Cissp d3 Slides
Cissp d3 Slides
2
Course Agenda (continued)
3
Domain 3
Security Architecture and Engineering
4
Domain Objectives
1. Implement engineering processes using secure design
principles.
2. Manage engineering processes using secure design principles.
3. Identify the purpose of security models.
4. Identify common security models.
5. Differentiate between security requirements and security
controls.
6. Identify types of controls.
7. Identify common or inheritable controls.
5
Domain Objectives (continued)
8. Select appropriate security controls.
9. Identify major control frameworks.
10. Tailor security controls.
11. Identify security control evaluation criteria.
12. Identify types of system security capabilities.
13. Employ integrated security elements.
14. Identify vulnerabilities and mitigations in client-based systems.
15. Identify vulnerabilities and mitigations in server-based systems.
16. Identify vulnerabilities and mitigations in database systems.
6
Domain Objectives (continued)
17. Identify vulnerabilities and mitigations in industrial control
systems (ICSs).
18. Identify vulnerabilities and mitigations in cloud-based systems.
19. Identify vulnerabilities and mitigations in distributed systems.
20. Identify vulnerabilities and mitigations in Internet of Things (IoT).
21. Assess and mitigate vulnerabilities in web-based systems.
22. Assess and mitigate vulnerabilities in mobile systems.
23. Assess and mitigate vulnerabilities in embedded systems.
24. Understand key terms associated with cryptography.
7
Domain Objectives (continued)
25. Understand how security services such as confidentiality,
integrity, authenticity, non-repudiation, and access control
are addressed through cryptography.
26. Understand basic cryptography concepts of symmetric
and asymmetric.
27. Describe hashing algorithms and digital signatures.
28. Understand the importance of key management.
29. Understand cryptanalysis methods.
30. Apply security principles to site and facility design.
31. Implement and manage physical security controls.
8
Domain Objectives (continued)
32. Implement and manage physical controls in wiring closets
and intermediate distribution facilities.
33. Implement and manage physical controls in server rooms
and data centers.
34. Implement and manage physical controls in media storage
facilities.
35. Implement and manage physical controls for evidence storage.
36. Implement and manage physical controls in restricted areas.
37. Implement and manage physical controls in work areas.
9
Domain Objectives (continued)
38. Implement and manage environmental controls for utilities
and power.
39. Implement and manage controls for heating, ventilation,
and air conditioning (HVAC).
40. Implement and manage environmental controls.
41. Implement and manage environmental controls for fire
prevention, detection, and suppression.
10
Domain Agenda
11
Domain Agenda (continued)
Cryptography
Physical Security
Domain Review
12
Module 1
Processes Using Secure Design Principles
13
Module Objectives
14
System and Security Engineering Processes
15
Technical Processes
16
Technical Management Processes
17
Enabling Processes
18
Agreement Processes
• Acquisition process
• Supply process
19
Key Principles of System Security
• Confidentiality
• Integrity
• Availability
20
Module 2
Fundamental Concepts of Security Models
21
Module Objectives
22
Security Models
23
Security Models Examples
• Bell–LaPadula (Confidentiality)
• Biba (Integrity)
• Brewer and Nash (Confidentiality)
• Clark–Wilson (Integrity)
• Graham–Denning (Confidentiality/Integrity)
• Harrison, Ruzzo, Ullman (Integrity)
24
Bell–LaPadula (BLP) (Confidentiality)
25
Biba (Integrity)
26
Brewer and Nash (Confidentiality)
27
Clark–Wilson (Integrity)
28
Graham–Denning (Confidentiality/Integrity)
29
Harrison, Ruzzo, Ullman (HRU) (Integrity)
30
Modern Implementation
31
Module 3
Select Controls Based upon System Security Requirements
32
Module Objectives
33
Security Controls
34
Types of Controls
36
Control Selection
37
Control Frameworks
38
Example Control Frameworks and Standards
• ISO/IEC 27001
o International Standard
• NIST (SP 800-53)
o Required for US government use
• COBIT
o Focused on business values
• ISA/IEC 62443 (ISA 99)
o Industrial Automation and Control Systems
39
Tailoring Controls
Important:
Controls are not intended to be checklist items but some
organizations treat them as such.
40
Evaluation Criteria
41
Module 4
Security Capabilities of Information Systems
42
Module Objectives
43
System Security Capabilities
44
Generic Operating System (OS)/Computer Model
45
Access Control
46
Processor States
47
Memory Management
48
Process Isolation
49
Data Hiding
50
Abstraction layers
51
Security Kernel
52
Encryption
53
Code Signing and Validation
• Cryptographic function
• Executable code is digitally signed
• OS validates signature before loading code
• Unsigned code or code with an invalid signature
is prevented from executing
• May include OS internal code to prevent replacement
of OS components
54
Audit and Monitoring
55
Virtualization/Sandbox
56
Hardware Security Modules
57
File System Attributes
58
Host Protection Software
• Antivirus
• Host-based intrusion prevention (HIPS)
• Host firewall
• File integrity monitoring (FIM)
• Configuration and policy monitor
59
Module 5
Vulnerabilities of Security Architectures, Designs,
and Solution Elements
60
Module Objectives
61
Module Objectives (continued)
62
Vulnerabilities of Security Architectures, Designs, and
Solution Elements
63
Top Threat Actions/Mitigations
64
Common System Vulnerabilities
Hardware
• Hardware components may fail at any time
o Mean time between failure (MTBF) used to calculate expected life
o Failure rates higher during initial system operation
• Supply chain issues may introduce technical
flaws/vulnerabilities or malicious modification
• Old hardware may be difficult to repair/replace
65
Common System Vulnerabilities (continued)
Communications:
• Can fail
• Can be blocked (denial of service (DoS))
• Can be intercepted
• Can be counterfeited (replayed)
• Can be modified
• Characteristics can expose information about the
sender/receiver (e.g., address, location, etc.)
66
Common System Vulnerabilities (continued)
Misuse by user
• Can be intentional or accidental
• Can degrade or bypass security controls
• Increases in likelihood as difficulty to operate increases
o E.g., difficult security requirements increase likelihood of
intentional misuse to “get the job done”
67
Common System Vulnerabilities (continued)
Code flaws
• Exist in all software products with more than trivial
complexity
• May be introduced accidentally or intentionally
• Typical risk conditions:
o Known flaws, patch available, systems not patched, exploit
available
o Known flaws, patch not available, exploit available
o Unknown flaws, exploit available (zero-day attack possible)
68
Common System Vulnerabilities (continued)
Emanations
• Hardware/physical elements may radiate information
o Radio frequency
o Visible and non-visible spectrum
• Can be used to discern system functions
• Can be used to locate systems/components
69
Client-based Systems
70
Client-based System Vulnerabilities
71
Client-based System Mitigations
72
Server-based Systems
73
Server-based System Vulnerabilities
74
Server-based System Mitigations
75
Database Systems
76
Database System Vulnerabilities
• Inference Consider:
• Aggregation
• Data mining
• High-value target
77
Database System Mitigations
• Input validation
• Robust authentication/access control
• Output throttling
• Anonymization
• Tokenization
78
Industrial Control Systems (ICSs)
79
Industrial Control System Types
80
Industrial Control System Vulnerabilities
• Limited protections
• Long lifespan (become outdated)
• Susceptible to misuse/error
• Highly susceptible to denial of service
(DoS) attacks
• Attacks can produce physical effects
• Often unattended in remote locations
81
Industrial Control System Mitigations
82
Cloud-based Systems
83
Cloud-based System Characteristics
• On-Demand Self-Service
• Broad Network Access
• Resource Pooling
• Rapid Elasticity
• Measured Service
• Multi-Tenancy
84
Cloud-based System Types
85
Cloud-based System Deployment
• Private
o Exclusive use by a single organization
o On or off premises
• Community
o Provisioned for exclusive use by a community of users
• Public
o Open use by general public
• Hybrid
o Combination of two or more deployment models
86
Cloud-based System Vulnerabilities
87
Cloud-based System Mitigations
88
Distributed Systems
89
Distributed System Vulnerabilities
90
Distributed System Mitigations
91
Internet of Things (IoT) Systems
92
Internet of Things (IoT) Vulnerabilities
93
Internet of Things (IoT) Mitigations
94
Web-based Systems
95
Web-based System Vulnerabilities
96
Web-based System Mitigations
97
Mobile Systems
98
Mobile Systems (continued)
99
Mobile Systems (continued)
100
Mobile System Vulnerabilities
101
Mobile System Mitigations
102
Mobile System Mitigations (continued)
For laptops:
• Apply all traditional computer system protections (e.g., AV, FW,
Host IPS, etc.)
• Ensure encryption is activated
• Ensure strong passwords, biometrics, or two factor
authentication on all user accounts
• Activate anti-theft function or tracking functions if available
• Tunnel mobile communications through VPN
• Do not connect to public networks (e.g., coffee shop, hotel)
103
Embedded Systems
104
Embedded System Vulnerabilities
105
Embedded System Mitigations
106
Activity: Designing Security into an Architecture Scenario
107
Activity: Designing Security into an Architecture Scenario
(continued)
108
Activity: Designing Security into an
Architecture-Instructions
INSTRUCTIONS
Consider the scenario and the vulnerabilities, mitigations, and
controls discussed in the preceding modules. Each of the system
types listed in the scenario have inherent strengths and weaknesses.
For each item, identify potential risks or weakness and one or more
controls or mitigation consistent with the access requirements listed
in the scenario.
109
Activity: Designing Security into an Architecture-
Instructions (continued)
Example:
• Database Servers:
o Risk: Database servers contain bulk sensitive data and may be
targeted by adversaries.
o Control: Database servers will be placed on a protected network
segment and network access controls will prevent access to the
database server for any connection except from authorized
application servers.
110
Module 6
Cryptography
111
Module Objectives
112
Cryptography Services
• Confidentiality
• Integrity
• Authenticity
• Non-repudiation
• Access control
113
Data Protection
Data at Rest
Backup tapes, off-site storage, password files
Data in Transit
Provides secure and confidential methods to transmit data
Allows the verification of the integrity of the message so that
any changes to the message itself can be detected
114
End-to-end Encryption
115
Link Encryption
116
Cryptographic Evolution
Cryptographic techniques:
• Manual
• Mechanical
• Electro-mechanical
• Electronic
• Quantum cryptography
117
Key Encryption Concepts and Definitions
Plaintext or Ciphertext or
Cryptosystem Algorithm
cleartext cryptogram
Key or Non-
Encryption Decryption
Cryptovariable Repudiation
118
Key Encryption Concepts and Definitions (continued)
Confusion/diffusion
Key clustering
Avalanche
119
Key Encryption Concepts and Definitions (continued)
Synchronous Asynchronous
Each encryption or Hash function
Encrypt/Decrypt requests
decryption request is
are processed in queues
performed immediately
120
Stream-based Ciphers
121
Cryptographic Operation for a Stream-based Cipher
122
Exclusive-Or (XOR)
Crypto XOR Operation
123
Block Ciphers
• A block cipher operates on fixed-size blocks of text
• The size of the block affects the strength of the cryptographic
implementation
• As plaintext is fed into the cryptosystem, it is divided into blocks
of a preset size
• Often a multiple of the ASCII character size — 64, 128, 192 bits,
etc.
124
Block Ciphers (continued)
More suitably
implemented in software
to execute on general-
purpose computer
125
Key Length
• Important aspect of key management to consider when
generating and using cryptographic keys
• The longer the key, the more keyspace it represents
126
Block Size
• Block ciphers operate on a fixed length string of bits
• Typically 64 bits, or multiples of 64 bits
127
Initialization Vectors (IV) – Why They Are Needed
128
Kerckhoff’s Principle
129
High Work Factor
130
Substitution Ciphers
• The process of substituting one
letter for another based upon a
cryptovariable
• Involves shifting positions in the
alphabet of a defined number of
characters (Caesar cipher and
Vigenere cipher)
• Involves using a scrambled alphabet
to substitute one letter for another
(Enigma machine)
131
Transposition Ciphers
• Cryptosystems that use T H I S I
transposition or permutation
S A N E X
• Rely on concealing the message
through the transposing of or A M P L E
interchanging the order of the
letters O F T R A
N S P O S
I T I O N
Rectangular Substitution Tables
132
Monoalphabetic and Polyalphabetic Ciphers
• Monoalphabetic Cipher • Polyalphabetic Cipher
o Developed Circa 15th Century
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
1 Z A B C D E F G H I J K L M N O P Q R S T U V W X Y
2 Y Z A B C D E F G H I J K L M N O P Q R S T U V W X
3 X Y Z A B C D E F G H I J K L M N O P Q R S T U V W
4 W X Y Z A B C D E F G H I J K L M N O P Q R S T U V
…
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
134
One-Time Pads
• The only cipher system asserted as unbreakable
• Both sides have same pad of key values
o Truly random key values
o Keys are only used once
135
Steganography
• Plaintext hidden/disguised
• Prevents a third party from knowing
that a secret message exists
• Traditionally accomplished in a
E1089197693F6C4C26E0033F8C8AF00C
number of ways:
o Physical techniques
o Modern steganography
o Null ciphers
57694B77DCB55C543C6C0BA8E1FF2D17
136
Null Cipher
• Plaintext is mixed with large amounts of non-cipher material
• A simple form of steganography
Example:
Closed inspection specific security process integrate security
governance really easily and timely
CISSP is great
137
Null Cipher – Are You Deaf, Father William, William
Carroll - 1876
“Are you deaf, Father William!” the young man said,
“Did you hear what I told you just now?
“Excuse me for shouting! Don’t waggle your head
“Like a blundering, sleepy old cow!
“A little maid dwelling in Wallington Town,
“Is my friend, so I beg to remark:
“Do you think she’d be pleased if a book were sent down
“Entitled ‘The Hunt of the Snark?’”
“Pack it up in brown paper!” the old man cried,
“And seal it with olive-and-dove.
“I command you to do it!” he added with pride,
“Nor forget, my good fellow, to send her beside
“Easter Greetings, and give her my love.”
138
Advantages and Disadvantages of Symmetric
Algorithms
Advantages Disadvantages
139
Out-of-Band Key Distribution
140
Examples of Symmetric Algorithms
System 97 Printing Machine for
Caesar European Characters
cipher Codename “Purple”
The Spartan
scytale
The Enigma
machine
141
Basic Block Cipher Modes
Mode Usage
Electronic Code Book (ECB) Very short messages (less than 64 bits in length),
such as transmission of a DES key.
142
Basic Block Cipher Modes
• Electronic Codebook (ECB) Mode
• Cipher Block Chaining (CBC) Mode
143
Using Symmetric Block Cyphers to Simulate Stream
Ciphers
• Cipher Feedback (CFB) Mode
• Output Feedback (OFB) Mode
• Counter (CTR) Mode
144
Electronic Codebook (ECB) Mode
• Each block of plaintext is encrypted independently using the same key
• Only used for small messages – smaller than 64 bits
145
Cipher Block Chaining (CBC) Mode
146
Cipher Feedback (CFB) Mode
147
Output Feedback (OFB) Mode
148
Counter Mode (CTR)
149
The Data Encryption Standard (DES)
• Horst Feistel had developed a family of algorithms that had a core
principle of taking the input block of plaintext and dividing it in half
• Then, each half was used several times through an exclusive-or
operation to alter the other half — providing a type of
permutation as well as substitution
• A Feistal algorithm became the data encryption algorithm used for
DES
• DEA Algorithm is Symmetric Block Cipher, 64-bit blocks, 16
rounds, 56-bit effective key length
150
Double-DES (2DES)
151
Meet-in-the-Middle Attack on 2DES
152
Triple DES (3DES)
• Triple DES was designed to operate at a relative strength of 2112
using two, or three, different keys to perform the encryption
• This effectively rendered a key with a 168-bit strength, as there
are always three iterations done with the keys
153
Counter Mode with Cipher Block Chaining Message
154
How CCMP Works
• AES processing in CCMP must use AES 128-bit key and 128-bit
block size
• CCMP use of 128-bit keys and a 48-bit IV minimizes vulnerability
to replay attacks; the CTR component provides data privacy
• The Cipher Block Chaining Message Authentication Code
component produces a MIC that provides data origin
authentication and data integrity for the packet payload data
155
Rijndael
Byte Sub
• The Rijndael algorithm can be used with
block sizes of 128, 192, or 256 bits
• Four major operations: Shift Row
Mix
Substitute bytes Shift rows
Column
Add
Round
Mix columns Add round key
Key
156
Other Symmetric Algorithms
157
Other Symmetric Algorithms (continued)
• Twofish can operate with keys of 128, 192, or 256 bits on blocks
of 128 bits
• RC4 commonly used stream-based cipher
• RC5/RC6 key size can vary from 0 to 2,040 bits; the number of
rounds 0 to 255
158
International Data Encryption Algorithm
(IDEA)
• IDEA uses a 128-bit key and operates on 64-bit blocks
• IDEA does eight rounds of transposition and substitution using
modular addition and multiplication and bitwise XOR
159
CAST
CAST-128 can use keys between 40 and 128 bits in length and will
do between 12 and 16 rounds of operation, depending on key
length
160
Secure and Fast Encryption Routine (SAFER)
161
Blowfish
162
Twofish
163
Rivest Cipher 5 (RC5)
164
Rivest Cipher 4 (RC4)
• If RC4 is used with a key length of at least 128 bits, there are
currently no practical ways to attack it
• The published successful attacks against the use of RC4 in WEP
applications are related to problems with the implementation
of the algorithm, not the algorithm itself
165
Symmetric Algorithms
166
Advantages and Disadvantages of Symmetric
Algorithms
Advantages Disadvantages
• Asymmetric algorithms:
o Based on the use of a pair of mathematically related keys
o Relies on hard mathematical problems and one-way functions
− A process that is much simpler to go in one direction (forward) than to
go in the other direction (backward or reverse engineering)
• The process to generate the public key (forward) is fairly simple
o To learn the private key from knowledge of the public key in
computationally infeasible
169
Asymmetric Algorithms (continued)
170
Using Public Key Cryptography to Send a
Confidential Message
171
Open Message
172
Using Public Key Cryptography to Send a Message
173
Confidential Messages with Proof of Origin
174
Rivest-Shamir-Adleman (RSA) Algorithm
Mathematical
Brute force Timing attacks
attacks
175
Diffie-Hellman Algorithm
176
ElGamal
177
Elliptic Curve Cryptography (ECC)
178
Advantages and Disadvantages of Asymmetric Key
Algorithms
Advantages Disadvantages
179
Activity: Asymmetric Cryptography
180
Activity: Asymmetric Cryptography (continued)
ANSWERS
181
Hybrid Cryptography and Cryptographic
Systems
182
Message Integrity Controls (MICs)
183
Message Integrity Controls (MICs) (continued)
184
Message Integrity Controls (MICs) (continued)
185
Message Digests
186
Message Authentication Code (MAC)
187
Hash Message Authentication Code (HMAC)
• Hashed MACing implements a freely available hash algorithm as
a component (black box) within the HMAC implementation
• This allows ease of the replacement of the hashing module if a
new hash function becomes necessary
188
Hashing
189
Operation of Hash Functions
190
Five Key Properties of a Hash Function
Uniformly
Collision resistant Difficult to invert
distributed
Deterministic
Computed on (same input
entire message always produces
same digest)
191
MD5 Message Digest Algorithm
• The most widely used hashing algorithm and is described in RFC
1321 but no longer considered secure
• MD5 generates a 128-bit digest from a message of any length
• It processes the message in 512-bit blocks and does four rounds
of processing
192
Secure Hash Algorithm (SHA) and SHA-1
193
Secure Hash Standard – SHA-3
The new hash algorithm is based on the KECCAK algorithm and will
be named SHA-3. It will be described in FIPS 202 (draft as of April
2015) and will augment the hash algorithms currently specified in
FIPS 180-4, the Secure Hash Standard.
194
Other Hash Algorithms
• HAVAL – variable length output
• RIPEMD-160 – European Standard
• The output may be 128, 160, 192, 224, or 256 bits, and the
number of rounds may vary from three to five
• HAVAL operates 60% faster than MD5 when only three rounds are
used and is just as fast as MD5 when it does five rounds of
operation
195
The Birthday Paradox/Birthday Attack
• Once there are more than 23 people together, there is a greater
than 50% probability that two of them share the same birthday
• The likelihood of finding a collision for two messages and their
hash values may be a lot easier than may have been believed
• It would be very similar to the statistics of finding two people
with the same birthday
• Rainbow table uses this predictability against hashing systems
196
Digital Signatures – Non-Repudiation
198
Uses of Digital Signatures
• A digital certificate is an electronic document that asserts
authenticity and data integrity that is tied to a sender
• Digital signatures are used to sign emails, ecommerce transactions,
software and software patches, and digital certificates
• Many governments and courts recognize digital signatures as a
verifiable form of authentication
199
Combine Everything
200
Applying Cryptography and Key Management
201
Cryptographic Lifecycle
202
Algorithm/Protocol Governance
Cryptography policies, standards, and procedures should
minimally address:
• Approved cryptographic algorithms and key sizes
• Transition plans for weakened or compromised algorithms and
keys
• Procedures for the use of cryptographic
• Key generation, escrow, and secure destruction
• Incident reporting
203
Issues Surrounding Cryptography
• As part of risk analysis, it is important to understand how
cryptography can be misused so that appropriate security
mitigation can be applied
• Cryptographic protection is implemented for preventing software
and media piracy or corruption of software (digitally signed
software and software patches)
• Digital rights management systems (DRMS) require a design and
governance to protect intellectual property and individual
privacy while ensuring an individual’s fair use of the intellectual
property
204
International Export Controls
• Most countries regulate the use of cryptographic tools used by
their citizens
• Most laws that control the use of cryptography are based on key
length
• Dual use good (can be used for both commercial and military
purposes)
• This is because key length is one of the most understandable
methods of gauging the strength of a cryptosystem
205
Public Key Infrastructure (PKI)
• A set of system, software, and communication protocols required
to use, manage, and control public key cryptography
• It has core primary purposes:
o Publish public keys/certificates
o Certify that a key is tied to an individual or entity
o Provide verification of the validity of a public key
o Provide services such as confidentiality, integrity, authenticity,
non-repudiation and access control
206
Certification/Certificate Authority (CA)
207
X-509 Certificate
208
Certificate Revocation
209
Key Management and Key Management
Practices
210
Key Recovery
Split Knowledge
Dual Control
Specific information
Key Escrow
Two or more known only to one
people required individual that must Storing key with a
working in be combined with trusted party
cooperation knowledge held by
another individual
211
Creation of Keys
Automated key
Truly random
generation
Asymmetric key
Random
length
212
Key Wrapping and Key Encrypting Keys (KEKs)
• KEKs are used as part of key distribution or key exchange
• The process of using a KEK to protect session keys is called key
wrapping
• Key wrapping uses symmetric ciphers to securely encrypt a
plaintext key with associated integrity information and data
213
Key Distribution
214
Key Storage and Destruction
215
Cryptanalysis – Methods of Cryptanalytic Attacks
216
Activity: Cryptanalytic Attacks
INSTRUCTIONS
As we discuss each of the attacks, complete the table.
217
Brute Force Attacks
Key Size Possible Key Size Time to Crack
If you assume:
combinations 56-bit 399 seconds • Every person on the planet
1-bit 2 128-bit 1.02 x 1018 years owns 10 computers.
2-bit 4 192-bit 1.872 x 1037 years
• There are 7 billion people on
4-bit 16 256-bit 3.31 x 1056 years
8-bit 256
the planet.
16-bit 65536 • Each of these computers can
32-bit 4.2 x 109 test 1 billion key
56-bit (DES) 7.2 x 1016 combinations per second.
64-bit 1.8 x 1019
128-bit (AES) 3.4 x 1038
• On average, you can crack
192-bit (AES) 6.2 x 1057 the key after testing 50% of
256-bit (AES) 1.1 x 1077 the possibilities.
Supercomputer: No. of combination checks per second = Then the earth's population
(10.51 x 1015) / 1000 = 10.51 x 1012 can crack one encryption key in
https://www.eetimes.com/document.asp?doc_id=1279619 77,000,000,000,000,000,000,00
0,000 years!
218
Ciphertext-only Attack
• One of the most difficult because the attacker has so little
information to start with
• All the attacker starts with is some unintelligible data that he
suspects may be an important encrypted message
• The attack becomes simpler when the attacker is able to gather
several pieces of ciphertext and thereby look for trends or
statistical data that would help in the attack
219
Known Plaintext
220
Chosen Plaintext
• The attacker knows the algorithm used for the encrypting or has
access to the machine used to do the encryption and is trying to
determine the key
• This may happen if a workstation used for encrypting messages is
left unattended
• The attacker can run chosen pieces of plaintext through the
algorithm
221
Chosen Ciphertext
• Similar to the chosen plaintext attack in that the attacker has
access to the decryption device or software and is attempting to
defeat the cryptographic protection by decrypting chosen pieces
222
Linear and Differential Cryptanalysis
223
Implementation Attacks
224
Replay Attack
225
Birthday Attack
226
Factoring Attack
227
Attacking the Random Number Generators
228
Other Cryptographic Attacks
Power
Algebraic Timing
analysis
Dictionary Rainbow
Brute force
attacks tables
229
Accessing Temporary Files
230
Social Engineering for Key Discovery
231
Module 7
Physical Security
232
Module Objectives
233
Module Objectives (continued)
234
Physical Security
• Physical security plans and infrastructure are often designed,
implemented, and operated by physical security specialists
• Physical security infrastructure is typically controlled outside
of IT or IT security control
• The CISSP MUST understand physical security fundamentals
in order to:
o Assess the risk reduction value of physical security controls
o Communicate physical security needs to physical security managers
o Identify risks to Information Security due to physical security
weaknesses
235
Apply Security Principles to Site and Facility Design
236
Physical Design that Supports Confidentiality, Integrity, and
Availability (CIA)
237
Physical Design that Supports Human Safety
• Emergency alarms (audible, visible)
• Egress routes
• Safety equipment
• Emergency power or equipment shutoffs
• Equipment lockouts
238
Site and Facility Design Considerations
• Personnel policy and procedure • Parking and site security
• Personnel screening • Site and building access control
• Workplace violence prevention • Video surveillance
• Response protocols and training • Internal access control
• Mail screening • Infrastructure protection
• Shipping and receiving • Onsite redundancy
• Property ID and tracking • Structural protections
239
Implement and Manage Physical Security
• Conduct a physical risk assessment (Domain 1)
o Human action, natural disaster, industrial accident, equipment
failure, etc.
• Develop layered physical protections commensurate with the
risk assessment
o E.g., Embassy level protections vs a small remote office
• Physical risk controls will impact information system design
o E.g., weak physical controls may necessitate more complex
information system protections to compensate
• Physical protections require monitoring and auditing
240
Perimeter Security Controls
• Surrounding Areas:
o Roadways
o Waterways
o Geography
o Lines of sight
• Consider:
o Facility visibility from roads
o Potential for vehicle borne threats
o Vehicular and pedestrian access
point locations
o Fencing, perimeter landscaping (natural fence)
241
Perimeter Security Controls (continued)
• Site Entry/Exit points:
o Vehicular
− Public/customer/visitor
− Staff/employee
− Delivery/truck
o Pedestrian
• Consider:
o Access controls
o Surveillance
o Lighting
o Intrusion detection
o Barriers/traffic control
242
Perimeter Security Controls (continued)
• External Facilities:
o Parking structures/lots
o Utilities components
− Electric transformers/lines
− Telecommunications
o Landscaping
• Consider:
o Lighting
o Surveillance
o Intrusion detection
o Lines of sight
243
Perimeter Security Controls (continued)
• Operational Facilities:
o Where employees work
o Where information technology operates
• Consider:
o Exterior lighting and surveillance
o Building materials
− Doors, locks, windows, walls
o Entry/exit points and access controls
− Staff/employee entrance
− Public/customer entrance
− Delivery entrance
− Sensors/intrusion detection
244
Perimeter Security Controls—Typical Control
Types
• Lighting • Surveillance/camera
o Bright enough to cover target o Narrow focus for critical
areas areas
o Limits shadow areas o Wide focus for large areas
o Sufficient for operation of o IR/low light in unlit areas
cameras, must be coordinated o Monitored and/or recorded
with camera plan o Dummy cameras
245
Perimeter Security Controls—Typical Control
Types (continued)
• Intrusion detection • Fencing/security landscaping
o Cut/break sensors o Slows and deters
o Sound/audio sensors o Should not impede monitoring
o Motion sensors
• Barriers
o Fixed barriers to prevent
ramming
o Fixed barriers to slow speeds
o Deployable barriers to block
access ways
246
Perimeter Security Controls—Typical Control
Types (continued)
• Building material security • Lock security examples:
examples: o Available in varying grades
o High-security glass o Physical key locks
o Steel/composite doors o Mechanical combination locks
o Steel telecommunications conduit o Electronic combination locks
o Secure walls o Biometric locks
o True floor to ceiling walls (wall o Magnetic locks
continues above drop ceiling) o Magnetic strip card locks
o Anchored framing material o Proximity card locks
o Solid walls/in-wall barriers o Multifactor locks (e.g., card + pin)
247
Internal Security Controls
• Controls for human safety
o Visible and audible alarms, fire suppression, response plans/training,
emergency shutoffs
• Controls to manage access
o Door locks (e.g., magnetic, card key, mechanical key, combination lock)
o Access point security (e.g., mantraps, limited ingress, alarmed
emergency egress)
o Multifactor access (e.g., key card + pin for room entry)
• Internal monitoring
o Physical access control system/monitor (e.g., records key card use)
o Video surveillance/cameras
o RF monitoring
248
Implement Site and Facility Security Controls
• Wiring closets/intermediate distribution facilities
• Server rooms/data centers
• Media storage facilities
• Evidence storage
• Restricted area security
• Utilities
• Heating, ventilation, and air conditioning (HVAC)
• Fire prevention, detection, and suppression
• Environmental issues
249
Wiring Closets/Intermediate Distribution Facilities
—Components
• Entrance facility
o External communications enter facility
o Phone, network, special connections
o May house ISP/provider equipment
• Equipment room
o Primary communication hub for facility
o Houses wiring/switch components
o May be combined with entrance facility
• Backbone distribution
o Connects entrance facility, equipment room, and
telecommunication room(s)
250
Wiring Closets/Intermediate Distribution Facilities
—Components (continued)
• Telecommunications room (wiring closet)
o Serves a particular area of a facility
− Floor, section, wing, etc.
o Terminates local wiring into patch panels
o Backbone distribution is broken out to individual connections
(e.g., switch)
• Horizontal distribution system
o Cables, patch panels, jumpers, cable
251
Wiring Closets/Intermediate Distribution Facilities
—Protections
Security Protections Environmental Protections
• Rooms must be secured against • Protection from lightning/surge
unauthorized access • Backup power/UPS
• Access to rooms should be • Heating/cooling/air flow
monitored/recorded o Critical in enclosed spaces
• Secondary locks on equipment/racks • Appropriate fire detection/suppression
o Rooms may share space with non-IT
• Emergency shutoffs for high-power
equipment and require access by connections
non-IT staff o May not be necessary in all closets
• Conduit or tamper protections for
wiring
252
Server Rooms/Data Centers
• Similar security and environmental protections to wiring closets
• Access point security and access monitoring is a critical concern
o Rack or equipment level locking for shared spaces
o Especially in shared spaces
• Power/surge/uninterruptible power supply (UPS) equipment is tailored to
the operating equipment
o Human safety becomes an issue with power levels in most server rooms
o Emergency shutoffs and non-conductive hooks/gloves are important for
human safety
• Appropriate fire detection/suppression must be considered (e.g., sprinkler
is inappropriate for electrical fires)
• Typically maintained at a higher level of physical security than the rest of
the facility
253
Media Storage Facilities
• Media may be stored onsite and offsite from the main facility
• Offsite storage should duplicate critical media
• Access control is strictly limited and monitored (often limited to
archivists)
• Temperature/humidity should be consistent with media storage
requirements
o As media types evolve, this must be continually reassessed
• Fire protection at both room and container levels
254
Evidence Storage
• Access strictly limited and monitored
• Individual lockers/secure containers for investigations/investigators
• Tamper evident seals available for evidence bags/containers
• Maintaining chain of custody is critical to prove evidence has not
been modified or tampering has not occurred
• Evidence protected against damage/theft
• Environmental protections should be commensurate with evidence
types stored (e.g., paper, digital, media)
255
Restricted Area Security
• Includes secure facilities and classified workspaces
• Extremely high access control protections and logging of access
• May include audio protections against eavesdropping
• May include enhanced visual screening from exterior spaces
• May include protection against the detection of electromagnetic
emissions from equipment
256
Utilities
• Power • Telecommunications
o Redundant power input from utilities o Multiple service provider inputs
o Redundant transformers/power o Redundant communication
delivery channels/mechanisms
o Backup generators o Redundancy on key equipment
o Battery backups (eliminate single points of failure)
o Dual power infrastructure within • Water/Sewer
data centers o Cooling/human habitation
o Backup sources must be o Risk of leaks/damage to
tested/exercised equipment
o Backup sources must be sized o Supports most building-wide fire
appropriately and upgraded when suppression plans
load increases
257
Utilities-Safety
• Generators, battery backups, and data center power feeds may
carry very high electrical loads that are inherently dangerous
• Emergency power shutoffs in high-load areas:
o Safeguard human life in case of electrocution (big red button)
o Safeguard equipment in case of overload (automated shutoff)
o Safeguard humans and equipment in emergencies
− Flooding/sprinkler activation
• High load areas should provide access to nonconductive
gloves/equipment and push/pull rods in case of emergency
258
Heating, Ventilation, and Air Conditioning
(HVAC)
• High-density equipment requires adequate cooling and airflow
• Cooling must be designed match the equipment/space to be cooled
• High-capacity rooms (e.g., operations center) must have sufficient
airflow for the number of human occupants (CO2 danger)
• Air should be filtered for contaminants (natural or intentionally
introduced)
259
Fire Prevention and Detection
260
Fire Suppression
• Buildings should be equipped with one or more types of fire
suppression systems than include installed and handheld
• Handheld extinguishers are typically chemical agent based with
either wet or dry chemicals
• Two main types of installed suppression systems: water-based
and gas-based
261
Fire Suppression (continued)
Water-based
• Effective for common material Gas-based
fires (e.g., wood, paper, • Effective for any fire type
building materials) • Typically safe for equipment
• Safe for human spaces • May be dangerous to humans
• Damages equipment in enclosed spaces (depending
• Ineffective for electrical or on type)
petroleum fires • Costly to install and maintain
• Typically cheaper than gas- compared to water-based
based
262
Fire Suppression (continued)
Water-based system types:
• Wet pipe • Pre-action
o Most common, water in pipes, o Combines wet and dry pipe
heat activated sprinkler heads actions
• Dry pipe • Deluge
o Pressurized gas in pipes, water o Pre-action but with open
released when activated, slight sprinkler heads
delay, less danger of pipe
leaks/freezing
263
Fire Suppression (continued)
Gas system examples:
• Hydrofluorocarbon
o Halon (older type—mostly gone)
o FM-200
• Inert gas (e.g., Argon/Nitrogen)
o Argonite
o Inergen
• Aerosol
o Aero-K
264
Environmental Issues
265
Module 9
Domain Review
266
Domain Summary
• Application of security engineering and architecture principles
is a key element to any system lifecycle.
• Security models are used as templates for system security
behavior and design.
• Security control frameworks are employed to ensure consistent
and complete application of security functions across an
environment.
• Various types of systems have inherent security strengths
and weaknesses that must be understood to ensure they are
properly employed.
267
Domain Summary (continued)
• The history of cryptography is very long, but over the last
50 years or so, cryptography has become an integral and
necessary part of security implementations.
• Cryptography can be very effective in providing some key
security services such as confidentiality, integrity,
authenticity (proof of origin), non-repudiation, and access
control.
• There are basic fundamental ways to do cryptography,
stream and block ciphers.
• Symmetric key cryptography is very fast, but has problems
related to key distribution and scalability.
268
Domain Summary (continued)
• Asymmetric key cryptography is very slow but solves the
problems related to key distribution and scalability.
• Hashing, which is defined as one-way encryption, can be very
useful in addressing integrity of stored and transmitted
information.
• Digital signatures can achieve non-repudiation of origin and
non-repudiation of delivery.
• Key management, and key management techniques are the
most important aspects of secure cryptography
implementations.
269
Domain Summary (continued)
• There are many cryptanalysis attacks that try and break
cryptography systems.
• Physical security is an important element to ensure information
systems are protected.
270
Domain Review Questions
1. Requirements definition, design, implementation, and operation
are examples of what type of System and Security Engineering
processes?
A. Technology processes
B. Acquisition processes
C. Design processes
D. Technical processes
271
Answer
272
Domain Review Questions
A. Biba model
B. Brewer/Nash model
C. Graham–Denning model
D. Harrison, Ruzzo, Ullman model
273
Answer
274
Domain Review Questions
275
Answer
276
Domain Review Questions
277
Answer
278
Domain Review Questions
279
Answer
280
Domain Review Questions
A. Cryptovariable
B. Cryptosequence
C. Cryptoform
D. Cryptolock
281
Answer
282
Domain Review Questions
A. Cipher mode
B. Logical mode
C. Stream mode
D. Decryption mode
283
Answer
284
Domain Review Questions
A. Non-repudiation
B. Authenticity
C. Data integrity
D. Authorization
285
Answer
286
Domain Review Questions
A. Shared
B. Public
C. Key clustering
D. Elliptic curve
287
Answer
288
Domain Review Questions
A. Nx2
B. N (N-1)/2
C. 2 to the power of N
D. N to the power of 2
289
Answer
290