The exam cram

Presented here is a revision of the concepts discussed in the previous four chapters, namely, chapters six through nine. They are provided in bullet points as snippets that are easy to revise. These snippets are for quick revision and the reinforcement of the knowledge that has been learned.

CISSP CBK Domain #3 –€“ security engineering

The following bullet points are presented in an exam cram format for quick revision. They cover important points from the security engineering domain. The covered topics include security design principles; best practices and proven models that are adapted during product design as well as in processes; technical vulnerabilities and mitigation techniques; cryptography; and physical security concepts:

  • Security engineering is based on design principles, practices, and models to ensure confidentiality, integrity, and the availability requirements of information assets.
  • CIA is the commonly used acronym for Confidentiality, Integrity, and Availability.
  • The elements of a computer that are fundamental to its operations together with the way in which the elements are organized are referred to as computer architecture.
  • A central processing unit (CPU) is the heart and brain of a computer. The process carried out by the CPU is called executing the program.
  • Input/output (IO) systems interface with the CPU.
  • The function of memory is to store instructions and data either permanently or temporarily.
  • Primary memory refers to a storage area that is directly addressable by the CPU.
  • Secondary memory refers to the permanent storage that is indirectly accessible by the CPU. Some examples of this are magnetic disks, tapes, and so on.
  • Telecommunication and networking technologies enable computers to communicate with each other or act as a server, client, or both.
  • The collection of hardware and software together is sometimes referred to as a computer system.
  • A computer system can be categorized as an open system, a closed system, or a combination of both.
  • An open system, as the name implies, is open to interconnectivity with other systems. It can be reviewed by independent third parties.
  • Various computing methods are available to improve the instruction execution cycle. An instruction execution cycle is the time required to fetch the instruction and data from the memory, decode the information, and execute the same.
  • When many operations are performed per instruction, then such a computing is known as Complex Instruction Set Computer (CISC).
  • When instruction sets reduce the cycle time to execute instructions, then the method is called Reduced Instruction Set Computer (RISC).
  • From an information security perspective, computer architecture should take into consideration the CIA aspects of computing services.
  • Trusted Computer System refers to the systems that have a well-defined security policy, accountability, assurance mechanisms, and proper documentation.
  • Trusted Computer System Evaluation Criteria (TCSEC) is a set of basic requirements used to evaluate the effectiveness of computer security controls built into computer systems. TCSEC is the United States Department Of Defense (DoD) standard and is popularly known as Orange book.
  • Protection Domain is a security function used to control or prevent direct access by an insecure or lower-level entity to a secure higher-level entity.
  • When protection domains are organized in a hierarchical format, then they are called Protection Rings.
  • Security Perimeter is an outer ring of a trusted computing base; or in simple terms, it is the outer ring of a protected domain or entity.
  • Trusted Path refers to a secure path provided by a software to communicate with entities within the trusted rings to eliminate unauthorized access.
  • Encapsulation is a technique used to hide information from unauthorized entities.
  • Abstraction is the process of hiding the details and exposing only the essential features of a particular concept or object that are encapsulated.
  • Reference Monitor is a secure module that controls access to trusted, protected entities in a trusted computing base.
  • Security Kernel is a computer architecture consisting of hardware and software elements that implement the reference monitor.
  • Security Label is a classification mechanism used to indicate the security levels of entities.
  • Logical Security Guard is a security mechanism used to control the communication between entities that are labeled lower and high sensitive.
  • Security Modes are operating modes based on the operating level of the information systems based on the sensitivity level or the security label.
  • In information security, the term assurance means the level of trust or the degree of confidence in the satisfaction of security needs.
  • Common Criteria (CC) is an assurance framework that is predominantly derived from Trusted Computer Security Evaluation Criteria (TCSEC), Information Technology Security Evaluation Criteria (ITSEC), and Canadian Trusted Computer Product Evaluation Criteria (CTCPEC).
  • In Common Criteria, a Target of Evaluation (TOE) is the target product or system that is to be evaluated.
  • Security Target (ST) is principally a document that identifies the security properties of TOE.
  • Evaluation Assurance Level (EAL) is a numerical rating based on the evaluation levels. There are seven levels of EAL starting from EAL1 (Basic) to EAL7 (most stringent).
  • Trusted Computer Security Evaluation Criteria (TCSEC) is also called Orange Book in the rainbow series. It is published by the United States Department of Defense (DOD).
  • Information Technology Security Evaluation Criteria (ITSEC) is a European standard for IT security that specifies the evaluation criteria for functionality and assurance.
  • Canadian Trusted Computer Product Evaluation Criteria (CTCPEC) is a Canadian standard for security product evaluation published by Communications Security Establishment.
  • Department of Defense Information Technology Security Certification and Accreditation Process (DITSCAP) is a standardized approach designed to guide DoD agencies through the certification and accreditation process for a single information technology (IT) entity.
  • System Security Authorization Agreement (SSAA) is a document that specifies system specifications such as the system mission, target environment, target architecture, security requirements, and applicable data access policies. SSAA is the basis on which certification and accreditation actions take place.
  • National Information Assurance Certification and Accreditation Process (NIACAP) is a process used for the certification and accreditation of the computer systems that handle the US National Security information.
  • DoD Information Assurance Certification and Accreditation Process (DIACAP) is a standard that supersedes DITSCAP.
  • System Security Engineering Capability Maturity Model (SSE-CMM) is a system security process maturity model that focuses on the requirements pertaining to the implementation of security in a system or a group of systems, specifically in the Information Technology Security domain. It is a National Security Agency (NSA) sponsored effort.
  • There are 11 security engineering practices that are defined in SSE-CMM.
  • There are 11 process area-related projects and organizational practices in SSE-CMM.
  • Computer security is based on the role of various entities within the system and their CIA requirement.
  • A computer security model known as the take-grant protection model specifies obtaining (taking) rights from one entity to another or transferring (granting) rights from one entity to another.
  • The Bell LaPadula security model focused on confidentiality; this model prescribes access controls to classified or confidential information. A simple way to remember this model is—€”no read up and no write down.
  • The Biba model focuses on data integrity. A simple way to remember this model is—€”no read down and no write up.
  • The Clarke Wilson model focuses on integrity, and it aims to address multilevel security requirements in computing systems.
  • IT components such as operating systems, application software, as well as networks have many vulnerabilities.
  • The primary purpose of vulnerability and penetration tests is to identify, evaluate, and mitigate the risks due to vulnerability exploitation.
  • Vulnerabilities in IT systems such as software and networks can be considered as holes or errors.
  • While vulnerability assessment and remediation is used to strengthen the computer system, it is also important to perform suitable penetration tests periodically to identify the possibility of system compromise.
  • Testing from an external network with no prior knowledge of the internal networks and systems is referred to as black box testing.
  • Performing the test from within the network is referred to as internal testing or white box testing.
  • Testing from an external and/or internal network with knowledge of internal networks and systems is referred to as gray box testing. This is usually a combination of black box testing and white box testing.
  • Common Vulnerability and Exposures (CVE) is an online dictionary of vulnerabilities.
  • Cryptography is an art as well as a science that involves the process of transforming a plain text into a scrambled text and vice versa.
  • The process of converting plain text into scrambled or unintelligible (cipher) text is called encryption.
  • The process of converting scrambled or unintelligible (cipher) text into plain text is called decryption.
  • An algorithm in cryptography is a series of well-defined steps that provide the procedure for encryption/decryption.
  • A cryptographic method is a way of doing encryption and decryption in a systematic way.
  • Cryptography is based on algorithms and the keys that operate on them.
  • If only one key is used, then it is called symmetric key encryption; if two keys are used, then it is called asymmetric key encryption; and if no key is used, then it is called hashing.
  • When the key stream algorithm operates on a single bit, byte, or computer word such that the information is changed constantly, then it is called stream cipher.
  • If the algorithm operates on a block of text (as opposed to a single bit or byte), then it is known as block cipher.
  • The Rivest Cipher (RC4) algorithm uses about 40 to 256 bits, and the key sizes are different. RC4 is a stream cipher.
  • Data Encryption Standard (DES) is a block cipher that uses up to 56-bit keys and operates on 64-bit blocks.
  • Advanced Encryption Standard (AES) is a 128-bit block cipher that employs 128, 192, or 256 bit keys.
  • When a ciphertext block is formed by the application of a secret key to encrypt the plaintext block, this is called Electronic Code Book (ECB).
  • When a plaintext is exclusively-ORed (XORed) with the previous block of ciphertext, then the mode is called Cipher Block Chaining (CBC).
  • Cipher FeedBack (CFB) is a mode that allows the encrypted data units to be smaller than the block unit size.
  • Output FeedBack(OFB) uses an internal feedback mechanism such that the same plaintext block cannot create the same ciphertext block.
  • Initialization vectors are a block of bits that allow either a stream cipher or a block cipher to execute any of the preceding modes.
  • Digital signature is a type of public key cryptography where the message is digitally signed using the sender's private key.
  • Hashing is called message digest or one-way encryption as there is no decryption, only validating the computed checksum.
  • Transport Layer Security (TLS) and its predecessor Secure Sockets Layer (SSL) are protocols that provide communication security by encrypting the sessions while using the Internet.
  • Secure Electronic Transaction (SET) is a set of standard protocols for securing a credit card transaction over insecure networks.
  • IPSec is set of protocols used to secure Internet communication.
  • Pretty Good Privacy (PGP) is a software package that supports secure e-mail communications.
  • Secure Multi-Purpose Internet Mail Extensions (S/MIME) uses public key cryptography to provide an authentication for e-mail messages through digital signatures. S/MIME can also provide non-repudiation and confidentiality.
  • Secure Hypertext Transfer Protocol (SHTTP) is a protocol that introduces an authentication/encryption layer between the Hyper Text Transfer protocol (HTTP) and Transmission Control Protocol (TCP), to secure communications for the World Wide Web (WWW).
  • Secure Shell (SSH) is a protocol that establishes a secure channel between two computers for communication purposes.
  • Kerberos is an encryption and authentication service.
  • Steganography refers to the art of concealing information within the computer files such as documents, images, or any multimedia content.
  • Digital Watermarking is a method by which copyright information is embedded in a digital content such as documents, images, and multimedia files.
  • SecureID is a two-factor authentication system.
  • Wireless Application Protocol (WAP) is a set of standards for wireless communications using devices such as mobile phones.
  • IEEE 802.11 is a set of standards for Wireless Local Area Networking (WLAN). Wired Equivalent Privacy (WEP) and Wireless (WI-FI) Protected Access (WPA) are the commonly used protocols for encryption in this communication standard.
  • Public Key Infrastructure (PKI) is a framework that enables the integration of various services related to cryptography.
  • The aim of PKI is to provide confidentiality, integrity, access control, authentication, and most importantly non-repudiation.
  • Key management includes a secure generation of keys, a secure storage of keys, a secure distribution of keys, and secure destruction of keys.
  • Key Usage refers to using the key for a cryptographic process. This should be limited to using a single key for only one cryptographic process.
  • When a specific key is authorized for use by legitimate entities for a period of time, or the effect of a specific key for a given system is for a period of time, then the time span is known as a Crypto period.
  • Cryptanalysis is the science of analyzing and deciphering codes and ciphers.
  • Cryptographic algorithm and key size selection are two important key management parameters that provide adequate protection to the system and data throughout their expected lifetime.
  • The Cipher-text only attack refers to the availability of the cipher-text (encrypted text) to the cryptanalyst.
  • When a cryptanalyst obtains cipher text as well as the corresponding plain text, then this type of attack is known as the known-plaintext attack.
  • Chosen-plaintext attack refers to the availability of corresponding cipher text to the block of plain text chosen by the analyst.
  • If a cryptanalyst can choose the samples of plaintext based on the results of previous encryptions in a dynamic passion, then this type of cryptanalytic attack is known an as adaptive-chosen-plaintext attack.
  • Chosen-cipher text attack is a type of attack used to obtain the plaintext by choosing a sample of cipher text by the cryptanalyst.
  • Adaptive-chosen-cipher text attack is similar to the chosen-cipher text, but the samples of cipher text are dynamically selected by the cryptanalyst and the selection can be based on the previous results as well.
  • Wired Equivalent Privacy (WEP) is an algorithm that uses stream cipher RC4 encryption standard for confidentiality protection, and it uses CRC-32 for integrity assurance.
  • Wi-Fi Protected Access (WPA) is a security protocol developed by the Wi-Fi alliance that replaces WEP.
  • WPA2 is an advanced protocol certified by the Wi-Fi alliance. This protocol fulfills the mandatory requirements of IEE 822.11i standard, and it uses the AES algorithm for encryption.
  • Bluetooth is a wireless protocol for short-range communications for fixed or portable computers and mobile devices.
  • The core structure of FIPS140 recommends four security levels for cryptographic modules that protect sensitive information in the federal systems, such as computer and telecommunication systems that include voice system as well.

CISSP CBK Domain #4 –€ communication and network security

The following bullet points presented in an exam cram format for quick revision cover important points from the Communication and Network Security domain. The covered topics include foundational concepts in network architecture and network security; IP and non-IP protocols and their applications; threats, attacks, vulnerabilities, and countermeasures to communication and network security; security requirements in wireless networks; the application of cryptography in communication security; and securing network components:

  • Security in Communication and Networks is based on the architecture type, protocols, and the technologies used.
  • Layered architecture is a technique used to design communication networking in the form of layers. Each layer is independent and communicates with its immediate upper and lower layers.
  • Open System Interconnect (OSI) is an International Organization for Standardization (ISO) layered architecture standard that defines a framework for implementing protocols in seven layers.
  • Layer 7 or the Application layer provides application services that are required for application processes.
  • Layer 6 is the Presentation layer that manages the way in which the information or data is encoded or represented.
  • Layer 5 is the session layer, and the primary purpose of this layer is to manage communication between two computers.
  • Layer 4 is used to maintain the integrity and validity of the data being transported, and is known as the transport layer.
  • Layer 3 is called the network layer, and it ensures that the proper route is established for transporting data.
  • Layer 2 is the data link layer that ensures node-to-node validity of the data being transmitted.
  • Layer 1 deals with the electrical and mechanical characteristics of the data and is called the physical layer.
  • Transmission Control Protocol/Internet Protocol (TCP/IP) is an Internet Protocol suit on which most of the Internet and commercial networks run.
  • The original TCP/IP reference model consists of four layers that are purely related to the Internet communications.
  • The four layers are application layer, transport layer, network/Internet layer, and data link layer.
  • DNS works at the application layer. DNS translates domain names into IP addresses.
  • A common threat to DNS is spoofing.
  • Domain Name System Security Extensions (DNSSEC) are a set of extensions that provide origin authentication, data integrity, and authenticated denial of existence.
  • In an Internet Protocol (IP) network, client devices obtain necessary network parameters from a centralized server(s) using DHCP.
  • HTTP is a communication protocol that enables the retrieval and transfer of hypertext pages. HTTP uses Transmission Control Protocol (TCP) for connections.
  • Common threats for HTTP include Spoofing, Unauthorized disclosure, and Path traversal.
  • Transport layer in the TCP/IP model does two things. One job is to package the data given out by applications to a format that is suitable for transport over the network, and the other one is to unpack the data received from the network to the format suitable for applications.
  • The process of packaging the data packets received from the applications is called encapsulation, and the output of such a process is called a datagram.
  • Similarly, the process of unpacking the datagram received from the network is called abstraction.
  • Transmission Control Protocol (TCP) is a core Internet protocol that provides reliable delivery mechanisms over the Internet. TCP is a connection-oriented protocol and is represented in Layer 4 of the OSI model.
  • User Datagram Protocol (UDP) is a protocol similar to TCP but is a connectionless protocol, and it is represented in Layer 4 of the OSI model.
  • TCP SYN attacks establish thousands of half-open connections to consume the server resources. It works by spoofing different source IPs and not replying to SYN/ACK.
  • Network or the Internet layer in the TCP/IP model is for internetworking. This layer has a group of methods, functions, and protocols to facilitate communication between different networks.
  • IP is a connectionless protocol and is used in packet-switched networks such as the Internet.
  • The primary function of IP is to send data from one computer to another. IP works in the Network Layer of OSI and Internet layer of the TCP/IP model.
  • IPsec is a suite of protocols that are created to secure Internet Protocols (IP). They provide authentication and encryption functions.
  • A tunnel in a computer network, just as VPN is a secure path or route for the datagram, which is used to pass through an insecure or un-trusted network. This is achieved using additional encapsulation.
  • In communication security, the prevention of unauthorized access and modification of data at the devices, data in transmission, and the data being processed is a primary requirement.
  • Service-assurance requirements are the availability of communication channels and devices including the operator-side equipment.
  • Assurance from theft or leakage of service, such as the diversion of data or calls and operator side and business side revenue theft, are assurance requirements.
  • Snooping/eavesdropping, theft of services, and Denial-of-Service (DoS) are common attacks on communication systems.
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.144.82.21