured decision-making tasks
- The RAID Advisory Board has defined three classifications of RAID:
* Failure Resistant Disk Systems (FRDSs)
* Failure Tolerant Disk Systems
* Disaster Tolerant Disk Systems.
- The broad categories for security standards in the OSI architecture are:
● Security Attack: Any action that compromise the security of information
owned by an organization.