Monday, 20 June 2011

CISSP CBK 4 Telecom and Network security

Forth domain as under.

Telecom and Network security

Quarter Inch Cartridge drives (QIC). This format is mostly used for home/small office backups, has a small capacity, and is slow, but inexpensive.

Digital Linear Tape (DLT) is only 0.498 inches (8mm Tape format) in size, yet the compression techniques and head scanning process make it a large capacity and fast tape the QIC and DAT 5Mbps. Digital Audio Tape (DAT)

LTO (Linear Tape-Open) open-format technology and storage in TB

Application: Gateway

Presentation: encryption, compression, formating



Network: Router

Datalink: Bridge, Switch

Physical: Repeater

Amplitude (height of the signal)

Frequency (number of waves in a defined period of time)

Digital signals are more reliable to be used over a longer distance because can easily be extracted from noise and retransmitted and it has only two possible discrete values 1 and 0

ASynchronous communication sender can send data at any time, and the receiving end must always be ready. (Modem use start and stop bit Asynchronous)

Synchronous communication takes place between two devices that are synchronized usually via a clocking mechanism (Remember synchronous Token was time based access control)

Baseband uses the entire communication channel for its transmission, Ethernet is a baseband technology that uses the entire wire for just one channel.

Broadband divides the communication channel into individual and independent channels.

***Important to note that node authentication, by itself, should not be used to establish trustworthiness of a user within the network.

Fast Ethernet uses the traditional CSMA/CD

wireless LAN technology, 802.11, usesCSMA/CA for its media access functionality.

Token Ring IEEE 802.5 standard. Each computer is connected to a central hub, called a Multistation Access Unit (MAU) 16 Mbps Speed

UTP Categories Cat 1 voice grade Cat 2 Data 4 Mbps Cat 3 10 Mbps for Token ring Cat 4 16 Mbps Cat 5 100 Mbps and Cat 5E 1 Gbp.

Polling LAN media access method setup primary and secondary station primary ask secodary if it need to transmit.

MAC to IP address ARP


Attackers alter a system’s ARP table so it contains incorrect information known ARP table poisoning. The attacker’s goal is to receive packets intended for another computer. This is a type of masquerading attack

Wires are encapsulated within pressurized conduits so if someone attempts to access a wire, the pressure of the conduit will change, causing an alarm to sound.

Class D multicast uses IGMP protocol.

DHCP Discover, client searches for the present DHCP Server

DHCP Offer, Server offer a client an available IP address

DHCP Request, Client Confirms accepting allocated setting

DHCP Pack. ack that ip address has been allocated with lease time.

DHCP snooping ensures that DHCP servers can assign IP addresses to only selected systems, identified by their MAC addresses

RARP The diskless machine hold mac adress it broadcast the information for a specific hardware address and RARP Server reponds with IP address

RARP evolved into BOOTP, which evolved into DHCP.

ARP knows the IP address and broadcasts to find the matching hardware address, the MAC address. RARP knows the hardware address and broadcasts to find the IP address

Loki attack ICMP status packet is stuffed with data as well

Routers usually do not pass broadcast information, but bridges do pass broadcast information

e-mail gateway convert the message into a standard that all mail servers understand X.400

phreaker (a phone hacker)

Types of Firewalls

1. Packet filtering simple ACL based (Network Layer)

2. Stateful keep track of every connection state and maintain state table. (Transport Layer 3rd Generation)

3. Proxy 2nd generation firewall, it had 2 types

3.1 application-level (layer 7 make decision on contents of packet) does not understand a certain protocol

3.2 circuit-level Proxy firewalls (session Layer) SOCKS is a circuit-level proxy gateway

4. Dynamic packet filtering 4th Generation firewall, once inside system decide to communicate firewall creates an ACL that allows the external entity to communicate with the internal system via this high port

5. Kernel proxy 5th generation FW uses stacking for packet inspection,.(Application Layer)

Three main FW architecture

• Screened host

• Dual-home

• Screened subnet

legal honeypot Enticement system indicating that free Songs are available to download on the honeypot system is entrapment, because this sets up the user to access the honeypot for reasons other than the intent to harm

DNS Hierarical structure 1992 the National Science Foundation (NSF)

authoritative root DNS server contained 13 files one for each root server.

DNS namespaces are split up administratively into zones and record are called Resource Record

It is recomended to have two DNS servers Primary and secondary and zones are shared via zone transfer.

cyber squatters, individualswho register prominent or established names, hoping to sell these later

Protocol field values TCP 6, UDP 17, ICMP 1, IGMP 2

Diverse routing is a method of providing telecommunication continuity that involves routing traffic through split or duplicate cable facilities. Alternative routing is accomplished via alternative media such as copper cable or wire optics

Transport layer is responsible for reliable data delivery , Congestion Control

IEEE 802.5 standard defines the token ring media access method.

802.3 refers to Ethernet's CSMA/CD,

802.11 refers to wireless communications and

802.2 refers to the logical link control.

NFS allow Different types of file systems to interoperate.

FRDS+ (Failure Resistant Disk System Plus).

The physical layer (layer 1) defines the X.24, V.35, X.21 and HSSI standard interfaces.

Circuit level proxy (Session Layer) does not anayze the application content of the packet in making its decisions, it has lower overhead than an application level proxy

Internet Message Access Protocol, version 4 (IMAP4) as an Internet protocol by which a client workstation can dynamically access a mailbox on a server host to manipulate and retrieve mail messages that the server has received and is holding for the client. IMAP4 has mechanisms for optionally authenticating a client to a server and providing other security services

TLS = (TLS) Handshake Protocol + TLS Record Protocol

Digital Signal level 1 (DS-1) is the framing specification used for transmitting digital signals at 1.544 Mbps on a T1 facility. DS-0 is the framing specification used in transmitting digital signals over a single 64 Kbps channel over a T1 facility. DS-3 is the framing specification used for transmitting digital signals at 44.736 Mbps on a T3 facility.

The Point-to-Point Protocol (PPP) was designed to support multiple network types over the same serial link SLIP only support IP over serial network

A Failure Resistant Disk System provides the ability to reconstruct the contents of a failed disk onto a replacement disk and provides the added protection against data loss due to the failure of many hardware parts of the server.

Data Link layer of the OSI/ISO model provides SLIP, CSLIP and PPP protocol.

DOD Application Layer contains protocols that implement user-level functions, such as mail delivery, file transfer and remote login.

DOD Host-to-Host Layer handles connection rendez vous, flow control, retransmission of lost data, and other generic data flow management between hosts. The mutually exclusive TCP and UDP protocols are this layer's most important members.

DOD Internet Layer is responsible for delivering data across a series of different physical networks that interconnect a source and destination machine. Routing protocols are most closely associated with this layer, as is the IP Protocol, the Internet's fundamental protocol.

DOD Network Access Layer is responsible for delivering data over the particular hardware media in use. Different protocols are selected from this layer, depending on the type of physical network

A differential backup is a partial backup that copies a selected file to tape only if the archive bit for that file is turned on, indicating that it has changed since the last full backup. A differential backup leaves the archive bits unchanged on the files it copies.

A full copy backup (which Microsoft calls a copy backup) is identical to a full backup except for the last step. The full backup finishes by turning off the archive bit on all files that have been backed up. The full copy backup instead leaves the archive bits unchanged.

Structured Query Language (SQL), implemented at the session layer (layer 5)

The Secure Electronic Transaction (SET) protocol requires two pair of asymmetric keys and two digital certificates.(Application Layer)

Hierarchical Storage Management (HSM) is commonly employed in very large data retrieval systems

Write-once, read-many (WORM) optical disk "jukeboxes" are used for archiving data that does not change.

Secure HTTP (S-HTTP) is designed to send individual messages securely. SSL is designed to establish a secure connection between two computers. SET was originated by VISA and MasterCard as an Internet credit card protocol using digital signature

Secure HTTP (S-HTTP), which operates at the application layer. S-HTTP is being overtaken by SSL and TLS works on transport layer#

X.400 is used in e-mail as a message handling protocol. X.500 is used in directory services. X.509 is used in digital certificates and X.800 is used a network security standard

An open network architecture is one that no vendor owns

intranet, a “private” network that uses Internet technologies.

extranet extends outside the bounds of the company’s network to enable two or more companies.

MAN Connects LAN, MANs are Synchronous Optical Networks (SONETs) or FDDI rings

SONET self HEaling network

ATM encapsulates data in fixed cells 53 bytes

T3 = 28 T1

T2 = 4 T1

T4 = 168 T1

T1 1.544 Mbps

T3 44.736 Mbps

OC1 51.84 Mbps

Statistical time-division multiplexing (STDM) determines in real time how much time each device should be allocated for data transmission

Frequency division Multiplexing: in available wireless spectrum Each frequency within the spectrum is used as a channel to move data

CSU/DSU provides a digital interface for Data Terminal Equipment (DTE), such as terminals, multiplexers, or routers, and an interface to the Data Circuit-Terminating Equipment (DCE) device,

circuit Switching Dedicated virtual link.

Packet Switching one connection can pass through a number of different individual devices.X.25 , framerelay

DTE is usually a customer-owned device

DCE is the service provider’s device

Switched Multimegabit Data Service (SMDS) is a high-speed packetswitched technology

Synchronous Data Link Control (SDLC) Dedicated leased lines IBM 1970

High-level Data Link Control (HDLC) protocol is also a bit-oriented link layer protocol used for transmission over synchronous lines (time based)

HDLC is extention of SDLC

High-Speed Serial Interface (HSSI) is an interface used to connect multiplexers and

routers to high-speed communications services

SIP is an application layer protocol that can work over TCP or UDP

isochronous network contains the necessary protocols and devices that guarantee continuous bandwidth without interruption.

voice stream is carried on media protocols such as the Real-time Transport Protocol (RTP).

User Agent Client (UAC) IPhone, SIP Phone

User Agent Server (UAS) SIP Server

New spam for VOIP = SPIT (Spam over Internet Telephony).

WEP only provide system authentication however 802.1X provides User authentication.

supplicant (wireless device),

authenticator (AP),

Authentication server (usually a RADIUS server).

EAP allows for mutual authentication to take place between the authentication server and wireless device and provide flexibility.

802.11i does not specify particular authentication protocols Cisco uses a purely password-based authentication framework called Lightweight Extensible Authentication Protocol (LEAP). Other vendors, including Microsoft, use EAP and Transport Layer Security (EAP-TLS), which carries out authentication through digital certificates. And yet another choice is Protective EAP (PEAP), where only the server uses a digital certificate

WEP Problems

1. static WEP encryption keys on all devices (every one have same pasword in company)

2. how initialization vectors (IVs) + RC4 are used that are XOR with packet to produce cipher text (IV value is used over and over again)

3. integrity assurance issue ICV Integrity check value

802.15 Bluetooth 1 to 3 Mbps 2.4 GHz Bluejacking is a type of attach some one send message to avoid setup ur blouetooth device undiscoverable.range is 10 Meter

For WAP transport layer security protocol called Wireless Transport Layer Security (WTLS) When WTLS data come for Internet service provider have to decrypt and encrypt it back in TLS And SSL so it is in plain taxt for a second whihc is called gap in the WAP

WAP uses an XML-compliant Wireless Markup Language (WML

Imode is same as WAP but target entertainment market , i-Mode works with a slimmed-down version of HTML called compact HTML

“log scrubbers” that remove traces of the attacker’s activities from the system logs

First generation firewall" packet filtering firewalls

"Second generation firewall" Proxy based firewalls. Under proxy based firewall you have Application Level Proxy and also the Circuit-level proxy firewall. The application level proxy is very smart and understand the inner structure of the protocol itself. The Circuit-Level Proxy is a generic proxy that allow you to proxy protocols for which you do not have an Application Level Proxy. This is better than allowing a direct connection to the net. Today a great example of this would be the SOCKS protocol.

"Third generation firewall" Stateful Inspection firewall. This type of firewall makes use of a state table to maintain the context of connections being established.

"Fourth generation firewall" dynamic packet filtering firewall

WAP Stack

Wireless Markup Language (WML)

Wireless Application Environment (WAE)

Wireless Transport Layer Security Protocol (WTLS)

Wireless Application Environment (WAE)

Wireless Session Layer (WSL)

Wireless Transport Layer (WTL)

TCP Wrapper is a program that monitors incomming packets. It is considered open source. TCP Wrappers can be used to control when UDP servers start, but it has no other control over the server once it is started. UDP servers may continue to run after they've finished processing a legitimate request.

Again PPTP operates at Layer 2 of the OSI model.

High-rate Digital Subscriber Line (HDSL) delivers 1.544 Mbps of bandwidth each way over two copper twisted pairs.

SDSL also delivers 1.544 Mbps but over a single copper twisted pair.

IPSec Transport mode is established when the enpoint is a host

10Base2, also known as RG58, or thinnet, is limited to 185 meters. 10Base5, also known as RG8/RG11 or thicknet, is limited to 500 meters

Failure Resistand Disk System (FRDS) is that it enables the continuous monitoring of these parts and the alerting of their failure.

AH (51) provides integrity, authentication, and non-repudiation. Security Associations (SAs) can be combined into bundles to provide authentication, confidentialility and layered communication.

The Well Known Ports are those from 0 through 1023.

The Registered Ports are those from 1024 through 49151.

The Dynamic and/or Private Ports are those from 49152 through 65535.

There are six basic security services defined by the OSI:

Authentication, access control, data confidentiality, data integrity, nonrepudiation and logging and monitoring.

POP 110

Post Office Protocol (POP2) 109

Network News Transfer Protocol 119

NetBIOS 139

The TRANSPORT LAYER establish logical connection between the END POINTS of an internetwork, that is, the originating host and the destination host.

The Land attack involves the perpetrator sending spoofed packet(s) with the SYN flag set to the victim's machine on any open port that is listening

The Boink attack, involves the perpetrator sending corrupt UDP packets to the host. It however allows the attacker to attack multiple ports where Bonk was mainly directed to port 53 (DNS

Wednesday, 15 June 2011

CISSP CBK 3 Security Architecture and Design

Hi everyone, 3rd domain is as under

System is working in asymmetric mode one CPU is dedicated to one application.

A process is the set of instructions that is actually running, program is not a process until unless its is loaded and being allocated resources.

multiprogramming, which means that more than one program (or process) can be loaded i.e antivirus and another programme running side by side

.A maskable interrupt is assigned to an event that may not be overly important and the programmer can indicate that if that interrupt calls, the program does not stop what it is doing. Non-maskable interrupts can never be overridden by an application because the event that has this type of interrupt assigned to it is critical. As the reset button.

Watchdog timer is an example of critical process that resets the system if the system cannot recover it self from the problem

thread is made up of an individual instruction set and the data that must be worked on by the CPU like print function in word process multi threading refers to the multiple thread handling simultaneously.

A garbage collector is software that runs an algorithm to identify unused committed memory and then tells the operating system to mark that memory as “available.”

kernel mode, privileged mode, and supervisory mode all mean the same thing A monolithic kernel means all of the kernel’s activity works in privileged (supervisory) mode windows vista anad xp are all monolitic operating system as alll function workd inside kernel

Computer Security Policy Model Orange Book is based is the Bell-LaPadula Model.

The reference monitor is an abstract machine that mediates all access subjects have to objects

Security labels are not required until security rating B; thus, C2 does not require security labels but B1 does.

TCSEC addresses confidentiality, but not integrity ITSEC addresses CIA

Limitation of Orange book is it dosent evaluate the system for what those users do with the information oncethey are authorized, Only address Single system Security

Trusted Network Interpretation (TNI), also called the Red Book because of the color of its cover, addresses security evaluation topics for networks and network components. It addresses isolated local area networks and wide area internetwork systems.

ITSEC (European) actually separates these two attributes (functionality and assurance) and rates them separately, whereas TCSEC clumps them together and assigns them one rating (D through A1).

Certification is the comprehensive technical evaluation of the security components and their compliance for the purpose of accreditation.

Accreditation Accreditation is the formal acceptance of the adequacy of a system’s overall security and functionality by management.

Certification is a technical review that assesses the security mechanisms and evaluates their effectiveness. Accreditation is management’s official acceptance of the information in the certification process findings

Security testing and trusted distribution are required for Life-Cycle Assurance.


DIACAP (DoD Information Assurance Certification and Accreditation Process) effective Nov 2007 for C&A within the Department of Defense.

The DoD Information Assurance Certification and Accreditation Process (DIACAP) is the United States Department of Defense (DoD) process to ensure that risk management is applied on information systems (IS). DIACAP defines a DoD-wide formal and standard set of activities, general tasks and a management structure process for the certification and accreditation (C&A) of a DoD IS that will maintain the information assurance (IA) posture throughout the system's life cycle.


National Information Assurance Certification and Accreditation Process (NIACAP), establishes the minimum national standards for certifying and accrediting national security systems.


The HIPAA legislation had four primary objectives:

(1) Assure health insurance portability by eliminating job-lock due to pre-existing medical conditions,

(2) Reduce healthcare fraud and abuse,

(3) Enforce standards for health information and

(4) Guarantee security and privacy of health information.

B2 and B3 are concerned with covert channels, only level A1 involves a formal covert channel analysis.

In state machine models, to verify the security of a system, the state is used

Evaluation is the process of independently assessing a system against a standard of comparison, such as evaluation criteria.

Certification is the process of performing a comprehensive analysis of the security features and safeguards of a system to establish the extent to which the security requirements are satisfied.

Accreditation is the official management decision to operate a system.

Acceptance testing refers to user testing of a system before accepting delivery.

Orange book Operational Assurance and Life-Cycle Assurance.

Clark Wilsom integrity model defines a constrained data item, an integrity verification procedure and a transformation procedure?

National Computer Security Center (NCSC)= TCSEC

The life cycle assurance requirements specified in the Orange Book are:

security testing,

design specification and testing (B1,2,3,A1),

configuration management

trusted distribution(A1).

System integrity is also defined in the Orange Book but is an operational assurance requirement, not a life cycle assurance requirement

Complex Instruction Set Computer (CISC) uses instructions that perform many operations per instruction.

Pipelining involves overlapping the steps of different instructions to increase the performance in a computer.

Reduced Instruction Set Computers (RISC) involve simpler instructions that require fewer clock cycles to execute.

Scalar processors are processors that execute one instruction at a time.

Polyinstantiation permits a database to have two records that are identical except for their classifications

Information Labels contain more information than Sensitivity Levels, but are not used by the Reference Monitor to determine access permissions.

There are three main requirements of the security kernel:

• It must provide isolation for the processes carrying out the reference monitor concept, and the processes must be tamperproof.

• It must be invoked for every access attempt and must be impossible to circumvent. Thus, the security kernel must be implemented in a complete and foolproof way.

• It must be small enough to be able to be tested and verified in a complete and comprehensive manner.

Indirect addressing is when the address location that is specified in the program instruction contains the address of the final desired location.

Direct addressing is when a portion of primary memory is accessed by specifying the actual address of the memory location.

Indexed addressing is when the contents of the address defined in the program's instruction is added to that of an index register.

D – Minimal protection

C – Discretionary protection

C1 – Discretionary Security Protection

C2 – Controlled Access Protection

B – Mandatory Protection

B1 – Labeled Security

B2 – Structured Protection

B3 – Security Domains

A – Verified Protection

A1 – Verified Design

In MAC Model subject has clearance and Need to know when this alliens with Object classification and Category information can flow

EAL 1 : functionally tested

EAL 2 : structurally tested

EAL 3 : methodically tested and checked

EAL 4 : methodically designed, tested and reviewed

EAL 5 : semifomally designed and tested

EAL 6 : semifomally verified design and tested

EAL 7 : fomally verified design and tested.

NIST PRODUCES and PUBLISHES the Federal Information Processing Standards (FIPS)

operational assurance requirements specified in the Orange Book are

1. system architecture,

2. system integrity,

3. covert channel analysis,

4. trusted facility management

5. trusted recovery

Trusted Facility Management is Separation of Duties and is provided in the form of support for system administrator and operator functions and that stringent configuration management controls are imposed. You have single accounts to perform specific functions and not general accounts available to all individuals. (single admin account is use to do all Security things)

Polyinstantiation permits a database to have two records that are identical except for their classifications (i.e., the primary key includes the classification). Thus, APFEL's new unclassified record did not collide with the real, top secret record, so APFEL was not able to learn about FIGs pineapples.

Polymorphism is a term that can refer to, among other things, viruses that can change their code to better hide from anti-virus programs or to objects of different types in an object-oriented program that are related by a common superclass and can, therefore, respond to a common set of methods in different ways. That's also irrelevant to this question.

Sunday, 5 June 2011

CISSP CBK 2 Access control

Access Control

Hi every one !!! Cramm sheet for Second domain as ready

A race condition is when processes carry out their tasks on a shared resource in an incorrect order like authorization is done before authentication.

When system rejects an authorized individual, it is called a Type I error (false rejection rate). When the system accepts impostors who should be rejected, it is called a Type II error (false acceptance rate).

CER (Cross Error Rate) where Type I and Type II matches and CER 3 is good then CER 4
Biometrics Process time 5 to 10 minutes

OTP asynchronous is based on challenge/response mechanisms, while synchronous is based on time- or counter-driven mechanisms

Rainbow table An attacker uses a table that contains all possible passwords already in a hash format.

A digital signature is a technology that uses a private key to encrypt a hash value (message digest). The act of encrypting this hash value with a private key is called digitally signing a message

A memory card holds information but cannot process information. A smart card holds information and has the necessary hardware and software to actually process that information.

Fault Generation attach attacker generate the fault and try to figure out how the system behave like in smart card they increase the input voltage

Side channel attack the attacker watches how something works and how it reacts in different situations instead of trying to “invade” it

Kerberose The authentication service is the part of the KDC that authenticates a principal, and the TGS is the part of the KDC that makes the tickets and hands them out to the principals.
TGTs are used so the user does not have to enter his password each time he needs
to communicate with another principal

Kerberos uses tickets to authenticate subjects to objects, whereas SESAME (it is used to address the weakness in Kerberose and uses symmetric and Asymmetric Encryption) uses Privileged Attribute Certificates (PACs),

Three main types of access control models:
discretionary, (Owner gives access to resource) identity based access control
mandatory, (owners dont have control every thing is based upon clerence levels
nondiscretionary (also called role based). (RBAC model is the best system for a company that has high employee turnover)

Controls are implemented to mitigate risk and reduce the potential for loss. Preventive controls are put in place to inhibit harmful occurrences; detective controls are established to discover harmful occurrences; corrective controls are used to restore systems that are victims of harmful attacks.

DAC Data owners decide who has access to resources, and ACLs are used to enforce the security policy.
MAC Operating systems enforce the system’s security policy through the use of security labels.
RBAC Access decisions are based on each subject’s role and/or functional position

Access control matrix Table of subjects and objects that outlines their access relationships
ACL Bound to an object and indicates what subjects can access it
Capability table Bound to a subject and indicates what objects that subject can access
Content-based access Bases access decisions on the sensitivity of the data, not solely on subject identity
Context-based access Bases access decisions on the state of the situation, not solely on identity or content sensitivity
Restricted interface Limits the user’s environment within the system,thus limiting access to objects
• Rule-based access Restricts subjects’ access attempts by predefined rules

Watchdog timers are commonly used to detect software faults, such as a process ending abnormally or hanging
Diameter is a peer-based protocol that allows either end to initiate cnnection.

Administrative Controls
• Policy and procedures
• Personnel controls
• Supervisory structure
• Security-awareness training
• Testing
Physical Controls
• Network segregation
• Perimeter security
• Computer controls
• Work area separation
• Data backups
• Cabling
• Control zone
Technical Controls
• System access
• Network architecture
• Network access
• Encryption and protocols
• Auditing

The seven different access control functionalities are asfollows:
Deterrent Intended to discourage a potential attacker
Preventive Intended to avoid an incident from occurring
Corrective Fixes components or systems after an incident has occurred
Recovery Intended to bring controls back to regular operations
Detective Helps identify an incident’s activities
Compensating Controls that provide for an alternative measure of control
Directive Mandatory controls that have been put in place due to regulations or environmental requirements
threshold = clipping Level
when hacker deletes the audit logs it is known as Scrubbing

Avoid Tempest two solution control Zone by having special material in the walls to contain electrical signals or White Noise uniform spectrum of random electrical signals.

entrapment is illegal where u trap the hacker
Entrancement when you leave a system as a honey pot
Pharming is the DNS poisoning

DAC is implemented and enforced through the use of access control lists (ACLs), which are held in a matrix (access control Matrix). MAC is implemented and enforced through the use of security labels.

In the lattice model, users are assigned security clearences and the data is classified. Access decisions are made based on the clearence of the user and the classification of the object.

Cognitive passwords are fact or opinion-based information used to verify an individuals identity
Due Diligance is for Compliance

A network-based IDS is passive while it acquires data.

Bell-LaPadula model Simple security rule: A subject cannot read data within an object that resides at a higher security level ("No read up" rule).*- property rule: A subject cannot write to an object at a lower security level ("No write down" rule).

Assurance procedures ensure that access control mechanisms correctly implement the security policy for the entire life cycle of an information system.

The position of a bank teller is a specific role within the bank, so you would implement a role-based policy

Kerberose is authentication NOTT authorization service

Soft Control is another way of referring to Administrative control

From most effective (lowest CER) to least effective (highest CER) are: Iris scan, fingerprint, voice verification, keystroke dynamics.

Emanation attacks are the act of intercepting electrical signals that radiate from computing equipment (TEMPEST)

SESAME uses Attribute Certificate (AC) that allows for granular access control . It supports authentication, confidentiality but also authorization. In environment with well defined roles and capability is an issue , SESAME and PERMIS are role based single sign on technologies

Capability is Row in Matrix and ACL is Column in Matrix.

Access control list (ACL) "It [ACL] specifies a list of users [subjects] who are allowed access to each object"
A capability table are used to track, manage and apply controls based on the object and rights, or capabilities of a subject
An access control matrix is a way of describing the rules for an access control strategy.

Discretionary access control is Identity based ACL (widely used in Commercial environment)
MAC is Lattice Based.

Systems accountability depends on the ability to ensure that senders cannot deny sending information and that receivers cannot deny receiving it. Because the mechanisms implemented in nonrepudiation prevent the ability to successfully repudiate an action, it can be considered as a preventive control.

A Subject could be a users, a programs, a print queue, and processes where Objects would be files, directories, devices, windows, and sockets
Padded cells are simulated environments to which IDSs seamlessly transfer detected attackers and are designed to convince an attacker that the attack is going according to the plan.

Principle P1 authenticates to the Key Distribution Center (KDC), principle P1 receives a Ticket Granting Ticket (TGT), and principle P1 requests a service ticket from the Ticket Granting Service (TGS) in order to access the application server P2

The Clark-Wilson model uses separation of duties, which divides an operation into different parts and requires different users to perform each part. This prevents authorized users from making unauthorized modifications to data, thereby protecting its integrity.

Each ticket in Kerberos has a timestamp and are subject to time expiration to help prevent replay attack

In 1973 Bell and LaPadula created the first mathematical model of a multi-level security system.

Biometric devices can be use for either IDENTIFICATION or AUTHENTICATION

Internal consistency of the information system. ensures that internal data is consistent, the subtotals match the total number of units in the data base. total number of Printers in LAN

External consistency of the information system. External consistency is were the data matches the real world. If you have an automated inventory system the numbers in the data must be consistent with what your stock actually is.

Rule based or role based = Non-Discretionary Access Control (NDAC)
Identity based = DAC

Computer Security Policy Model Orange Book is based is the Bell-LaPadula Model.
Bell LaPadula = Confidentiality , NO READ UP
* STAR (NO Write Down)

ClarkWilson = Program B/W subject and Object/ Separation of Duties


Twofish encryption to encrypt network traffic thereby evading IDS/IDP detection. Netcat is a utility that can be used to open ports on a compromised host.Cryptcat does this but supports twofish (Schneier) encryption which is not decryptable by an IDS in transit
Static Password token the owner identity is authenticated by the token. An example of this occurring is when an employee swipes his or her smart card over an electronic lock to gain access to a store room. (smart card is like users password something you have)

The hand geometry pattern can be stored in only 9 bytes. Retina pattern uses 96 bytes whereas the fingerprint uses between 0.5 and 1.5 kb and the voice pattern typically uses between 1 and 10 kb.

The principal decrypts the message containing the session key (Kc, tgs) with its secret key (Kc), and will now use this session key to communicate with the TGS principal (sometimes refer to as resource or server) he wishes to access.

The Operations Security domain is concerned with triples - threats, vulnerabilities and assets. (ATV)

The hand geometry pattern can be stored in only 9 bytes
Retina pattern uses 96 bytes whereas the fingerprint uses between 0.5 and 1.5 kb
voice pattern typically uses between 1 and 10 kb

The Take-Grant access control model uses a directed graph to specify the rights that a subject can transfer to an object, or that a subject can take from another subject. The Biba and Clark-Wilson models are integrity models and the Non-interference model is an information flow model.