Security Architecture and Design Flashcards
1
Q
Security Model Concepts
A
Confidentiality
Integrity
Availability
Defense in depth
2
Q
System Architecture
A
Process of describing, representing components that make up the planned system and interrelationships between components.
Answer questions like:
what is the purpose of system?
who will use it?
what environment will it operate in?
3
Q
System Architecture Steps
A
- System Design Phase - gather system requirements, and manner in which requirements will be met
- Development Phase - HW, SW components assigned for development
- Maintenance Phase - System and Security architecture are evaluated to ensure system operates properly and security is maintained
4
Q
ISO / IEC 42010:2011 Terminology
Architecture
A
Describes organization of system including its components and their interrelationships along with principles that guide its design and evolution
5
Q
ISO / IEC 42010:2011 Terminology
AD - Architectural Description
A
Set of documents that convey the architecture in a formal manner
6
Q
ISO / IEC 42010:2011 Terminology
Stakeholder
A
Individuals, teams, departments including groups outside organization with interests or concerns to consider
7
Q
ISO / IEC 42010:2011 Terminology
View
A
Representation of the system from the perspective of a stakeholder or set of stakeholders
8
Q
ISO / IEC 42010:2011 Terminology
Viewpoint
A
Template used to develop individual views that establish the audience, techniques and assumptions made
9
Q
Computing Platforms
Mainframe / Thin Clients
A
power is on mainframe, clients just used to access it
10
Q
Computing Platforms
Distributed Systems (Client / Server)
A
devices have client software that interact with server software
11
Q
Computing Platforms
Middleware
A
software that talks between two different systems
ex. Users connect to software that provides interface which accesses databases
12
Q
Computing Platforms
Embedded Systems
A
Platform in another system.
System within a system
Embedded in hardware or software
13
Q
Computing Platforms
Mobile Computing
A
software running on tablets, phones, etc
14
Q
Virtual Computing and Security Services
A
Running multiple instances of operating system on a single server
15
Q
Security Services
Boundary Control
A
Placing components in security zones and maintaining boundary control among them
16
Q
Security Services
Access Control Services
A
Gives users only the access required to do their jobs
17
Q
Security Services
Integrity Services
A
Ensures data moving through OS or application can be verified as not damaged or corrupted
18
Q
Security Services
Cryptography Services
A
Encrypting information in transit
19
Q
Security Services
Auditing and Monitoring Services
A
Method of tracking the activities of users and of the operations of the system processes
20
Q
System Components
CPU
A
Executes all instructions in the code
Multiprocessing allows executing multiple instructions in parallel
CPUs have their own memory
Can work in user mode (user or app) or privileged mode (for operating system)
If instruction for CPU is marked to be performed in privileged mode, it must be a trusted OS Process and is given functionality not available in user mode
21
Q
System Components
RAM
A
Desktop SDRAM - Synchronous Dynamic RAM DDR SDRAM - Double Data Rate SDRAM DDR 2 SDRAM - Double Data Rate 2 SDRAM DDR 3 SDRAM - Double Data Rate 3 SDRAM
Laptop
SODIMM - Small Outline DIMM
22
Q
System Components
ROM
A
Flash Memory - electronically programmable ROM
PLD - Programmable Logic Device, integrated circuit with internal logic gates that can be changed programmatically
FPGA - Field Programmable Gate Array, a type of PLD programmed by blowing fuse connections on the chip, or using an antiques that makes connection when high voltage applied to junction
Firmware - type of ROM where a program or low-level instructions are installed
23
Q
Memory Concepts
Associative Memory
A
Searches for specific data value in memory rather than by specific memory address
24
Q
Memory Concepts
Implied Addressing
A
Refers to registers usually contained inside the CPU
25
Memory Concepts
Absolute Addressing
Addresses the entire primary memory space. CPU uses the physical memory addresses that are called absolute addresses
26
Memory Concepts
Cache
Small amount of high-speed RAM that holds the instructions and data from primary memory and that has high probability of being accessed during currently executed portion of a program
27
Memory Concepts
Indirect Addressing
The address location specified in the program instruction contains the address of the final desired location
28
Memory Concepts
Logical Address
Address at which a memory cell or storage element appears to reside from the perspective of an executing program
29
Memory Concepts
Relative Address
Specifies its locations by indicating its distance from another address
30
Memory Concepts
Virtual memory
Location on hard drive used for temporary storage when memory space is low
31
Memory Concepts
Memory Leak
Occurs when computer program incorrectly manages memory allocations which can exhaust available system memory as an application runs
32
Rings of privilege
0, 1, 2, 3, 4
```
Ring 0 - Most privileged
Ring 1
Ring 2
Ring 3
Ring 4 - least privileged
etc
```
33
Multitasking Types
Symmetric, Asymmetric
Symmetric Multitasking
Two processes divide the same work
Asymmetric Multitasking
One processor is dedicated to the OS, other(s) dedicated to user operations
34
System Security Architecture
Views components that comprise a system from a security perspective
Should be derived from the organization security policy
System-specific policy must be more detailed. It addresses level security required on a device, OS or application
35
Trusted Computer System Evaluation Criteria
(Orange Book Concepts)
TCB - Trusted Computer Base
Composed of components (HW, firmware, SW) that are trusted to enforce the security policy of the system
Security Perimeter - dividing line between trusted parts of system and untrusted parts
Reference Monitor - any system component that enforces access controls on an object
Security Kernel - The HW, firmware, SW elements of a TCB that implements the reference monitor concept
36
Security Architecture Frameworks
Zachman Framework
2D model that intersects communication interrogatives (what, why, where, etc) with viewpoints like planner, owner, designer, etc
37
Security Architecture Frameworks
SABSA - Sherwood Applied Business Security Architecture
Attempts to enhance communication process between stakeholders
38
Security Architecture Frameworks
ITIL - IT Infrastructure Library
Set of best practices which have become de facto standard for IT Service Management
39
TOGAF
The Open Group Architecture Framework
Calls for an ADM (architectural development method) that uses an iterative process which continuously monitors and updates individual requirements
40
Security Architecture Documentation
ISO / IEC 27000 Series
Establishes information security standards published jointly by the International Organization for Standardization (ISO) and the Electrotechnical Commission (IEC)
41
Security Architecture Documentation
CobiT
Control Objectives for Information and Related Technology
Derived from the COSO framework created by the Committee of Sponsoring Organizations of the Treadway Commission.
Deals with IT Governance
42
Security Models
State Machine Model
Examines every possible state that system could be in and ensures the system maintains proper security relationships between objects and subjects in each state
43
Security Models
Multilevel Lattice Models
Assigns each security subject a label defining upper and lower bounds of the subjects access to the system.
Applies controls to all objects by organizing them into levels or lattices
44
Security Models
Matrix-based models
Organizes tables of subjects and objects indicating what actions individual subjects can take upon individual objects, often implemented as a control matrix
45
Security Models
Non-Interference Models
Concerned with subject's knowledge of the state of the system at a point in time.
Concentrates on preventing actions that take place at one level from altering state presented to another level
46
Security Models
Information Flow Models
Attempts to prevent flow of information from one entity to another that violates or negates the security policy
47
Security Models
Bell-LaPadula Model
Incorporates 3 basic rules regarding flow of information in a system
Simple Security Rule
A subject cannot read data located at higher security level than that possessed by the subject (aka no read up)
* - Property Rule
A subject cannot write to a lower level than that possessed by the subject (aka no write down or confinement rule)
Strong Star Property Rule
A subject can perform both read and write functions only at the same level possessed by the subject
48
Security Models
Bell-LaPadula Model Limitations
No provision for changing data access control. Only works well with access systems that are static in nature
Doesn't address covert channels. Low-level subject can sometimes detect existence of a high-level object when it's denied access. Sometimes it's not enough to hide the content of an object, the existence may also need to be hidden
Main contribution at expense of other concepts is confidentiality
49
Security Models
Biba Model
Applies series of properties or axioms to guide protection of integrity
Integrity Axiom
A subject cannot write to a higher integrity level than that which he has access (no write up)
Simple Integrity Axiom
Subject cannot read to a lower integrity level than that which he has access (no read down)
Invocation Property
A subject cannot invoke (request service) of higher integrity
50
Security Models
Clark-Wilson Integrity Model
Describes series of elements used to control integrity of data
User - an active agent
TP (Transformation Procedure) - An abstract operation like read, write, modify implemented via programming
CDI (Constrained Data Item) - Item that can be manipulated only through a TP
UDI (Unconstrained Data Item) - An item that can be manipulated by a user via read and write operations
IVP (Integrity Verification Procedure) - A check of the consistency of data with the real world
51
Security Models
Clark-Wilson Integrity Model part 2
Enforces its elements by allowing data to be altered only through programs and not directly by users. Goals are separation of duties and well-formed transactions
Separation of duties - ensures certain operations require additional verification
Well-Formed Transaction - Ensures all values checked before and after transaction by carrying out particular operations to complete change of data from one state to another
52
Security Models
Lipner Model
Combines elements of Bell-LaPadula and Biba
53
Security Models
Brewer-Nash (Chinese Wall) Model
If users accesses data set A, then set B is now unavailable
Goal is to protect against conflicts of interests by tracking previous requests.
Introduced concept of allowing access controls to change dynamically based on user's previous actions
54
Security Models
Graham-Denning Model
Attempts to address issue ignored by Bell-LaPadula - Deals with delegate and transfer rights.
55
Security Models
Harrison-Ruzzo-Ullman Model
Restricts set of operations that can be performed on an object to a finite set to ensure integrity
56
Security Modes
Dedicated Security Mode
Employs single classification level
All users can access all data, but they must sign NDA and be formally approved for access on need-to-know basis
57
Security Modes
System High Security Mode
All users have same security clearance.
They do not all have a need-to-know clearance for all the information in the system
58
Security Modes
Compartmented Security Mode
All users must have the highest security clearance (as in both dedicated and system high security)
They must also have valid need-to-know clearance, signed NDA and formal approval for information they have access
59
Security Modes
Multilevel Security Mode
Allows two or more classifications levels of information to be processed at same time
60
System Evaluation and Assurance Levels
TCSEC
Trusted Computer System Evaluation Criteria
Developed by National Computer Security Center for the DoD to evaluate products
61
System Evaluation and Assurance Levels
Orange Book
Collection of criteria based on Bell-LaPadula model used to grade the security of a computer system
62
System Evaluation and Assurance Levels
Red Book
Addresses network security
63
System Evaluation and Assurance Levels
ITSEC
Addresses integrity and availability plus confidentiality
Mainly set of guidelines used in Europe
64
System Evaluation and Assurance Levels
Common Criteria
Uses EAL's (Evaluation Assurance Levels) to rate systems with each representing successively higher level of security testing and design in a system
65
TCSEC Classes
A
B
C
D
A - Verified protection
A1 - Verified design
B - Mandatory Protection
B1 - labeled security protection
B2 - structured protection
B3 - security domains
C - discretionary protection
C1 - discretionary security protection
C2 - controlled access protection
D - Minimal protection
66
ITSEC Ratings
functional requirements
assurance requirements
10 classes
F1 to F10 to evaluate functional requirements
7 classes E0-E6 to evaluate assurance requirements
67
Common Criteria Assurance Levels
EAL 1-7
EAL1 - Functionally tested
EAL2 - Structurally tested
EAL3 - Methodically tested and checked
EAL4 - Methodically designed, tested and reviewed
EAL5 - Semi-formally designed and tested
EAL6 - Semi-formally verified design and tested
EAL7 - Formally verified design and tested
68
Common Criteria
Uses Protection Profile during the evaluation process
Protection profile contains these elements
descriptive elements
rationale
functional requirements
development assurance requirements
evaluation assurance requirments
69
Certification vs Accreditation
Certification evaluates technical system components. comes before accreditation
Accreditation occurs when adequacy of a system's overall security is accepted by management
70
Accreditation process by NIACAP has 4 phases
Phase 1 - definition
Phase 2 - Verification
Phase 3 - validation
Phase 4 - Post accreditation
71
Types of accreditation
Type accreditation - evaluates application or system distributed to different locations. Not accredited by location, but by type
System accreditation - evaluates application or support system
Site accreditation - evaluates application or system at a specific self-contained location
72
Security Architecture Threats
Maintenance Hooks
built into code (aka back door) that allows developers access without normal controls
73
Security Architecture Threats
Time of check / time of use attacks
attempt to take advantage of sequence of events that occur as the system completes common tasks
74
Security Architecture Threats
Web based attacks
operate by making normal or modified requests aimed at taking advantage of inadequate input validation and parameters, or instruction spoofing
75
Security Architecture Threats
Server based attacks
focuses on operations of the server OS, rather than web applications
76
Addressing concerns with XML
Define SAML and OWASP
SAML
Security Assertion Markup Language - XML based open standard data format for exchanging authentication and authorization data, mainly between identity provider and service provider
OWASP
Open Web Application - open source application security project. They create guidelines, testing procedures and tools to help web security. Maintain top-ten list of web application security risks
77
Database Security Concepts
Inference
Occurs when someone has access to info at one level that allows them to infer info about another level
78
Database Security Concepts
Polyinstantiation
Main mitigation technique for inference
Development of a detailed version of an object from another object using different values in the new object
79
Database Security Concepts
Aggregation
Assembling or compiling units of information at one sensitivity level and having the resultant totality of data being of a higher sensitivity level than the individual components
80
Database Security Concepts
Contamination
mixing of data with one sensitivity level, with another
81
Data Mining Warehouse
repository of information from various databases
lets multiple data sources to be stored in one place and organized so that redundancy is reduced (aka data normalizing)
data mining tools used to manipulate data and discover relationships
82
Distributed Systems Security
Special cases where extra security concerns may be needed
Cloud Computing
Grid Computing
Peer to Peer Computing
Cloud - centralizing data in web environment
Grid - harnessing power of multiple computers to perform a job
P2P - any client-server solution where any platform can be a client or server or both
83
4 Characteristics of ActiveX Data Objects (ADO)
high-level programming interface to an underlying data access technology like OLE DB
set of COM objects for accessing data sources (not just database access)
Allows developers to write programs that access data without knowing how database is implemented
SQL Commands not required to access database when using ADO
84
In computer crime, what does MOM stand for?
Means
Opportunity
Motives
85
What does the Operating System's Control Unit do?
fetches programming code, interprets it, oversees execution of the instruction sets.
It manages and synchronizes the system while different applications' code is being executed
86
What are 3 types of Digital Forensic Science?
Media Analysis
Software Analysis
Network Analysis
87
What type of DFS is referred to as "computer forensics"
media analysis
88
What encrypts all the data in a communication path including the header, trailer and routing information?
End to End Encryption
Link Encryption
Link Encryption
89
What generation does machine language exist in?
generation one
```
1 - machine
2 - assembly
3 - high level
4 - very high level
5 - natural
```
90
What is least important when quantifying risks associated with a potential disaster?
a. gathering information from agencies that report on disasters
b. ID company's key functions
c. ID critical systems
d. estimating potential loss and impact
gathering information from agencies that report probability of certain natural disasters is the least important
91
What is key clustering?
when different keys generate the same ciphertext for the same message
92
The 5 defined maturity levels of the CMMI (Capability Maturity Model)
```
I
R
D
M
O
```
```
Initial
Repeatable
Defined
Managed
Optimizing
```
93
Are increased developmental testing and using only operational data - good remedies to buffer overflows?
yes
94
Do stateful inspection firewalls pay attention to previous packets and monitor the sequence and acknowledgement numbers of a connection, to understand when a packet could be out of sequence?
yes
95
Should you put smoke detectors near exterior rear doorways?
No
96
Do block ciphers perform substitution by using S-Boxes? (substitution boxes)
yes
they use lookup tables to determine how a block is encrypted or decrypted, the key is used to decide on the s-box to use for each block
97
Does parallel computing happen at these 3 levels?
user mode, kernel mode, or OS level
or these 3 levels? bit, instruction, task
bit, instruction, task
98
identifying openings in a target's network is called what?
port scanning
| not fingerprinting
99
What is a B3 TCSEC rating? What are its requirements?
B3 requires:
trusted recovery
monitors events and notifies appropriate personnel
security administrator role defined
(doesn't require formal methods and procedures)
Class A rated product requires all of B3 plus formal methods and procedures
100
Does the Clark-Wilson model address confidentiality?
No
It's an integrity model. It's better suited for the commercial industry than Bell-LaPadula which is a confidentiality model.
It prevents unauthorized users from changing data
Provides internal and external consistency
prevents authorized users from improperly changing data
101
Key features of the Caesar Cipher
ROT 3
102
what percentage of businesses would go out of business if they had to close for only one week?
65%
103
Are products that pass through the Trusted Products Evaluation Program (TPEP) published in the List of Evaluated Products?
yes
104
Do you use CGI scripts or executables in a website to respond dynamically to code?
yes
CGI scripts or executables translate, respond to requests, build new web pages and send them to the user.
105
Federal Sentencing Guidelines of 1991
Specifically for white collar crime
Detailed specific responsibilities of senior executives
Encouraged implementing security policies and a security program
106
What happens in the acceptance testing/implementation phase?
QA does testing
Product is integrated into desired network
Product is given to customer for certification and accreditation
(But the product is NOT used in intended environment)
107
define a disaster in terms of length of time
disasters affect a business for one day or more
108
define a catastrophe in terms of length of time
catastrophes affect a business for weeks, months or years
109
Data mart
collection of data that fulfills a specific need / is targeted at one group or for a specific objective
110
What's so special about ISO/IEC 15408?
used as the basis for evaluating security products under the CC framework (common criteria)
111
Is DEA the algorithm used in DES?
yes
112
Are locks considered delaying devices?
yes
113
What are the 3 ways a computer can react to a problem / failure?
emergency system restart
system reboot
system cold start
114
How much stronger is 3DES than DES?
2^56
115
Why is computer generated or electronic information often categorized as hearsay (secondhand) evidence?
Because computer files and systems can be modified after the fact without others being aware
116
What happens in the project initiation phase?
formal introduction of project to participating parties
entire scope is overviewed
initial risk analysis performed
(customer requirements are too granular and are performed in second phase)
117
Is tort law the same as civil law?
yes
they typically don't require same degree of burden of proof that criminal cases require
118
multithreading
processing more than one request or thread at once
119
multitasking
processing more than one task or process at once
120
multiprocessing
multiple CPU's and processing separate instructions in parallel
121
Maximum Tolerable Downtime for:
```
critical
urgent
important
normal
non-essential
```
```
critical - minutes to hours
urgent - 24 hours
important - 72 hours
normal - 7 days
non-essential - 30 days
```
122
Define domain
set of resources available to a subject
| subject can be a user, process, application
123
Define security domain
resources in the domain are working under the same security policy and managed by the same group
124
Why does the Internet Architecture Board sound like a bunch of wankers?
They state the "internet is a privilege and should be treated and used with respect"
125
What was cool about the Gramm-Leech-Bliley act of 1999?
Required financial institutions to tell customers their privacy rights
requires Sr. executives to be accountable for security issues and provide training to employees about security
126
Chosen ciphertext
attackers possesses ciphertext and chooses which parts are decrypted.
Those decrypted portions are analyzed to find the key
127
Why is computer generated or electronic information often categorized as hearsay (secondhand) evidence?
Because computer files and systems can be modified after the fact without others being aware
It is admissible when the output is generated as part of normal business activities and not just once for the court, and has testimony of the person who generated them
128
When do you apply corrective controls?
when a situation needs correcting (fixing)! For instance, after an attack occurred, or after a vulnerability was found
129
Is accountability a characteristic of an identity?
no
130
to hold a person accountable, do you need uniqueness or accountability
uniqueness because accountability isn't a characteristic
131
Enticement vs Entrapment
Enticement - Honeypot that records attacker
Entrapment - tricking attacker into committing a crime
132
Polymporphism
two different objects responding to same command in different ways
objects are derived from different classes, so the respond differently to same command.
