- The scope and focus of a BCP is mostly dependant on the BIA (business impact

analysis)
- El Gamal is an unpatented, asymmetric key algorithm based on the discrete
logarithm problem used in Diffie-Hellman. It extends the functionality of
Diffie-Hellman to include encryption and digital signatures.
- Function Point (FP) analysis is a measure of the size of an information system
based on the number and complexity of the inputs, outputs and files that a user
sees and interacts with
- PGP uses the IDEA algorithm (symmetric) for encryption and the RSA algorithm
(asymmetric) for key distribution and digital signatures.
- Program Evaluation Review Technique (PERT) charts. PERT charts are
project management tools used for time/progress estimation and resource
allocation, NOT for estimating the financial burden of the project
- Because of the amount of computation involved in public key cryptography, a DES
hardware implementation of secret key cryptography is on the order of 1000 to
10000 times faster than RSA public key cryptography.
- A SA is a one-way connection between two communicating parties, meaning that
two SAs are required for each pair of communicating hosts. Additionally, each SA
only supports a single protocol (AH or ESP). Thus, if both AH and ESP are used
between two communicating hosts, a total of four SAs is required.
- SESAME is subject to password guessing like Kerberos.
The Basic Mechanism in Sesame for strong authentication is as follows:
The user sends a request for authentication to the Authentication Server as in
Kerberos, except that SESAME makes use of public key cryptography for
authentication where the client will present his digital certificate and the request will
be signed using a digital signature. The signature is communicated to the
authentication server through the preauthentication fields. Upon receipt of this
request, the authentication server will verify the certificate, then validate the
signature, and if all is fine the AS will issue a ticket granting ticket (TGT) as in
Kerberos. This TGT will be use to communicate with the privilage attribute server
(PAS) when access to a resource is needed.
Users may authenticate using either a public key pair or a conventional (symmetric)
key. If public key cryptography is used, public key data is transported in
preauthentication data fields to help establish identity. Kerberos uses tickets for
authenticating subjects to objects and SESAME uses Privileged Attribute
Certificates (PAC), which contain the subject’s identity, access capabilities for the
object, access time period, and lifetime of the PAC. The PAC is digitally signed so
that the object can validate that it came from the trusted authentication server,
which is referred to as the privilege attribute server (PAS). The PAS holds a similar
role as the KDC within Kerberos. After a user successfully authenticates to the
authentication service (AS), he is presented with a token to give to the PAS. The
PAS then creates a PAC for the user to present to the resource he is trying to
access.
-The northbridge bus connects the CPU to the VIDEO and RAM
- Continuous authentication provides protection against attacks that happen in a
connection even after authentication is complete. This is usually done by
applying a digital signature to every bit of data sent (eg applying some sort of
cryptography to every bit sent)
- The only difference between a circuit-level gateway and a simple port forwarding
mechanism is that with a circuit-level gateway, the client is aware of the
intermediate system, whereas in the case of a simple port-forwarding mechanism,
the client must not be aware and may be completely oblivious of the existence of
the intermediary
- DDE (Dynamic Data Exchange) enables different applications to share data and
send commands to each other directly.
- Objects sensitivity label = single classificiation + compartement set
- Physical cable lengths: 10Base2, also known as RG58, or thinnet, is limited to
185 meters. 10Base5, also known as RG8/RG11 or thicknet, is limited to 500
meters. 10BaseT is only limited to 100 meters. Note that the 2 in 10Base2 refers
to the maximum cable length (200 meters, 185, actually) and the 5 in 10Base5 is
for 500 meters.
- The WAP GAP is a specific security issue associated with WAP results from the
requirement to change security protocols at the carrier's WAP gateway from the
wireless WTLS to SSL for use over the wired network. WTLS is replaced by TLS in
WAP 2.0. The gateway described above is no longer needed to translate (decrypt
from one standard and re-encrypt to another) since the Internet servers are able
to interpret the TLS transmission directly. All data remains encrypted as it passes
through the gateway.
At the WAP gateway, the transmission, which is protected by WTLS, is decrypted
and then re-encrypted for transmission using SSL, leaving data temporarily in the
clear on the gateway.
- National Information Assurance Certification and Accreditation Process
(NIACAP), establishes the minimum national standards for certifying and
accrediting national security systems. This process provides a standard set of
activities, general tasks, and a management structure to certify and accredit
systems that will maintain the Information Assurance (IA) and security posture of a
system or site.
- The object-relational database is the marriage of object-oriented and relational
technologies and combines the attributes of both.
- A system reboot is performed after shutting down the system in a controlled
manner in response to a TCB failure.
- An emergency system restart is done after a system fails in an uncontrolled
manner but consistency can be brought back automatically to the system.
- A system cold start takes place when unexpected TCB or media failures take
place and the recovery procedures cannot bring the system to a consistent state.
Intervention of administrative personnel is required to bring the system to a
consistent state from maintenance mode.
- Information Labels are similar to Sensitivity Labels, but in addition to the
classification and the category set of the Sensitivity Labels, they also have the
necessary controls to be able to operate as a trusted computer. One other
important difference is that the Reference Monitor does not use Information Labels
for access permissions
- DCE does provide the same functionality as DCOM, but DCE is an open standard
developed by the Open Software Foundation (OSF) and DCOM, developed by
Microsoft, is more proprietary in nature
- Risk management consists of two primary and one underlying activity; risk
assessment and risk mitigation are the primary activities and uncertainty analysis
is the underlying one. After having performed risk assessment and mitigation, an
uncertainty analysis should be performed. Risk management must often rely on
speculation, best guesses, incomplete data, and many unproven assumptions. A
documented uncertainty analysis allows the risk management results to be
used knowledgeably. A vulnerability analysis, likelihood assessment and threat
identification are all parts of the collection and analysis of data part of the risk
assessment, one of the primary activities of risk management.
- BIA should emphasize system dependancies. Then, prioritization can occur.
- The Authentication Header is a mechanism for providing strong integrity and
authentication for IP datagrams. It might also provide non-repudiation, depending
on which cryptographic algorithm is used and how keying is performed. For
example, use of an asymmetric digital signature algorithm, such as RSA, could
provide non-repudiation."
ESP is a mechanism for providing integrity and confidentiality to IP datagrams. It
may also provide authentication, depending on which logarithm and algorithm mode
are used. Non-repudiation and protection from traffic analysis are not
provided by ESP
- Extensible Authentication Protocol as a framework that supports multiple,
optional authentication mechanisms for PPP, including cleartext passwords,
challenge-response, and arbitrary dialog sequences
- SSL : Presentation + transport layer. (recall presentation layer is to do with
compression and encryption). Also remember successor is TLS = transport layer
security
- Individual accountability includes:
* unique IDs (for ID)
* access rules (to determine violations)
 * audit trails (detective, for logging)
- Padded cells are simulated environments to which IDSs seamlessly transfer
detected attackers and are designed to convince an attacker that the attack is
going according to the plan.
- FRAP (facilitated risk analysis process) : business managers and technical staff.
Brainstorm and identify risk, and apply a group of 26 common controls to
categorize risk
- The functional design analysis and planning stage of an SDLC is the point at
which a project plan is developed, test schedules assigned, and expectations
outlined
- default open is not a prefered security model
- External consistency ensures that the data stored in the database is consistent
with the real world
-DBMS: Cell suppression is a technique used against inference attacks by not
revealing information in the case where a statistical query produces a very small
result set. Perturbation also addresses inference attacks but involves making
minor modifications to the results to a query. Partitioning involves splitting a
database into two or more physical or logical parts; especially relevant for
multilevel secure databases.
- System development + system maintenance can be done by same people
- The running key cipher is based on modular arithmetic
- Telnet’s primary use is terminal emulation
- Root cause analysis needed for eradication phase
- Flash can be read/written multiple times quickly, but at the cost of only writing
large blocks at a time.
- As relates to operations security and TB : trusted paths are trustworthy interfaces
into privileged user functions, i.e. they are pathways through the security boundary
which separates the TCB components and untrusted components. trusted paths
would be a form of API
- In an online transaction processing system, if an invalid or erroneous transaction
is detected, it should be written to a report and reviewed
- limited privilege : trusted process characteristic where operations are
performed without allowing the user direct access to unauthorized sensitive data
- DAC and MAC both employ least privilege. But only MAC employs need to know
(compartmentalization)
- The reference monitor must meet three conditions:
(1) it must be tamperproof (isolation)
(2) it must be invoked on every access to every object (completeness) and
(3) it must be small enough for thorough validation of its operation through
analysis and tests, in order to verify completeness (v
- MSR minimum security requirements state that a password should have
minimum length of 8 characters.
- One time pads to be unbreakable the pads must:
* have completely random characters
* be secure
* must not be re-used
* key must be as long as the message
- Detection capabilities of host based IDS systems are usually limited by the audit
logging capabilities of the host
- Software librarian can enforce separation of duties to ensure programmers do not
have access to production code
- MTD = RTO + WRT ; Maximum Tolerable Downtime = Recovery Time Objective +
Work Recovery Time
- An interoperable, or cooperative, database is defined as interconnected
platforms running independent copies of software with independent copies of data.
Not to be confused with a decentralized database, involving connected or
unconnected but related platforms running independent copies of software with
independent copies of data. A dispersed database involves interconnected and
related platforms running the same software and using the same data, one of
which is centralized (software or data).
- Graham-Denning model has 8 rules
- One technique of process isolation is time-multiplexing
- Data or information owner can determine if controls in place protect sensitive
data sufficiently
- Diffie Hellmann : protocol used to enable two users using symmetric encryption
to exchange a secret key (session key) over an insecure medium without any prior
secrets. The negotiated key will subsequently be used for message encryption
- ITSEC vs Orange book : One major difference between the two is ITSEC’s
inclusion of integrity and availability as security goals, along with confidentiality.
- IPSec peer authentication performed at phase 1
- IPSec:
In phase 1 of this process, IKE creates an authenticated, secure channel between
the two IKE peers, called the IKE security association. The Diffie-Hellman key
agreement is always performed in this phase. (bi-directional SA)
In phase 2 IKE negotiates the IPSec security associations and generates the
required key material for IPSec. The sender offers one or more transform sets that
are used to specify an allowed combination of transforms with their respective
settings. (Simplex SA x2)
- SET = Secure Electronic Transaction : OSI L7 application layer protocol
- Quality assurance can also be an additional responsibility of the security
administrator. The security administrator, being responsible for application
programming, systems programming or data entry, does not provide for proper
segregation of duties
- Linear cryptanalysis : attempt to determine key from large amounts of plain /
cipher text pairs
- Output controls are used for two things: for verifying the integrity and protecting
the confidentiality of an output
- Input controls are used to validate input (correct range, etc), helps prevent
certain types of attacks eg bugger overflow
- Max key size for Rijandael is 256 bits
- ISO 27001:2005 : standard for Information Security management
- DES key length = 56 bits , parity or key sequence of 8 bits = 64bit. Uses 64-bit
blocks and output 64-bit ciphertext
- The main advantage of the qualitative impact analysis is that it prioritizes the risks
and identifies areas for immediate improvement in addressing the vulnerabilities.
- Differential cryptanalysis : attempt to determine key by statistically analysing a
few plain - cipher text pairs
- SQL = DDL (data definition language) + DML (data manipulation language)
- polymorphism : object acts differently, depending on the input message
- polyinstantiation : same object, different data (eg secret data, top secret data)
- Digital envelope: message encrypted with secret key, which is in turn encrypted
with public key of reciever
- UTP categories based on how tightly a cable is twisted
- Coaxial cables need fixed spacing between connections (termination / reflection,
etc)
- Degree of a table represents number of columns therefore not related to number
of primary keys
- A protection domain consists of the execution and memory space assigned to
each process. The purpose of establishing a protection domain is to protect
programs from all unauthorized modification or executional interference. The
security perimeter is the boundary that separates the Trusted Computing Base
(TCB) from the remainder of the system
- RC4 is not a block cipher (variable-key-length stream cipher)
- A stream cipher generates what is called a keystream (a sequence of bits
used as a key).
- data diddling : active form of attack that alters existing data, most common
insider attack
- Elliptic Curve Cryptography has the highest strength per bit of key length of any
asymmetric algo, hence less key length is needed, used for mobile devices
- Trusted recovery ensures that security is not breached when a system crash or
other system failure occurs. When the system crashes, it must be able to restart
without compromising its required protection scheme and to recover and rollback
without being compromised after the failure. Trusted recovery is only required for
B3 and A1 level systems.
- secondary evidence : copy of a piece of evidence or oral description
- direct evidence : can prove a fact by itself (does not need backup), for example
oral testimony based on info gathered through a witness’s five senses
- Auxiliary station alarms automatically cause an alarm originating in a data center
to be transmitted over the local municipal fire or police alarm circuits for relaying to
both the local police/fire station and the appropriate headquarters. Central station
alarms are operated by private security organizations
- A data dictionary is a central collection of data element definitions, schema
objects, and reference keys.
- A single account on the system has the administrative rights to all the
security-related functions of the system. This demonstrates Trusted Facility
Management because you restrict access to administrative functions.
A failure or crash of the system cannot be used to breach security. This would fall
under Trusted Recovery.
- clapper valve holds back water in dry system (fire suppression)
- Regarding SSL: Once the server has been authenticated by the browser client, the
browser generates a master secret that is to be shared only between the server
and client. This secret serves as a seed to generate the session (private) keys. The
master secret is then encrypted with the server's public key and sent to the server.
The fact that the master secret is generated by the client's browser provides the
client assurance that the server is not reusing keys that would have been used in a
previous session with another client.
- Evaluation is the process of independently assessing a system against a standard
of comparison, such as evaluation criteria. Certification is the process of
performing a comprehensive analysis of the security features and safeguards of a
system to establish the extent to which the security requirements are satisfied.
Accreditation is the official management decision to operate a system (achieved
during implementation phase.
Acceptance testing refers to user testing of a system before accepting delivery.
- The operation/ maintenance phase of an IT system is concerned with user
authentication
- attribute certificate is a digital certificate that binds a set of descriptive data
items, other than a public key, either directly to a subject name or to the identifier
of another certificate that is a public-key certificate
- CER : crossover error rate, FRR : false rejection rate
- Clark_Wilson model : achieves data integrity through well-formed transactions
and seperation of duties (eg using middleware)
- RADIUS and DIAMETER are only backward compatible. DIAMETER is compatible
with radius, but not vie-versa
- The security perimeter is the imaginary line that separates the trusted
components of the kernel and the Trusted Computing Base (TCB) from those
elements that are not trusted
- Software plans and requirements usually addresses due care and due diligence
- When access control is on what is contained in the database it is considered to be
content-dependent access control
- BIA primary objectives:
* Criticality prioritization
* downtime estimation
* resource requirements
- BIA objectives:
* interviews for data gathering
* create data gathering techniques
* identify critical business functions
* identify resources that the above functions depend upon
* how long can functions survive without the resources
* identify vulnerabilities and threats to the resources
* calculate risk to resources
* document and report
- In IPSec, an SA is simplex in operation, not duplex
- soda acid removes the fuel supply of a fire
- Operational controls are concerned most with personnel safety
- ARL vs CRL = Authority Revocation List vs Certificate Revocation List
- Pipelining : overlapping steps of different instructions
- SSL session key length vary from 40bit to 256bit
- S-RPC provides authentication
- Secure HTTP (S-HTTP) is designed to send individual messages securely
- For authentication via DES, Cipher Block Chaining and Cipher Feedback can be
used since they create a key that is dependent of the previous block and the final
block serves as a Message Authentication Code. Output feedback does not allow
any sort of MAC
- Wireless Transport Layer Security (WTLS) is a communication protocol that
allows wireless devices to send and receive encrypted information over the
Internet.
- Keyed hash also called a MAC (message authentication code) is used for
integrity protection, and authentication. Eg of MAC : encrypt message with secret
key DES, and hash the output.
- In order to protect against fraud in electronic fund transfers (EFT), the Message
Authentication Code (MAC), ANSI X9.9, was developed. The MAC is a check value,
which is derived from the contents of the message itself, that is sensitive to the bit
changes in a message. It is similar to a Cyclic Redundancy Check (CRC). The Secure
Electronic Transaction (SET) was developed by a consortium including MasterCard
and VISA as a means of preventing fraud from occurring during electronic
payment
- Capacitance detectors is used for spot protection within a few inches of the
object, rather than for overall room security monitoring.
- Internet refers to the global network of public networks and ISP
- Communications security management prevents,detects and corrects errors so
CIA of network transaction may be maintained
- The computations involved in selecting keys and in enciphering data are complex,
and are not practical for manual use. However, using mathematical properties of
modular arithmetic and a method known as computing in Galois fields, RSA is
quite feasible for computer use.
- known-plaintext attack : a cryptanalysis technique in which the analyst tries to
determine the key from knowledge of some plaintext-ciphertext pairs (although the
analyst may also have other clues, such as the knowing the cryptographic
algorithm).
- chosen-ciphertext attack is defined as a cryptanalysis technique in which the
analyst tries to determine the key from knowledge of plaintext that corresponds to
ciphertext selected (i.e., dictated) by the analyst.
- chosen-plaintext attack is a cryptanalysis technique in which the analyst tries to
determine the key from knowledge of ciphertext that corresponds to plaintext
selected (i.e., dictated) by the analyst.
- Stream cipher is most suited to hardware implementations
- A central authority that determines which subjects have access to which objects
is a fom of non-discretionary access control
- cardinality of a database refers to the number of rows in a relation (eg 1 to 1,
1 to many, etc)
- X.400 is used in e-mail as a message handling protocol. X.500 is used in
directory services. X.509 is used in digital certificates and X.800 is used a network
security standard
- Split knowledge involves encryption keys being separated into two components,
each of which does not reveal the other
- Reasonableness checks, range checks, syntax checks and check digits are
common program controls
- An analytic attack refers to using algorithm and algebraic manipulation weakness
to reduce complexity.
- Content dependant protection of info increases processing overhead
- Simple Security property in Bell-LaPadula = no read up
- Simple Security property in Biba = no read down
- star property in Bell-LaPadula = confinement property
- to remember : simple = read, *(star) = write
- A reference monitor compares the security labels on a subject and object
- Phreaking:
RED BOX
A red box is a phreaking device that generates tones to simulate inserting coins in
pay phones, thus fooling the system into completing free calls. In the US, a dime is
represented by two tones, a nickel by one, and a quarter by a set of 5 tones. Any
device capable of playing back recorded sounds can potentially be used as a red
box. Commonly used devices include modified Radio Shack tone dialers, personal
MP3 players, and audio-recording greeting cards.

BLUE BOX
An early phreaking tool, the blue box is an electronic device that simulates a
telephone operator's dialing console. It functions by replicating the tones used to
switch long-distance calls and using them to route the user's own call, bypassing
the normal switching mechanism. The most typical use of a blue box was to place
free telephone calls - inversely, the Black Box enabled one to receive calls which
were free to the caller. The blue box no longer works in most western nations, as
modern switching systems are now digital and no longer use the in-band signaling
which the blue box emulates. Instead, signaling occurs on an out-of-band channel
which cannot be accessed from the line the caller is using (called Common Channel
Interoffice Signaling (CCIS)).

BLACK BOX
The black box (as distinguished from blue boxes and red boxes), sometimes called
an Agnew (see Spiro (device) for the origin of the nickname), was a device built by
phone phreaks during the 1960s and 1970s in order to defeat long distance phone
call toll charges, and specifically to block the supervision signal sent by the receiving
telephone handset when the call was answered at the receiving end of the call.
The act of picking up the handset of a telephone causes a load to be put on the
telephone line, so that the DC voltage on the line drops below the approximately 45
volts present when the phone is disconnected. The black box consisted of a large
capacitor which was inserted in series with the telephone, thereby blocking DC
current but allowing AC current (i.e., ringing signal and also audio signal) to pass.
When the black box was switched into the telephone line, the handset could be
picked up without the telephone system knowing and starting the billing process.
In other words, the box fooled the phone company into thinking no one had
answered at the receiving end, and therefore billing was never started on the call.

WHITE BOX
The white box is simply a portable Touch-Tone Keypad.

- ISO has defined five basic tasks related to network management :

 * Fault management: Detects the devices that present some kind of fault.
* Configuration management: Allows users to know, define and change
remotely the configuration of any device.
* Accounting resources: Holds the records of the resource usage in the
WAN.
* Performance management: Monitors usage levels and sets alarms when
a threshold has been surpassed.
* Security management: Detects suspicious traffic or users and generates
alarms accordingly.
- PPTP (works at L2, modified version of GRE)
* can tunnel non-IP traffic
* does not provide token based authentication
* does not provide strong encryption
- L2TP = L2F + PPTP
- How hardware / software should be used : standards not policy
- The following measures are used to compensate for both internal and external
access violations:
* Backups
* RAID (Redundant Array of Independent Disks) technology
* Fault tolerance
* Business Continuity Planning
* Insurance
- Application firewall = Circuit Level firewall
- Edit controls are considered to be preventive controls since they are used in a
program before data is processed. Buffer overflows can be eliminated through the
use of proper edit controls.
- System configuration management is geared towards providing system
stability
- Configuration management is the process of tracking and approving changes to
a system. It is only required for B2, B3 and A1 level system
- D – Minimal protection
C – Discretionary protection
C1 – Discretionary Security Protection
C2 – Controlled Access Protection vs object reuse (object isolation)
B – Mandatory Protection
B1 – Labeled Security
B2 – Structured Protection
B3 – Security Domains
A – Verified Protection
A1 – Verified Design
- When an intrusion has been detected and confirmed, if you wish to prosecute the
attacker in court, the following actions should be performed in the following order:
1. Capture and record system information and evidence that may be lost,
modified, or not captured during the execution of a backup procedure. Start
with the most volative memory areas first.
2. Make at least two full backups of the compromised systems, using
hardware-write-protectable or write-once media. A first backup may be used to
re-install the compromised system for further analysis and the second one
should be preserved in a secure location to preserve the chain of custody of
evidence.
3. Isolate the compromised systems.
4. Search for signs of intrusions on other systems.
5. Examine logs in order to gather more information and better identify other
systems to which the intruder might have gained access.
6. Search through logs of compromised systems for information that would
reveal the kind of attacks used to gain access.
7. Identify what the intruder did, for example by analyzing various log files,
comparing checksums of known, trusted files to those on the compromised
machine and by using other intrusion analysis tools.
- Full interrution test is the most complete DRP test (but it does stop business)
- Named perils is the burden of proof that particular loss is covered on insured
- Elements of risk:
* threats
* assets
* mitigating controls
- audit logs are a form of detective logs
- BIA establishes effect of disruptions on the organization
- Two co-operating processes that simultaneously compete for a shared resource
in defiance of security policy create a covert channel
- BCP is a corporate issue and should include all parts and functions of a company
- BCP usually fails due to lack of management support
- SP-network is used to increase the strength of block ciphers (Substitution
Permutation)
- Worm - no human interaction. Symptoms : high network / CPU utilization
- Ciphers should be
* functionally complex
* statistically unbiased
* long periods of non-repetition
- BCP exersizes include (should always identify BCP strengths and weaknesses):
* table-top exercise (theoretical exercise “how do we react if such
happens?”)
* call exersize (if the emergence personnel are reachable)
 * simulated exersize (simulated)
- Expert system gather knowledge from human SMEs and this knowledge is
programmed in, and problem analysis using algorithms is done to suggest solutions,
usually in conjunction with an inference engine
- DSS : digital signature standard : allows for digital signing (asymmetric)
- RTO = recovery time objective aka MTD = maximum tolerable downtime
- During BIA, RTO is not performed. In BIA, estimate the financial and operational
impacts of a disruption, identify regulatory/compliance exposure and determine the
impact upon the organization's market share and corporate image.
- The read privilege is the most problematic privilege regarding information flows.
The privilege essentially allows the subject to create a copy of the object in
memory
- Data warehouse : consolidate / manage data in central location
- Email source verification : client should add signature block and digital signature to
the email
- Disaster recovery typically refers to the recovery of the technology enviornment
- Full backup is the most efficient recovery
- SSH 2 is a strong method of performing client authentication. Does not provide
good host / server authentication
- Von neumann - no inherent difference in memory between data and
programming (instructions) representations in memory
- symmetric and asymmetric are two methods of encrypting data
- one-time pad : unbreakable by brute force
- vs brute force, use of session keys
- asynchronous time-division multiplexing: dynamically assigned time slots as
needed
- deadlocking = stalemate, two subjects try to modify the same object,integrity
issues, so enable write access to only one subject
- CA validates that a particular public key is associated with the correct user
- cleanroom methodology = prevent rather than remove software defects
- ANSI X9.17 is concerned primarily with the protection and secrecy of keys
- In order to defeat frequency analysis, use polyalphabetic ciphers
- Primary key must contain a non-null value to uniquely identify the tuple
- best way to prevent MITM is to use random and unique identification
- bytecode is faster than interpreted languages (it is already “compiled”)
- RSA allows for the mutual identification of parties, is not based on discrete
algorithms, rather it is based on difficulty of factorisation into the original prime
numbers
- Concealment cipher, every X number of words within a text, is a part of the real
message.
- First step for CIRT: determine to what extent systems and data are compromised
- DBMS consistency ensures databases leaves one valid state to enter another valid
state
- The presentation layer contains no protocols only services.
- Eg of application protocols: SMTP
- Constrained user interface offers limited functionality depending on the user
accessing
- most effective defence vs buffer overflow = bounds checking
- certification is the technical evaluation of a program to ensure that security
requirements have been met
- noninterference model strictly separates differing security levels to assure that
higher-level actions do not determine what lower-level users can see (no data flow
considered, actions considered
- Least Privilege has three basic levels of privilege; read only, read/write and access
change. Access Change is the highest level, this level enables operators the right
to modify data directly in its original location, in addition to data copied from the
original location.
- Diffie Hellman = most common form of asymmetric key cyrpto
- Recovery strategies are concerned with meeting the pre-determined time frames
for recovery
- Prudent man rule == due care
- Orange Book divisions:
* C deals with discretionary protection.
* D deals with minimal security.
* B deals with mandatory protection.
* A deals with verified protection.
- Orange book does not cover integrity (TCSEC)
- Orange book based on Bell LaPadula model
- Organge book objectives:

Policy
The security policy must be explicit, well-defined and enforced by the computer
system. There are two basic security policies:
● Mandatory Security Policy - Enforces access control rules based
directly on an individual's clearance, authorization for the information and
the confidentiality level of the information being sought. Other indirect
factors are physical and environmental. This policy must also accurately
reflect the laws, general policies and other relevant guidance from which the
rules are derived.
○ Marking - Systems designed to enforce a mandatory security policy
must store and preserve the integrity of access control labels and
 retain the labels if the object is exported.
● Discretionary Security Policy - Enforces a consistent set of rules for
controlling and limiting access based on identified individuals who have been
determined to have a need-to-know for the information.

Accountability

Individual accountability regardless of policy must be enforced. A secure means

must exist to ensure the access of an authorized and competent agent which can
then evaluate the accountability information within a reasonable amount of time
and without undue difficulty. There are three requirements under the accountability
objective:
● Identification - The process used to recognize an individual user.
● Authentication - The verification of an individual user's authorization to
specific categories of information.
● Auditing - Audit information must be selectively kept and protected so that
actions affecting security can be traced to the authenticated individual.

Assurance

The computer system must contain hardware/software mechanisms that can be

independently evaluated to provide sufficient assurance that the system enforces
the above requirements. By extension, assurance must include a guarantee that
the trusted portion of the system works only as intended. To accomplish these
objectives, two types of assurance are needed with their respective elements:
● Assurance Mechanisms
○ Operational Assurance: System Architecture, System Integrity,
Covert Channel Analysis, Trusted Facility Management and Trusted
Recovery
○ Life-cycle Assurance : Security Testing, Design Specification and
Verification, Configuration Management and Trusted System
Distribution
● Continuous Protection Assurance - The trusted mechanisms that
enforce these basic requirements must be continuously protected against
tampering and/or unauthorized changes.

Documentation

Within each class there is additional documentation set which addresses the
development, deployment and management of the system rather than its
capabilities. This documentation includes:
 ● Security Features User's Guide, Trusted Facility Manual, Test Documentation
and Design Documentation
- A1 level requires trusted distribution
- Common-mode noise is electrical noise between the hot and ground wire and
between the neutral and ground wire.
- critical-path analysis is the process of determining the value of company assets
- Controls and safeguards reduce the impact of a threat
- Symmetric stream cipher is most effective to implement in hardware
- A cryptovariable or key controls the operation of the cryptographic algorithm
- Aggregation and inference are the two most common forms of attack vs DBs
- Should move least critical systems from backup to primary site first
- ISAKMP defines procedures and packet formats to establish, negotiate, modify
and delete security associations. However, it does not define the actual
protocols to be used (such as key exchange protocols and hash functions), these
are implementation specific. One example of the ISAKMP implementation is the
Internet Key Exchange (IKE), defined as an Internet, IPsec, key-establishment
protocol (partly based on OAKLEY) that is intended for putting in place
authenticated keying material for use with ISAKMP and for other security
associations, such as in AH and ESP
- Key encapsulation is one class of key recovery techniques and is defined as a
key recovery technique for storing knowledge of a cryptographic key by encrypting
it with another key and ensuring that that only certain third parties called "recovery
agents" can perform the decryption operation to retrieve the stored key.
- In MAC, system controls and data owner determine the need to know
- Pattern matching IDS is best vs frequently morphing malware. Malware that
frequently morphs will evade statistical IDS that collects info over time
- Access controls help protects vs threats and vulnerabilities by reducing exposure
to unauthorized activities and providing access to information and systems to only
those that have been approved
- Ethernet cabling uses 4-pairs (8 strands)
- Operation security trple : {assets, threats, vulnerabilities}
- DES uses 16 rounds of transposition and substitution functions. Triple DES uses
48 rounds
- con of Kerberos server : single point of failure
- Access control dominate means a subject with equal or higher access class
- Kerberos Auth Server grants a service ticket once it validates the timestamp from
the client (can decrypt timestamp because it stores the client’s key)
- HIDS can usually detect encrypted traffic because host will decrypt it
- Least significant issue for biometrics is technology type
- Least effective dept to report to is the IS operations since they usually do not
rank high enough
- Data centre should be located in the middle of a building
- Hand geometry uses the smallest file size
- smart cards have processing power, memory cards do not
- Primary purpose of honeypots is to observer the behaviour of attackers to fortify
the network
- Rate of rise sensors provide earlier warning than fixed temperature thresholds,
but also have greater false positives
- access control list related to object, capability tables related to subjects
- it is important for an identity management system is that it must support high
volumes of data and peak transaction rates
- A database system would be denormalised to increase processing efficiency, but
reduces integrity and storage. (normalise = reduce duplicates)
- Justifications should be provided when data is denormalized, not when it is
normalized, because it introduces risk of data inconsistency. Denormalization is
usually introduced for performance purposes.
- IKE = IPSec not PKI!
- clipper chip uses 80-bit key size, works on the principle of key escrow
- PKI provides authentication, integrity and access control, not reliability.
- TGS principal = resource or server
- teardrop attack consists of modifying the length and fragmentation offset fields
in sequential IP packets, causing overlap of packets once re-assembled
- BIND variables are used as placeholders for literal values in SQL
- All internal walls must have 1 hour min fire rating, unless next to records where 2
hour min fire rating needed
- Reciprocal agreements are often not legally binding
- The program evaluation review technique (PERT) defines activities, assigned
resources, controls advance, and allows on-time decision making, used as Project
Management
- The domain of a relation is the set of allowable values that an attribute can
take.
- Common database models : hierarchical, network and relational
- Three types of access control : administrative, technical, and physical
- Seven main categories of access control:
*Directive
*Deterrent
*Preventative
*Detective
*Corrective
*Compensating
*Recovery
- Access control systems do not specify how a user can access a resource
- Identity management is a set of technologies and processes intended to offer
greater efficiency in the management of a diverse user and technical environment
- Preliminary step sin managing resources is to define who has access to a given
resource
- Physical locks are intended as a delay device
- Proxy server is not considered as perimeter defence, rather boundary defence
- clipping level : only necessary logs are collected for monitoring
- ISO 15408 = common criteria
* EAL 1 : functionally tested
* EAL 2 : structurally tested
* EAL 3 : methodically tested and checked
* EAL 4 : methodically designed, tested and reviewed
* EAL 5 : semifomally designed and tested
* EAL 6 : semifomally verified design and tested
* EAL 7 : fomally verified design and tested.
- qualitative risk assessment is usually earmarked by ease of implementation
and can be completed by personnel with limited understanding of the risk
assessment process
- Long-duration security projects increase completion risk
- SLE (single loss expectancy) = asset value x exposure rate
- civil law is influences by abstract concepts of law (writings of academics), rather
than precedent and reasoning as in common law
- security event managment (SEM) is used for log collection, collation and
analysis in real time, vs log management system that is more used for historical
purposes
- Computer Game Fallacy : computers will prevent us from doing wrong
- abstraction: giving rights to group rather than individual users (abstraction of
users into groups)
- link encryption is not suitable for high risk environments due to possible loss of
privacy at each node (link termination point). point to point encryption is more
secure
- Auditors help identify control gaps
- A trusted shell means that someone who is working in that shell cannot "bust
out of it", and other processes cannot "bust into it".
- continuous authentication best defends vs hijacking
- re databases: Five operations are primitives (Select, Project, Union, Difference
and Product) and the other operations can be defined in terms of those five. A
View is defined from the operations of Join, Project, and Select
The select operator serves to shrink the table vertically by eliminating unwanted
rows (tuples). The project operator serves to shrink the table horizontally by
removing unwanted columns. And the join operator allows the dynamic linking of
two tables that share a common column value
- Expert System Operating Modes:
Backward-chaining mode - the expert system backtracks to determine if a given
hypothesis is valid. Backward-chaining is generally used when there are a large
number of possible solutions relative to the number of inputs.
Incorrect answers are:
In a forward-chaining mode, the expert system acquires information and comes
to a conclusion based on that information. Forward-chaining is the reasoning
approach that can be used when there is a small number of solutions relative to the
number of inputs.
Blackboard is an expert system-reasoning methodology in which a solution is
generated by the use of a virtual ​blackboard, wherein information or potential
solutions are placed on the blackboard by a plurality of individuals or expert
knowledge sources. As more information is placed on the blackboard in an iterative
process, a solution is generated.
- problem management : identify root cause and address underlying issue
- configuration management is a requirement for level B2 and above
- B3 vs covert timing attacks. B2 vs covert storage attacks
- The life cycle assurance requirements specified in the Orange Book are: security
testing, design specification and testing, configuration management and
trusted distribution. System integrity is also defined in the Orange Book but is an
operational assurance requirement, not a life cycle assurance requirement.
- Tn3270 is a terminal emulation program for connecting to computers which use
IBM 3270 terminals. It supports SSL Version 2, SSL Version 3 and TLS version 1.
TN3270 Plus also supports up to 128-bit encryption. Most TN3270 servers today
has support for secured connections over SSL or SSH.
- Controlled Access Protection is Level C2
- 5 rules of evidence:
* complete
* authentic
* accurate
* convincing
* admissible
- SABSA : chain of traceability
- Bell-laPadula (confidentiality / disclosure) vs biba (integrity / accuracy)
- trusted computing base : totality of protection mechanisms within computer
system
- due diligence : compliance
- PR : not essential in BIA but important in BCP
- Common Criteria evaluations are performed on computer security products and
systems.
 ● Target Of Evaluation (TOE) - the product or system that is the subject of
the evaluation.
The evaluation serves to validate claims made about the target. To be of practical
use, the evaluation must verify the target's security features. This is done through
the following:
● Protection Profile (PP) - a document, typically created by a user or user
community, which identifies security requirements for a class of security
devices (for example, smart cards used to provide digital signatures, or
network firewalls) relevant to that user for a particular purpose. Product
vendors can choose to implement products that comply with one or more
PPs, and have their products evaluated against those PPs. In such a case, a
PP may serve as a template for the product's ST (Security Target, as defined
below), or the authors of the ST will at least ensure that all requirements in
relevant PPs also appear in the target's ST document. Customers looking for
particular types of products can focus on those certified against the PP that
meets their requirements.
● Security Target (ST) - the document that identifies the security properties
of the target of evaluation. It may refer to one or more PPs. The TOE is
evaluated against the SFRs (see below) established in its ST, no more and
no less. This allows vendors to tailor the evaluation to accurately match the
intended capabilities of their product. This means that a network firewall
does not have to meet the same functional requirements as a database
management system, and that different firewalls may in fact be evaluated
against completely different lists of requirements. The ST is usually published
so that potential customers may determine the specific security features
that have been certified by the evaluation.
● Security Functional Requirements (SFRs) - specify individual security
functions which may be provided by a product. The Common Criteria
presents a standard catalogue of such functions. For example, an SFR may
state how a user acting a particular role might be authenticated. The list of
SFRs can vary from one evaluation to the next, even if two targets are the
same type of product. Although Common Criteria does not prescribe any
SFRs to be included in an ST, it identifies dependencies where the correct
operation of one function (such as the ability to limit access according to
roles) is dependent on another (such as the ability to identify individual
roles).
The evaluation process also tries to establish the level of confidence that may be
placed in the product's security features through quality assurance processes:
● Security Assurance Requirements (SARs) - descriptions of the
measures taken during development and evaluation of the product to assure
 compliance with the claimed security functionality. For example, an
evaluation may require that all source code is kept in a change management
system, or that full functional testing is performed. The Common Criteria
provides a catalogue of these, and the requirements may vary from one
evaluation to the next. The requirements for particular targets or types of
products are documented in the ST and PP, respectively.
● Evaluation Assurance Level (EAL) - the numerical rating describing the
depth and rigor of an evaluation. Each EAL corresponds to a package of
security assurance requirements (SARs, see above) which covers the
complete development of a product, with a given level of strictness.
Common Criteria lists seven levels, with EAL 1 being the most basic (and
therefore cheapest to implement and evaluate) and EAL 7 being the most
stringent (and most expensive). Normally, an ST or PP author will not select
assurance requirements individually but choose one of these packages,
possibly 'augmenting' requirements in a few areas with requirements from a
higher level. Higher EALs do not necessarily imply "better security", they only
mean that the claimed security assurance of the TOE has been more
extensively verified.
- Packages (Common Criteria)
According to the Common Criteria, an intermediate combination of security
requirement components is termed a package. The package permits the expression
of a set of either functional or assurance requirements that meet some particular
need, expressed as a set of security objectives. A package may be used in the
construction of more complex packages or Protection Profiles and Security Targets
- A Protection Profile (PP) is a document used as part of the certification process
according to the Common Criteria (CC). As the generic form of a Security Target
(ST), it is typically created by a user or user community and provides an
implementation independent specification of information assurance security
requirements. A PP is a combination of threats, security objectives, assumptions,
security functional requirements (SFRs), security assurance requirements (SARs)
and rationales.
- Capability Maturity Model CMM :
* initial : processes are reactive, poorly controlled, unpredictable
* reproducible: processes characterised for projects, not organisation wide,
still reactive
* defined : organisation wide characterization, proactive
* managed : metrics and measurements of processes
* optimization : process improvement
- MOM = means, opportunity, motive
- Tactical security plans : mid-term plans, eg rolling out new security policy
- Transport mode usually used when communications terminates at end points.
Tunnel mode usually used at gateway to give access to internal systems
- Common criteria > protection profiles > common set of functional and
assurance requirements for a category of vendor products in a particular
enviornment
- Hardware RAID implementation is usually platform independent
- Test environment using live workloads The best way to properly verify an
application or system during a stress test would be to expose it to "live" data while
in a testing environment. Fabricated test data may not be as varied, complex or
computationally demanding as "live" data. A production environment should never
be used to test a product, as a production environment is one where the
application or system is being put to commercial use. It is a best practice to
perform testing in a non-production environment
- From a security standpoint, a compiled program is less desirable than an
interpreted one because malicious code can be resident somewhere in the
compiled code, and it is difficult to detect in a very large program.
- CCTV :
* visual assessment of incidents
* surveillance
* deterrence
* evidential archives
- The invocation property is unique to the BIBA model
- Database shadowing: copying an entire database or updating records in multiple
locations to ensure fault-tolerance
- L2TP alone does not guarantee encryption
- Bell laPadula : * (star) property ensures no write down
- Biba : * (star) property ensures no write up
- The Orange book requires Hardware and/or software features shall be provided
that can be used to periodically validate the correct operation of the on-site
hardware and firmware elements of the TCB for System Integrity.
- The Federal Sentencing Guidelines for Organisations require that an
organisation provides ethics training
- Competitive intelligence attack is a business attack, loss of trade secrets and
so on.
- Inappropriate disclosure is a confidentiality, not an integrity goal.
- FIPS 140 is the standard for the security of hardware / software cryptographic
modules
- System high security policy means that all users in that system are cleared to
view the most highly classified info on the system
- Two-man control: Two individuals review and approve the work of each other.
(detective or preventative)
- Dual control: Both individuals are needed to perform a task (detective or
preventative). Separation of duties enables dual control
- Elements of a physical protection system:
* deter
* detect
* delay
* responsd
- Brewer-Nash a.k.a chinese wall model, prevents disclosure to competitors
- High-rate Digital Subscriber Line (HDSL) delivers 1.544 Mbps of bandwidth
each way over two copper twisted pairs. SDSL also delivers 1.544 Mbps but over
a single copper twisted pair.
- Due care is not related to profit
- An identity-based access control is an example of discretionary access control
that is based on an individual's identity. Task-based and role-based access controls
are examples of non-discretionary access controls. Rule-based access control is
another example.
- Note: Mandatory Access Controls use labels. If rules exist without labels, it
cannot be MAC, must be NDAC
- Referential Integrity requires that for any foreign key attribute, the referenced
relation must have a tuple with the same value for its primary key.
- Security testing and trusted distribution are needed for Life-Cycle Assurance
- Graham-Denning : sets of objects, subjects and rights, concerned with how
subjects are assigned rights, how objects are created
- Circumstantial evidence is defined as inference of information from other,
intermediate, relevant facts
- Symmetric stream lends itself best to implementation in hardware. Stream
ciphers can be designed to be exceptionally fast. This requires more processing
power than block ciphers require, which is why stream ciphers are better suited to
be implemented at the hardware level.
- Business Impact analysis identifies the exposures to loss to the organisation
- The primary key must contain a non-null value to uniquely identify the tuple
- Cryptography does not directly support availability, does not directly support
authenticity either.
- Access controls support CIA triad.
- Provide message integrity:
1. Create checksum
2. append
3. encrypt and send
- Provide authentication and integrity:
as above but encrypt with private key
- Hot site is not instantly available
- rame relay and X.25 are both examples of packet-switching technologies
- ISDN and PPP are examples of circuit-switching technologies
- Running key cipher is based on modular arithmetic
- Non repudation is provided by the asymmetric private key since in theory only 1
person should know this
- Non repudation is considered a preventative control
- IGMP has a protocol value of 2
- ICMP has an IP protocol value of 1
- TCP has an IP protocol value of 6
- UDP has an IP protocol value of 17
- An authentication system should not return information on which part of the auth
control failed
- The more a key is used, the shorter it’s lifetime should be
- Cable length is the most common failure issue with twisted pair cabling.
- PPP : support of multiple network types over the same serial link
- Users can obtain certificates with various levels of assurance. Here is a list that
describe each of them:
* Class 1/Level 1 for individuals, intended for email, no proof of
identity
* Class 2/Level 2 is for organizations and companies for which proof
of identity is required
* Class 3/Level 3 is for servers and software signing, for which
independent verification and checking of identity and authority is done
by the issuing certificate authority
* Class 4 for online business transactions between companies
* Class 5 for private organizations or governmental security
- IDEA = 128 bits
- iris scanners must be positioned so as not to allow sunlight to enter the aperture
- Kerberos primarily provides authentication (authorization provided by other
subsytems)
- diverse routing : routes traffic through split cable facilities or duplicate cable
facilities. This can be accomplished with different and/or duplicate cable sheaths.
With diverse routing, you can protect not only against cable failure but also against
local exchange failure as there are two separate routes from two exchanges to
your site.
alternative routing : is a method of routing information via an alternate medium
such as copper cable or fiber optics. This involves use of different networks, circuits
or end points should the normal network be unavailable. Alternative routing
provides two different cables from the local exchange to your site, so you can
protect against cable failure as your service will be maintained on the alternative
route.
- Monitoring techniques include Intrusion detection, Penetration testing and Violation
processing using clipping levels.
- A memory dump can be admitted as evidence if it acts merely as a statement of
fact. (identifies system state)
- DSS (decision support system) emphasizes flexibility in the decision-making
approach of users. It is aimed at solving less structured problems, combines the
use of models and analytic techniques with traditional data access and retrieval
functions and supports semi-structured decision-making tasks
- The RAID Advisory Board has defined three classifications of RAID:
* Failure Resistant Disk Systems (FRDSs)
* Failure Tolerant Disk Systems
* Disaster Tolerant Disk Systems.
- The broad categories for security standards in the OSI architecture are:
● Security Attack: Any action that compromise the security of information
owned by an organization.

● Security Mechanism: A process that is designed to detect, prevent or

recover from a security attack. And security mechanism is a method which is
used to protect your message from unauthorized entity.
- Specific Security Mechanisms:
Encipherment (encryption)
Digital signature mechanisms
Access control mechanisms
Data integrity mechanisms
Authentication exchange mechanism
Traffic padding mechanism
Routing control mechanism
Notarization mechanism (assurance : eg CA)
- Pervasive Security Mechanisms:
Trusted functionality
Security labels
Event detection
Security audit trail
Security recovery

● Security Services: Security Services is the services to implement security

policies and implemented by security mechanism.
Basic security services defined:
* authentication
* access control
* data confidentiality
* data integrity
 * non-repudation
* availability service

- Typically estimating the cost of changes requested is not included in change

maintenance (change control) phase
- Consulting local fire safety codes is one of the most important fire safety steps
- Wet chemical vs Kitchen/grease fire
- FE-13 considered best alternative the halon, breathable up to 30% concentration
- open system is not open source. open system = built from industry standard
parts
- PROM : only programmable once
- EPROM : erasable programmable ROM, uses UV to erase
- EEPROM : electrically erasable PROM
- In building construction, a plenum is a separate space provided for air circulation
for heating, ventilation, and air-conditioning (sometimes referred to as HVAC) and
typically provided in the space between the structural ceiling and a drop-down
ceiling. A plenum may also be under a raised floor. In buildings with computer
installations, the plenum space is often used to house connecting communication
cables. Because ordinary cable introduces a toxic hazard in the event of fire, special
plenum cabling is required in plenum area
- ECB is the best encryption mode for databases since data within a file does not
need to be encrypted in any certain order (ECB : same plaintext = same
ciphertext)
- Normalization is an important part of database design that ensures that
attributes in a table depend only on the primary key, reducing duplicity
- Hearsay evidence must be generated / collected in the normal, regular conduct
of business
- Token ring is more fault-tolerant than ethernet
- BCP committee does not need to include HR
- Hacking is usually classed as a human threat to IT systems
- Call-back authentication methods require fixed numbers hence not appropriate
for mobile users
- The Digital Linear Tape (DLT) is only 0.498 inches in size, yet the compression
techniques and head scanning process make it a large capacity and fast tape
- The Secure Electronic Transaction (SET) protocol developed by vias and
masterdcar, uses digital signatures, and requires two pairs of asymmetric keys and
two digital certificates
- Fraggle vs Smurf = UDP vs ICMP
- Security modes of operation (MAC):
 Signed Proper Formal A valid
NDA for clearance access need to
for approval know fo
for

Dedicate ALL ALL ALL ALL

d informatio informatio informatio informatio
security n on the n on the n on the n on the
mode system. system. system. system.

System ALL ALL ALL SOME

high informatio informatio informatio informatio
security n on the n on the n on the n on the
mode system system system system

Compart ALL ALL SOME SOME

mented / informatio informatio informatio informatio
partition n on the n on the n on the n on the
ed system system system system
security
mode

Multileve ALL SOME SOME SOME

l security informatio informatio informatio informatio
mode n on the n on the n on the n on the
system system system system
Multilevel : highest risk
Partitioned : aka controlled security mode
- DAT : digital audio tape : allows for audio + data backup
- TCB assures that system meets security requirements sufficiently and effectively,
but not necessarily efficiently
- A relational database model has three parts:
* Data structures called tables or relations
* Integrity rules on allowable values and value combinations in the tables
* Operators on the data in the tables
- The spiral model is actually a meta-model that incorporates a number of the
software development models.
- Non-discretionary access control is lattice-based access control. To apply this
concept to access control, the pair of elements is the subject and object, and the
subject has to have an upper bound equal or higher than the object being accessed.
- SQL is considered a data definition language
- TACACS+ is a total new protocol and incompatible with TACACS. Allows the use
of two-factor auth, user changing passwords
- PGP uses symmetric encryption
- ESP authentication capabilities are limited due to non-inclusion of IP header info in
authentication process
- Incident handling:
1. Analyse information, raise incident, determine to what extent systems and
data is compromised (identify)
2. Communicate to parties
3. Collect / record info
4. Contain
5. Recover
- Corrective controls are concerned with remedying circumstances and restoring
controls whereas recovery controls are concerned with restoring resources,
capabilities or losses. Compensating controls are alternative controls, used to
compensate weaknesses in other controls and preventive controls are concerned
with avoiding occurrences of risks.
- A chosen-ciphertext attack is one in which cryptanalyst may choose a piece of
ciphertext and attempt to obtain the corresponding decrypted plaintext. This type
of attack is generally most applicable to public-key cryptosystems.
- Cross certification : creating trust between PKI
- Risk is the likelihood of a threat exploiting a vulnerability
- Tunnel mode is most commonly used between gateways, or at an
end-station to a gateway, the gateway acting as a proxy for the hosts
behind it.
Transport mode is used between end-stations or between an end-station
and a gateway, if the gateway is being treated as a host—for example,
an encrypted Telnet session from a workstation to a router, in which
the router is the actual destination.
Basically transport mode should be used for end-to-end sessions and
tunnel mode should be used for everything else. (Refer to the figure
for the following discussion.)
- blowfish is an open, royalty free encryption algorithm
- lattice based access control is an example of mandatory access control
- assurance procedures ensure that technical controls conform to the
security policy and that they are correctly implemented
- testing using live data is not recommended since it does not cover
the full range of possible inputs
- C2 introduces object reuse protection
- only A1 has formal definitions of roles
- 1500v minimum static electricity to cause HDD damage
- Kerberos does not address availability
- ssh operates at transport layer like SSL. Remember SSH tunnelling (port based)
- cmw : compartmented mode workstation, provides a trusted workstation or
OS. Depends on information labels, which are similar to sensitivity labels but include
controls to run as a trusted computer
- motion sensor categories : passive infrared, microwave, ultrasonic,
NOT photoelectric
- database definitions:
Table - relation
Column - attribute
Row - tuple
Cardinality - no of rows
Degree - no of column
- transaction oriented processing = atomicity = all or none
- ISE 27001 code of practice for operations security.
- ISO 27002 specs for ISMS .. Information security management System, basis for
audit and certification
- change management : approval (what)
- configuration management : documentation (how)
- BIA ... Primary obj is to determine MTD max tolerable downtime.
Includes two processes
1. Identify critical assets
2. Perform risk assessment
- after BIA, identify the preventative measures. This is when rto is identified
- MTD = rto + wrt
- S/MIME is a public key system , uses certificates signed by CAs, but
responsibility of keeping certificates up to date and
encrypting/decrypting outgoing/incoming messages is local to each
client so it is considered a public hybrid system
- Host.equiv unix : authorized / trusted hosts or users, no need for passwords
- Chief among the documents is the Trusted Network Interpretation (the Red
Book), which covers networks and network components.
Another important book is the Trusted Database Management System
Interpretation (the Lavender Book), interpreting Orange Book requirements for
DBMS products.
Other books include the Password Management Guideline (Green Book)
- Weakness of callback systems : call forwarding
- All recovery plans become obsolete quickly. Should be tested at least once a
year minimum
- WAP protocol stack:

WDP = wireless datagram protocol

- In MAC, the sensitivity label contains the classification and category (need to
know)
- The exclusionary rule mentions that evidence must be gathered legally or it can't
be used. The best evidence rule concerns limiting potential for alteration.
- Public Key Cyrpto Standards
PKCS #1 RSA Cryptography Standard Defines the mathematical properties
and format of RSA public and private keys (ASN.1-encoded in clear-text), and the
basic algorithms and encoding/padding schemes for performing RSA encryption,
decryption, and producing and verifying signatures.
PKCS #3 Diffie-Hellman Key Agreement Standard A cryptographic protocol
that allows two parties that have no prior knowledge of each other to jointly
establish a shared secret key over an insecure communications channel.
PKCS #5 Password-based Encryption Standard See RFC 2898 and PBKDF2.
PKCS #6 Extended-Certificate Syntax Standard Defines extensions to the old v1
X.509 certificate specification. Obsoleted by v3 of the same.
PKCS #7 Cryptographic Message Syntax StandardUsed to sign and/or
encrypt messages under a PKI. Used also for certificate dissemination (for instance
as a response to a PKCS#10 message). Formed the basis for S/MIME, which is as
of 2010 based on RFC 5652, an updated Cryptographic Message Syntax Standard
(CMS). Often used for single sign-on.
PKCS #8 Private-Key Information Syntax Standard. Used to carry private
certificate keypairs (encrypted or unencrypted).
PKCS #9 Selected Attribute Types Defines selected attribute types for use in
PKCS #6 extended certificates, PKCS #7 digitally signed messages, PKCS #8
private-key information, and PKCS #10 certificate-signing requests.
PKCS #10 Certification Request Standard See RFC 2986. Format of messages
sent to a certification authority to request certification of a public key. See
certificate signing request.
PKCS #11 Cryptographic Token Interface (Cryptoki) An API defining a generic
interface to cryptographic tokens (see also Hardware Security Module). Often used
in single sign-on, Public-key cryptography and disk encryption[1] systems.
PKCS #12 Personal Information Exchange Syntax Standard Defines a file
format commonly used to store private keys with accompanying public key
certificates, protected with a password-based symmetric key. This container
format can contain multiple embedded objects, such as multiple certificates. Usually
protected/encrypted with a password. Usable as a format for the Java key store.
Usable by Tomcat, but not by Apache.
PKCS #13 Elliptic Curve Cryptography Standard
PKCS #14 Pseudo-random Number Generation
PKCS #15 Cryptographic Token Information Format Standard
- "First generation firewall" packet filtering firewall
- "Second generation firewall" proxy (application layer firewall, circuit level
proxy, or application proxy )
- "Third generation firewall" stateful Firewall
- "Fourth generation firewall" dynamic packet filtering firewalls
- CHAP is not used in IKE/IPSEC
- Revision Tables:
- ISC code of ethics:
Protect society, the commonwealth, and the infrastructure
● Promote and preserve public trust and confidence in information and
systems.
● Promote the understanding and acceptance of prudent information security
measures.
● Preserve and strengthen the integrity of the public infrastructure.
● Discourage unsafe practice.
Act honorably, honestly, justly, responsibly, and legally
● Tell the truth; make all stakeholders aware of your actions on a timely basis.
● Observe all contracts and agreements, express or implied.
● Treat all members fairly. In resolving conflicts, consider public safety and
duties to principals, individuals, and the profession in that order.
● Give prudent advice; avoid raising unnecessary alarm or giving unwarranted
comfort. Take care to be truthful, objective, cautious, and within your
competence.
● When resolving differing laws in different jurisdictions, give preference to the
laws of the jurisdiction in which you render your service.
Provide diligent and competent service to principals
● Preserve the value of their systems, applications, and information.
● Respect their trust and the privileges that they grant you.
● Avoid conflicts of interest or the appearance thereof.
● Render only those services for which you are fully competent and qualified.
Advance and protect the profession
● Sponsor for professional advancement those best qualified. All other things
equal, prefer those who are certified and who adhere to these canons. Avoid
professional association with those whose practices or reputation might
diminish the profession.
● Take care not to injure the reputation of other professionals through malice
 or indifference.
● Maintain your competence; keep your skills and know ledge current. Give
generously of your time and knowledge in training others.