Home Page Icon
Home Page
Table of Contents for
The Official (ISC)2 Guide to the SSCP CBK
Close
The Official (ISC)2 Guide to the SSCP CBK
by Steven Hernandez, Adam Gordon
The Official (ISC)2 Guide to the SSCP CBK, 3rd Edition
Domain 1: Access Controls Notes
Objectives
Access Control Concepts
Implementing Access Controls
Security Architecture and Models
Implementing Authentication Mechanisms—Identification, Authentication, Authorization, and Accountability
Comparing Internetwork Trust Architectures
Trust Direction
Administering the Identity Management Lifecycle
Summary
Sample Questions
Domain 2: Security Operations
Objectives
Code of Ethics
Security Program Objectives: The C-I-A Triad and Beyond
Disclosure Controls: Data Leakage Prevention
Summary
Sample Questions
Notes
Domain 3: Risk, Identification, Monitoring, and Analysis
Objectives
Responding to an Audit
Security Assessment Activities
Operating and Maintaining Monitoring Systems
Going Hands-on—Risk Identification Exercise
Summary
Sample Questions
Notes
Domain 4: Incident Response and Recovery
Objectives
Incident Handling
Recovery and Business Continuity
Summary
Sample Questions
Notes
Domain 5: Cryptography
Objectives
Encryption Concepts
Data Sensitivity and Regulatory Requirements
Going Hands-On with Cryptography—Cryptography Exercise
Summary
Sample Questions
End Notes
Domain 6: Networks and Communications Security
Objectives
Security Issues Related to Networks
Telecommunications Technologies
Control Network Access
LAN-Based Security
Network-Based Security Devices
Wireless Technologies
Summary
Sample Questions
End Notes
Domain 7: Systems and Application Security
Objectives
Identifying and Analyzing Malicious Code and Activity
CIA Triad: Applicability to Malcode
Vectors of Infection
Spoofing, Phishing, Spam, and Botnets
Malicious Web Activity
Payloads
Identifying Infections
Behavioral Analysis of Malcode
Malcode Mitigation
Implementing and Operating End-Point Device Security
Operating and Configuring Cloud Security
Encryption
Encryption Alternatives and Other Data Protection Technologies
Securing Big Data Systems
Operating and Securing Virtual Environments
Summary
Sample Questions
End Notes
Appendix A: Answers to Sample Questions
Domain 1: Access Controls
Domain 2: Security Operations
Domain 3: Risk, Identification, Monitoring, and Analysis
Domain 4: Incident Response and Recovery
Domain 5: Cryptography
Domain 6: Networks and Communications Security
Domain 7: Systems and Application Security
Appendix B: DNSSEC Walkthrough
Hardware and Software Requirements
Configuring the Test Lab
Configuring DC1
Configuring DNS1
Signing a Zone on DC1 and Distributing Trust Anchors
Appendix C: Glossary of Terms Related to the SSCP
Titlepage
Copyright
About the Editors
Foreword
Introduction
End-User License Agreement
Search in book...
Toggle Font Controls
Playlists
Add To
Create new playlist
Name your new playlist
Playlist description (optional)
Cancel
Create playlist
Sign In
Email address
Password
Forgot Password?
Create account
Login
or
Continue with Facebook
Continue with Google
Sign Up
Full Name
Email address
Confirm Email Address
Password
Login
Create account
or
Continue with Facebook
Continue with Google
Prev
Previous Chapter
Cover
Next
Next Chapter
Domain 1: Access Controls Notes
CONTENTS
Domain 1: Access Controls Notes
Objectives
Access Control Concepts
Implementing Access Controls
Security Architecture and Models
Implementing Authentication Mechanisms—Identification, Authentication, Authorization, and Accountability
Comparing Internetwork Trust Architectures
Trust Direction
Administering the Identity Management Lifecycle
Summary
Sample Questions
Domain 2: Security Operations
Objectives
Code of Ethics
Security Program Objectives: The C-I-A Triad and Beyond
Disclosure Controls: Data Leakage Prevention
Summary
Sample Questions
Notes
Domain 3: Risk, Identification, Monitoring, and Analysis
Objectives
Responding to an Audit
Security Assessment Activities
Operating and Maintaining Monitoring Systems
Going Hands-on—Risk Identification Exercise
Summary
Sample Questions
Notes
Domain 4: Incident Response and Recovery
Objectives
Incident Handling
Recovery and Business Continuity
Summary
Sample Questions
Notes
Domain 5: Cryptography
Objectives
Encryption Concepts
Data Sensitivity and Regulatory Requirements
Going Hands-On with Cryptography—Cryptography Exercise
Summary
Sample Questions
End Notes
Domain 6: Networks and Communications Security
Objectives
Security Issues Related to Networks
Telecommunications Technologies
Control Network Access
LAN-Based Security
Network-Based Security Devices
Wireless Technologies
Summary
Sample Questions
End Notes
Domain 7: Systems and Application Security
Objectives
Identifying and Analyzing Malicious Code and Activity
CIA Triad: Applicability to Malcode
Vectors of Infection
Spoofing, Phishing, Spam, and Botnets
Malicious Web Activity
Payloads
Identifying Infections
Behavioral Analysis of Malcode
Malcode Mitigation
Implementing and Operating End-Point Device Security
Operating and Configuring Cloud Security
Encryption
Encryption Alternatives and Other Data Protection Technologies
Securing Big Data Systems
Operating and Securing Virtual Environments
Summary
Sample Questions
End Notes
Appendix A: Answers to Sample Questions
Domain 1: Access Controls
Domain 2: Security Operations
Domain 3: Risk, Identification, Monitoring, and Analysis
Domain 4: Incident Response and Recovery
Domain 5: Cryptography
Domain 6: Networks and Communications Security
Domain 7: Systems and Application Security
Appendix B: DNSSEC Walkthrough
Hardware and Software Requirements
Configuring the Test Lab
Configuring DC1
Configuring DNS1
Signing a Zone on DC1 and Distributing Trust Anchors
Appendix C: Glossary of Terms Related to the SSCP
Titlepage
Copyright
About the Editors
Foreword
Introduction
End-User License Agreement
List of Tables
Table 1-1
Table 1-2
Table 1-3
Table 1-4
Table 1-5
Table 1-6
Table 1-7
Table 1-8
Table 1-9
Table 2-1
Table 2-2
Table 2-3
Table 2-4
Table 2-5
Table 4-1
Table 4-2
Table 5-1
Table 5-2
Table 5-3
Table 5-4
Table 6-1
Table 6-2
Table 6-3
Table 6-4
Table 6-5
Table 6-6
Table 6-7
Table 6-8
Table 6-9
Table 6-10
Table 6-11
Table 6-12
Table 6-13
Table 6-14
Table 7-1
List of Illustrations
Figure 1-1: Subject Group Access Control—User
Figure 1-2: Subject Group Access Control—User permissions Allow and Deny
Figure 1-3: Subject Group Access Control—Multiple Users
Figure 1-4: Subject Group Access Control—Group
Figure 1-5: Hierarchical permission inheritance
Figure 1-6: Replacement of all child object permissions
Figure 1-7: The Rule Set Based Access Control (RSBAC) Generalized Framework for Access Control (GFAC) logic for data access request
Figure 1-8: Local Users and Groups in a Windows 7 computer
Figure 1-9: File permissions
before
adding an RBAC example in Windows 7/Windows 8 computer
Figure 1-10: The Select Users or Groups screen that appears after the Edit button has been clicked
Figure 1-11: Folder permissions AFTER adding an RBAC example in Windows 7/Windows 8 computer; resultant set of permissions for Backup Operators group
Figure 1-12: Signature analysis pad
Figure 1-13: Sample keystroke dynamics measurements
Figure 1-14: A Fingerprint reader scans the loops, whorls, and other characteristics of a fingerprint and compares it with stored templates. When a match is found, access is granted.
Figure 1-15: Hand geometry reader. “Physical security access control with a fingerprint scanner”
Figure 1-16: Vascular pattern reader
Figure 1-17: How Retinal Scanners record identity source
Figure 1-18: How Iris Scanners record identity
Figure 1-19: Geometric properties of a subject’s face used in facial imaging
Figure 1-20: Crossover error rate is one of three categories of biometric accuracy measurements
Figure 1-21: A typical DMZ design
Figure 2-1: Defense-in-depth through network segmentation
Figure 2-2: Microsoft/Sysinternals Process Monitor
Figure 2-3: Continuum of controls relative to the time line of a security incident
Figure 2-4: Balanced Magnetic Switch (BMS), used on doors and windows, uses a magnetic field or mechanical contact to determine if an alarm signal is initiated.
Figure 2-5: Infrared linear beam sensors
Figure 2-6: A passive infrared (PIR) sensor is one of the most common interior volumetric intrusion detection sensors. Because there is no beam, it is called passive.
Figure 2-7: An automatic request to exit (REX) device (located over the Exit sign) provides for magnetically locked doors, acting as an automatic sensor for detecting an approaching person in the exit direction and deactivates the alarm as the person exits.
Figure 2-8: Magnetic Lock
Figure 2-9: A mantrap
Figure 2-10: A turnstile can be used as a supplemental control to assist a guard or receptionist while controlling access into a protected area.
Figure 2-11: A higher end turnstile is an turnstile, which is designed to provide a secure access control in the lobby of a busy building.
Figure 2-12: A rim lock is a lock or latch typically mounted on the surface of a door.
Figure 2-13: A mortise lock is a lock or latch that is recessed into the edge of a door rather than being mounted to its surface.
Figure 2-14: A pin tumbler cylinder is a locking cylinder that is composed of circular pin tumblers that fit into matching circular holes on two internal parts of the lock.
Figure 2-15: A cipher lock is controlled by a mechanical key pad with digits that when pushed in the right combination will release the lock and allow entry.
Figure 2-16: “Intelligent keys” have a built-in microprocessor that is unique to the individual key holder and identifies the key holder specifically
Figure 2-17: A safe is a fireproof and burglarproof iron or steel chest used for the storage of currency, negotiable securities, and similar valuables.
Figure 2-18: A vault is a room or compartment designed for the storage and safe-keeping of valuables and has a size and shape that permits entrance and movement within by one or more persons.
Figure 2-19: A class 6 container is approved for the storage of secret, top secret, and confidential information.
Figure 2-20: A card reader with PIN and biometric features for additional security.
Figure 2-21: A secure portal allows only one person in at a time and will only open the inner door once the outer door is closed.
Figure 2-22: A backup generator is activated automatically in the event of a utility failure by the transfer switch.
Figure 3-1: Determining Likelihood of Organizational Risk
Figure 3-2: The NIST Risk Assessment Process
Figure 3-3: A screenshot of policy configuration using Nessus
Figure 3-4: A screenshot of the Metasploit console
Figure 3-5: A risk-level matrix
Figure 3-6: Sample risk register
Figure 3-7: Microsoft System Center Operations Manager Console
Figure 3-8: Setting up a new machine in VirtualBox
Figure 3-9: Selecting memory size for the new virtual machine
Figure 3-10: Setting up a hard drive on the new virtual machine
Figure 3-11: Verifying that PAE/NX (Physical Address Extension and Processor Bit) is enabled
Figure 3-12: Enabling the network adapter
Figure 3-13: Creating a new virtual machine in Kali Linux
Figure 3-14: Naming the new virtual machine in Kali Linux
Figure 3-15: Selecting memory size (Kali Linux)
Figure 3-16: Setting up a hard drive (Kali Linux)
Figure 3-17: Enabling network adapter (Kali Linux)
Figure 3-18: Discovering the target IP address
Figure 3-19: Starting Zenmap to launch a scan
Figure 3-20: Auto-generated command in Zenmap
Figure 3-21: Ports recognized by Zenscan
Figure 4-1: The NIST Incident Response process
Figure 4-2: A typical communications web for an organization’s incident response plan
Figure 5-1: Cryptographic hashing function
Figure 5-2: Out-of-band key distribution.
Figure 5-3: Electronic codebook is a basic mode used by block ciphers.
Figure 5-4: Cipher block chaining mode.
Figure 5-5: Cipher feedback mode of DES.
Figure 5-6: Output feedback mode of DES.
Figure 5-7: Counter mode is used in high-speed applications such as IPSec and ATM.
Figure 5-8: Operations within double DES cryptosystems.
Figure 5-9: Meet-in-the-middle attack on 2DES.
Figure 5-10: Mix column transformation
Figure 5-11: Using public key cryptography to send a confidential message.
Figure 5-12: Using public key cryptography to send a message with proof of origin.
Figure 5-13: Using public key cryptography to send a message that is confidential and has a proof of origin.
Figure 5-14: Hybrid system using asymmetric algorithm for bulk data encryption and an asymmetric algorithm for distribution of the symmetric key.
Figure 5-15: The XKMS service shields the client application from the complexities of the underlying PKI.
Figure 5-16: The SKMS service might resolve a
<ds: Retrieval Method>
element.
Figure 5-17: Recommended Crypto Periods for key types
Figure 5-18: SSL/TLS Protocol Layers
Figure 5-19: Choosing components during GnuPG setup
Figure 5-20: Setting up Claws account information
Figure 5-21: SMTP server setup in Claws
Figure 5-22: No PGP key warning
Figure 5-23: Entering a passphrase for new key creation
Figure 5-24: Accessing GPA from the Windows Start Menu
Figure 5-25: Finding a key in the key manager
Figure 5-26: Exporting a key to the keyserver
Figure 5-27: Accessing the plug-ins menu
Figure 5-28: Selecting and loading plug-ins
Figure 5-29: Setting up a user in Thunderbird
Figure 5-30: Entering account information
Figure 5-31: Mail account setup
Figure 5-32: Accessing the Add-ons menu
Figure 5-33: Searching for a specific add-on
Figure 5-34: Installing an add-on
Figure 5-35: Restarting machine after add-on installation is complete
Figure 5-36: Enigmail Setup Wizard
Figure 5-37: Configuring encryption settings
Figure 5-38: Configuring your digital signature
Figure 5-39: Preference settings
Figure 5-40: Creating a key to sign and encrypt email
Figure 5-41: Configuring a passphrase to be used to protect the private key
Figure 5-42: Key generation
Figure 5-43: Revocation certificate creation
Figure 5-44: Passphrase entry to unlock the secret key
Figure 5-45: Composing a message
Figure 5-46: Accessing the privacy system and encryption options
Figure 5-47: Sending a message
Figure 5-48: Entering a private key to decrypt a message
Figure 5-49: Decrypted message
Figure 5-50: Checking on the encryption of mail message on email server
Figure 5-51: Accessing Thunderbird Enigmail Key Management menu
Figure 5-52: Searching for a public key
Figure 5-53: Enigmail encryption and signing settings
Figure 5-54: Entering the passphrase to unlock the secret key for the OpenPGP certificate
Figure 5-55: Reading the decrypted message
Figure 5-56: Viewing the encrypted message on the e-mail server
Figure 6-1: The Seven Layer OSI Reference Model
Figure 6-2: OSI Model & TCP/IP Model
Figure 6-3: Network with a bus topology
Figure 6-4: Network with a tree topology
Figure 6-5: Network with a ring topology
Figure 6-6: Network with a mesh topology
Figure 6-7: Network with a star topology
Figure 6-8: LAN token passing
Figure 6-9: The DNS database structure
Figure 6-10: Diagram of a Generic SCADA ICS
Figure 6-11: Dirt Jumper Bot Malware screen capture
Figure 6-12: A DDoS attack for hire network ad
Figure 6-13: Another DDoS attack for hire network ad
Figure 6-14: A demilitarized zone (DMZ) allows an organization to give external hosts limited access to public resources, such as a company website, without granting them access to the internal network.
Figure 6-15: Logical design for control planes
Figure 6-16: Architecture of an intrusion detection system (IDS)
Figure 6-17: A network tap is a device that simply sits on a network in “monitor” or “promiscuous” mode and makes a copy of all the network traffic, possibly right down to the Ethernet frames.
Figure 7-1: The CIA Triad: Confidentiality, Integrity, and Availability
Figure 7-2: BlackHat malware distribution website scanning interface
Figure 7-3: KIMS Indetectables 2.0
Figure 7-4: KIMS Indetectables 2.0 Options settings
Figure 7-5: vgrep search for MyDoom worm
Figure 7-6: The floppy disk that contains the complete source code for the Morris internet worm in the Computer History Museum.
Figure 7-7: Scanning In Progress
Figure 7-8: Social Engineering Toolkit in KALI Linux
Figure 7-9: Social Engineering Toolkit Menu options
Figure 7-10: Social Engineering Toolkit sub list menu of attack options
Figure 7-11: A file that has been created using double file extensions.
Figure 7-12: Opening a file with a different version of a program
Figure 7-13: File with double file extensions
Figure 7-14: File opened without any security warning
Figure 7-15: File renaming through extension manipulation
Figure 7-16: Examination of underlying code in
wmplayer.exe
Figure 7-17: Simple modification of
wmplayer.exe.txt
file
Figure 7-18: U+202E: Right-To-Left Override selection
Figure 7-19: Sample spam email
Figure 7-20: Email that appears to be from Lufthansa customer service
Figure 7-21: Main DirBuster tool interface running in Windows 7
Figure 7-22: Built-in list options that are available for use
Figure 7-23: What typical P2P software looks like on an end-user system
Figure 7-24: Diagram of the Google MITM attack vector
Figure 7-25: Properties of a specified running process are displayed.
Figure 7-26: Information that ProcNetMonitor displays when launched
Figure 7-27: PeStudio, a Windows Image Executable Analysis tool that has been used to examine the ArpScan executable
Figure 7-28: Advanced Port Scanner being used to scan an IP address range
Figure 7-29: Open Ports Scanner being used to scan a single host
Figure 7-30: Snort being initialized and set up to run on a host
Figure 7-31: Pop-up message
Figure 7-32: Two tools that the security practitioner may use to detect malware that has been installed on a targeted computer
Figure 7-33: Scan types available in tool
Figure 7-34: A list of the detected malware, as well as mitigation options
Figure 7-35: Modified registry keys shown as output of scan
Figure 7-36: Prompt for the security practitioner to press a key to start the scan
Figure 7-37: Configuration Wizard for SysAnalyzer tool
Figure 7-38: sniff_hit tool
Figure 7-39: Hex Edit tool being used to examine the
WinHex.exe
file
Figure 7-40: PEiD being used to examine the
lads.exe
file
Figure 7-41: A string analysis performed on a packed file
Figure 7-42: A string analysis performed on an unpacked file
Figure 7-43: An MZ header in a Windows binary file
Figure 7-44: UPX tool interface
Figure 7-45: A memory dump performed with LordPE of the
vmplayer.exe
file being used to compare to the actual file running in memory on the computer
Figure 7-46: ISC2.org query results
Figure 7-47: Robtex search results output selection bar that is located at the top left hand corner of the results page
Figure 7-48: Output for the Domain Name Search
Figure 7-49: Graphed output from a Robtex Domain Name Search
Figure 7-50: Output of a scan using the Zenmap tool
Figure 7-51: Firefox “Live HTTP Headers” add-on
Figure 7-52: Attaching a virtual hard disk to a Windows system
Figure 7-54: Responsibility depending on the type of cloud services
Figure 7-55: Key privacy cloud service factors
Figure 7-56: Differences between object and volume storage types
Figure 7-57: Basic Tokenization Architecture
Figure A-1: The NIST Risk Assessment Process
Guide
Cover
Domain 1: Access Controls Notes
Start Reading
Domain 2: Security Operations
Domain 3: Risk, Identification, Monitoring, and Analysis
Domain 4: Incident Response and Recovery
Domain 5: Cryptography
Domain 6: Networks and Communications Security
Domain 7: Systems and Application Security
Appendix A: Answers to Sample Questions
Appendix B: DNSSEC Walkthrough
Appendix C: Glossary of Terms Related to the SSCP
Title Page
Front Matter
Foreword
Introduction
End-User License Agreement
Pages
1
2
3
4
5
6
8
9
10
12
13
14
15
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
35
38
40
43
44
47
48
49
50
51
52
53
54
55
56
57
58
59
60
62
63
64
65
66
67
68
69
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
127
128
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
151
152
153
155
159
161
162
163
164
165
166
167
168
169
170
172
173
174
175
176
177
178
179
180
181
182
183
185
186
187
188
189
191
192
193
195
196
197
198
199
200
201
202
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
266
267
268
270
272
274
277
278
279
280
281
282
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
367
368
369
370
371
372
373
374
375
376
377
380
381
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
401
402
403
404
405
406
407
408
409
410
412
413
414
415
416
417
418
419
420
423
424
427
430
431
432
434
439
440
441
442
443
444
445
446
447
448
449
450
452
453
454
455
456
457
458
459
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
504
505
506
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
589
590
591
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
619
620
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
654
655
656
657
658
659
660
661
662
663
665
666
667
668
669
670
671
675
677
678
679
681
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
iii
iv
v
xvii
xviii
xix
xx
xxi
xxii
xxiii
Add Highlight
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click
here
login for view all page.
Day Mode
Cloud Mode
Night Mode
Reset