CISSP Security Architecture and Design - Domain 6 Flashcards
1
Q
Q
A
A
2
Q
Security Definitions - Framework
A
A defined approach to the process used to achieve the goals of an architecture, based on policy, and reflecting the requirements and expectations the various stakeholders.
3
Q
Security Definitions - Blueprint
A
The functional definition for the integration and development of technology infrastructure into the business process.
4
Q
ISO/IEC 27001
A
- General reuirements of the ISMS 2. Managment responsibility 3 Internal ISMS audits 4. Managment review of the ISMS 5. ISMS improvement
5
Q
ISO/IEC 27002
A
- Security policy 2. Organization and Information Security 3. Asset management 4 Human Resources Security 5. Physical and Environmental Security 6. Communications and Operations management 7. Access control 8. IS Acquisitions, development and maintenance 9 IS Incident management 10. Business continuity Management 11. Compliance
6
Q
Control Objects for Information and related technology - COBIT
A
An IT management framework.
7
Q
Dedicated Security Mode
A
- Cannot separate compartments or categories. 2. All users have need to know access to all data.
8
Q
Compartmented Security Mode
A
When all users have the clearance to access all the information processed by the system, but might not have the need to know.
9
Q
Lattice based Access Control
A
- Every pair of elements (subject and object) has a partially ordered set with a greatest lower bound and least upper bound of access rights. 2. Bounds can be confidentiality levels (classifications and clearances) or integrity levels.
10
Q
Non-Interference Model for Access Control
A
- Based on a theory where th users are separated into different domains. 2. Uses a state machine approach that keeps track of which actions are allowed for which users. 3. Users’ actions in one domain cannot affect or interfere with users in other domains. 4. A subject cannot be influenced by the behavior of other subjects at higher security levels.
11
Q
Information Flow model - Access Control
A
- Each input induces a state transition and a specific output. 2. Restricts information from flowing in ways that would go against the security policy.
12
Q
Bell-LaPadula Security Model (Confidentiality)
A
- Formal state transition model that divides entities into subjects and objects. 2. The model outlines how to keep a secure state in every transaction by only allowing subjects certain access rights. 3. The clearance of the subject attempting to access an object is compared with that objects classification. 4 The clearance/classification scheme is expressed in terms of a lattice.
13
Q
Biba Security Model - Integrity (read up write down)
A
- No subject can depend on a less trusted object 2. Based on a hierarchical lattice of integrity levels
14
Q
Biba Security Model - Rules (read up write down)
A
- Subject cannot write data to an object at a higher integrity level 2. Subject cannot read data from an object at a lower integrity level.
15
Q
Clark-Wilson Security Model (Integrity)
A
- Well formed transactions: constraints on user to ensure the internal consistency of data is not affected 2. Seperation of duties: ensures the consistency of data 3. This model patrons objects into programs and data. 4. Access Triple: subject must go through a program to access and modify data.
16
Q
Clark-Wilson Security Model - 3 Integrity Goals
A
- Prevents unathorized users from making modifications 2. Prevents authorized users from making improper modifications 3 maintains internal and external consistency
17
Q
Brewer and Nash Security Model (Chinese Wall)
A
- Mathmatical theory used to implement dynamically changing access permissions 2. Defines a wall and develops a set of rules that ensure that no subject accesses objects on the other side of the wall 3 Individuals are only allowed to access data that is not in conflict with data they accessed previously 4. Way of separating competitors data within same dbase. 5. Tries to ensure that usr do not make fraudulent modifications to objects.
18
Q
Graham-Denning Security Model
A
Primary concerened with how subjects and objects are created, how subjects are assigned rights and privileges and how ownership of objects is managed. Think MS permissions.
19
Q
Evaluation of Security Products
A
- Helps vendors develop a product to meet the markets demand 2. Third party verifying the security mechanisms and acclaimed protection in products 3. Provide a common metric to understand and talk about protection provided in products. 4 A “grading” system
20
Q
Security Product evaluations
A
Degree of independence of the eval team is crucial 2. Evaluation criteria needs to reflect security features 3. Accreditation is environment and system specific 4. Balance of risk and benefits
21
Q
Security evaluations - Evaluation standards
A
- Trusted Computer System Evaluation Criteria (TCSEC) 2. Information Technology Security Evaluation (ITSEC) 3. ISO.IEC 15408 Common Criteria
22
Q
TCSEC
A
- Devloped by National Computer Security Center for DOD 2. Based on the Bell-LaPadula model 3. Rainbow series
23
Q
Rainbow Series (TCSEC)
A
- Orange book rated operations systems - standalone 2. Red book - Trusted Network Interpretation of the TCSEC
24
Q
TCSEC Breadkdowns
A
- Addresses confidentiality only 2. Functionality and assurance of the security mechanisms are not evaluated separately but combined and rated as a whole system 3. Grded classification of systems that is divided into hierarchal divisions of security levels: A greater than B to B3 (MAC) which is greater than C (DAC) which greater than D which is minimal protection. Each higher level is inclusive of all the levels below.
25
TCSEC Levels C1- Discretionary Security Protection
1. Seperation of users and data 2. Cooperating users processing data at the same sensitivity
26
TCSEC Levels C2 - Controlled Access Protection
1. Object reuse 2. Protect Audit trail
27
TCSEC Levels B1 - Labeled security protection
1. Labels and MAC 2. Process isolation in system architecture 3. Design Specifications and verification 4. Device Labels
28
TCSEC Levels B2 - Structured Protection
1. Device Labeland subject sensitivity labels 2. Trusted path 3. Seperation of Operator and administrator functions 4. Covert channel analysis
29
TCSEC Level B3 - Security Domains
1. Security Administrator role defined 2. Trusted recovery 3. Monitor events and notify security personnel
30
TCSEC Level A1 - Verified Design
Formal Methods
31
ITSEC
1. DEvelop in Europe to establish one standard for evaluating the security of systems 2. Evaluates functionality and assurance separately 3. F1-F10 rates of functionality 4. E0-E6 rates for assurance - assurance is a measurement of correctness and a judgement of its effectiveness of security functionality and provides confidence
32
Common Criteria
1. ISO/IEC 15408 2. Rainbow series was too rigid and did not take many things into account 3. ITSEC provided more flexibility, but added more complexity with its attempts 4. Made up from - TCSEC ITSEC Canadian Trusted Computer Product Evaluation Criteria (CTCPEC) Federal Criteria
33
Common Criteria Components
1. Protection profile - description of needed security solution 2. Target of Eval nation - product proposed to provide needed security solution 3. Security target - written by vendor explain security functionality and assurance mechanisms that meet the needed security solution 4 Packages - Evaluation Assurance Levels (EAL) security requirements are bundled into package for reuse and describes what must be met to achieve specific EAL ratings
34
EAL 1
Functionally Tested
35
EAL 2
Structurally Tested
36
EAL 3
Methodically tested and checked
37
EAL 4 - most often used
Methodically designed, tested and reviewed
38
EAL 5
Semi-formally designed and tested
39
EAL 6
Semi-formally verified designed and tested
40
EAL 7
Formally verified designed and tested
41
EAL numonic
FSMMDSSVF Fun Stress Method Medical Doctor Seems Somewhat Verifiably Foolish
42
Certification and Accreditation
1. Certification is the technical evaluation 2. Accreditation is the formal acceptance by management of the residual risk.
43
C&A - Relationship to enterprise
1. technical reference Model 2. Standards profile
44
C&A - Communication and Validation of security requirements
1. Categorize 2. Control 3. Consistent
45
C&A - Consistent Taxonomy
1 Rules of behavior 2. System Controls 3. Risk Management
46
Certification Characteristics
1. Formal process for testing systems against a set of security requirements 2. Normally performed by an independent reviewer instead of someone who was involved with building the system 3. Less formal security testing can be performed for lower-risk systems
47
Accreditation Characteristics
1. the decision given by a senior agency official to authorize operation of an information system: a. in a particular security mode b. using a prescribed set of controls c. against a defined threat d. at an acceptable level of risk e. for a specific period of time 2. The official explicitly accepts the risk to agency assets based on the implementation of these security conditions.
48
C&A Phases - Initiation Phase
1. Preparation 2. Notification and resource Identification 3. System Security Plan analysis Update and Acceptance
49
C&A Phases - Security Cerification Phase
1. Security Control Assessment 2. Security Certification Documentation
50
C&A Phases - Security Accreditation Phase
1. Security Accreditation Decision 2. Security Accreditation Documentation
51
C&A Phases - Continuous Monitoring Phase
1. Configuration Mangment and Control 2. Security Control Monitoring 3. Status Reporting and Documentation
52
Trusted Computing Base
1. Defined as the total combination of protection mechanisms within a computer system 2. Elements of the TCB enforce the security policy of the system and do not violate it (the hardware software and firmware that carry out the systems security policy)
53
Computer Components
1. Processor 2. Memory 3 Storage 4. Buses 5. Networking components 6 OS (functionality and security of the system depends upon the interaction of these components
54
Central Processing Unit (CPU) - Control Unit
Manages Synchronization of data being processed
55
Central Processing Unit (CPU) - Arithmetic Logic Unit (ALU)
Performs mathmatical and logical functions on data
56
CPU States - Supervisor
1. Kernel Protected Priviledged mode 2. Ring Zero (highest level) 3. Program can access entire system 4. Both privileged and non-privileged instructions
57
CPU States - Problem
1. User/Program Mode 2. Ring three (lowest level of 4 rings) 3. inly non-privileged instructions are executed 4. intended for application programs
58
Computer Components - Storage - Primary
1. Memory directly addressable by the CPU used to store an applications data for processing 2 distinguished from virtual memory
59
Computer Components - Storage - Secondary
1. Slower access, non-volatile 2. Hard disk, tape, ZIP, optical, thumb drives
60
Computer Components - Storage - volatile memory
1. Random Access Memory (RAM) 2. Loses data when powered off
61
Computer Components - Storage - nonvolatile storage
1. Does not loose data when powered off 2. Read only memory (ROM, EPROM)
62
Computer Components - Storage - cache
1. Part of RAM used for high-speed writing and reading activities 2. Cache logic attempts to predict what instructions will be most needed and stores those for overall increase in system performance
63
Computer Components - Storage - Virtual
1. Secondary storage plus RAM, extends systems overall memory 2. Applications access through virtual address
64
Memory Mapping
Only trusted processes can access RAM directly; everything else must be mapped
65
Accessing Files - Sequential Storage
1 Media that holds data that must be searched from beginning to end instead of going directly to the are where requested data is held 2 Magnetic tape
66
Accessing Files - Direct or Random Access
1. Files can be accessed in different sequences 2. Divide memory into tracks and sectors 3. Accessing memory
67
Process vs thread
1. The context for a program 2. Has its own virtual memory space 3. A process can contain several threads of code 4. Thread is the basic entity that can be scheduled 5. Each thread has a kernel and user mode stack
68
Process States
1. Stopped 2. Ready 3. Waiting 4 Running
69
System Functionality - Multithread
1. The OS can process several lines of code simultaneously 2. Concurrent processing of several tasks inside same program
70
System Functionality - Multitask
Simultaneous execution of two or more programs
71
System Functionality - Multi-programming
1. INterleaved execution of two or moreprograms by CPU 2. Running more than one application but not necessarily multithreading
72
System Functionality - Multi-processing
More than one CPU and they can process requests in parallel
73
System Functionality - Multicore
A processer composed of two or more independant cores
74
Processing Instructions
The type of programming language used determines the necessary steps of decoding and encoding before the instructions reach
75
System Self-protection - Memory segmentation
1. Process isolation 2. security domains 3. virtual machines
76
System Self-protection - Layering and data hiding
1. Levels of acces to resources 2. Protection rings
77
System Self-protection - Techniques
Protection techniques are performed by elements of the trusted computing base
78
Security Definitions - Subject
1. Active entity that requests acces to an object or data within an object 2. Examples: user, process, machine instructions
79
Security Definitions - Object
1. Passive entity that contains information 2. Examples: file, record, memory location
80
Security Definitions - Access
1. Ability of subject to performa task 2. Flow of information between a subject and an object
81
Process Isolation - What and how
1. preserves objects integrity and subjects adherence to access controls 2. prevents objets from interacting with each other and their resources 3. Actionsof one object should not affect the state of other objects
82
Process Isolation - Techniques
1. Virtual mapping 2. Encapsualtion of objects 3. Naming distinctions 4 Time multiplexing (VENT)
83
System Protectin Mechanisms - Layering
Code operating at one layer can only communicate with other layers through interfaces
84
System Protectin Mechanisms - Data Hiding
Data in one layer cannot be accessed by code in a different layer
85
System Protectin Mechanisms - Abstraction
Regarding only required information- the big picture
86
Protection Rings
Ring ) OS Ring 3 Applications
87
Security Domain of a Process
All of the resources that a given process can access AKA protection domain
88
Virtual Machines (VM)
1. An operating system provides an application with a working environment 2. Virtual machines mimic the architecture of the actual system 3 On multilevel systems, they can run at different security levels
89
Reference Monitor (Police)
Abstract machine that controls the access subjects have to objects
90
Security Kernel (Law)
Components in system that enforce the rules of the reference monitor
91
Security Kernel and reference Monitor Requirements
1. The security kernel must provide isolation for the processes carrying out the reference monitor concept and it must be tamperproof 2. The reference monitor must be invoked for every access attempt and must be impossible to circumvent 3. The reference monitor must be small enough to be tested and verified in a complete and comprehensive manner
92
Covert Channels
1. Covert timing channel - a process relayes information to another by modulating its use of system resources 2. Covert storage channel - a process writes data to a storage location and process of lower clearance reads it.
93
Emanations
Capturing screen from long distances
94
Back Doors
1. Accessing a system by bypassing the access controls 2. Allows attacker to enter the computer at any time 3. Maintenance hook trapdoor rootkits 4 can be inserted by a trojan
95
Asynchronous Attacks - Timing Attacks
1. TOC/TOU attack takes place after the system checks a specific file of the system and before the system actually uses the file 2. Race conditions two processes rae to carry out conflicting actions at the same time
96
Data Validation
1. Validation is the process of reviewing data against a pre-established set of criteria 2. Security checks on data long with validity checks to ensure it is in the proper format
97
Code Injection
1. Input must be validated for range/type/length 2. injecting code like SQL statements into input buffers
98
Inference
The act or process of deriving logical conclusions from premises known or assumed to be true. The conclusion drawn is called an idiomatic.
99
Buffer Overflow
1 If an application does not verify the amount of information being input the data can overwrite other memory segments 2. An attack might cause code to execute in a privileged mode
100
Aggregation
A massing together or clustering of independent but similar units, such as data elements
101
Defense in Depth
1. People 2. technology 3 Operations
