Security & Threat Models

Question 1

Bell-LaPadula

Answer 1

Focus is on Data Confidentiality

state machine model = military

Question 2

Data Access Controls

1. MAC - mandatory access control
2. ACM - access control matrix
3. DAC - discretionary access control
4. Non-discretionary access control

Answer 2

1. MAC = permissions that are determined by org policy and need to know.
2. ACM = rule based access control, is an example of non-discretionary. ACM is an ACL in the form of a table and columns.
3. DAC = permissions set by the Data Owner (not org policy / need to know)
4. Non-discretionary = permissions that are primarily set by the Administrator (not org policy / need to know).

Question 3

SD3+C

Answer 3

Secure by Design
Secure by Default
Secure in Development & Communication

Question 4

How to apply Threat Modeling

Answer 4

1. Choose a threat modeling concept (STRIDE, VAST, etc.)
2. Diagram potential attacks

Determine the potential attacks via a diagram of the elements involved: who each component + boundaries + data flow

Question 4

How to apply Threat Modeling

Answer 4

1. Choose a threat modeling concept (STRIDE, VAST, etc.)
2. Diagram potential attacks

         Determine the potential attacks via a diagram of the elements involved: who each component + boundaries + data flow

3. Perform Reduction Analysis

        AKA decomposing the app.

   Reduction Analysis = IDENTIFY 5 key concepts:

   1. Trust Boundaries
   2. Data flow paths
   3. Input points
   4. Privileged Operations = requires elevated permissions
   5. Security stance / approach =

4. Prioritize how to Respond = establish a threat prioritization chart
   1. Document the threats ascertained from the above
   2. Rank or rate each threat using:
      
      • Probability X Damage Potential
      • DREAD
      • high/medium/low

Question 5

Access Control Categories

Answer 5

Preventative = drug test, least privilege, IPS, firewalls, encryption

Detective = IDS, CCTV, alarms, anti-virus

Corrective = anti-virus, patches, IPS

Recovery = disaster recovery, backups, high availability

Deterrent = fences, dogs, lights, signs

Compensating = used when other controls (above) are too costly to implement

Question 6

TCB / TCSEC

Answer 6

trusted computing base / trusted computer system evaluation criteria

US DoD standard

aka Orange Book

a combination of hardware, software and controls that work together to form a TCB for a security policy.

Components:

1. Hardware & software elements
2. Security Perimeter
3. Reference Monitor & kernels

Question 7

Composition theories

Answer 7

follows how data flows between systems rather than within an individual system.

Cascading = input for one system comes from another

Feedback = one system provides input to another, which reciprocates by reversing roles

Hookup = one system sends input to another but also sends to external

Question 8

Protection Rings

Answer 8

oldie but a goodie, goes back to 1963

organizes code & components in an O/S into concentric rights within a runtime environment

0 = highest level of privilege, access anything = kernel / memory
1 = parts of O/S, apps that interact with kernel 
2 = I/O drivers and system utilities - access peripheral devices
3 = user level programs / apps

Rings 0 - 2 == supervisory mode aka privilege mode aka system mode
Ring 3 == user mode

Question 9

Accidental or intentional exploitations of vulnerabilities?

Answer 9

Threat Events

Question 10

Biba Model

Answer 10

data integrity and lattice based

a common choice for commercial orgs (not military)

state machine model

Question 11

Clark-Wilson Model

Answer 11

1987

data integrity

Subject - Program (or Interface) - Object

Question 12

Brewer and Nash (aka Chinese Wall)

Answer 12

data isolation

prevents conflicts of interest.

Question 13

State Machine Model

Answer 13

a system that is always secure no matter what state it’s in.

bela-lapadule
biba

Question 14

Information Flow Model

Question 15

Firewalls

Static Packet Filtering

Circtuit-Level Gateway

Application-Level Gateway

Stateful Inspection -

Deep Packet -

Next Gen -

Answer 15

Static Packet Filtering –> First Gen –> Layer 3

Circtuit-Level Gateway –> Layer 5 –> used to connect trusted partners

Application-Level Gateway (Proxy) –> Layer 7 –>

Stateful Inspection (Dynamic) - Layer 3 / 4

Deep Packet –> Layer 7

Next Gen - multifunction device (IDS, IPS, QoS, etc)

Question 16

Authentication Factors (1-3)

Answer 16

Type I = something you know

Type II = something you have

Type III = something you are.

Question 17

What would an organization do to identify weaknesses?
A. Asset valuation
B. Threat modeling
C. Vulnerability analysis
D. Access review

Answer 17

A vulnerability analysis identifies weaknesses and can include periodic vulnerability scans and penetration tests.

Asset valuation determines the value of assets, not weaknesses.

Threat modeling attempts to identify threats, but threat modeling doesn’t identify weaknesses.

An access review audits account management and object access practices.

Question 18

Authentication Factor(s)

Answer 18

Type I = something you know (passwords / pins)

Type II = something you have

Type III = something you are

Question 19

Computer Security Incident Response

Answer 19

Detection
Response
Mitigation
Reporting
Recovery
Remediation
Lessons Learned

DRMRRRL

Dogs Run Miles Round Round Round Loop

Question 20

IPSec Protocols

Answer 20

AH = protects data from tampering = nonrepdutiaion

ESP = encrypts payload

IKE = handles key exchange for ESP

ISAKMP = provides background security support services for IPsec, including managing security associations.

Question 21

Security planning documentation should ________________.

Answer 21

A. Define work for individuals
B. Assign blame for faults
C. Prescribe tasks to roles
D. Be posted for public access

As a general rule of thumb, security policies (as well as standards, guidelines, and procedures) should not address specific individuals. Instead of assigning tasks and responsibilities to a person, they should be defined for a role. Then these defined roles are assigned to individuals as a job description or an assigned work task. The assignment of a role to a person is not part of the security policy documentation. Rather, that activity is a function of administrative control or personnel management. Thus, a security policy does not define who is to do what but rather what must be done by the various roles within the security infrastructure.

Question 22

The ____________ model is focused on the secure creation and deletion of both subjects and objects. Ultimately, this model is a collection of eight primary protection rules or actions that define the boundaries of certain secure actions.

Answer 22

A. Biba
B. Sutherland
C. Graham–Denning
D. Brewer–Nash

The Graham–Denning model is focused on the secure creation and deletion of both subjects and objects.

The following eight primary protection rules or actions define the boundaries of what security model?

Securely create an object.
Securely create a subject.
Securely delete an object.
Securely delete a subject.
Securely provide the read access right.
Securely provide the grant access right.
Securely provide the delete access right.
Securely provide the transfer access right.

A. Graham-Denning
B. Bell-LaPadula
C. Take-Grant
D. Sutherland

The Graham-Denning model is focused on the secure creation and deletion of both subjects and objects. Ultimately, Graham-Denning is a collection of eight primary protection rules or actions (listed in the question) that define the boundaries of certain secure actions.

Question 23

Which of the following algorithms/protocols provides inherent support for nonrepudiation?

Answer 23

A. HMAC
B. DSA
C. MD5
D. SHA-1

The Digital Signature Algorithm (as specified in FIPS 186-2) is the only one of the algorithms listed here that supports true digital signatures, providing integrity verification and nonrepudiation. HMAC allows for the authentication of message digests but supports only integrity verification. MD5 and SHA-1 are message digest creation algorithms and can be used in the generation of digital signatures but provide no guarantees of integrity or nonrepudiation in and of themselves.

Question 24

In which phase of the Capability Maturity Model for Software do developers begin to operate according to a set of formal, documented software development practices?

Answer 24

A. Initial B. Repeatable C. Defined D. Managed The Defined phase introduces formal, documented software development processes. CMM Levels: Initial (chaotic, ad hoc, individual heroics) - the starting point for use of a new or undocumented repeat process. Repeatable - the process is at least documented sufficiently such that repeating the same steps may be attempted. Defined - the process is defined/confirmed as a standard business process Capable - the process is quantitatively managed in accordance with agreed-upon metrics. Efficient - process management includes deliberate process optimization/improvement.

Question 25

What is Risk?

Answer 25

A. Any potential occurrence that can cause an undesirable or unwanted outcome B. The actual occurrence of an event that results in loss C. The likelihood that any specific threat will exploit a specific vulnerability to cause harm to an asset D. An instance of being exposed to asset loss due to a threat Risk is the likelihood that any specific threat will exploit a specific vulnerability to cause harm to an asset.

Question 26

What security model is based on dynamic changes of user privileges and access based on user activity? A. Sutherland B. Brewer–Nash C. Biba D. Graham–Denning

Answer 26

The Brewer–Nash model is based on dynamic changes of user privileges and access based on user activity.

Question 27

Which of the following is a documented set of best IT security practices crafted by Information Systems Audit and Control Association (ISACA) and IT Governance Institute (ITGI)? A. ISO 17799 B. COBIT C. OSSTMM D. Common Criteria (IS 15408)

Answer 27

Control Objectives for Information and Related Technology (COBIT) is a documented set of best IT security practices crafted by Information Systems Audit and Control Association (ISACA) and IT Governance Institute (ITGI).

Question 28

Which of the following security models is most often used for general commercial applications? A. Brewer and Nash model B. Biba model C. Bell-LaPadula model D. Clark-Wilson model

Answer 28

Of the four models mentioned, Biba and Clark-Wilson are most commonly used for commercial applications because both focus on data integrity. Of these two, Clark-Wilson offers more control and does a better job of maintaining integrity, so it’s used most often for commercial applications. Bell-LaPadula is used most often for military applications. Brewer and Nash applies only to datasets (usually within database management systems) where conflict-of-interest classes prevent subjects from accessing more than one dataset that might lead to a conflict-of-interest situation.

Question 29

Which of the following is occurring when a user professes an identity with a login ID? A. Identification B. Authentication C. Auditing D. Authorization

Answer 29

Identification occurs when a user professes an identity with a login ID. The combination of the login ID and the password provide authentication. Auditing provides accountability. Users are granted authorization to access resources based on their proven identities.

Question 30

What is a threat modeling methodology that focuses on a risk-based approach instead of depending upon an aggregated threat model and that provides a method of performing a security audit in a reliable and repeatable procedure? A. VAST B. Trike C. STRIDE D. DREAD

Answer 30

Trike is a threat modeling methodology that focuses on a risk-based approach instead of depending upon the aggregated threat model used in STRIDE and DREAD; it provides a method of performing a security audit in a reliable and repeatable procedure. Visual, Agile, and Simple Threat (VAST) is a threat modeling concept based on Agile project management and programming principles.

Question 31

Which conceptual security model offers the best preventive protection against viral infection and outbreak? A. ISO/OSI reference model B. Concentric circle C. Operations security triple D. CIA Triad

Answer 31

b A concentric circle security model represents the best practice known as defense in depth, a layered approach to protecting IT infrastructure.

Question 32

What is the best definition of a security model? A. A security model states policies an organization must follow. B. A security model provides a framework to implement a security policy. C. A security model is a technical evaluation of each part of a computer system to assess its concordance with security standards. D. A security model is the process of formal acceptance of a certified configuration.

Answer 32

Option B is the only option that correctly defines a security model. Options A, C, and D define part of a security policy and the certification and accreditation process.

Question 33

What Clark-Wilson model feature helps protect against insider attacks by restricting the amount of authority any user possesses? A. Simple integrity property B. Time of use C. Need to know D. Separation of duties

Answer 33

D. Separation of duties

Question 34

What security services are provided by Kerberos for authentication traffic? A. Availability and nonrepudiation B. Confidentiality and nonrepudiation C. Confidentiality and integrity D. Availability and authorization

Answer 34

Confidentiality and integrity