Security Architecture and Engineering Flashcards
(222 cards)
1
Q
What are the types of security model
A
Mandatory Access Control (MAC) Modes of Operation Confidentiality: Bell-LaPadula Integrity: Biba Lattice Commercial: Clark-Wilson
2
Q
What is Mandatory Access Control (MAC)
A
Read down, write up
can only access object if the subject clearance is equal to or greater than the object’s label (Top Secret, Secret, etc..)
3
Q
What are the four types of Modes of Operation
A
Dedicated
System High
Compartmented
Multilevel
4
Q
What is Dedicated mode of operation
A
only contains object of one classification label (e.g. Top Secret)
Need to have clearance of equal to or higher to access the object
5
Q
What is System High mode of operation
A
contains mixture of labels (confidential, secret, top secret)
Need to have clearance of the highest object
6
Q
What is Compartmented mode of operation
A
all subjects have necessary clearance but don’t have formal access approval or Need to Know
Uses technical control to enforce need to know vs policy basis need to know
Formal access approval for SOME information they will access on the system.
A valid need to know for SOME information on the system.
All users can access SOME data, based on their need to know and formal access approval.
7
Q
What is Multilevel mode of operation
A
stores objects at different labels
allow access by subject with different clearances
8
Q
What is Bell-Lapadula security model
A
Confidentiality
No Reads up
No Write Downs
9
Q
What is Bell-Lapadula - Strong
A
Stuck at level
Can only perform operations at that level
10
Q
What are the 2 types of Bell-Lapadula tranquillity
A
Weak Tranquility property - the label of the subject and the object can’t change to violate defined security policy
Strong Tranquility property - label never change during operations
11
Q
What is Biba security model
A
Integrity (think of time, isn’t confidential, but requires integrity)
No read downs, no write up
12
Q
Which security model deal with integrity
A
All the model contains the letter I
Biba
Clark-Wilson
Non-Interference
13
Q
What is Lattice security model
A
Confidentiality
Deals with data flow
No read up, no write down
14
Q
What is the Clark-Wilson model
A
internal/external consistency
Authorized users cannot make unauthorized changes
Separation of duties
15
Q
What is the State Machine model
A
Captures current security posture
Test all paths
16
Q
What is the Research model
A
used to research the best security posture
Information Flow Model, Bell-Lapadula is one of them
Non-interference - High level action does not determine low level user visibility (NSA and pizza story)
17
Q
What is the Chinese Wall model
A
No information flow is allowed that could cause information leakage that could lead to conflict of interest
Treat them as separate companies
aka Brewer Nash
18
Q
What is Trusted Computing Base (TCB)
A
all components are properly implemented and secure
19
Q
What is a Reference Monitor
A
Mediates all access between object and subjects
Checks to ensure they are authorized to view/access objects
20
Q
What is Domain Separation
A
group of object with same security requirement
e.g. Top Secret object, HR department
21
Q
What is COI
A
Conflict of Interest
22
Q
What are the 3 types of Domain Separation
A
Execution Rings
Base Address Registers
Segment Descriptors
23
Q
What are the 4 Orange Book classes
A
A. Verified Protection (MAC +
B. Mandatory Protection (Mandatory Access Control)
C. Discretionary Protection (Discretionary Access Control)
D. Minimal Protection (e.g your laptop)
24
Q
What are the key principles of The Orange Cook
A
Functionality - how well does it operate
Effectiveness - how secure is it
Assurance - can we prove it is secure
Lifecycle assurance -
25
What is ITSEC F1-F5
Mirror functionality of The Orange Book
26
What is ITSEC F6
High Integrity Requirement
27
What is ITSEC F7
High Availability
28
What is ITSEC F8
High integrity for communication
29
What is ITSEC F9
High confidentiality
30
What is ITSEC F10
High confidentiality and integrity for data network
31
Target of Evaluation (TOE)
System or product being evaluated
32
Security Target (ST)
documentation describing TOE, including security requirements and operational environment
33
Protection Profile
independent set of security requirements for specific product or system
e.g. Fire, IDS
34
Evaluation Assurance Level (EAL)
Evaluation score of the tested product
35
EAL 1
Functionally tested
36
EAL 2
Structurally tested
37
EAL 3
Methodically tested and checked
38
EAL 4
Methodically designed, tested, and checked
39
EAL 5
Semi-formally designed and tested
40
EAL 6
Semi-formally verified, designed, and tested
41
EAL 7
Formally, verified, designed, and tested
42
What are the 2 parts of the CPU
Arithmetic Logic Unit (ALU)
Control unit
43
What is Fetch-Decode-Execute cycle
Fetch - retrieves information
Decode - understand the instructions
Execute - instructions executed and stored in a register
44
Fetch-Decode-Execute (no pipeline)
Sequential
Book 3.3 slide #4
45
Fetch-Decode-Execute (pipeline)
Pipeline is hardware
Instead of doing it one at a time, can do multiple
Book 3.3 slide #4
46
Complex-Instruction-Set-Computer (CISC)
Long command
x86 CPU
47
Reduced-Instruction-Set-Computer (RISC)
Short command
ARM CPU
48
What is multitasking
Multiple tasks concurrently on one CPU
Heavy Weight - each has own copy of dll
49
What is multithreading
multiple threads concurrently on one CPU
Light weight, point to a copy of the dll
50
What is multiprocessing
multiple task at the same time with multiple CPU
51
What are the 3 types of Memory Protection
Process Isolation
Address Space Layout Randomization (ASLR)
Non eXecutable (NX) Stack
52
Process Isolation
prevents one process from affecting another
53
Address Space Layout Randomization (ASLR)
randomizes address used by programs
54
Non eXecutable (NX) Stack
marks pages of the stack non executable
55
Virtual memory
swapping memory to disk
think disk paging (oldest on disk, newest in RAM)
doesn't correspond directly to physical memory
Threads use virtual address
56
Direct Addressing (memory addressing)
exact location in memory to execute
57
Indirect Addressing (memory addressing)
pointer to location in memory to execute
58
Register Direct Addressing (memory addressing)
refer directly to specific register that already contains the data.
Register are temp storage for the task teh CPU works on at that instant
59
Register Indirect Addressing (memory addressing)
pointer - looks for specified register
Register are temp storage for the task teh CPU works on at that instant
60
Index Addressing (memory addressing)
Memory location plus offset
Think of an array
61
Layering (OS)
Think OSI model
Works with layer above and below it and work independently. If one layer fails, should not affect other other layer
62
Abstraction (OS)
Think of saving file
reduce complexity and hide the inner working of the system
63
What are the 4 layer of Ring Layers of CPU
Ring 3: Applications and utilities
Ring 2: I/O drivers and utlities
Ring 1: OS component not part of kernel
Ring 0: Kernel
All modern OS, only uses ring 0 and 3
64
Trust Platform Module (TPM)
think of motherboard. TPM use to authenticate integrity of the BIOS
**Full disk encryption, if you don't have TPM can't decode to use it.
65
Hypervisor
runs on the host, controlling the VM and their access to the hardware.
66
What is full virtualization
run unmodified applications or OS designed to run directly on computer hardware
67
What is Paravirtualization
runs specially modified applications or OS
68
Unique requirements for VM
**Protect Hypervisor - Must remain secure!!!
| Protect special host (such as drag and drop)
69
What is a database
collection of related data intended for sharing
70
What is Database Management System (DBMS)
Stores data and provides operation CRUD and search
71
What are the 4 types of data model
Hierchial
Mesh
Object-Oriented
Relational
72
Semantic Integrity
Wrong data type
73
Entity Integrity
Primary key
74
Referential Integrity
Foreign key
75
Concurrency
locking so two users can't update at the same time
76
Commit
writes changes to DB
77
2-Phase commit
distributed DB, if commit cannot happen on all db, rollback changes
78
Checkpoint
snapshot of database
79
Database Journal
log file of db changes in real time
80
Data Warehouse
used for queries, does not affect current system
81
Data Mining
looking for something wrong, fraud
82
Aggregation
example - download the entire phone book
iterate through the entire collection to get all the info
83
Inferences
able to find out information of high level from lower level
84
What is Inference Controls
Enforced during query processing (think of CIA and pizza)
Content-Depended access rules (think of phone book and asking for more than 5 at a time)
85
Shadow database
Active - Passive
2 database, 1 mirrors the other. Only one takes the transaction.
86
What is active-active db
Two DB synch, both writing transactions
87
What is active-passive
Two DB synch, one mirrors the other and only one writes transactions
88
What is an applet
Functions w/o sending users request back to the server
Remote code exec on client, additional risk
89
What is Active X
MS version of applet
*Code Signing
90
What is same-origin policy
Protocol, host and port must be same
http(protocol) bank.example.com (host) port 80
91
Whitelisting
only allows specific characters
Whitelisting superior to blacklisting
92
Blacklisting
rejects specifics characters and allows all others
93
Supervisory Control System
Gathers data
| Sends command
94
Remote Terminal Unit
aka Remote Telemetry Unity
Connects devices to SCADA Network
converts analog data to digital
95
Human-Machine Interface (HMI)
Presents data to the operator
96
What are the security issues in SCADA
Older & unpatched
Default credentials
Serial ModBu and Modbus TCP have no built in security
Relied on network separate for security (internet causing issues)
Easily accessible via simple tools like SHODAn
97
Cryptology
study of secure communications
Contains both Cryptography and Cryptoanalysis
98
Cryptography
study of rendering messages indecipherable except to the intended recipients
99
Cryptoanalysis
study of breaking code
100
Cryptosystem
System design to encrypt
101
Definition of Cryptography
hidden writing
102
Plaintext
message in original form
103
Ciphertext
message in encrypted form
104
Encryption
creating of ciphertext from plaintext
105
Decryption
ciphertext back to plaintext
106
Cipher
aka cryptographic algo
107
Work Factor
how long it takes to break
108
Entropy
amount of randomness
109
Exclusive (XOR)
boolean - plaintext to encryption and then back example (pg 108 book 3)
1- true
0 false
Input same - 0
Input different - 1
110
Confusion
destroy pattern key to ciphertext
111
Diffusion
destroy pattern plaintext to ciphertext
112
Rotation Substitution
shift number of characters a set number of spaces
ROT3/ROT13
113
Arbitrary Substitution
Replace one letter for another
114
Polyalphabetic Cipher
Multiple alphabets
115
Permutation
Rearranges the order of the characters (think anagram)
116
One-Time Pad
Cannot Be broken
Truly random
Pads are kept secure - not intercepted
Each key is used once and never used
117
What are the Cryptography Lifecycle
Cryptographic limitations
Algorithm Selection
Protocol Governance
Key Managment
118
What are the two ways to encrypt data
Block by block encryption
| Encrypt the entire stream
119
What are the goals of the cryptography
Contains at least one or more of the items below
Confidentiality - secrets remain secrets
Data Integrity - data not altered
Authentication - providing identity claim
Non-Repudiation - can't deny you did it. - this is combines data integrity and authentication
120
Non-Repudiation
combines data integrity and authentication
| Can't deny you did something
121
Symmetric
single key encrypt/decrypt
122
Asymmetric
two key to encrypt/decrypt
123
Hashing
"integrity" & Fixed Length
one way encryption
using algorithm with no key encryption
124
DES: Data Encryption Standard
Describes the data encryption algorithm (DEA) - cipher
64 bit block
56 bit key size
125
What are types of cipher mode
```
Electronic Codebook (ECB)
Cipher Block Chaining (CBC)
Output Feedback (OFB)
Cipher Feedback (CFB)
Counter Mode (CTR)
```
126
What is Electronic Codebook (ECB)
Does not destroy pattern
Weakest of modes
No chaining
127
What is Cipher Block Chaining (CBC)
requires IV
ensures confidentiality for known text
Chaining - ciphertext use as input for next plaintext encryption
128
Output Feedback Mode (OFB)
Streaming Cipher
1 bit
Requires IV
does not propagate errors
129
Cipher Feedback Mode (CFB)
```
Similar to CBC, but streaming not block
1 bit
Feedback like chaining
Requires IV
Errors will propagate
```
130
Counter Mode (CTR)
Streaming Cipher
Use counter as IV
Doesn't propagate error
131
What are DES Weaknesses
crackable short time
| Small keyspace, brute force
132
Triple DES
3DES
TDEA (remember this)
Three rounds of DES
133
Double DES
Meeting the middle flaw issue
134
How does Triple DES work
Encrypt, Decrypt, Encrypt
3 Different Key
Backward compatible with single DES
135
International Data Encryption Algorithm (IDEA)
Key length - 128 bit
Block size - 64 bit
slower than AES
136
Advance Encryption Standard (AES)
Underlying - Rijndael
Symmetric block ciper
Block size: 128 bits
Variable key length: 128, 192, 256 bits
137
What are the 4 AES basic functions
SubBytes - Substitute bytes
ShiftRows - Shift rows (rotation)
MixColums - Mixes Columns
AddRoundKey - XOR (boolean) state with a subkey at the end of each round
138
Blowfish
Symmetric block cipher
Block size - 64 bit
Key length - 32-448 bit
139
Twofish
Symmetric block cipher
Block size - 128 bit
Key length - 128,192,56 bit
140
RC5
Symmetric block cipher
Block size - 32,64, 128 bit
Key length - 0-2040 bit
141
RC6
Symmetric block cipher
Block size - 128 bit
Key length - 128,192, 256 bit
142
Tractable Problems
Easy problems
| Think prime number times each other
143
Intractable Problems
Hard problem, cannot be solved quickly
| Example 391 is what number x what number
144
Diffie-Helman Key Exchange
Does not provide confidentiality, not encryption
| exchange symmetric key via public channel
145
Exponentiation
9^13
146
Logarightms
Opposite of Exponentiation
147
Digital Signatures
Authentication and integrity
proves it was signed and not changed
Asymmetric encryption and hash (RSA & SHA-1)
148
What are three steps to digital signatures
Plaintext -> Hash - > Asymmetric Encryption
149
Digital Signature Creation
Encrypt Private Key
150
Digital Signature Verification
Decrypt with Public key
151
Hash Message Authentication Code (HMAC)
Symmetric
| Authenticate holder of symmetric key and verifies integrity
152
What is Public Key Infrastructure used for (PKI)
Creating certs
Maintaining Certs
Revoking Certs
153
What are the 5 components of PKI
Certificate Authority - issues/revokes certs
Organizational Registration Authority (ORA) vouch for the binding between public key and cert holder
Cert holder - sign digital certs
Clients that can validate digital signature
Central Repo
154
How does PKI work
User A trust PKI server A: Therefore User A trust
any server signed by Server A
Any cert signed by Server A
any cert or server trust by Server A
155
What are the trust model for CA
Hierarchical - Tree/leaf
Bridge - joining two organization CA
Mesh - 3 or more AC to trust each CA w/Hierarchical
Hybrid - some combination of the three
156
PKI Cert Lifecycle
```
Registration
Creation
Distribution
Validation
Key Recovery
Expiration
Revocation
```
157
Certificate Revocation List (CRL)
Entire list must be downloaded
CRL download can be network intensive
No real time notification
158
Key Escrow
Split key in half - Separation of duties
159
Pretty Good Privacy (PGP)
Symmetric, asymmetric, and hash cipher
Digital Signatures
secure communication w/o pre-sharing keys
Decentralized
160
Transport Encryption
End to end encryption
e.g VPN
Focus on confidentiality but properly configured provide confidentiality, integrity, authentication, and non-repudiation
161
TLS & SSL
TLS 1.0 is SSl 3.1
backward compatibility with SSL
TLS current version 1.2
162
SSL/TSL Warning
sign of man in the middle attack
| DNS poisioning
163
IPSEC
```
Authentication Header (authentication/integrity, digital signature)
*AH - does not provide confidentiality
Encapsulating Security Payload (ESP) - confidentiality, integrity, and authentication.
ESP protects data, NOT the header
```
164
IPSEC Security Association
```
One way (simplex)
Bidirectional communications requires 2 SA
```
165
Perfect Forward Secrecy (PFS)
Key 1 generates key 2
If key 1 compromised
Key 2 still secure
166
Secure Shell (SSH)
```
replaced telnet, fpt
provides secure network terminal access and file transfer
port 22
SSHv1 - man in the middle attack issue
SSHv2 is preferred over SSHv1
```
167
Known plaintext
some of plaintext is known as well as portion of ciphertext
| Used that to figure out the rest...thing uboat/enignma
168
Chosen plaintext
choose what gets encrypted to get the outpout
169
Adaptive chosen plaintext
chosen plaintext with iterations based on knowledge of the output
170
Chosen Key Attack
know something about the key (e.g. numbers only, upper case)
| reduce number of characters to try
171
Analytical attacks
use algo and math to figure out key
| reduce the portion to be searched
172
Statistical attacks
use statistical character of language or weakness in key
173
Differential attacks
analyze results difference based on plaintext using a crypto key
think of example of making every 10 character an upper case X
174
Linear attack
linear analysis of pairs of plaintext and ciphertext
175
Differential linear attack
applying differential analysis with linear analysis
176
Side-Channel attack
Use physical data to break crypto system
| monitor CPU
177
Birthday Attack
deals with hash collision
178
Steganography
Data hiding
| Images, word document, text documents
179
Contraband checks
x-ray, metal detectors
180
What are the types of facility control
```
Fences
Landscape
Vehicle barriers
Guards
Dogs
Badges
Lights
Motion detectors, sensors, and alarms
```
181
Fences
3-4 ft/ 1 meter - deter causal trespasser
6-7ft / 2 meters - too high to easily climb
8 ft / 2.4 meters + 3 strands of barb wire - prevents determined intruder
182
Gates
Class I - residential
Class II - commercial (parking garage)
Class III - Industrial (loading dock/factory)
Class IV - restricted access (prison/airport)
183
Mantraps
Think of bank processing facility
Physical preventive control
Entrance protected by 2 doors
Intruder confined between 2 doors
184
Restricted Area
Establish restricted and non-restricted area to determine perimeter
Escort from restricted area (employee/guard)
Perimeter of restricted area (space/time)
185
How to deter unauthorized access
Educate - Employees only sign
| Discourage - Psuedo-guard (unarmed)/prosecuted sign)
186
Security guards
```
Duties
Checking entrance credentials
Issue/removing visitor badge
Monitor CCTV
Guards be trained and have complete and clear orders
Guards are expensive
```
187
Dogs
**Main issue - Liability
deployed for perimeter security in controlled/enclosed area
Better are hearing and seeing at night
cost incur beyond basic feed and care (e.g insurance and liability)
188
What is required lighting
2 candle power
| Install lighting at least 8 ft high (2.4 m) and illumination of 2-foot candles
189
Types of motion detectors, sensors and alarms
Motion (sonic sounds, ultrasonic sounds, microwave (radio waves))
Photometric - IR
Acoustical-sesmic detection - microphone
Proximity - electronic field sense presense
190
Site Selection
Visibility
Local consideration (hazards, crime rate)
Natural disaster (earthquake, flood, etc..)
Transportation (easy access to transit, high traffic area)
Shared tenancy (HVAC)
191
Facility design
Slab to slab
Wall - Fire rating - 1 hr
Door- solid/hollow core
192
Enclosed areas
Slab to Slab wall - so intruder can't sneak underneath etc..
193
Doors
make sure which way the door swings to make sure when it open not block critical exit point
Doors open out, not in!
Fire rating equal to walls
194
Windows
```
Laminated glass
Wired glass
Solar window films
Security film
Glass Breakage
Bulletproof
Explosive resistant
```
195
Locks
Preventive control
| lock bumping - shave points down on key
196
Combination lock
no accountability - don't know who unlocked it.
197
Physical Security
Overlooked because assume already in place
Should be:
Risk-based
Focused on critical intellectual property (IP)
Balance with safety
198
Wiring closets
avoid spaghetti cable
| don't intermingle power and network cable
199
Wiring closets
closets should be secure
| Demarc should be secure
200
Server room
all three dimension (floor, ceiling wall) should be secure
all walls, doors, windows, floors, ceilings - 1 hour fire rating
Slab to slab walls
201
Media storage
Stored off site and encrypted
Strict procedures
use bonded and license company for off-site storage
Make sure not impacted by same disaster
202
Earthquakes
Detective - structural assessment
| Corrective - structural reinforcement, evacuation
203
Floods
Detective - detectors (moisture, humidity)
| Corrective - bilge pump, evacuation
204
HVAC
Positive Pressure - bad stuff goes out
proper temp and humidity level
Design for computers, no human
205
HVAC Temp & Humidity
Temp - 70-74 degrees / 21-23 celcius
Humidity -40-60 % (50 % + or - 10)
Low humidity - static
High humidity - moisture (rust)
206
Humidity
```
Maintain proper humidity level
Anti-static spray
Anti-static flooring
Grounding buildings and computers properly
Anti-static table covering
Anti-static floor mats
```
207
Electrical Power
```
Fault: momentary power loss
Sag: momentary low voltage
Brownout: prolonged low voltage
Blackout: loss of all power
Spike: momentary high voltage
Surge: prolonged high voltage
Transient: short duration noise interference
```
208
Smoke & Fire
Detective: smoke detectors, heat sensors, flame
Suppressive: sprinkler, extinguishers
209
Smoke detectors
change in ionization
| change in light beam
210
Fire Detectors
sense pulsation of flame
| Need line of sight
211
Fire Classes (A-D)
A: Think ash (wood) - Suppression - water
B: Liquid (Banana Suit) - Suppression - soda acid
C: Conductive (electrical) - Suppression - gas
D: Combustible Metal - dry powder
212
Fire Suppression
CO2 & soda acid remove fuel and oxygen
Water reduces temperature
Gas (Halon/Halon Sub) interferes with chemical reactions between elements
213
Fire Suppression Systems
```
Zones of coverage
Time-release
HVAC off before activation
Water and gas (Halon)
Gas best used in pre-action, time delayed mode:
Halon <10% breathed in healthy person.
```
214
Wet pipe
filled with water
| activated once reaches 165 degrees, material melts
215
Dry Pipe
not filled with water - held back
| activated once reaches 165, valves open
216
Pre-action
hybrid between wet & dry pipe
217
Deluge
similar to dry pipe, larger amount of water
218
Gas discharge
Halon
| installed under the floor of computer area
219
Portable extinguishers
```
50 feet of electrical equipment
At exits
clearly marked with unobstructed view
Easily reached and operated by average size person
inspected regularly
```
220
Water (Fire)
fire protection and insurance support use of water are primary fire extinguishing agent for all business environment.
221
CO2
Colorless, odorless and potentially lethal cause it removes oxygen
Gas mask - no protection
best use - unattended facilities
built in delay for manned areas
222
Halon
Must be thoroughly mixed with air
1/1/94 - have to stop using it -releases ozone depleting substances
FM-200 - most effected replacement
FM-13 breathable up to 30% concentration
