Security Architecture and Engineering

Question 1

ISO 15288

Answer 1

Common for processes

Question 2

TECHNICAL PROCESSES

Answer 2

Business and mission analysis process

Stakeholder needs and requirements definition process

System requirements definition process

Architecture definition process

Design definition process

System analysis process

Implementation process

Integration process

Verification process

Validation process

Operation process

Maintenance process

Disposal process

Question 3

TECHNICAL MANAGEMENT PROCESSES

Answer 3

Project planning process

Project assessment and control process

Decision management process

Risk management process

Configuration management process

Information management process

Measurement process

Quality assurance process

Question 4

ENABLING PROCESSES

Answer 4

Lifecycle model management process

Infrastructure management process

Portfolio management process

Human resources management process

Quality management process

Knowledge management process

Question 5

SYSTEM AND SECURITY ENGINEERING PROCESSES

Answer 5

Commonly accepted sources for engineering processes:

International Council on Systems Engineering (INCOSE)
NIST SP800-160 System Security Engineering
ISO/IEC 15026 series-System and Software Engineering
ISO/IEC/IEEE 15288 Systems and Software Engineering

Systems and systems engineering processes have converged across major sources:

NIST and INCOSE recognize system security engineering as a specialty engineering function

Question 6

AGREEMENT PROCESSES

Answer 6

Acquisition process

Supply process

Question 7

KEY PRINCIPLES OF SYSTEM SECURITY

Answer 7

Confidentiality

Integrity

Availability

Question 8

SECURITY MODELS

Answer 8

Purpose: the security models define rules of behavior for an information system to enforce policies related to system security but typically involving confidentiality and/or integrity policies of the system

Question 9

BELL-LPADULA (BLP) MODEL

Answer 9

CONFIDENTIALITY MODEL

State machine level

Developed for the Department of Defense (DOD)

Used for multilevel security (MLS)

3 Properties defined:

No read-up (simple security property)

No write-down (star property)

Access matrix (discretionary property)

Question 10

BIBA MODEL

Answer 10

INTEGRITY

State transition model

Focus on integrity vice confidentiality

Opposite rules from VBell-LaPadule (BLP)

Can read up (simple integrity property)

Can write down (star integrity property)

Lower level process cannot request higher access (invocation propoerty)

Question 11

BREWER AND NASH MODEL

Answer 11

CONFIDENTIALITY

Designed to prevent conflict of interest

Information flow control model

Decomposes a company’s information into discrete datasets based on potential conflicts of interest

Defines rules for acceptable access to data objects by a particular subject(e.g person or process)

Accessing a data object excludes future access to potential conflict of interest objects

Question 12

CLARK-WILSON MODEL

Answer 12

INTEGRITY

Introduces the concept of triples:

Subject
Program
Object

Subjects can only manipulate data objects though the use of a defined program

Set of rules designed to ensure data integrity for all operation

Question 13

GRAHAM-DENNING (MODEL

Answer 13

CONFIDENTIALITY + INTEGRITY

Set of rules for creation, assignment of access rights, and deletion of objects and subjects

Eight rules (create/delete object/subject, assign, read, grant, delete, and transfer access rights)

Often used in distributed systems

Question 14

HARRISON RUZZO ULLMAN (HRU)

Answer 14

INTEGRITY

Primarily for protection of access rights integrity

Confidentiality is protected by access rights, so HRU does provide secondary confidentiality protection

Extends Graham-Denning model

Defines a set of primitive allowable operations involving subjects and objects

Question 15

AVAILABILITY MODELS

Answer 15

THERE ARE NONE

Question 16

SECURITY CONTROLS

Answer 16

Safeguards or countermeasures that mitigate risks to confidentiality, integrity and availability in a system or operating environment

Controls may impact or modify the behavior of people, process or technology

Question 17

TYPE OF CONTROLS

Answer 17

PREVENTATIVE - reduce the likelihood o impact of an undesirable event from happening.

DETECTIVE CONTROLS - identify an undesired event or collect information about it

CORRECTIVE CONTROLS - reduce or eliminate the impact of an undesirable event that has occurred

MEANS OF APPLICATION:
MANAGEMENT - policy or human driven controls

OPERATIONAL - process-driven controls

TECHNICAL - controls applied to technology

Question 18

COMMON/INHERITABLE CONTROLS

Answer 18

Exist outside of a particular system but to provide some confidentiality, integrity and availability (firewall inherited by systems behind a firewall)

May include management, operational or technical controls

Question 19

CONTROL SELECTION

Answer 19

Controls are selected to support the confidentiality, integrity and availability needs of the system

Control frameworks are often utilized to select appropriate controls and define controls

Inheritable controls that support the system are identified

Question 20

CONTROL FRAMEWORKS

Answer 20

They define controls and control elements

frameworks allow for standardization of control implementation

Control frameworks often include evaluation criteria or mechanisms to verify controls are effective

Question 21

EXAMPLE OF CONTROL FRAMEWORKS

Answer 21

ISO 27001 - industrial standard

NIST (SP800-52) - required for government use

COBIT - focused on business values

ISA/IEC 62443(ISA 99) - industrial automation and control systems

Question 22

TAILORING CONTROLS

Answer 22

Control frameworks and standards are intended to be tailored to specific use-cases

Adjust control specifications or parameters to meet the needs of a specific system or environment

“Book” controls must be tailored to provide optimum value

Controls are not intended to be used as a checklists

Question 23

EVALUATION CRITERIA

Answer 23

Each control should include specific evaluation methods and expected results

NIST Example:

TEST - coduct a direct test of the control

INTERVIEW - interview or question staff

EXAMINE - examine documentation or artifacts for evidence the control is properly employed

CONTROLS MAY BE EVALUATED BY MULTIPLE METHIDS

Question 24

SYSTEM SECURITY CAPABILITIES

Answer 24

Access Control

Processor States

Memory Management

Process Isolation

Data Hiding

Abstraction Layers

Security Kernel

Encryption

Code Signing

Audit and Monitoring

Virtualization/ Sandbox

Hardware Security Modules

File System Attributes

Question 25

GENERIC OPERATING SYSTEM (OS) MODEL

Answer 25

Application APPLICATION APPLICATION API Services User Interface Security Monitor Memory Mgr. Process Mgr. I/O Mgr. Device Drivers Hardware Abstr. Layer HARDWARE Trusted Platform Module (TPM)

Question 26

TRUSTED PLATFORM MODULE

Answer 26

Encryption

Question 27

REFERENCE OR SECURITY MANAGER

Answer 27

Theoretical

Question 28

ACCESS CONTROL

Answer 28

OS controls access to objects Rules defined allowable behavior Security monitor or reference monitor enforces allowed behavior File systems typically support by assigning security attributes to objects/files

Question 29

PROCESSOR STATES

Answer 29

Processors typically support at least two states of operation: user and kernel modes. User mode has limited access to ore functions or direct hardware access

Question 30

MEMORY MANAGEMENT

Answer 30

Direct application access to system memory is restricted Modern operation systems randomize memory location (address space) Modern operating systems limit memory locations where code can execute - for example: Data Execution Prevention (DEP) in Windows

Question 31

PROCESS ISOLATION

Answer 31

Processes execute in separate memory space Direct exchanges between processes is limited Operating system (OS) manages inter-process exchanges through controlled interfaces

Question 32

DATA HIDING

Answer 32

Typical with multi-level security (MLS) architectures using mandatory access control (MAC) Data or objects at a higher security level cannot be seen by objects at a lower security level (BLP Model) Also a coding practice where raw data is hidden from access and can only be obtained from a standardized interface.

Question 33

ABSTRACTION LAYERS

Answer 33

Limits direct access to objects or entities Defines allowable actions and interactions between layers Protects against improper behavior or access between layers

Question 34

SECURITY KERNEL

Answer 34

Also known as reference monitor "Big brother" of kernel mode Monitors and validates access control over system objects Enforcement and validation component of all secure operating systems

Question 35

REFERENCE MONITOR

Answer 35

Theoretical set of system tools which independently verify the actions of a system from a security standpoint.

Question 36

Trusted Platform Module (TPM)

Answer 36

Hardware which provides cryptographic information and functions to enable the management and communications of sensitive information

Question 37

ENCRYPTION

Answer 37

Can be applied to data at rest (hard-drive files) or in transit (communication channel) May protect confidentiality and/or integrity of data Protects data when OS features (security kernel) are not active or present for example - Bitlocker protects data when the OS is not running

Question 38

CODE SIGNING and VALIDATION

Answer 38

Cryptographic function Executable code is digitally signed OS validates signature before loading code Unsigned code or code with a invalid signature is prevented from executing May include OS internal code to prevent placement of OS components

Question 39

AUDIT AND MONITORING

Answer 39

System actions are recorded and stored in a protected location Specific actions that are recorded are typically customized Audit records MUST be reviewed or monitored to be effective Monitoring and review may include both automated and manual elements Audit records are typically transferred off a system for protection and long term storage

Question 40

VIRTUALIZATION / SANDBOX

Answer 40

Executing code is"wrapped" in a virtualization or sandbox layer Code executing within the environment is strictly limited from direct interaction outside the environment Permissions for a system access may be restricted independently for each virtualized or sandbox instance May be an OS native function or function provided by a third party software

Question 41

HARDWARE SECURITY MODULES

Answer 41

Hardware components that provide security services Trusted Platform Module (TPM) most common security module provides secure storage and crypto functions typically used to generate and store crytpo keys keys or stored data cannot be accessed without permissions Specialized modules may contain multiple hardware security modules

Question 42

FILE SYSTEM ATTRIBUTES

Answer 42

Various file systems may store security attributes or provide security functions A critical component to employing access control models in operating systems File systems may include journaling that can provide data integrity

Question 43

HOST PROTECTION SOFTWARE

Answer 43

Antivirus Host based intrusion prevention (HIPS) Host firewall File integrity monitoring Configuration and policy monitor

Question 44

HIPS

Answer 44

Host Based Intrusion Prevention

Question 45

NIPS

Answer 45

Network Based Intrusion Prevention

Question 46

TOP THREAT / MITIGATIONS

Answer 46

``` TOP THREAT ACTIONS Hacking Social Engineering Malware Distribution Phishing ``` ``` TOP MITIGATIONS Know what you have Patch and manage what you have Assess, monitor, log Educate users ```

Question 47

COMMON SYSTEM VULNERABILITIES - HARDWARE

Answer 47

HARDWARE Hardware components may fail at any time Mean-time-between-failure (MTBF) Failure rates higher during initial system operation Supply chain issues may introduce technical flaws/vulnerabilities or malicious modifications Old hardware may be difficult to repair or replace

Question 48

COMMON SYSTEM VULNERABILITIES - COMMUNICATIONS

Answer 48

COMMUNICATIONS: Can fail Can be blocked (DDoS) Can be intercepted Can be counterfeited (replayed) Can be modified Characteristics can expose information about the sender/receiver (address/location)

Question 49

COMMON SYSTEM VULNERABILITIES - ABUSE BY USER

Answer 49

Can be intentional or accidental Can degrade or bypass security controls Increases the likelihood as difficulty to operate increases

Question 50

COMMON SYSTEM VULNERABILITIES - CODE FLAWS

Answer 50

CODE FLAWS Exist in all software with more than trivial complexity May be introduced accidentally or intentionally TYPICAL RISK CONDITIONS Known flaws, patch available, systems not patched, exploit available Known flaws, patch not available, exploit available Unknown flaws, exploit available (zero-day attack possible )

Question 51

COMMON SYSTEM VULNERABILITIES - EMANATIONS

Answer 51

Hardware/physical elements may radiate information - Radio frequency - Visible or non-visible spectrum Can be used to discern system functions Can be used to locate systems/components

Question 52

CLIENT BASED SYSTEMS

Answer 52

Desktops, laptops, thin client terminals Typically represent larger quantities Continuous state of adding new and decommissioning old in most organizations General purpose devices with inconsistent usage patterns across the install base

Question 53

THIN CLIENT

Answer 53

PC Without Storage

Question 54

CLIENT BASED SYSTEM VULNERABLITIES

Answer 54

Physically under user's control Susceptible to user misuse (intent. or accidental) May be lost / stolen Monitoring may be difficult 100% update may be difficult

Question 55

CLIENT BASED SYSTEM MITIGATIONS

Answer 55

Patch/Update - continuous action General network protections (network segmentation,firewall devices, IDS, IPS) Host protections (anti virus, hist IPS, host firewall, disk encryption) Monitor (log alerts, track location) Educate users (anti-phishing campaign, detecting attacks)

Question 56

SERVER BASED SYSTEMS

Answer 56

Application servers, file servers, domain controllers, print servers, network service servers (DNS, DHCP) Centrally managed / controlled Limited access / functionality Likely to be in a tightly controlled network segment

Question 57

SERVER BASED VULNERABILITIES

Answer 57

May be exposed to external communications / services Updates may be delayed due to operational need May exist for long periods (risk of being outdated) High traffic volume makes monitoring more difficult

Question 58

SERVER BASED MITIGATIONS

Answer 58

Targeted network protections (server specific rules, restricted ports/protocols Strong remote access mechanisms Configurations and change management Monitor: logs, alerts- targeted to server functions

Question 59

DATABASE SYSTEMS

Answer 59

Hosted on servers, cloud, distributed etc. Typically contains large quantities of valuable information Typically requires high-speed operation with large number of transactions

Question 60

DATABASE SYSTEM VULNERABILITIES

Answer 60

Inference Aggregations Data mining High-value target

Question 61

DATABASE SYSTEM MITIGATIONS

Answer 61

Input validation Robust authentication/access control Output throttling Anonymization Tokenization

Question 62

INDUSTRIAL CONTROL SYSTEMS (ICS)

Answer 62

Typically embedded, limited function hardware Interfaces between logical (computer) space and physical world Includes sensors, motors, actuators, valves, gauges etc.

Question 63

INDUSTRIAL CONTROL SYSTEMS (ICS) TYPES

Answer 63

Supervisory control and data acquisition (SCADA) Distributed control systems (DCSs) Programmable logic controllers (PLCs)

Question 64

INDUSTRIAL CONTROL SYSTEMS VULNERABILITIES

Answer 64

Limited functionality Limited protections Long lifespan (become outdated) Susceptible to misuse/error Highly susceptible to Denial of Service (DoS) attacks Attacks can produce physical effects Often unattended in remote locations

Question 65

INDUSTRIAL CONTROL SYSTEMS (ICS) MITIGATIONS

Answer 65

Isolated network infrastructure Robust network connection restrictions and monitoring Highly segmented network Protect communications channels Robust configuration control

Question 66

CLOUD BASED SYSTEMS

Answer 66

Components hosted by a cloud service provider (CSP) CSP assumes specific security responsibilities, the remainder stay with the data owner Typically high reliability, speed, capacities CSP to data owner relationship is governed by a contract and/or service-level agreements (SLAs)

Question 67

CLOUD-BASED SYSTEM CHARACTERISTICS

Answer 67

On-demand self service Broad network access Resource pooling Rapid elasticity Measured service Multi-Tenancy

Question 68

CLOUD-BASED SYSTEM TYPES

Answer 68

Software as a Service (SaaS) Platform as a Service (PaaS) Infrastructure as a Service (IaaS) Network as a Service (NaaS)

Question 69

CLOUD-BASED SYSTEM DEVELOPMENT

Answer 69

Private - exclusive use by one organization / on or off premise Community - Provisioned for exclusive use by a community of users Public - Open use by general public Hybrid - combination of two or more

Question 70

CLOUD-BASED VULNERABILITIES

Answer 70

Inherently exposed to external communications / access Misconfiguration a major risk May exist for long periods (risk of being outdated) Gap between CSP and data owner security controls

Question 71

CLOUD-BASED SYSTEM MITIGATIONS

Answer 71

Reputable loud service provider that supplies security/ information testing results Well trained system administrators Robust configuration/change control File and communication encryption Well managed identity and access controls

Question 72

DISTRIBUTED SYSTEMS

Answer 72

Nodes and processors operate independently Storage and processing spread across multiple components Nodes "pass messages" to coordinate and communicate Example: traditional telephone Switches operate independently Coordinate to pass calls between them

Question 73

DISTRIBUTED SYSTEMS VULNERABILITIES

Answer 73

Lack of central control/monitoring Data elements may be lost if nodes fail Inconsistent security levels between nodes is possible Susceptible to communication failures, compromise, or denial of service (DoS)

Question 74

DISTRIBUTED SYSTEMS MITIGATIONS

Answer 74

Standard security rules for nodes to enter distributed network Communication control, encryption, and redundancy Node backup and data sharing between nodes

Question 75

INTERNET-OF-THINGS (IOT) SYSTEMS

Answer 75

Generally small form factor, embedded hardware Limited functionality OS May interface with the physical world Pervasive and often connected to general purpose networks Functions /accessibility may be unclear to owner/user

Question 76

INTERNET-OF-THINGS (IOT) SYSTEMS VULNERABILITIES

Answer 76

Limited vendor support for updates Limited to no onboard security capability Poor code management due to rapid development cycles May contain limited or weak security implementation on standard protocols (Bluetooth, WiFi)

Question 77

INTERNET-OF-THINGS (IOT) SYSTEMS MITGATIONS

Answer 77

Isolated on private networks with controlled access Products selected for security features and update-ability Product security/penetration testing Disable unneeded functions

Question 78

WEB-BASED SYSTEMS

Answer 78

Application or data accessible and manipulated through a web browser or web service Often connects to a data source (database) that may be on or off platform Uses standard protocols and interface languages Connections are typically dynamic

Question 79

WEB-BASED SYSTEM VULNERABILITIES

Answer 79

Accessibility to network communications/access Use of obsolete protocols/encryption Code/Configuration errors that expose components to data

Question 80

WEB-BASED SYSTEM MITIGATIONS

Answer 80

Protect system behind firewalls and access controls Limit and monitor communications protocols Scan,evaluate, and assess interfaces and code (HTML, Java, scripts etc.) Tightly control configuration and change management Ensure platform is securely configured

Question 81

MOBILE SYSTEMS

Answer 81

PHONE TABLETS WEARABLE DEVICES Portable small form factor Limited functionality Embedded OS Typically contains limited amounts of data Connected (cellular, WIFI, Bluetooth, tethering) Designed for single user ``` LAPTOPS PERSONAL COMPUTERS Portable - medium form factor Full featured operating system Capability similar to desktop May contain large amounts of data Multi-user capable Connected (WI-FI, Bluetooth, tethering, possibly cellular) ```

Question 82

MOBILE SYSTEMS VULNERABILITIES

Answer 82

Loss or theft Weak access controls configured Un-Encrypted data Communications interception or eavesdropping Limited onboard security services and monitoring

Question 83

MOBILE SYSTEMS MITIGATIONS

Answer 83

Mobile device management (MDM) installed (device tracking, wiping, software control, policy enforcement) Activate screen lock and high complexity pass-codes or biometrics Ensure device is encrypted Tunnel communications through VPN architecture Limit software / apps installed to trusted packages Prevent jailbreak or rooting devices Do not connect to public networks (coffee shop, hotel)

Question 84

MOBILE SYSTEM MITIGATIONS (LAPTOPS)

Answer 84

Apply all traditional computer system protections (AV, FW, Host IPS etc.) Ensure encryption is activated Ensure strong passwords, biometrics, or two factor authentication on all user accounts Activate anti-theft function or tracking functions if available Tunnel mobile communications through VPN Do not connect to public networks

Question 85

EMBEDDED SYSTEMS

Answer 85

Computing platform with a dedicated function Limited function / specialized OS Limited processing power Long service life in many applications Includes a system on a chip (SoC) architectures Typically includes special device categories : IoT, ICS, mobile devices Highly diverse in nature (specialized computing vs general purpose computing)

Question 86

EMBEDDED SYSTEMS VULNERABILITIES

Answer 86

Limited function design doe not include all full monitoring and security control implementation Limited access controls Limited ability to update, vendor support, often time-limited

Question 87

EMBEDDED SYSTEMS MITIGATIONS

Answer 87

Limited access to devices Limit communications to devices Disable unnecessary /unneeded/ components/ features/communications Isolate on dedicated networks, if connected Monitor external communications with exterior sensors Apply vendor updates when available

Question 88

CRYPTOGRAPHY SERVICES

Answer 88

CONFIDENTIALITY INTEGRITY AUTHENTICITY NON-REPUDIATION ACCESS CONTROL

Question 89

DATA PROTECTION

Answer 89

DATA AT REST Backup tapes, off-site storage, password files DATA IN TRANSIT Provide secure and confidential methods to transmit data . Allows the verification of the integrity of the message so that any changes to the message itself can be detected

Question 90

LINK ENCRYPTION

Answer 90

Encrypts all of the data along a communication path Communications nodes need to decrypt the data t continue routing

Question 91

END-TO-END ENCRYPTION

Answer 91

Generally performed by the end user within an organization Encrypted at start and not decrypted until the end user Routing information remains visible

Question 92

CRYPTOGRAPHIC EVOLUTION

Answer 92

Manual Mechanic Electro-Mechanical Electronic Quantum

Question 93

CAESAR CIPHER

Answer 93

Shifting letters by a certain number

Question 94

SPARTAN BELT SETTLE

Answer 94

Wrap belt around settle to read text

Question 95

BOOK CIPHER

Answer 95

Pages numbers

Question 96

WORK FACTOR

Answer 96

The level of difficulty in cracking a code

Question 97

STREAM CIPHERS

Answer 97

A key-stream (sequence of bits used as a key) is generated and combined with plain text using an exclusive -or (XOR) Statistically unpredictable Not linearly related to the key Operated on individual bites or bytes Functionally complex Long periods with no repeats Seemingly random due to the generation of the key-stream is usually controlled by the key

Question 98

EXCLUSIVE-or XOR

Answer 98

If both values are the same = 0 If values are different = 1

Question 99

BLOCK CIPHERS

Answer 99

Uses fixed-sized blocks of text The size of the blocks affects the strength of the crypto implementation As plain-text is fed into the crytposystem, it's divided into blocks of a preset size Often a multiple of the ASCII character size: 64, 128, 192 bits etc.

Question 100

INITIALIZATION VECTORS - WHY NEEDED

Answer 100

Encrypting the same text with the same key produces the same cipher-text Encrypting the same message with different keys may produce detectable patters An IV is a random value added to plain-text message before encrypting so that each cipher-text will be ubstantially different

Question 101

KERCKHOFF's PRINCIPLE

Answer 101

A cryptosystem should be secure even if everything about the system, except the key , is public knowledge

Question 102

HIGH WORK FACTOR

Answer 102

Measured in units such as: Hours of computing time Cost in dollars of breaking the encryption If the work factor is substantially high, the encryption system is considered to be practically or economically unbreakable

Question 103

SUBSTITUTION CIPHERS

Answer 103

The process of substituting one letter fr another based upon a crypto-variable Involves shifting positions in the alphabet of a defined number of characters (Caesars cipher and Vigenere cipher) Involves using a scrambled alphabet to substitute one letter for another (Enigma Machine)

Question 104

TRANSPOSITION CIPHERS

Answer 104

Cryptosystems that use transposition or permutation rely on concealing the message through transposing of or interchanging the order of the letters