Cryptography

• History of Cryptography
• Cryptography components and their relationships
• Government involvement in cryptography
• Symmetric and asymmetric key algorithms
• Public key infrastructure (PKI) concepts and mechanisms
• Hashing algorithms and uses
• Types of attacks on cryptosystems

Cryptography is a method of storing and transmitting data in a form that only those it is intended for can read and process. It is considered the science of protecting information by encoding it into an unreadable format.

History of Cryptography

roots began in 2000 B.C. in Egypt decorating tombs in hieroglyphics. A Hebrew method required the alphabet to be flipped so that each letter in the original alphabet was mapped to a different letter in the flipped, or shifted, alphabet.

ABCDEFGHIJKLMNOPQRSTUVWXYZ
ZYXWVUTSRQPONMLKJIHGFEDCBA

Around 400 B.C the Spartans used a system of encrypting: they would write a message on sheet of papyrus that was wrapped around a staff which was then delivered and wrapped around a different staff by the recipient. The message was only readable if it was wrapped around the same size staff. Known as scytale cipher.

The most famous rotor encrytion machine is the Enigma used by the Germans in WWII

Types: substitution, monoalphabetic substitution, polyalphabetic substitution, atbash,Vigenere

Cryptography Definitions and Concepts

plaintext - readable data
ciphertext - data that appears to be random and unreadable
cryptosystem - a system or product that provides encryption and decryption
algorithm - the set of rules, dictates how enciphering and deciphering take place

Kerckhoff's Principle (p596)

Strengths of the cryptosystem
the strength of an encryption method comes from the algorithm, secrecy of the key, length of the key, initialization vectors, and how they all work together within the cryptosystem.

Services
Confidentiality - denies unauthorized parties access to information
Authenticity - validates the source of the message, to ensure that the sender is properly identified
Integrity - provides assurance that the message was not modified, accidentally or intentionally
Nonrepudiation - establishes that a particular sender has sent the message so that they cannot deny having sent the message at a later date

One-time pad
a perfect encryption scheme because it considered unbreakable if implemented properly. Invented by Gilbert Vernam in 1917

Running and Concealment Ciphers
The running key cipher could use a key that does not require an electric algorithm and bit alterations, but cleverly steps in the physical world around you.
A concealment cipher is a message within a message.

Steganography - a method of hiding data in another media type so that the very existence of the data is concealed.

Government Involvement with Cryptography

Wassenaar Arrangement - "The Wassenaar Arrangement on Export Controls for Conventional Arms and Dual-Use Goods and Technologies"
The following outlines the characteristics of a specific algorithm types that are considered too dangerous to fall into the hands of the enemy and thus are restricted:

• Symmetric algorithms with key sizes over 56 bits
• Asymmetric algorithms that carry our factorization of an integer with key sizes over 512 bits (such as RSA)
  
• Asymmetric algorithms that compute discrete logarithms in a field with key sizes over 512 bits (such as El Gamal)
• Asymmetric algorithms that compute discrete logarithms in a group (not a field) with key sizes over 112 bits (such as ECC)

Types of Ciphers

Substitution Cipher
Transposition Cipher

Methods of Encryption

Symmetric vs. Asymmetric Algorithms
Symmetric algorithms use secret keys while asymmetric algorithms us public and private keys.

Block Cipher
the message is divided into blocks of bits
Stream Cipher
treats the message as a stream of bits and performs mathematical functions on each bit individually

A strong and effective stream cipher contains the following characteristics

• Long periods of no repeating patterns within keystream values
• Statistically unpredictable keystream
• A keystream not linearly related to the key
• Statistically unbiased keystream (as many 0s as 1s)

Hybrid Encryption Methods - Asymmetric and Symmetric Algorithms used together
Session Keys -a symmetric key that is used to encrypt messages between two users.

Types of Symmetric Systems

• Data Encryption Standard (DES)
• 3DES
• AES
• International Data Encryption Algorithm (IDEA)
• Blowfish
• RC4
• RC5

Types of Asymmetric Systems
Diffie-Hellman Mathematical Steps

1. Tanya chooses a large random integer (x) and sends to Erika
2. Erika also chooses a large random integer (y) and sends it to Tanya
3. Tanya's software computes the following: K=Y^x mod n
4. Erika's software computes the following: K=X^y mod n

Man in the middle attack

El Gamal - a public key algorithm that can be used for digital signatures, encryption, and key exchange

Elliptic Curve Crytosystem

Knapsack
Zero Knowledge Proof

Message Integrity

One way hash - a function that takes a variable length string and produces a fixed length value called a hash value
HMAC
CBC-MAC

Various Hashing Algorithms

• Hash should be computed over the entire message
• Hash should be a one-way function so that messages are not disclosed by their values
• Given a message and its hash value, computing another message with the same hash value should be impossible
• Function should be resistant to birthday attacks

MD2
MD4
MD5
SHA
HAVAL

Attack against one way hash functions
collision - the algorithm produces that same value for two distinctly different messages
birthday attack - attacker attempts to force a collision

Digital Signatures

• A message can be encrypted, which provides confidentiality
• A message can be hashed, which provides integrity
• A message can be digitally signed, which provides authentication, nonrepudiation, and integrity
• A message can be encrypted and digitally signed, which provides confidentiality, authentication, nonrepudiation, and integrity

Digital Signature Standard

Public Key Infrastructure (PKI)
consists of programs, data formats, procedures, communication protocols, security policies, and public key cryptographic mechanisms working in a comprehensive manner to enable a wide range of dispersed people to communicate in a secure and predictable fashion
Certificate Authorities
Registration Authority

Key Management
The key length should be long enough to provide the necessary level of protection
Keys should be stored and transmitted by secure means
Keys should be extremely random and the algorithm should use the full spectrum of the key space
The key's lifetime should correspond with the sensitivity of the data it is protecting
The more the key is used, the shorter its lifetime should be
Keys should be backed up or escrowed in case of emergencies
Keys should be properly destroyed when their lifetime comes to an end.

Link Encryption vs. End-to-End Encryption
E-Mail Standards
Multipurpose Internet Mail Extension(MIME) - a technical specefication indicating how multimedia data and e-mail attachments are to be transferred
Secure MIME (S/MIME)
Privacy-Enhanced Mail (PEM)

• Messages encrypted with AES in CBC mode
• Public key management, provided by using RSA
• X.509 standard, used for certification structure and format

Message Security Protocol (MSP)
Pretty Good Privacy (PGP)

ATTACKS (p676)

Ciphertext-Only Attack
Known-Plaintext Attack
Chosen-Plaintext Attack
Chosen-Ciphertext Attack
Differential Cryptanalysis
Linear Cryptanalyis
Side Channel Attack
Replay Attack

Telecommunications and Networking Security

OSI Model
TCP/IP and many other protocols
LAN, WAN, MAN, intranet, and extranet technologies
Cable types and data transmission types
Network devices and services
Communications security management
Telecommunications devices
Remote access methods and technologies
Wireless technologies

"Telecommunications and networking use various mechanisms, devices, software, and protocols that are interrelated and integrated. Networking is one of the more complex topics in the computer field, mainly because so many technologies and concepts are involved"

Open Systems Interconnection Reference Model
A network protocol is a standard set of rules that determines how systems will communicate across networks



Encapsulation - Each protocol at a specific OSI layer on one computer communicates with a corresponding protocol operating at the same OSI layer on another computer.




Functions and protocols in the OSI Model

Application

• File Transfer Protocol (FTP)
• Trivial Firle Transfer Protocol (TFTP)
• Simple Network Management Protocol (SNMP)
• Simple Main Transfer Protocol (SMTP)
• Telnet
• Hypertext Transfer Protocol (HTTP)

Presentation

• American Standard Code for Information Interchange (ASCII)
• Extended Binary-Coded Decimal Interchange Mode (EBCDIC)
• Tagged Image File Format (TIFF)
• Joint Photographic Experts Group (JPEG)
• Motion Picture Experts Group (MPEG)
• Musical Instrument Digital Interface (MIDI)

Session

• Network File System (NFS)
• NetBIOS
• Structured Query Language (SQL)
• Remote procedure call (RPC)

Transport

• Transmission Control Protocol (TCP)
• User Datagram Protocol (UDP)
• Secure Sockets Layer (SSL)
• Sequenced Packet Exchange (SPX)

Network

• Internet Protocol (IP)
• Internet Control Message Protocol (ICMP)
• Internet Group Management Protocol (IGMP)
• Routing Information Protocol (RIP)
• Open Shortest Path First (OSPF)
• Novel Internetwork Packet Exchange (IPX)

Data Link

• Address Resolution Protocol (ARP)
• Reverse Address Resolution Protocol (RARP)
• Point-to-Point Protocol (PPP)
• Serial Line Internet Protocol (SLIP)

Physical

• High-Speed Serial Interface (HSSI)
• X.21
• EIA/TIA-232 and EIA/TIA-449

http://en.wikipedia.org/wiki/OSI_model

TCP/IP - Transmission Control Protocol/Internet Protocol - a suite of protocols that governs the way that data travels from one device to another.

TCP Handshake
The host that initiates communication sends a synchronous (SYN) packet to the receiver. The receiver acknowledges this request by sending a SYN/ACK packet. The sending host acknowledges this with an acknowledgment (ACK) packet.

IP Addressing
Class A 0.0.0.0 to 127.255.255.255 - First byte is the network portion and the remaining three bytes are the host portion
Class B 128.0.0.0 to 191.255.255.255 - First two bytes are the network portion and the remaining two bytes are the host portion
Class C 192.0.0.0 to 223.255.255.255 - First three bytes are the network portion and the remaining one byte is the host portion
Class D 224.0.0.0 to 239.255.255.255 - Used for multicast addresses
Class E 240.0.0.0 to 255.255.255.255 - Reserved for research

IPv6 p439

Types of Transmission
Analog - transmission signals are continuously varying electromagnetic waves that can be carried over air, water, twisted-pair cable, coaxial cable, or fiber-optic cable.
Digital - signals represent binary digits as electrical pulses
Bandwidth - the number of electrical pulses that can be transmitted over a link within a second.

Broadband and Baseband
Baseband uses the entire communication channel for its transmission whereas broadband divides the communication channel into individual and independent channels so that different types of data can be transmitted at the same time.

LAN Networking
Network Topology - Ring, Bus, Star, or Mesh
Ethernet is a LAN-sharing technology that enables several devices to communicate on the same network

• Shares media
• Uses broadcast and collision domains
• uses the carrier sense multiple access with collision detection (CSMA/CD)
• Supports full duplex on twisted-pair media
• Is defined by standard IEEE 802.3

Token Ring IEEE 802.5
FDDI (image above) Fiber Distributed Data Interface developed by ANSI is a high speed token passing media access technology. IEEE 802.8

Cabling types:
Coaxial Cable
Twisted Pair Cable
Fiber Optic Cable

Cabling Problems (as defined on p456-457)
Noise
Attenuation
Crosstalk

Transmission Methods:
Unicast - when a packet needs to go from the source computer to one particular system
Mulicast - when a packet needs to go to a specific group of systems
Broadcast - when a system wants all computers on its subnet to receive a message

Media Access Technologies
Token Passing - Token is a 24 bit control frame used to control which computers communicate at what intervals.
Polling - some systems are configured as primary stations and others are configured as secondary stations

LAN Protocols
Address Resolution Protocol; MAC (media access control)
Reverse Address Resolution Protocol - frames go to all systems on the subnet, but only the RARP server responds
Internet Control Message Protocol - delivers status messages, reports errors, replies to certain requests, reports routing information, and is used to test connectivity and troubleshoot problems on IP networks.

"The Difference Between ARP and RARP
ARP knows the IP address and broadcasts to find the matching hardware address, the MAC address. RARP knows the hardware address and broadcasts to find the IP address."

Networking Devices
Repeaters - proveds the simplest type of connectivity because it only repeats and amplifies electrical signals between cable segments, which enables it to extend a network
Bridges - LAN device that is used to connect LAN segments
Routers

1. Frame is received
   
2. Router retrieves the destination IP network address from the datagram
3. looks at the routing table to see which port matches the requested destination IP network address
   
4. if router does not have information in its table about he destination address, it sends out an ICMP error message to the sending computer
5. if router does have a route, it decrements the TTL value and sees whether the MTU is different for the destination network
6. the router changes header information in the frame so that the frame can go to the next correct router
7. The router sends the frame to its output queue for the necessary interface.
   

Switches

Gateway - a general term for software running on a device that connects two different environments and many times acts as a translator for them or somehow restricts their interactions.
Firewalls - used to restrict access to one network from another network
Packet filtering - a security method of controlling what data can flow into and out of a network
Stateful Firewalls; Proxy Firewalls (middleman)

Application vs. Circuit level proxy firewall characteristics
Application level

• Different proxy required for each service allowed
• provides more intricate control
• requires more processing per packet; slower
  

Circuit level

• Does not require a proxy for each and every service
• Does not provide the detailed access control that an application level proxy firewall provides
• Provides security for a wider range of protocols

Dynamic Packet Filtering
kernel proxy firewalls

Firewall Architecture - Bastion Host, Dual Homed Firewall, Screened Host, Screened Subnet

Honeypot - a computer that usually sits in the screened subnet. or DMZ, and attempts to lure attackers to it instead of to actual production computers.

Networking Services and Protocols

Network Operating System (NOS) - special software designed to control network resource access and provide the necessary services to enable a computer to interact with the surrounding network

Domain Name Services (DNS) - a method of resolving host names to IP addresses so that the names can be used instead of IP addresses when referencing unique hosts on the internet.

Internet DNS and Domains

.com = Commercial

.edu = Education

.mil = U.S. military organization

.int = International treaty organization

.gov = Government

.org = Organizational

.net = Networks 

DNS Poisoning 

Network Information System (NIS) - works like a telephone book for locating network resources.

NIS+ security levels:

level 0 - No security

level 1 - low level of security

level 2 - default level that has authentication and authorization enabled

Directory Service has a hierarchical database of users, computers, printers, resources, and attributes of each. It is used mainly for lookup operations

Lightweight Directory Access Protocol (LDAP) -is a client/server protocol used to access network directories.

Network Address Translation

current private IP address ranges:

• 10.0.0.0 - 10.255.255.255 Class A network
  
• 172.16.0.0 - 172.31.255.255 16 contiguous Class B networks
  
• 192.168.0.0 - 192.168.255.255 256 contiguous Class C networks
  

Static Mapping; Dynamic Mapping; Port Address Translation (PAT)

Intranets and Extranets

Intranet - a "private" network that uses Internet technologies such as TCP/IP.

Extranet - extends outside the bounds of the company's network to enable two or companies to share common information and resources.

Metropolitan Area Network

    (MAN) - usually a backbone that connects LANs to each other and LANs to WANs, the Internet, and telecommunication and cable networks. Majority of today's MANs are Synchronous Optical Networks (SONET) or FDDI rings provided by the telecommunications service providers

Wide Area Networks

   (WAN) - technologies are used when communication needs to travel over a larger geographical area.

Telecommunications Evolution

Multiplexing - a method of combining multiple channels of data over a single transmission path.

Telecommunications history:

• Copper lines carry purely analog signals
• T1 lines carry up to 24 conversations
• T3 lines carry up to 28 T1 lines
• Fiber-optics and the SONET network used
• ATM over SONET used

Dedicated links - or leased line or point-to-point link is one single link that is pre-established for the purposes of WAN communications between two destinations.

T-Carriers - dedicated lines that can carry voice and data information over trunk lines.

WAN Technologies

Channel Service Unit/Data Service Unit(CSU/DSU) - required when digital equipment will be used to connect a LAN to a WAN.

Circuit switching - sets up a virtual connection that acts like a dedicated link between two systems

Circuit Switching vs Packet Switching

Circuit switching

• Connection-oriented virtual links 
• Traffic travels in a predictable and constant manner
• Fixed delays
• Usually carries voice-oriented data

Packet switching

• Packets can use many different dynamic paths to get to the same destination
• Traffic is usually bursty in nature
• Variable delays
• Usually carries carries data-oriented data

Frame Relay is a WAN protocol that operates at the data link layer. It is a WAN solution that uses packet-switching technology that enables multiple companies and networks to share the same WAN media.

Virtual Circuits

The permanent virtual circuit (PVC) works like a private line for a customer with an agreed upon bandwidth availability. Unlike PVCs, switched virtual circuits (SVCs) require steps similar to a dial up and connection procedure.

X.25 is an older WAN protocol that defines how devices and networks establish and maintain connections.

Asynchronous Transfer Mode (ATM) - a switching technology that uses cell-switching method.

QoS - Quality of Service is a capability that allows a protocol to distinguish between different classes of messages and assign priority levels

• Constant Bit Rate (CBR)
• Variable Bit Rate (VBR)
• Unspecified Bit Rate (UBR)
• Available Bit Rate (ABR)

The three basic levels of QoS:

1. Best effort service
2. Differentiated service
3. Guaranteed service

Switched Mulitmegabit Data Service (SMDS) - a high-speed packet-switched technology used to enable customers to extend their LANs across MANs and WANs

Synchronous Data Link Control (SDLC) - protocol is based on networks that use dedicated, leased lines with permanent physical connections

High-level Data Link Control (HDLC) - protocol is also a bit-oriented link layer protocol used for transmission over synchronous lines

High-speed Serial Interface (HSSI) - used to connect multiplexers and routers to high-speed communications services such as ATM and frame relay.

Multi-service access technologies combine several types of communication categories over one transmission line.

H.323 Gateways page 531

Remote Access

Dial-Up and RAS

Remote Access Service (RAS) server, which performs authentications by comparing the provided credentials with the database of credentials it maintains.

ISDN

Integrated Services Digital Network (ISDN) - a communications protocol provide by telephone companies and ISPs.

DSL 

Digital Subscriber Line is a type of high speed connection technology used to connect a home or business to the service provider's central office.

Cable Modem

Cable modems proved high-speed, up to 50 mbps, to the Internet through existing cable coaxial and fiber lines.

VPN

a virtual private network (VPN) is a secure, private connection through a public network or an otherwise unsecured environment. It is a private connection because the encryption and tunneling protocols are used to ensure the confidentiality and integrity of the data in transit.

Tunneling Protocols:

Point to Point Tunneling Protocol (PPTP):

• Designed for client/server connectivity
• Sets up a single point to point connection between two computers
• Works at the data link layer
• Transmits over IP networks only

Layer 2 Forwarding (L2F):

• Created before L2TP by Cisco
• Merged with PPTP, which resulted in L2TP
• Provides mutual authentication 
• No encryption

Layer 2 Tunneling Protocol (L2TP):

• Hybrid of L2F and PPTP
• Sets up a single point to point connection between two computers
• Works at the data link layer
• Transmits over multiple types of networks, not just IP
• Combined with IPSec for security 

IPSec:

• Handles multiple connections at the same time
• Provides secure authentication and encryption
• Supports only IP networks
• Focuses on LAN to LAN communication rather than a dial up protocol
• Works at the network layer, and provides security on top of IP
• Can work in tunnel mode or transport mode

Physical Security

Administrative, technical, and physical controls
Facility location, construction, and management
Physical security risks, threats, and countermeasures
Electrical power issues and countermeasures
Fire prevention, detection, and suppression
Intrusion detection systems

Introduction to Physical Security

• Natural environmental threats - Floods, eathquakes, storms and tornadoes, fires extreme temperature conditions, and so forth
• Supply system threats - Power distribution outages, communications, interruptions, and interruption to other natural energy resources such as water, steam, and gas, and so forth
• Manmade threats - Unauthorized access, explosions, damage by angry employees, employee errors and accidents, vandalism, fraud, theft, and so forth
• Politically motivated threats - Strikes, riots, civil disobedience, terrorist attacks and bombings, and so forth

Planning Process
Crime and disruption prevention through deterrence; Reduction of damage through the use of delaying mechanisms; Crime or disruption detection; Incident assessment; Response procedures

For an effective physical security program, the following steps must be taken

1. Identify a team of people who will build the physical security program through the following steps.
2. Carry our a risk analysis
   
3. Work with management to define acceptable risk level
4. Derive the required performance baselines
5. Create countermeasure performance metrics
6. Develop criteria from the results of analysis
7. Identify and implement countermeasures
8. Continuously evaluate countermeasures

Crime Prevention Through Environmental Design (CPTED)
Natural Access Control - the guidance of people entering and leaving a space by the placement of doors, fences, lighting, and even landscaping
Natural Surveillance
Territorial Reinforcement - creates physical designs that emphasize or extend the company's physical sphere of influence.

Designing a Physical Security Program

Facility

• Visibility
• Surrounding area and external entities
• Accessibility
• Natural disasters

Construction

• Walls
• Doors
• Ceilings
• Windows
• Flooring
• Heating, ventilation, and air conditioning
• Electronic power supplies
• Water and gas lines
• Fire detection and suppression

Entry Points - doors and windows. Types of windows include: Standard, Tempered, Acrylic, Wired, Laminated, Solar window film, Security film
Internal Compartments with partitions are used to create barriers between one area and another. Computer and Equipment Rooms.

Protecting Assets
Tips

• Inventory all laptops
• Harden the OS
• Password protect BIOS
• Register all laptops with the vendor and file a report when stolen
• Do not check laptop as luggage when flying
• Never leave a laptop unattended and carry it in an non descriptive carrying case
• Engrave the laptop with a symbol or number for proper identification
  
• Use a slot lock with a cable to connect a laptop to a stationary object
• Back up the data from the data and store it on a stationary PC or backup media
• Use specialized safes if storing laptops in vehicles
• Encrypt all sensitive data

Internal Support Systems
Electric Power
Power Protection
Electric Power Issues - Power excess, power loss, power degration
Surge, blackout, brownout, noise
Preventive measures and good practices Page 369-370
Environmental Issues
Ventilation
Fire Prevention, Detection and Suppression
Types of Fire Detection - Smoke activated or heat activated
Fire suppression - water sprinklers (wet pipe or dry pipe), preaction, deluge
Perimeter Security
Facility Access Control
Locks - mechanical locks (pin tumbler, wafer tumbler, combination locks, cipher locks
Personal Access Controls - piggybacking - this occurs when an individual gains unauthorized access by using someone else's legitimate credentials or access rights.
Fencing
Bollards - usually look like small concrete pillars outside a building.
Lighting
Surveillance Devices
Visual Recording Devices - Closed-circuit TV (CCTV)

• Purpose of CCTV - detect, assess, and/or identify intruders
• Types of environment the CCTV camera will work in - internal or external areas
• Field of view that is required - large or small area that needs to be monitored
• Amount of illumination of the environment - lit areas, unlit areas, area affected by sunlight
• Integration with other security controls

Intrusion Detection Systems
Electro-mechanical systems, photoelectric systems, passive infrared system, acoustical detection systems, wave-pattern motion detectors, and proximity detectors.
Patrol Force and Guards
Dogs
Auditing Physical Access

• Date and time of access attempt
• Entry point in which access was attempted
• User ID used when access was attempted
• Unsuccessful access attempts, especially if during unauthorized hours
  

Security Models and Architecture

Topics Covered:

• Operating system architectures
• Trusted computing base and security mechanisms
• Protection mechanisms within an operating system
• Various security models
• Assurance evaluation criteria and ratings
• Attack Types

Operation System Architecture

Process Management

A process is the set of instructions actually running. A program is no considered a process until it is loaded into memory and activated by the operating system (OS). Today's OSs provide multi-programming, which means that more than one program or process can be loaded into memory at the same time.
Operating Systems started out cooperative and evolved to preemptive multitasking. Cooperative multitasking required the processes to voluntarily release resources that they were using. With preemptive multitasking the OS controls how long a process can use a resource.
A process can run in running state (CPU is executing its instructions and data), ready state (waiting to send instructions to the CPU), or blocked state (waiting for input data).
The OS keeps a process table. The table contains each individual process's state, stack pointer, memory allocation, program counter and status of open files in use.

Thread Management

A thread is made us of an individual instruction set and the data that needs to be worked on by the CPU.

Process Scheduling
Process Activity


To protect processes from each other, OSs can implement process isolation. It ensures communication in a secure manner and efficiently operating and completing tasks. When a process is encapsulated, no other process understands or interacts with its internal programming code. Time multiplexing is a technology that allows processes to use the same resources.

Memory Management

• Relocation
• Protection
• Sharing
• Logical Organization
  
• Physical Organization

Memory Types

Random Access Memory (RAM), Static Ram (SRAM), Synchronous DRAM (SDRAM), Extended data out DRAM (EDO DRAM), Burst EDO DRAM (BEDO DRAM) Double data rate SDRAM (DDR SDRAM)
Read-Only Memory (ROM), Programmable read-only memory (PROM)
Cache Memory - used for high speed writing and reading activities.

A monolithic operating system architecture is mainly made up of various procedures that can call upon each other in a haphazard manner.
A layered operating system architecture separates system functionality into hierarchical layers

Domains
A domain is defined as a set of objects that s subject is able to access. A process that resides in a privileged domain needs to be able to execute its instructions and process its data with the assurance that programs in a different domain cannot negatively affect its environment (execution domain).

Layering and Data Hiding
Virtual Machines
Input/Output Device Management
Interrupts

• Programmable I/O
• Interrupt-Driven I/O
• I/O Using Direct memory access (DMA)
• Premapped I/O
• Fully Mapped I/O

Trusted Computing Base (TCB)

A trusted path is a communication channel between the user, or program, and the kernel. The TCB provides protection resources to ensure that this channel cannot be compromised in any way. A trusted shell means that someone who is working in that shell cannon leave it and other processes are not able to enter it.
Developers of the OS must make sure that processes have their own execution domain. This means that they reside in the inner most ring, ring 0, their instructions are executed in privileged state, and no less trusted processes can directly interact with them. Process activation deals with the activities that have to take place when a process is going to have its instructions and data processed by the CPU. Execution domain switching takes place when a process needs to call upon a process in a higher protection ring.

Protection Rings can be explained in greater detail here.

Protection Mechanisms

Security Perimeter
Some processes and resources fall outside the TCB therefore they fall outside of this imaginary boundary called the security perimeter. The security perimeter is a boundary that divides the trusted from the untrusted.

Reference Monitor is an abstract machine that mediates all access subjects have to objects, both to ensure that the subjects have the necessary access rights and to protect the objects from unauthorized access and destructive modification
Security Kernel is made up of hardware, software, and firmware components that fall within the TCB and implements and enforces the reference monitor concept.

Security Models

State Machine Model - to verify the security of a system, the state is used, which means that all current permissions and current instances of subjects accessing objects must be captured.

Bell-LaPadula Model - in the 1970s the U.S. military used time-sharing mainframe systems and was concerned about the security of these systems. It is the first mathematical model of multilevel security policy used to define the concept of a secure state machine and modes of access and outlined rules of access.

• Simple security rule (no read up)
• *-property rule (no write down)
• Strong star property rule - a subject can perform read and write functions only to the objects at its same security level.
  

Biba Model - it is a state machine model and is very similar to the Bell-LaPadula model. It address the integrity of data within applications.

• *-integrity axiom ("no write up")
  
• Simple integrity axiom ("no read down")

Clark-Wislon Model - this model uses the following elements

• Users - active agents
• Transformation procedures (TPs)
• Constrained data items (CDIs)
• Unconstrained data items (UDIs)
• Integrity verification procedures (IVPs)

Subjects can access objects only though authorized programs. Separation of duties in enforced. Auditing is required.

Information Flow Model - The Bell-LaPadula model focuses on preventing information from flowing grom a high security level to a low security level. The Biba model focueses on preventing information from flowing from a low integrity to a high integrity level. Both of these models were built upon the information flow model.
A covert channel is a way for an entity to receive information in an unauthorized manner. In a covert storage channel, one process writes data to a storage location and another process directly, or indirectly, reads it.

Noninterference Model

Lattice Model

Brewer and Nash Model - (Chinese Wall Model) was constructed to provide information security access controls that can change dynamically.

Graham-Denning Model - 8 primitive protection rights:

1. How to securely create an object
2. How to securely create a subject
3. How to securely delete an object
4. How to securely delete a subject
5. How to securely provide the read access right
6. How to securely provide the grant access right
7. How to securely provide the delete access right
8. How to securely provide transfer access rights

Security Modes
Dedicated Security Mode, System High-Security Mode, Compartmented Security Mode, Multilevel Security Mode

Reference page 299 CISSP.

Systems Evaluation Methods

A security evaluation examines the security-relevant parts of a system, meaning the TCB, access control mechanisms, reference monitor, kernel, and protection mechanisms.

The Orange Book
The U.S. Department of defense developed the Trusted computer System Evaluation Criteria (TCSEC), which is used to evaluate OSs, applications, and different products. This evaluation criteria is published in a book with an orange cover called the Orange Book.
TCSEC provides a classification system:

• A Verified protection

A1: Verified Design

• B Mandatory protection

B1: Labeled Security
B2: Structured Protection
B3: Security Domains

• C Discretionary protection

C1: Discretionary Security Protection
C2: Controlled Access Protection

• D Minimal security
  

Red Book
The Orange book addresses single-system security, but networks are a combination of systems, and each network needs to be secure without having to fully trust each and every system connected to it. The Trusted Network Interpretation (TNI) or Red Book addresses these security items:
Communication integrity

• Authentication
• Message integrity
• Non repudiation
  

Denial-of-service prevention

• Continuity of operations
• Network management

Compromise protection

• Data confidentiality
  
• Traffic flow confidentiality
  
• Selective routing

Information Technology Security Evaluation Criteria

The Information Technology Security Evaluation Criteria (ITSEC) was the first attempt at establishing a single standard for evaluating security attributes of computer systems.

More info here: ITSEC or TCSEC

Common Criteria

Under the Common Criteria model, and evaluation is carried out on a product and is assigned an Evaluation Assurance Level (EAL):

• EAL 1 Functionally tested
• EAL 2 Structurally tested
• EAL 3 Methodically tested and checked
• EAL 4 Methodically designed, tested, and reviewed
• EAL 5 Semi formally designed and tested
• EAL 6 Semi formally verified design and tested
• EAL 7 Formally verified design and tested
  

A Few Threats to Security Models and Architectures

Maintenance Hooks - a type of backdoor
Time-of-Check/Time-of-Use Attack - deals with the sequence of steps that a system uses to complete a task
Buffer Overflow - takes place when too much data is accepted as input to an application or operation system.

Access Control

Covered topics include:

• Identification methods and technologies
• Authentication methods, models, and technologies
• Discretionary, mandatory, and non-discretionary models
• Emanation security and technologies
• Intrusion detection systems
• Possible threats to access control practices and technologies

Access controls are security features that control how users and systems communicate and interact with other systems and resources. Where access is the flow of information between a subject and an object. A subject is an active entity that requests access to an object or the data within an object. An object is a passive entity that contains information

Security Principles

1. Availability - Recovery mechanisms and fault tolerance are put into place to ensure the continuity of the availability of resources
2. Integrity - When a security mechanism provides integrity, it protects data, or a resource, from being altered in an unauthorized fashion.
3. Confidentiality - It is the assurance that information is not disclosed to unauthorized subjects.

Identification describes a method of ensuring that a subject is the entity it claims to be. It is then authenticated where the user is required to provide a second piece of identifying information such as a password or pin. Finally, before a subject is given access to an object or resource the subject must be authorized. If the systems determines that the subject attempting access to the object is allowed to access it, the subject is then authorized to use it.

Identity Management

• Various types of users need different levels of access
• Resources have different classification levels
• Diverse identity data must be kept on different types of users
• The corporate environment is continually changing

Authentication methods commonly used:

Biometrics - verifies an individual's identity by analyzing a unique personal attribute or behavior. This is one of the most effective and accurate methods of verifying identification however it is much more expensive and complex to implement than other methods. A Type I error is when a biometric system rejects an individual who should be accepted. Worse is a Type II error where the system accepts an impostor who should have been rejected.

Types of biometric identification methods include identifying a finger print, palm scan, hand geometry, retina scan, iris scan, signature dynamics, keyboard dynamics, voice print, facial scan, or hand topography.

More information can be found here: The Biometric Consortium

Other types of authentication methods that are less expensive and less complex to implement include: passwords, password management,
If an attacker is after a password, he or she can use but are not limited to these techniques:

Electronic monitoring - listening to network traffic to capture information
Access the password file - usually done on the authentication server
Brute force attacks - performed with tools that cycle through many possible character, number, and symbol combinations to uncover a password
Dictionary attacks - files of thousands of words are used to compare to the user's password until a match is found
Social engineering - an attacker falsely convinces an individual that he or she has the necessary authorization to access specific resources

Continued.. Password Checkers, Password Hashing and Encrpytion, Passoword Aging, Limit Logon Attempts, Cognitive passwords, One-Time Passwords,
Token Device - or password generator, is usually a handheld device that has an LCD display and pssible a keypad.
Synchronous - a synchronous token device sychronizes with the authentication service by using time or a counter as the core piece of authentication process.
Asynchronous - a token that is using asynchronous token-generation method uses a challange/response scheme to authenticate the user.

Example: RSA SecurID

Continued.. Cryptographic Keys, Passphrase, Memory Cards, Smart Cards.

Kerberos:

"This is a great name for a security technology that provides authentication functionality, with the purpose of protecting a company's assets. Kerberos is an authentication protocol and was designed in the mid-1980s as part of MIT's Project Athena. It works in a client/server model and is based on symmetric key cryptography."

Key Distribution Center (KDC) holds all users' and services' secret keys. It provides authentication service as well as key distribution functionality
Sesame
The Secure European System for Application in a Multi-vendor Environment project is a single sign on technology that was created to expand Kerberos functionality.

Discretionary Access Control (DAC) - enables the owener of the resouce to specify which subjects can access specific resouces.
Mandatory Access Control (MAC) - uses and data owners do not have as much freedom to determine who can access files. the operation system makes the final decision and can override the users' wishes
Role-Based Access Control (RBAC) or Nondicrectionary access control - uses a centrally administrated set of controls to determine how subjects and objects interact.

Access Control Techniques:

• Access control matrix
• ACL
• Capability table
• Content-based access
• Context-based access
• Restricted interface
• Rule-baesed

Centralized Access Control Administration
RADIUS (Remote Authentication Dial-IN User Service) is a client/server authentication protocol that authenticates and authorizes remote users.
TACACS (Terminal Access Controller Access Control System) combines it authentication and authorization processes, XTACACS separates authentication, authorization, and auditing processes, and TACACS+ is XTACACS with extended 2-factor user authentication

Decentralized Access Control Administration gives control of access to the people closer to the resources - the people who may better understand who should not have access to certain files, data, and resources.

Intrusion Dection System (IDS) are designed to detect a security breach unlike firewalls.
Other dectection systems include: Knowledge- or Signature-Based IDS, Statistical Anomaly-Based IDS, Protocol Anomaly-Based IDS, Traffic Anomaly-Based IDS, Rule Based IDS, State-Based IDS, Model-Based IDS,
Intrusion Prevention Systems (IPS) the traditional IDS only sends an alert when something bad is taking place, while the goal of an IPS is to detect theis activity and not allow the traffic to gain access to the target in the first place.

Threats to Access Control

Dictionary Attacks and Brute Force Attacks

Security Management Practices

Security Management

includes risk management, information security policies, procedures, standards, guidelines, baselines, information classification, security organization, and security education.

Security Management Responsibilities: Who is in charge and why?

Analogy: Building a house

The Top-Down Approach to security is ideal. It means that the initiation, support, and direction come from top management and work their way down through middle management ant then to staff members

Bottom-Up Approach to security is the exact opposite. It refers to a situation in which the IT department tries to develop a security program without getting proper management support and direction.

Security Administration and Supporting Controls

• Administrative controls - developing and publishing of policies, standards, procedures, and guidelines; the screening of personnel; training and implementing change control procedures.
• Technical controls (logical controls) - implementing and maintaining access control mechanisms, password and resource management, identification and authentication methods, security devices and configuration of infrastructure.
• Physical controls - controlling individual access into facility, locking systems and removing unnecessary drives from computers, etc...

Fundamental Principles of security

The main three principles in all programs are:

1. Availability - "ensures reliability and timely access to data and resources to authorized individuals"
2. Integrity - "upheld when the assurance of accuracy and reliability of information and systems is provided, and unauthorized modification is prevented."
3. Confidentiality - "ensures that the necessary level of secrecy is enforced at each junction of data processing and prevents unauthorized disclosure.

Terms

Shoulder surfing - when a person looks over another persons shoulder and watches their keystrokes or views data as it appears on the screen

Social engineering - when one person tricks another person into sharing confidential information by posing as someone authorized to have access to that information.

Security Definitions

A big part of this chapter are the words vulnerability, risk, and exposure. They are often used to represent the same thing however, they are all unique and related.

A vulnerability is a software, hardware, or procedural weakness that may provide and attacker the open door into a computer or network.

A threat is any potential danger to information or systems.

A risk is the likelihood of a threat agent taking advantage if a vulnerability and the corresponding business impact.

An exposure is an instance of being exposed to losses from a threat agent.

ISO 17799 Domains

• Information security policy for the organization
• Creation of information security infrastructure
• Asset classification and control
• Personnel security
• Physical and environmental security
• Communications and operations management
• Access control
• System development and maintenance
• Business continuity management
• Compliance

The text goes into further detail about Information Risk Management. Preventing from physical damage, human interaction, equipment malfunction, inside and outside attacks, misuse of data, loss of data, and application error. Risk analysis has four main goals

1. Identify assets and their values
2. Identify vulnerabilities and threats
3. Quantify the probability and business impact of these potential threats
4. Provide an economic balance between the impact of the threat and the cost of the countermeasure

Risk analysis provides a cost/benefit comparison, which compares the annualized cost of safeguards to the potential cost of loss.

Quantitative vs. Qualitative Risk Analysis

Delphi Methods

Defining Policies, Standards, Baselines, Guidelines, and Procedures.

A security policy is an overall general statement produced by senior management that dictates what role security plays within the organization. Standards refer to mandatory activities, actions, rules, or regulations. A baseline can refer to a point in time that is used as a comparison for future changes or it can be defined as the minimum level of protection that is required. Guidelines are recommended actions and operational guides to users, IT staff, operations staff, and others when a specific standard does not apply. Procedures are detailed step-by-step tasks that should be performed to achieve a certain goal.

Private Business vs. Military Classifications

Commercial Business

• Confidential
• Private
• Sensitive
• Public

Military

• Top Secret
• Secret
• Confidential
• Sensitive but unclassified
• Unclassified

Layers of Responsibility

Data Owner

Data Custodian

System Owner

Security Administrator

Security Analyst

Application Owner

Supervisor

Change Control Analyst

Data Analyst

Process Owner

Solution Provider

User

Product Line Manager

Security Trends

How Security Became an Issue

About 25 years ago the only computers were mainframes. They had closed environments with little threat of secrurity breaches or vulnerabilities being exploited. Only a handful of people working in a "glass house" even knew how to operate the computer.
As networks were connected, it was done so only to accomplish specific tasks. As companies became more dependent on mainframes more functional applications were being developed. As PCs became more powerful, some jobs were given to the individual while all the large processing still took place on the mainframes.
It made no sense that each computer held information that was needed by all other computers. As a result servers were invented to hold the programs and data in a centralized location.
There were no barriers or protection from malicious users. Thus, information security is born.

Information Warfare
National:
Militaries used to only train its soldiers how to shoot, fight in combat, and practice evasive maneuvers. Now they need to also know how to use the technological tools that power vehicles, weapons systems, and communication systems. Disrupting communication or listening in on classified conversations can lead to sure victory or imminent defeat.
For example, in the Persian Gulf War it was reported that hackers from the Netherlands penetrated American military sites and extracted information about the exact location of troops, weapons on details, and movement of American ships. They offered to sell it to Saddam Hussein. Luckily he rejected the offer thinking it was a trick.

Corporate:
Organizations have trade secrets and other intellectual property. Several companies have had their databases attacked and lost data of their customers personal information including credit card numbers. Many companies now are insured in case of a natural disaster or a major security breach.

Government:
President Clinton, on July 15, 1996, approved the establishment of the Presidents Commission on Critical Infrastructure Protection (PCCIP). The role of this commission was to investigate attacks, how future attacks could be made, how they could affect the infrastructure, and assess our vulnerabilities to such attacks.
In 2002 Present Bush created the Office of Homeland Security. Departments of information technology and cybersecurity were included.


Internet and Web Activities
The internet was established for Universities and government organizations could communicate quickly and share information. As more and more sites connected to each other, the internet led to the development of the World Wide Web. The internet provides the hardware, platforms, and communication mechanisms, whereas the Web provides the software that sits on top of the internet.
With the introduction of HTML companies started to utilize the internet and bring their services to the web. Attackers had easy access if databases were directly connected to web servers with no protection mechanisms. This led to the two tier architecture. This consists of a server farm that sits behind a firewall and infront of the database.
The two tier is fine for environments that do not house very sensitive data, but for those companies that hold bank or credit card information a three tier system is far more secure. A three tier architecture has a front end server farm, middle servers running middleware software, and back-end databases with two distinct and uniquely configured firewalls.

A Layered Approach: As advised by the text

• Configure application, file, and registry access control lists (ACLs) to provide more granularity to users' and groups' file permissions
• Configure the system default user rights (in a Windows environment) to give certain types of users certain types of rights
• Consider the physical security of the environment and the computers, and apply restraints where required
• Place users into groups that have implicit permissions necessary to perform their duties and no more
• Draft and enforce a strict logon credential policy so that not all users are logging on as the same user
• Implement monitoring and auditing of file access and actions to identify and suspicious activity.
  

(ISC)²

The International Information Systems Security Certification Consortium, Inc or (ISC)2 is the organization in which to become a CISSP.  Their website is http://www.isc2.org/

The credentials for becoming a CISSP are as follows; Direct from isc2.org.

The Certification That Inspires Utmost Confidence If you plan to build a career in information security – one of today’s most visible professions – and if you have at least five full years of experience in information security, then the CISSP^® credential should be your next career goal.

The CISSP was the first credential in the field of information security, accredited by the ANSI (American National Standards Institute) to ISO (International Standards Organization) Standard 17024:2003. CISSP certification is not only an objective measure of excellence, but a globally recognized standard of achievement.

Brochure for a CISSP

Because I do not have the necessary five years of experience, I will aim to ultimately achieve the CISSP certification, however, in the mean time, (ISC)2 offers what is called an Associate of (ISC)2 credential as described below.

The Associate of (ISC)² status is available to qualified candidates who:

• Subscribe to the (ISC)² Code of Ethics
• Pass the CISSP^® or SSCP^® certification exams based on the (ISC)² CBK^®, our taxonomy of information security topics.

Information security is an immensely rewarding career with unlimited possibilities, with a career partner like (ISC)².

Brochure for Associate of (ISC)2

Schedule

Ch 1 Becoming a CISSP	Aug 27 - Sept 2
Labor Day	Sept 7
Ch 2 Security Trends	Sept 3 - 9
Ch 3 Security Management Practices	Sept 10 - 16
Ch 4 Access Control	Sept 17 - 23
Ch 5 Security Models and Architecture	Sept 24 - 30
Ch 6 Physical Security	Oct 1 - 7
Midterm	Oct 8
Ch 7 Telecommunications and Networking Security	Oct 8 - 14
Ch 8 Cryptography	Oct 15 - 21
Ch 9 Business Continuity Planning	Oct 22 - 28
Fall Break	Oct 30
Ch 10 Law, Investigation, and Ethics	Oct 29 - Nov 4
Ch 11 Application and System Development	Nov 5 - 11
Ch 12 Operations Security	Nov 12 - 18
Holiday (Thanksgiving)	Nov. 23-27, M-F
Classes End	Dec. 8, Tu
Reading Day	Dec. 9, W
Final Exams	Dec. 10-11, Th-F & 14-16, M-W
Commencement	Dec. 18, F
Grades Due	Dec. 18, F, 7 p.m.

The Book

The book I will be using for this course will be All In One CISSP Exam Guide Third Edition written by Shon Harris CISSP, MCSE.
The aim of this text is to prepare you to pass the CISSP certification exam. It has full treatment of the ten domains (as described in previous post), It has learning objectives at the beginning of each chapter, practice exam questions, as well as real world scenarios.

ISBN: 0-07-225712-1

Link: http://www.amazon.com/CISSP-All-One-Guide-Third/dp/0072257121/ref=sr_1_1?ie=UTF8&qid=1251313677&sr=8-1

I will be using the Third Edition to prepare for my exam with the understanding that certain aspects of the text may be outdated and I will need to do additional research beyond the text for this.

The Certified Information Systems Security Professional

I will be learning how to become a CISSP. Involved with this will be understanding in depth ten domains. The domains are as follows:

1. Access Control and Systems Methodology
2. Telecommunications and Network Security
3. Security Management Practices
4. Applications and Systems Development Security
5. Cryptography
6. Security Architecture and Models
7. Operations Security
8. Business Continuity Planning (BCP) and Disaster Recovery Planning (DRP)
9. Laws, Investigation, and Ethics
10. Physical Security

At the conclusion of this course, I will be able to sit for the CISSP exam with adequate preparation in efforts to becoming an associate of (ISC)2.