Domain 3 summary

Architecture
- enterprise architecture
- Security architecture

Defines how computing components are buit

Define show components connects communicates
How services get from system to users

Enterprise Architecture
IT stragegy
- Business archi. - products and services
- Information archi - data and information
- Application archi - system and applications
- Technology archi - network and infrastructure

Architecture integration
All information is not equal nor constant interns of value and risk over time

An efficient security program that applies the right tehc to project most critical
assent

Combined with quality prcoess

Security architecture
The manner in which security controls are designed, Implemented and integrated into
the system architecture.

Enterprise security architecture

- Building blocks for infosec
- Long term strategy for seuciry services
- Priorities for security services development

Key goal and objectctives

- Simple and long view o f control
- Unified vision for common security controls
- Leverages existing technology
- Flexible approaches to current and future threats

Benefits
- Helps decision maker to investment and design
- Future state tech architecture
- Support , enable , extent security policies and standards
- manages it solutions risk consistently.
- Reduce cost and improve flexibility
- Security mechanism for end of life

Common security services

- Boundary control services - firewalls, DMZ,Trusted DMS
- Access control services - SSO, IDM
- Integrity services - IPS
- Cryptographic services. PKI,NR,DC
- Audit and monitoring services - IDS

Common Criteria
- Documenting security requirements
- Documenting and validating security capabilities
- promoting international cooperation in are of it security.
Capturing and analysing requirements
Regardless of which framework used
- Business requirements for key stakeholders
- Key principles and grinders for design

Type of Requirements
- Functionals - controls, assets,threaths
- Non functional - QOS, performance and reliability
- Capturing requirements - vulnerabilities assessment, risk Asse, threat modelling.

information systems security evaluation models

- Security policy. What is requirement
- Security model - how this will work
- Formal security model - evaluate product.

Security models
- Requirements, CIA?
- Flexible
- May need to combine more than one model.

Example:
Security policy
-NIST
ISO
Security model
Programmin code
Operating system

Bell-LaPadula confidentiality Model

- Primary objective Confidentiality
- Multilevel security system
- Lattice based model (lattice- multiple level)
- State machine model
-
Simple security property - NO READ UP /READ DOWN
Star security property- No Write Down /Write up
Strong security property Constrained (Tranquility
)

Biba Intercity Model

- Address only and only Integrity
- Two main rules
- Start integrity - Subject cannot write data to an object at a higher integrity
level.
- Integrity level
- Simple integrity property means no read down

Simple property means READ

START means Alter/Edit/Write

Clark-Wilson interiors model

- Focused on integrity
- Well formed transactions One transaction should flow via multiple checkpoints. If
one checkpoint fails transaction can not go further
- separation of duties.
- Prevents users from making improper medication
 - Forces collision to commit fraud
Brewer Nash (Chinese wall)
- Prevent conflict of interest
- UAT- Prod segregation
Graham -Denning Model

Information flow Model

- Classification and Need to Know
- Covert channels (bypass control and get access)
- information flow Lower security levels to higher level.

Non Interference Model

- Higher security level does not interfere with actions at lower security level
- Project state of entity at lower security level

Lattice Model
- Used in military
- Control model

Certification Technical evaluation

Accreditation- acceptation from management
-TCSEC(Trusted computer system Evaluation Criteria) used by DOD in their
Orange Book.

Common Criteria
- ISO/IE
C 15408 standard was first truly international product evaluation criteria
- Protection Profile
- ELA types (Evaluation Assurance Level)
- EAL1 Functionally tested - lowest
- EAL2 Structurally tested
- EAL3 Methodically tested and checked
- EAL4 Methodically designed , tested and Reviewed - Medium
- EAL5 Semi-formally designed and tested
- EAL6 semi-formally verified design and tested
- EAL7 Formally verified design and tested.

Module Topics
Access control Mechanisms
*Subject is active entity and Object Passive Entity (Subject user and object is
asset)
- Distinguish subject and object
- How sub and obj allowed to interact
- Assign identifiers to both sub n obj
- Authenticate all sub before they allowed to access resources on system

Processor State
- Support at least two Staes: supervisor (kernel mode) and problem (user mode ring
level3)
Layering
- Separate functional components thats tract in sequential and hierarchical way
- Ensure that volatile and sensitive areas are protected unauthorised access
Process Isolation
- Protect interaction with process
- Name distinguishes
- Distinct address space for each process in memory
- Virtualization :
- Type of Host
- Virtual host (Guest os)
- Physical host (Bare metal)
Type 1
Bare Metal ==> Hypervisor ==> Guest OS
- Less functionality More Secure
Type 2
Bare Metal => OS=> Virtual workstation
=> VMs
- more functionality but less secure

Common Threats
- System intergircy
- Confidentiality
- Availability
- Hardware failure
- Misses of system
- Buffer overflows memory attacks
- Denial of services
- Reverser engineering
- System hacking

Architecture based Risk

-System emanations (TEMPEST is standard to control system Emanations)
-Single point of failure
-Bypassing controls
-Race conditions (State attack) Two processes try to access same resource but they
should be in proper sequence) (Time of Check and time of use Attack)

State Attacks
“State attacks are also known as “race conditions”, which attempt to take advantage
of how a system handles multiple requests “

Covert Channel
- Covert - closed
- Overt - open
Two type attacks
Storage
Memory reuse
Object reuse
Timing
TOC, TOU,RC

Mainframes and other thin client system

Embedded Systems
*Firmware is basically ReadOnly*
Pervasive computing and model devices
*mobility is primary factor of data loss and control*

Guidelines for mobile security NIST 800 124

Security for Desktops, laptops and thin clients

Mobile device Management

Remotely manage mobile device using mdm agents
- refere screenshot

Server Based
Warehousing - Data warehousing is collected data sources or DB.
Big Data - also called as unstructured data (Primary concern is Privacy) .
Information should be masked for sensitive data while sharing with analytical tools

Data Mining
- Running queries on databases to collect information from data warehousers.
Counter measure is data masking

Large scale parallel data systems

-cluster computing, grid computing, cloud computing, the internet,
telecommunication, cyber physical systems, M2M
Examples: torrents,

IOT - protected as an endpoint

- not part of core infrastructure must be isolate from IOT

Grid computing
- Used in cloud providers

Cloud computing

Cloude service models

Service model - SAAS, PAAS, IAAS
Deploy model - private cloud, community cloud, hybrid cloud.

Cloud Security
- Refere Screenshot
Responsibility Matrix for security
Refere screenshot
Domain 2 summary
1. Asset sec is about protecting security of assets

2. Classification of information is very important - Categorisation is a part

of classification

3. Marking information based on appropriate clearance level – based on data

subject

4. Primary classification based on business value - Classification deals with

sensitivity- Categorisation deals with impact on CIA – criticality

5. Data classification – analysing data – determining importance and value -

Classification aim based on value and importance - Marking handling is for
visibility and classification

6. Sensitivity and Criticality - Sensitivity – amount of damage that would be

done on disclosure - Critical talks about time sensitivity of data – how much
revenue / cust dissatisfaction

7. A classification policy needs to talk on all of these: access, security,

the data owner / business owner needs to know the regulatory requirements and
dictate data custodian (if both data owner / buss owner – pls select buss owner).
Method of disposal of data, encryption, appropriate use of data

8. Proper data classification helps the org with rules and regulation (ex
pcidss – card data to be encrypted) - Classification is of 2 types – commercial
and military - Clearance mostly used in military

9. Commercial Categories - private (ssn, addhaar), comp restricted – data

restricted to emp, comp confi- only within comp, public – open to all

10. Military categories– top secret, secret and confidential unrestricted

11. Components of asset management – Inventory management and configuration

management

12. Inventory – what, where and who owns assets - Overall objective of inv
management – accuracy of HW and SW

13. CMDB – config mgmt. DB – logical entity to maintain accuracy of secure state
across all systems - CMDB- enablers - single centralised repository, aligned to
Org processes and objectives – scalable technologies

14. Change management is part of config management – aims at stability

15. Good data management practices – strategic gaols, defined roles and resp,
documentation etc

16. Cost providing data Vs cost of providing access to data need to be considered

17. Software licences – must be controlled – conduct inventory scan to check

unlicensed software – to curb violations – prevents illegal duplication - done by
media librarian - Equipment = physical, alternate for equipment =service

18. Determine maintain ownership - Data owner – owns, data custodian – manages
data - Data steward – business driven responsibility – like a custodian but not
exactly – custodian examples – DB admin, app developer, proj manager etc

19. data life cycle - create store use share archive destroy - create and destroy
=data owner- others by data custodian

20. Data policy – strategic - Flexible, dynamic, attainable

21. Protecting Privacy - DS – DO-DC to GDPR DS – DC-DP – most R& O and objectives
as per GDPR –LFT, storage, purpose limitation, CIA, accuracy etc.,

22. Group of data = information – created from a system – information is always

mission oriented – produced by people process technology – Information owner knows
the impact of info on mission of org

23. QC – based on internal std and control – due care - QA – quality audit –
quality is assessed against ext std – due diligence

24. Verification and validation required for maintaining data quality –

prevention – correction - Documentation key to good data quality - Data
documentation aka meta data – help locating the data - Data documentation practice
- data set title file name (for identification) , file content, metadata

25. Effective working of data management requires data audit

26. Data Remanence - HDD –data magnetically wirtten on hard drive - SSD- solid
state drive - Flash memory

27. Track – sector and combination of them is cluster and data is stored here

28. Clearing not a technique to destroy disk but only make data unreadable and
unrecoverable – uses overwriting or zerozisation software overwrite - Random value
into Hexa decim
al values – thus rendering data unreadable -Clearing performed only once

29. Purging and sanitisation is same – removal to prevent reconstruction-

repeated clearing includes zerozisation and degaussing - more secure than clearing

30. Degauss – LCD – expose to strong magnetic field – physical level data
destruction - As per vendor guideline no guarantee for reuse of disk

31. Degauss not applicable for SSD only destruction- first destroy data then disk

32. Cloud – crypto erase or crypto shredding – its an encryption- first data is
encrypted and then upload data on cloud. For destruction – destroy key and destroy
data which is encrypted. Encrypt key. So destroy both keys and then data -
Physical sec of storage resp of cloud serv provider

33. Ensure appropriate retention – legal, business, forensics and investigation

34. By scoping and tailoring – build effective security posture

35. 3 types - data at rest, data in transit and data in use. Only in 1st 2
encryption is possible

36. for data in use - data right management and DLP prevents copying in another
machine

37. For data in transit encryption ins imp because =even if link is intercepted
the content should not be readable

38. Data at rest – use encryption tools to balance between security and speed –
supported by strong password

39. Covered data means masked data

40. Removable media should have title, data owner and encryption date on its
label – generally very useful for tracking but can be counter-productive in case of
destructive motive
Classifying Data

The day to day management of access control requires management of labels,

clearances, formal access approval, and need to know. These formal mechanisms are
typically used to protect highly sensitive data, such as government or military
data.

Labels

Objects have labels. A critical security step is the process of locating sensitive
information and labeling and marking it as sensitive.

Executive Order 12356 – National Security Information

Top secret – applied to information, the unauthorized disclosure could be expected

to cause exceptionally grave damage to national security

Secret – applied to information, the unauthorized disclosure could be expected to

cause serious damage to national security

Confidential – applied to information, the unauthorized disclosure could be

expected to cause damage to national security
Unclassified – Data not sensitive

SBU Sensitive but unclassified – Data that is not a matter of national security
such as health records of enlisted personnel

FOUO – For Official Use Only

Security Compartments

Compartments allow for additional control over highly sensitive information. This
is called sensitive compartmented information (SCI). These compartments require a
documented and approved need to know in addition to a normal clearance such as top
secret.

Clearance

A clearance is a formal determination of whether or not a user can be trusted with

a specific level of information. Clearances must determine the “subject’s” current
and potential future trustworthiness. These clearances mirrors the respective
object labels of confidential, secret and top secret.

Formal Access Approval

A documented approval from the data owner for a subject to access certain objects,
requiring the subject to understand all the rules and requirements for accessing
data, and consequences should the data become lost, destroyed or compromised.

Need to know

Refers to answering the question: does the user “need to know” the specific data
being accessed? Need to know is more granular than “least privilege”; unlike least
privilege which typically groups objects together, need to know access decisions
are based on each individual object.

Sensitive Information/Media Security

Sensitive Information – Sensitive data physically reside on some sort of media,

primary storage and backup storage. It can be transferred internally or externally.
Wherever it is, CIA must be considered. Data should not be destroyed, disclosed, or
altered.

Handling – Sensitive media should be handled by trusted individuals with strict

policies regarding handling.

Storage – Sensitive information should be encrypted. Use of strong security

controls is required where media contains sensitive information is accessible

Retention – Retention of sensitive information should not persist beyond the period
of usefulness or legal requirement whichever is greater.