CISSP Study Notes from CISSP Prep Guide

These notes were prepared from the The CISSP Prep Guide: Mastering the Ten Domains of Computer
Security by Ronald ! "rut#$ Russell Dean %ines$ &dward M! Stro# and are not intended to be a
replacement to the boo'!
In addition to the CISSP Prep Guide I used the following resources to prepare for the e(am:
n The Information Security Management )andboo'$ *ourth &dition by Mic'i "rause and )arold *!
Tipton
n The re+ised Michael ,+erly notes
n The -oson .uestions /0 and /1
n ots of misc! websites
n And of course www.cccure.org
Good uc'2
34G$ CISSP
CISSP STUDY NOTES !O" CISSP P!EP GUIDE...............................................................................#
DO"AIN # $ SECU!ITY "ANAGE"ENT P!ACTICES......................................................................%
DO"AIN % $ ACCESS CONT!O& SYSTE"S..........................................................................................'
DO"AIN ( $ TE&ECO" AND NET)O!* SECU!ITY......................................................................#(
DO"AIN + $ C!YPTOG!AP,Y..............................................................................................................(+
DO"AIN - $ SECU!ITY A!C,ITECTU!E AND "ODE&S..............................................................+.
DO"AIN . $ OPE!ATIONS SECU!ITY................................................................................................-.
DO"AIN ' $ APP&ICATIONS AND SYSTE" DE/E&OP"ENT........................................................(
DO"AIN 0 $ 1USINESS CONTINUITY AND DISASTE! !ECO/E!Y P&ANNING.....................'2
DO"AIN 3 $ &A)4 IN/ESTIGATION AND ET,ICS...........................................................................'0
DO"AIN #2 $ P,YSICA& SECU!ITY....................................................................................................0'
5
Dom5in # $ Security "5n5gement Pr5ctices
T6e 1ig T6ree 7 C. I. A.
n Confidentiality 6 Pre+ent disclosure of data
n Integrity 6 Pre+ent modification of data
n 7+ailability 6 &nsure reliable timely access to data
Ot6er Import5nt Concepts
n Identification 6 Means in which user claims Identity
n 7uthentication 6 &stablishes the users Identity
n 7ccountability 6 Systems ability to determine actions of users
n 7uthori#ation 6 rights and permissions granted to an indi+idual
n Pri+acy 6 e+el of confidentiality that a user is gi+en
,b8ecti+e of Security is to reduce effects of threats and +ulnerabilities to a tolerable le+el!
!is8 An59ysis
7ssess the following:
n Impact of the threat
n Ris' of the threat occurring 9li'elihood:
Controls reduce both the impact of the threat and the li'elihood of the threat$ important in cost benefit of
controls!
D5t5 C95ssific5tion
n Data classification has high le+el enterprise wide benefit
n Demonstrates organi#ations commitment to security
n )elps identify sensiti+e and +ital information
n Supports C!I!7!
n May be re;uired for legal regulatory reasons
Data owners are responsible for defining the sensiti+ity le+el of the data!
Go:ernment C95ssific5tion Terms;
n <nclassified 6 =either sensiti+e nor classified$ public release is acceptable
n Sensiti+e -ut <nclassified 9S-<: 6 Minor secret$ no serious damage if disclosed
n Confidential 6 disclosure could cause damage to =ational Security
n Secret > disclosure could cause serious damage to =ational Security
n Top Secret 6 )ighest e+el > disclosure could cause e(ponentially gra+e damage to =ational Security
In addition must ha+e a =eed to "now 6 8ust because you ha+e ?secret@ clearance does not mean all
?secret@ data 8ust data with a need to 'now!
Addition59 Pu<9ic C95ssific5tion Terms
n Public 6 similar to unclassified$ should not be disclosed but is not a problem if it is
n Sensiti+e 6 data protected from loss of Confidentiality and integrity
n Pri+ate 6 data that is personal in nature and for company use only
n Confidential 6 +ery sensiti+e for internal use only > could seriously negati+ely impact the company
C95ssific5tion Criteri5
n %alue > number one criteria$ if it is +aluable it should be protected
n 7ge 6 +alue of data lowers o+er time$ automatic de>classification
n <seful ife 6 If the information is made obsolete it can often be de>classified
0
n Personal 7ssociation 6 If the data contains personal information it should remain classified
Distri<ution m5y <e re=uired in t6e e:ent of t6e fo99owing:
n Court ,rder 6 may be re;uired by court order
n Go+ernment Contracts 6 go+ernment contractors may need to disclose classified information
n Senior e+el 7ppro+al 6 senior e(ecuti+es may appro+e release
Inform5tion C95ssific5tion !o9es
Owner
n May be e(ecuti+e or manager
n ,wner has final corporate responsibility of the data protection
n Ma'es determination of classification le+el
n Re+iews classification le+el regularly for appropriateness
n Delegates responsibility of data protection to the Custodian
Custodi5n
n Generally IT systems personnel
n Running regular bac'ups and testing reco+ery
n Performs restoration when re;uired
n Maintains records in accordance with the classification policy
User
n 7nyone the routinely uses the data
n Must follow operating procedures
n Must ta'e due care to protect
n Must use computing resources of the company for company purposes only
Po9icies St5nd5rds4 Guide9ines 5nd Procedures
n Policies are the highest le+el of documentation
n Standards$ Guidelines and Procedures deri+ed from policies
n Should be created first$ but are no more important than the rest
Senior "5n5gement St5tement $ gener59 6ig679e:e9 st5tement
n 7c'nowledgment of importance of computing resources
n Statement of Support for information security
n Commitment to authori#e lower le+el Standards$ Guidelines and Procedures
!egu95tory Po9icies 6 company is re;uired to implement due to legal or regulatory re;uirements
n <sually +ery detailed and specific to the industry of the organi#ation
n Two main purposes
n To ensure the company is following industry standard procedures
n To gi+e the company confidence they are following industry standard procedures
Ad:isory Po9ices 6 not mandated but strongly suggested!
n Company wants employees to consider these mandatory!
n 7d+isory Policies can ha+e e(clusions for certain employees or 8ob functions
Inform5ti:e Po9icies
n &(ist simply to inform the reader
n =o implied or specified re;uirements
St5nd5rds4 Guide9ines 5nd Procedures
n Contain actual detail of the policy
1
n )ow the policies should be implemented
n Should be 'ept separate from one another
n Different 7udiences
n Security Controls are different for each policy type
n <pdating the policy is more manageable
St5nd5rds > Specify use of technology in a uniform way$ compulsory
Guide9ines 6 similar to standards but not compulsory$ more fle(ible
Procedures 6 Detailed steps$ re;uired$ sometimes called ?practices@$ lowest le+el
15se9ines 6 baselines are similar to standards$ standards can be de+eloped after the baseline is established
!o9es 5nd !esponsi<i9ities
n Senior Management 6 )as ultimate responsibility for security
n Infosec ,fficer 6 )as the functional responsibility for security
n ,wner 6 Determines the data classification
n Custodian > Preser+es C!I!7!
n <ser 6 Performs in accordance with stated policy
n 7uditor 6 &(amines Security
!is8 "5n5gement
Mitigate 9reduce: ris' to a le+el acceptable to the organi#ation!
Identific5tion of !is8
n 7ctual threat
n Possible conse;uences
n Probable fre;uency
n i'ely hood of e+ent
!is8 An59ysis
n Identification of ris's
n -enefit > cost 8ustification of counter measures
!is8 An59ysis Terms
n 7sset 6 Resource$ product$ data
n Threat 6 7ction with a negati+e impact
n %ulnerability 6 7bsence of control
n Safeguard 6 Control or countermeasure
n E>posure 5ctor
A of asset loss caused by threat
n Sing9e &oss E>pect5ncy ?S&E@ $ E>pected fin5nci59 9oss for sing9e e:ent
S& B 7sset %alue ( &(posure *actor
n Annu59iAed !5te of Occurrence ?A!O@ 6 represents estimated fre;uency in which threat will occur
within one year
n Annu59iAed &oss E>pect5ncy ?A&E@ $ Annu599y e>pected fin5nci59 9oss
7& B S& ( 7R,
C
!is8 An59ysis
n Ris' analysis is more comprehensi+e than a -usiness Impact 7nalysis
n .uantitati+e 6 assigns ob8ecti+e numerical +alues 9dollars:
n .ualitati+e 6 more intangible +alues 9data:
n .uantitati+e is a ma8or pro8ect that re;uires a detailed process plan
Pre9imin5ry Security E>5min5tion ?PSE@
n ,ften conducted prior to the ;uantitati+e analysis!
n PS& helps gather elements that will be needed for actual R7
!is8 An59ysis Steps
5: &stimate of potential loss
0: 7naly#e potential threats
1: Define the 7nnuali#ed oss &(pectancy 97&:
C5tegories of T6re5ts
n Data Classification 6 malicious code or logic
n Information 4arfare 6 technically oriented terrorism
n Personnel 6 <nauthori#ed system access
n 7pplication D ,perational 6 ineffecti+e security results in data entry errors
n Criminal 6 Physical destruction$ or +andalism
n &n+ironmental 6 utility outage$ natural disaster
n Computer Infrastructure 6 )ardware failure$ program errors
n Delayed Processing 6 reduced producti+ity$ delayed collections processing
Annu59iAed &oss E>pect5ncy ?A&E@
n Ris' analysis should contain the following:
n %aluation of Critical 7ssets
n Detailed listing of significant threats
n &ach threats li'elihood
n oss potential by threat
n Recommended remedial safeguards
!emedies
n !is8 !eduction > implementation of controls to alter ris' position
n !is8 Tr5nsference 6 get insurance$ transfer cost of a loss to insurance
n !is8 Accept5nce $ 7ccept the ris'$ absorb loss
Bu59it5ti:e Scen5rio Procedure
n Scenario ,riented
n ist the threat and the fre;uency
n Create e(posure rating scale for each scenario
n Scenario written that address each ma8or threat
n Scenario re+iewed by business users for reality chec'
n Ris' 7nalysis team e+aluates and recommends safeguards
n 4or' through each finali#ed scenario
n Submit findings to management
/59ue Assessment
n 7sset +aluation necessary to perform costDbenefit analysis
n =ecessary for insurance
n Supports safeguard choices
E
S5fegu5rd Se9ection
n Perform costDbenefit analysis
n Costs of safeguards need to be considered including
n Purchase$ de+elopment and licensing costs
n Installation costs
n Disruption to production
n =ormal operating costs
Cost 1enefit An59ysis
7& 9PreControl: 6 7& 9PostControl: B 7nnuali#ed +alue of the control
&e:e9 of m5nu59 oper5tions
n The amount of manual inter+ention re;uired to operate the safeguard
n Should not be too difficult to operate
Audit5<i9ity 5nd Account5<i9ity
Safeguard must allow for auditability and accountability
!eco:ery A<i9ity
n During and after the reset condition
n =o asset destruction during acti+ation or reset
n =o co+ert channel access to or through the control during reset
n =o security loss after acti+ation or reset
n Defaults to a state that does not allow access until control are fully operational
Security Aw5reness Tr5ining
-enefits of 7wareness
n Measurable reduction in unauthori#ed access attempts
n Increase effecti+eness of control
n )elp to a+oid fraud and abuse
Periodic awareness sessions for new employees and refresh other
"et6ods of 5w5reness impro:ement
n i+e interacti+e presentations
n C-Ts
n Publishing of posters and newsletters
n Incenti+es and awards
n Reminders$ login banners
Tr5ining C Educ5tion
n Security training for ,perators
n Technical training
n Infosec training
n Manager training
F
Dom5in % $ Access Contro9 Systems
C > Confidentiality
I > Integrity
A > 7+ailability
Confidenti59ity
n =ot disclosed to unauthori#ed person
Integrity
n Pre+ention of modification by unauthori#ed users
n Pre+ention of unauthori#ed changes by otherwise authori#ed users
n Internal and &(ternal Consistency
n Internal Consistency within the system 9i!e! within a database the sum of subtotals is e;ual to the
sum of all units:
n &(ternal Consistency 6 database with the real world 9i!e! database total is e;ual to the actual
in+entory in the warehouse:
A:5i95<i9ity
n Timely access
Three things to consider
n Threats 6 potential to cause harm
n %ulnerabilities 6 wea'ness that can be e(ploited
n Ris' 6 potential for harm
Contro9s
n Pre+entati+e 6 pre+ent harmful occurrence
n Detecti+e 6 detect after harmful occurrence
n Correcti+e 6 restore after harmful occurrence
Contro9s c5n <e;
n 7dministrati+e 6 polices and procedures
n ogical or Technical > restricted access
n Physical 6 loc'ed doors
T6ree types of 5ccess ru9es;
5! "5nd5tory 5ccess contro9 ?"AC@; 7uthori#ation of sub8ectGs access to an ob8ect depends on labels
9sensiti+ity le+els:$ which indicate sub8ectGs clearance$ and the classification or sensiti+ity of the ob8ect
&+ery ,b8ect is assigned a sensiti+ity le+elDlabel and only users authori#ed up to that
particular le+el can access the ob8ect
7ccess depends on rules and not by the identity of the sub8ects or ob8ects alone
,nly administrator 9not owners: may change category of a resource H ,range boo' ->le+el
,utput is labeled as to sensiti+ity le+el
<nli'e permission bits or 7Cs$ labels cannot ordinarily be changed
CanGt copy a labeled file into another file with a different label
Rule based 7C
0! Discretion5ry Access Contro9 ?DAC@; Sub8ect has authority$ within certain limits$ to specify what
ob8ects can be accessible 9e!g!$ use of 7C:
<ser>directed means a user has discretion
Identity>based means discretionary access control is based on the sub8ects identity
%ery common in commercial conte(t because of fle(ibility
,range boo' C le+el
I
Relies on ob8ect owner to control access
Identity -ased 7C
1! Non7Discretion5ry Access Contro9; Central authority determines what sub8ects can ha+e access to
certain ob8ects based on organi#ationGs security policy 9good for high turno+er:
May be based on indi+idualGs role in the organi#ation 9Role>-ased: or the sub8ectGs
responsibilities or duties 9tas'>based:
&5ttice <5sed $ pro+ides least access pri+ileges of the access pair
n Greatest lower bound
n owest upper bound
Pre:ent5ti:e Detecti:e
Administr5ti:e Policies and procedures$ pre>
employment bac'ground chec's$
strict hiring practices$ employment
agreements$ friendly and
unfriendly employee termination
procedures$ +acation scheduling$
labeling of sensiti+e materials$
increased super+ision$ security
awareness training$ beha+ior
awareness$ and sign>up procedures
to obtain access to information
systems and networ's!
Polices and procedures$ 8ob
rotation$ sharing of responsibilities
Tec6nic59 ogical system controls$ smart
cards$ bio>metrics$ menu shell
IDS$ logging$ monitoring$ clipping
le+els
P6ysic59 Restrict physical access$ guards$
man trap$ gates
Motion detectors$ cameras$ thermal
detectors
Identific5tion 5nd Aut6entic5tion
Identification establishes accountability
T6ree 5ctor Aut6entic5tion
n Something you 'now 9password:
n Something you ha+e 9to'en:
n Something you are 9biometrics:
Sometimes > something you do
P5sswords
n Static 6 same each time
n Dynamic 6 changes each time you logon
To8ens $ Sm5rtc5rds
Static Password 9li'e software with pin:
n ,wner 7uthenticates to the to'en
n To'en authenticates to the system
Sync6ronous Dyn5mic P5ssword
n To'en 6 generates passcode +alue
n Pin 6 user 'nows
n To'en and Pin entered into PC
n Must fit in +alid time window
J
Async6ronous
n Similar to synchronous$ new password is generated asynchronously$ =o time window
C6599enge !esponse
n System generates challenge string
n <ser enters into to'en
n To'en generates response entered into wor'station
n Mechanism in the wor'station determines authentication
1iometrics 6 something you are
n Identify 6 one to many
n 7uthenticate 6 one to one
59se !eDection !5te ?!!@ 6 Type I error
59se Accept5nce !5te ?A!@ 6 Type II error
Crosso:er Error !5te 6 9C&R: 6 C&R B A when !! E A!
1iometric Issues
n &nrollment Time 6 7cceptable rate is % minutes per person
n Throughput Time 6 acceptable rate is #2 people per minute
Accept5<i9ity Issues 6 pri+acy$ physical$ psychological
Types of 1iometrics
n ingerprints: 7re made up of ridge endings and bifurcations e(hibited by the friction ridges and other
detailed characteristics that are called minutiae!
n !etin5 Sc5ns; Scans the blood>+essel pattern of the retina on the bac'side of the eyeball!
n Iris Sc5ns; Scan the colored portion of the eye that surrounds the pupil!
n 5ci59 Sc5ns; Ta'es attributes and characteristics li'e bone structures$ nose ridges$ eye widths$
forehead si#es and chin shapes into account!
n P59m Sc5ns; The palm has creases$ ridges and groo+es throughout it that are uni;ue to a specific
person!
n ,5nd Geometry; The shape of a personGs hand 9the length and width of the hand and fingers:
measures hand geometry!
n /oice Print; Distinguishing differences in peopleGs speech sounds and patterns!
n Sign5ture Dyn5mics; &lectrical signals of speed and time that can be captured when a person writes a
signature!
n *ey<o5rd Dyn5mics; Captures the electrical signals when a person types a certain phrase!
n ,5nd Topo9ogy; oo's at the si#e and width of an indi+idualGs hand and fingers!
Sing9e Sign On
*er<eros
n Symmetric 'ey encryption
n "DC 6 "erberos>trusted "ey Distribution Center
n TGS 6 Tic'et Granting Ser+ice
n 7S 6 7uthentication Ser+er
*er<eros
5! "DC 'nows secret 'eys of Client and Ser+er
0! "DC e(changes info with the Client and the Ser+er using symmetric 'eys
1! <sing TGS grants temporary symmetric 'ey
C! Client and Ser+er communicate using the temporary session 'ey
K
Initi59 E>c65nge
Client sends )ash Password to the TGS Ser+er$ TGS +erifies with the 7uth! Ser+er
TGS Ser+er responds with:
5: "ey for Client and TGS ser+er encrypted with Client "ey L"9c$tgs:M"c
0: Tic'et Granting Tic'et 9TGT: B L"9c$ tgs:$ c$a$+M"9tgs:
!e=uest for Ser:ice
Client sends re;uest for ser+ice to TGS with
5: TGT B L"9c$ tgs:$ c$a$+M"9tgs:
0: 7uthenticator "9c$ tgs:
TGS Issues Tic8et for Ser:ice
TGS sends Client bac' tic'et for ser+er and authenticator for ser+er
5: Tic'et T9c$s: B Ls$c$a$+$"9c$s:M"s
0: L"9c$s:M"9c$tgs:
!ecei:e Ser:ice from Ser:er
Client sends Ser+er
5: Tic'et T9c$s: B Ls$c$a$+$"9c$s:M"s
0: authenticator B Lc$t$'eyM"9c$s:
*er<eros we58nesses
n Replay is possible within time frame
n TGS and 7uth ser+er are +ulnerable as they 'now e+erything
n Initial e(change passed on password authentication
n "eys are +ulnerable
SESA"E 6 Secure &uropean System for 7pplications in a Multi>+endor &n+ironment
n <ses =eedham>Schroeder protocol
n <ses public 'ey cryptography
n Supports MDE and CRC10 )ashing
n <ses two tic'ets
5: ,ne contains authentication
0: ,ne contains the access rights to the client
SESA"E we58nesses
n ,nly authenticates by using first <9oc8 of mess5ge
n Initial e(change passed on password authentication
n S&S7M& incorporates two certificates or tic'ets: ,ne certificate pro+ides authentication as in
"erberos and the other certificate defines the access pri+ileges that are assigned to a client!
*rypto*nig6t
n Peer to peer relationship between "DC 6 "ey Distribution Center and parties 9Client and Ser+er:
n =etSP is based on "rypto"night
n Supported by R7C*
n 7uthentication
n "ey Distribution
n Data Pri+acy
n Data Integrity
n Single Sign>,n
n 7dministration
Access Contro9 7 Centr59iAed 5nd Decentr59iAed
Centr59iAed
n R7DI<S > Remote 7ccess Dial>In <ser Ser+ice 9incorporates an 7S and dyn5mic password:
5N
n T7C7CS 6 Terminal 7ccess Controller 7ccess Control System 9for networ' applications$ st5tic pwd:
n T7C7CSO 6 Terminal 7ccess Controller 7ccess Control System Plus$ supports to'en authentication
C,AP $ C6599enge ,5nds658e Aut6entic5tion Protoco9
n Supports encryption$ protects password
Decentr59iAed
!e95tion59 D5t5<5se Security
n Relational Databases support ;ueries
n ,b8ect oriented databases do not support ;ueries
!e95tion59 D5t5<5se
n Data structures called tables 9relations:
n Integrity Rules on allowable +alues
n ,perators on the data in tables
Persistency 6 preser+ation of integrity through the use of non+olatile storage media
Sc6em5
n Description of the database
n Defined by Data Description ayer 9DD:
D5t5<5se "5n5gement System ?D1"S@
n pro+ides access to the database
n 7llows restriction of access
!e95tion59 D5t5<5se
n Relation 9table: is the basis of a relational database 6 relation is represented by a table
n Rows B Records 9tuples:
n Column B 7ttributes
Attri<ute7# Attri<ute7% Attri<ute7(
!ecord7#
!ecord7%
Prim5ry *ey
n <nambiguously identifies a record! Points to a record 9tuple:
n &+ery row 9record$ tuple: must contain the primary 'ey of the relation 9table:
C5rdin59ity > / of rows in a relationship 9table:
Degree > / of columns in a relationship 9table:
C5ndid5te 8ey > any identifier that is a uni;ue to the record
oreign *ey 6 any +alue that matches the primary 'ey of another relation 9table:
!e95tion59 D5t5<5se 6 best suited for te(t
!e95tion59 D5t5<5se Oper5tions
n Se9ect $ based on criteria i!e! all items with +alue P Q1NN!NN
n Foin > 8oin tables based on a common +alue
n Union 6 forms a new relation 9table: from two other relations
n /iew 6 9+irtual table: uses 8oin$ pro8ect$ select > %iews can be used to restrict access 9least pri+ileges:
55
n Buery p95n
n Comprised of implementation procedures$ lowest cost plan based on ?cost@
n Costs are CP< time$ Dis' 7ccess
n 1ind 6 used to create plan
D5t5 Norm59iA5tion
&nsures that attributes in a table rely only on the primary 'ey
n &liminates repeating groups
n &liminates redundant data
n &liminates attributes not dependent on the primary 'ey
SB& $ Structured Buery &5ngu5ge
n Select
n <pdate
n Delete
n Insert
n Grant 6 7ccess Pri+ileges
n Re+o'e 6 7ccess Pri+ileges
O<Dect Oriented D5t5<5ses 7 OOD1
n -est suited for multi>media$ graphics
n Steep learning cur+e
n )igh o+erhead
Intrusion Detection
Networ8 15sed
n Real Time
n Passi+e
,ost 15sed
n System and e+ent logs
n imited by log capabilities
Sign5ture 15sed $ ?*now9edge 15sed@
n Signatures of an attac' are stored and referenced
n *ailure to recogni#e slow attac's
n Must ha+e signature stored to identify
St5tistic59 Anom59y 15sed ?1e65:ior 15sed@
n IDS determines ?normal@ usage profile using statistical samples
n Detects anomaly from the normal profile
Access Contro9 Issues
n Confidentiality
n Integrity
n 7+ailability
n 7ccountability of users
"e5sures for compens5ting for <ot6 intern59 5nd e>tern59 5ccess :io95tions
n -ac'ups
n R7ID 6 Redundant 7rray of Ine(pensi+e Dis's
n *ault Tolerance
50
n -usiness Continuity Planning
n Insurance
51
Dom5in ( $ Te9ecom 5nd Networ8 Security
Management Concepts
Technology Concepts
n Confidentiality 6 no disclosure of data
n Integrity 6 no alteration of data
n 7+ailability 6 no destruction of data
!emote Access Security "5n5gement
!emote Connections
n (DS 6 Digital Subscriber ine
n Cable modem
n 4ireless 9PD7s:
n ISD= 6 Integrated Ser+ices Digital =etwor'
Securing E>tern59 !emote Connections
n %P= 6 %irtual Pri+ate =etwor'
n SS 6 Secure Soc'et ayer
n SS) 6 Secure Shell
!emote Access Aut6entic5tion
n R7DI<S 6 Remote 7ccess Dial>In <ser Ser+er
n T7C7CS 6 Terminal 7ccess Controller 7ccess Control Ser+er
!emote Node Aut6entic5tion
n P7P 6 Password 7uthentication Protocol 6 clear te(t
n C)7P 6 Challenge )andsha'e 7uthentication Protocol 6 protects password
!emote User "5n5gement
n 3ustification of remote access
n Support Issues
n )ardware and software distribution
Intrusion Detection
n =otification
n Remediation
Cre5tion of;
n )ost and networ'ed based monitoring
n &+ent =otification
n CIRT 6 Computer Incident Response Team
n CIRT Performs
n 7nalysis of e+ent
n Response to incident
n &scalation path procedures
n Resolution 6 post implementation follow up
Intrusion Detection Systems
n Networ8 15sed 6 Commonly reside on a discrete networ' segment and monitor the traffic on that
networ' segment!
n ,ost 15sed 6 <se small programs$ which reside on a host computer! Detect inappropriate acti+ity only
on the host computer$ not the networ' segment!
5C
n *now9edge 15sed 6 Signature based
n 1e65:ior59 15sed 6 Statistical 7nomaly
*now9edge 15sed
Pros Cons
ow false alarms Resource Intensi+e
7larms Standardi#ed =ew or uni;ue attac's
not found
1e65:ior 15sed $ 9ess common
Pros Cons
Dynamically adapts )igh *alse 7larm rates
=ot as operating system
specific
<ser acti+ity may not
be static enough to
implement
CI!T $ ?CE!T@ $ Computer Incident !esponse Te5m
Responsibilities:
n Manage the companyGs response to e+ents that pose a ris'
n Coordinating information
n Mitigating ris'$ minimi#e interruptions
n 7ssembling technical response teams
n Management of logs
n Management of resolution
Networ8 A:5i95<i9ity
n R7ID 6 Redundant 7rray of Ine(pensi+e Dis's
n -ac' <p Concepts
n Manage single points of failure
!AID $ !edund5nt Arr5y of Ine>pensi:e Dis8s
n *ault tolerance against ser+er crashes
n Secondary 6 impro+e system performance
n Striping 6 Caching and distributing on multiple dis's
n R7ID employs the techni;ue of striping$ which in+ol+es partitioning each dri+eRs storage space into
units ranging from a sector 9E50 bytes: up to se+eral megabytes! The stripes of all the dis's are
interlea+ed and addressed in order!
n )ardware and software implementation
!AID Ad:isory 1o5rd
n Three types 6 5i9ure !esist5nt Dis8 Systems ?!DS@ > the only current standard$ *ailure Tolerant
Dis' Systems$ and Disaster Tolerant Dis' Systems!
n !DS: pro+ides the ability to reconstruct the contents of a failed dis' onto a replacement dis'!
n &nables the continuous monitoring of these parts and the alerting of their failure
n *RDSO
n Protect from dis' failure 6 can reconstruct dis's by automatically hot swapping while ser+er is
running
n Includes en+ironmental
n *RDSO adds ha#ard warnings
!AID &e:e9s
!AID 2 ?ST!IPPING@
n Creates one large dis' by using multiple dis's 6 striping
n =o redundancy
5E
n =o fault tolerance 95 fail B all fail:
n ReadD4rite performance is increased
!AID # ?"I!!O!ING@
n Mirroring
n Duplicates data on other dis's 9usually one to one ratio:
n &(pensi+e 9doubles cost of storage:
!AID % ?,A""ING CODE PA!ITY@
n Multiple dis's
n Parity information created using a hamming code
n Can be used in 1K dis' array 10 Data and I reco+ery
n =ot used$ replaced by more fle(ible le+els
!AID ( ?1YTE &E/E& PA!ITY@ !AID + ?1&OC* &E/E& PA!ITY@
n R7ID 1 6 -yte le+el
n R7ID C 6 -loc' le+el
n Stripe across multiple dri+es
n Parity information on a parity dri+e
n Pro+ides redundancy
n Can affect performance with single parity dri+e
!AID - ?INTE!&EA/E PA!ITY@
n Most popular
n Stripes data and parity information across all dri+es
n <ses interlea+e parity
n Reads and writes performed concurrently
n <sually 1>E dri+es! If one dri+e fails$ can reconstruct the failed dri+e by using the information from the
other 0!
!AID ' ?SING&E /I!TUA& DIS*@
n *unctions as a single +irtual dis'
n <sually software o+er e+el E hardware
n &nables the dri+e array to continue to operate if any dis' or any path to any dis' fails!
!AID Summ5ry
N 6 Striping
5 6 Mirroring
0 6 )amming code parity
1 6 -yte le+el parity
C 6 -loc' le+el parity
E 6 Interlea+e parity
I 6 Single %irtual Dis'
Ot6er Types of 5u9t To9er5nce
!edund5nt Ser:ers
n Primary Ser+er mirrors to secondary ser+er
n *ail>o+er or rollo+er to secondary in the e+ent of a failure
n Ser+er fault tolerance can be warm or hot
Ser:er C9uster
n Group of independent ser+ers managed as a single system
n oad -alancing
n Impro+es performance
5F
n ?Ser+er *arm@
n Microsoft Cluster Ser+er
5I
15c8up "et6odo9ogies
u99 15c8 Up 6 e+ery file
Increment59
n ,nly files that ha+e been changed or added recently
n ,nly files with their archi+e bit set are bac'ed up!
n This method is fast and uses less tape space but has some inherent +ulnerabilities$ one being that all
incremental bac'ups need to be a+ailable and restored from the date of the last full bac'up to the
desired date should a restore be needed!
n Restore B last full bac'up plus each incremental
Differenti59
n ,nly files that ha+e changed since the last bac'up
n 7ll files to the full bac'up 9additi+e:
n Restore B full bac'up plus the last differential
Types of T5pe
n D7T 6 Digital 7udio Tape
n .IC 6 .uarter Inch Cartridge 6 Small and slow
n Jmm Tape 6 Superceded by DT
n DT 6 Digital inear Tape 6 Cmm tape 6 large and fast
Ot6er medi5
CD 6 permanent bac'ups$ longer shelf life than tape
SIP 6 37SS 6 Common
Tape 7rray 6 10 to F1 Tape 7rray using R7ID technology
)SM 6 )ierarchical! Pro+ides a continuous on>line bac'up by using optical or tape T8u'ebo(esG$ similar to
4,RMs!
Common 15c8up Pro<9ems
n Slow transfer of data to bac'up
n Retrie+al time to restore
n ,ff hour processing and monitoring
n Ser+er dis' space e(pands o+er time
n oss of data between last bac' up
n Physical security of tapes
Sing9e Points of 5i9ure
Cabling *ailures6
n Co5>i59: many wor'stations or ser+ers attached to the same segment of cable$ which creates a single
point of failure if it is bro'en 9similar to cable T% cabling:! &(ceeding cable length is a source of
failure!
n Twisted P5ir: 9C7T1 and C7T E: The difference between the two has to do with the tightness the
copper wires are wound! Tightness determines its resistance to interference! C7T1 is older! Cable
length is a common failure
n i<er Optic: Immune to &MI! onger usable length 9upto 0'ms:! Drawbac' is costs!
Tec6no9ogy 5i9ures
Et6ernet
n Most Popular
n &(tremely resistance to failure$ especially in a star>wired config!
5J
To8en !ing
n Since to'en is passed by e+ery station on the ring
n =IC set at wrong speed or in error state can bring the networ' down
DDI $ i<er Distri<uted D5t5 Interf5ce
n Dual rings fault tolerance 9if first ring fails$ the secondary ring begins wor'ing:
n Sometimes uses second ring for impro+ed performance
&e5sed &ines
T5 and ISD= 6 go with multiple +endors to reduce failures
r5me !e95y
n Public switched 47=
n )ighly *ault Tolerant
n -ad segment di+erts pac'ets
n Can use multiple +endors for high a+ailability
Ot6er Sing9e Points of 5i9ure
n Can be any de+ice where all traffic goes through a single de+ice > Router$ firewall$ hub$ switch
n Power failure 6 surges$ spi'es 6 install <PS
=ote: Tri+ial *ile Transfer Protocol 9T*TP: is good tool for router configuration
C95sses of Networ8 A<use
C95ss A 6 un5ut6oriAed 5ccess t6roug6 circum:ention of security 5ccess contro9s. Mas;uerading$ logon
abuse 9primarily internal attac's:
C95ss 1 6 non7<usiness use of systems
C95ss C 6 E5:esdropping
n Acti:e: Tampering with a transmission to create a co+ert signaling channel or probing the networ'
n P5ssi:e: Co+ertly monitoring or listening to transmissions that is unauthori#ed!
n Co:ert C65nne9: using a hidden unauthori#ed communication
n T5pping; refers to the physical interception of a transmission medium 9li'e splicing of cable:!
C95ss D 6 Deni59 of Ser:ice S5tur5tion of networ8 ser:ices
C95ss E 6 Networ8 Intrusion 6 penetration 9e(ternally:
n Spoofing 6 7 spoofing attac' in+ol+es nothing more than forging oneRs source address! It is the act
of using one machine to impersonate another!
n Piggy 15c8ing 6 attac' using another users connection
n 15c8 Door 6 attac' +ia dial up or e(ternal connection
C95ss 6 Pro<ing
n Gi+es an intruder a road map of the networ' for DoS attac'
n Gi+es a list of a+ailable ser+ices
n Traffic analysis +ia TsniffersG which scans the host for a+ailable ser+ices
n i'e a telephone wiretap allows the *-I to listen in on other peopleRs con+ersations$ a
UsniffingU program lets someone listen in on computer con+ersations!
n Tools: Telnet 9manual:$ +ulnerability scanners 9automatic:!
Common DoS Att5c8s
n *illing hard dri+e space with email attachments
n Sending a message that resets a targets host subnet mas' causing routing disruption
n <sing up all of the targetGs resources to accept networ' connections
Addition59 DoS Att5c8s;
1uffer O:erf9ow Att5c8
n 4hen a process recei+es much more data than e(pected!
5K
n Since buffers are created to contain a finite amount of data$ the e(tra information > which has to go
somewhere > can o+erflow into ad8acent buffers$ corrupting or o+erwriting the +alid data held in them!
n PI=G 6 Pac'et Internet Groper 6 uses ICMP 6 Internet Control Message Protocol
n PI=G of Death> Intruder sends a PI=G that consists of an illegally modified and +ery large IP
datagram$ thus o+erfilling the system buffers and causing the system to reboot or hang!
SYN Att5c8
n 7ttac's the buffer space during a Transmission Control Protocol 9TCP:
n 7ttac'er floods the target systemGs Tin>processG ;ueue with connection re;uests causing the system to
time>out!
Te5rdrop Att5c8
n Modifying the length of the fragmentation fields in the IP Pac'et
n 4hen a machine recei+es this attac'$ it is unable to handle the data and can e(hibit beha+ior ranging
from a lost Internet connection to the infamous blue screen of death! -ecomes confuse and crashes!
Smurf Att5c8
n 9Source Site: Sends spoofed networ' re;uest to large networ' 9bounce site: all machines respond to the
9target site:! IP broadcast addressing!
r5gg9e Att5c8
n The UsmurfU attac'Rs cousin is called UfraggleU$ which uses <DP echo pac'ets in the same fashion as
the ICMP echo pac'et!
Common Session ,iD5c8ing Att5c8s
n IP Spoofing 6 IP spoofing is used to con+ince a system that it is communicating with a 'nown entity
that gi+es an intruder access! IP spoofing in+ol+es altering the pac'et at the TCP le+el! The attac'er
sends a pac'et with an IP source address of a 'nown$ trusted source! &>mail spoofing is the forgery of
an e>mail header so that the message appears to ha+e originated from someone or somewhere other
than the actual source!
n TCP Se=uence num<er 6 tric's the target in belie+ing that itGs connected to a trusted host and then
hi8ac's the session by predicting the targetGs choice of an initial TCP Se;uence number! Then itGs used
to launch +arious other attac's on other hosts!
S595mi Att5c8; 7 series of minor computer crimes that are part of a larger crime!
!5in<ow Series
n Redboo' 6 T=I > Trusted =etwor' Interpretation
n Time and technological changes lessen the rele+ancy of the T=I to contemporary networ'ing!
n Deals with technical issues outside the scope of the ,range -oo' wrt to networ's
n Redboo' interprets the ,range -oo'
n ,range -oo' 6 Trusted Computer Security &+aluation Criteria
TNI E:59u5tion C95sses
D 6 Minimal protection
C 6 Discretionary protection
C5 6 Discretionary Security Protection
C0 6 Controlled 7ccess protection
- 6 Mandatory
-5 6 abeled Security
-0 6 Structured
-1> Security Domains
Tec6no9ogy Concepts
Protoco9s; is a standard set of rules that determines how computers communicate with each other across
networ's despite their differences 9PC$ <=IC$ Mac!!:
&5yered 5rc6itecture; shows how communication should ta'e place
n Clarify the general functions of a communication process
n To brea' down comple( networ'ing processes into more manageable sublayers
0N
n <sing industry>standard interfaces enables interoperability
n To change the features of one layer without changing all of the code in e+ery layer
n &asier troubleshooting
05
OSI $ Open Systems Interconnect "ode9
&5yer ' App9ic5tion
Security: Confidentiality$
authentication$ data integrity$ non>
repudiation
Tec6no9ogy: gateways
Protoco9s: *TP$ SM-$ T&=&T$ T*TP$
SMTP$ )TTP$ ==TP$ CDP$ G,P)&R$
S=MP$ =DS$ 7*P$ S7P$ =CP$ S&T
n Responsible for all application>to>
application communications! <ser
information maintained at this layer
is user data!
&5yer . Present5tion
Security: confidentiality$
authentication$ encryption
Tec6no9ogy: gateway
Protoco9s; 7SCII$ &-CDIC$
P,STSCRIPT$ 3P&G$ MP&G$ GI*
n Responsible for the formatting of the
data so that it is suitable for
presentation! Responsible for
character con+ersion
97SCIID&-CDIC:$
&ncryptionDDecryption$
Compression$ and %irtual Terminal
&mulation! <ser information
maintained at this layer is called
messages!
&5yer - Session
Security: =one
Tec6no9ogy: gateways
Protoco9s: Remote Procedure Calls
9RPC: and S.$ R7DI<S$ D=S$ 7SP
n Responsible for the setup of the
lin's$ maintaining of the lin'$ and the
lin' tear>down between applications!
&5yer + Tr5nsport
Security: Confidentiality$
authentication$ integrity
Tec6no9ogy: gateways
Protoco9s: TCP$ <DP$ SS$ SS)>0$
SPV$ =et-ios$ 7TP
n Responsible for the guaranteed
deli+ery of user information! It is
also responsible for error detection$
correction$ and flow control! <ser
information at this layer is called
datagrams!
&5yer ( Networ8
Security: confidentiality$
authentication$ data integrity
Tec6no9ogy: +irtual circuits 97TM:$
routers
Protoco9s: IP$ IPV$ ICMP$ ,SP*$ IGRP$
&IGRP$ RIP$ -,,TP$ D)CP$ ISIS$ SIP$
DDP$ V!0E
n Responsible for the routing of user
data from one node to another
through the networ' including the
path selection! ogical addresses are
used at this layer! <ser information
maintained at this layer is called
packets!
&5yer % D5t5 &in8
Security: confidentiality$
Tec6no9ogy: bridges$ switch
Protoco9s: 0*$ PPTP$ 0TP$ PPP$ SIP$
7RP$ R7RP$ S7RP$ I7RP$ S=7P$
-7P$ C)7P$ CP$ SS$ MP$ *rame
Relay$ 7nne( 7$ 7nne( D$ )DC$
-PD<$ 7PD$ IS$ M7C$ &thernet$
To'en Ring$ *DDI
n Responsible for the physical
addressing of the networ' +ia M7C
addresses! Ther are two suble+els to
the Data>in' layer! M7C and C!
The Data>in' layer has error
detection$ frame ordering$ and flow
control! <ser information maintained
at this layer is called frames!
&5yer # P6ysic59
Security: confidentiality
Tec6no9ogy: ISD=$ )ubs$ Repeaters$
Cables
Protoco9s: 5N-aseT$ 5NN-aseT$
5NNN-aseT$ 5N-ase0$ 5N-aseE$ ,C>1$
,C>50$ DS5$ DS1$ &5$ &1$ 7TM$ -RI$
PRI$ V!01
n Responsible for the physical
transmission of the binary digits
through the physical medium! This
layer includes things such as the
physical cables$ interfaces$ and data
rate specifications! <ser information
maintained at this layer is called bits
9the 5s and Ns:!
D5t5 enc5psu95tion is the process in which information from one pac'et is wrapped around or attached to
the data of another pac'et! In ,SI model each layer encapsulates the layer immediately abo+e it!
00
OSI &5yers
n Process down the stac' and up the stac'
n &ach layer communicates with corresponding layer through the stac'!
OSI Security 7 . Security Ser:ices. A security ser:ice is 5 co99ection of security mec65nisms4 fi9es4 5nd
procedures t65t 6e9p protect t6e networ8.
n 7uthentication
n 7ccess control
n Data confidentiality
n Data integrity
n =on>repudiation
n ogging and monitoring
OSI Security 7 0 Security "ec65nisms. A security mec65nism is 5 contro9 t65t is imp9emented in
order to pro:ide t6e . <5sic security ser:ices.
n &ncipherment
n Digital signature
n 7ccess Control
n Data Integrity
n 7uthentication
n Traffic Padding
n Routing Control
n =otari#ation
TCPGIP $ Suite of Protoco9s
OSI TCPGIP Protoco9s Description
7pplication
7pplication ayer
Consists of the applications and
processes that use the networ'! Presentation
Session
Transport )ost to )ost
TCP and
<DP
Pro+ides end>to>end data deli+ery ser+ice
to the 7pplication ayer!
=etwor' Internet ayer
IP$ 7RP$
R7RP$
ICMP
Defines the IP datagram and handles the
routing of data across networ's!
Data lin'
=etwor' 7ccess
Consists of routines for accessing
physical networ's and the electrical
connection! Physical
,ost7to7,ost Tr5nsport &5yer Protoco9s;
TCP $ Tr5nsmission Contro9 Protoco9
n Connection ,riented
n Se;uenced Pac'ets
n 7c'nowledgment is sent bac' for recei+ed pac'ets
n If no ac'nowledgement then pac'et is resent
n Pac'ets are re>se;uenced
n Manageable data flow is maintained
NOTE; TCP 5nd UDP use port num<ers gre5ter t65n #2%(
UDP
n -est effort
01
n DoesnGt care about se;uence order
n Connectionless
n ess o+erhead and faster than TCP
Internet &5yer Protoco9s
IP $ Internet Protoco9
n 7ll hosts on a networ' ha+e an IP address
n &ach data pac'et is assigned the IP address of the sender and recei+er
n It pro+ides an Tunreliable datagram ser+iceG! Pro+ides:
n =o guarantees that the pac'et will be deli+ered
n =o guarantee that the pac'et will be deli+ered only once
n =o guarantee that it will be deli+ered in the order which it was sent
A!P $ Address !eso9ution Protoco9
n <se the IP 7ddress to get the M7C 7ddress
n M7C address is CJ bit
n IP address is 10 bit
n ,nly broadcast to networ' first time$ otherwise stores IP and M7C info in table
!A!P $ !e:erse Address !eso9ution Protoco9
n <se the M7C 7ddress to get the IP 7ddress
n R7RP Ser+er tells dis'less machines IP 7ddress
IC"P $ Internet Contro9 "ess5ge Protoco9
n Management Protocol and messaging ser+ice pro+ider for IP!
n Sends messages between networ' de+ices regarding the health of the networ'!
n Ping is ICMP pac'et
n Ping chec's if a host is up and operational
TCPDIP Does not define Physical Standards it uses e(isting ones
Ot6er TCPGIP Protoco9s
n Te9net 6 Terminal &mulation 9=o *ile Transfer:
n TP 6 *ile Transfer Protocol 6 9Can not e(ecute files:
n TTP 6 Tri+ial *TP 6 no directory browsing capabilities$ no authentication 9it is unsecure:$ can only
send and recei+e files!
n Some sites choose not to implement T*TP due to the inherent security ris's!
n T*TP is an <DP>based file transfer program that pro+ides no security!
n NS 6 =etwor' *ile Sharing
n S"TP 6 Deli+ers emails
n &DP 6 ine Printer Daemon 6 with PR enables print spooling
n H7)indows 6 for writing graphical interface application
n SN"P 6 Simple =etwor' Management Protocol
n Pro+ides for the collection of networ' information by polling the de+ices on the networ' from a
management station!
n Sends S=MP traps 9notification: to MI-S Management Information -ases
n 1ootstr5p ?1ootP@ protoco9 6 Dis'less boot up! -ootP ser+er hears the re;uest and loo's up the
clientGs M7C address in its -ootP file! ItGs an internet layer protocol!
Security En65nced Protoco9s ?Two types@
Security enhancements to telnet such as remote terminal access and secure telnet
Security enhancements to Remote Procedure Call such as Secure RPC 7uthentication
*ollowing Security Protocols:
0C
At t6e App9ic5tion &5yer ?OSI "ode9@
SET $ Secure E9ectronic Tr5ns5ction
n ,riginated by %isa and MasterCard
n -eing o+erta'en by SS
S,TTP 7 Secure ,TTP
n &arly standard for encrypting )TTP documents
n 7lso being o+erta'en by SS
At t6e Tr5nsport &5yer ?OSI "ode9@
SS,7%
n SS) has RS7 Certificates
n Supports authentication$ compression$ confidentiality$ and integrity
n D&S &ncryption
n -ecause Secure Shell 9SS)>0: supports authentication$ compression$ confidentiality$ and integrity$ SS)
is used fre;uently for &ncrypted *ile Transfer
SS& $ Secure Soc8et &5yer
n Contains SS record protocol and SS )andsha'e Protocol
n <ses symmetric encryption and public 'ey for authentication
n M7C 6 Message 7uthentication Code for Integrity
S*IP $ Simp9e *ey "5n5gement for Internet Protoco9
Similar to SS 6 no prior communication re;uired
irew599s
P5c8et i9tering irew599 7 irst Gener5tion
n Screening Router
n ,perates at =etwor' and Transport le+el
n &(amines Source and Destination IP 7ddress
n Can deny based on 7Cs
n Can specify Port
App9ic5tion &e:e9 irew599 7 Second Gener5tion
n Pro(y Ser+er
n Copies each pac'et from one networ' to the other
n Mas's the origin of the data
n ,perates at layer I 97pplication ayer:
n Reduces =etwor' performance since it has do analy#e each pac'et and decide what to do with it!
n 7lso Called 7pplication ayer Gateway
St5tefu9 Inspection irew599s $ T6ird Gener5tion
n Pac'ets 7naly#ed at all ,SI layers
n .ueued at the networ' le+el
n *aster than 7pplication le+el Gateway
Dyn5mic P5c8et i9tering irew599s $ ourt6 Gener5tion
n 7llows modification of security rules
n Mostly used for <DP
n Remembers all of the <DP pac'ets that ha+e crossed the networ'Gs perimeter$ and it decides whether to
enable pac'ets to pass through the firewall!
*erne9 Pro>y $ ift6 Gener5tion
n Runs in =T "ernel
0E
n <ses dynamic and custom TCPDIP>based stac's to inspect the networ' pac'ets and to enforce security
policies!
0F
irew599 Arc6itectures;
P5c8et i9tering !outers;
n Sits between trusted and untrusted networ's
n <ses 7Cs
n 7Cs can be manually intensi+e to maintain
n ac's strong user authentication
n 7Cs can degrade performance
n Minimal 7uditing
Screened ,ost irew599;
n &mploys pac'et filtering and -astion )ost
n Pro+ides networ' layer 9pac'et filtering: and
application layer 9pro(y: ser+ices
n Penetration re;uires getting by e(ternal router
9pac'et filtering: and -astion )ost 9pro(y:!
Du59 ,omed ,ost irew599
n Contains two =ICs
n ,ne connected to the local ?trusted@ networ'
n ,ne connected to the e(ternal ?untrusted@ networ'
n -loc's or filters traffic between the two!
n IP forwarding is disabled
0I
<ntrusted
networ'
Trusted
networ'
&(ternal Router
<ntrusted
networ'
Trusted
networ'
&(ternal Router
-astion host
<ntrusted
networ'
Trusted
networ'
&(ternal Router
Multi>homed
-astion host
Internal
Router
Screened Su<net irew599
n ,ne of the most secure
n Two pac'et filtering routers and a -astion )ost
n Pro+ides networ' layer 9pac'et filtering: and
application layer 9pro(y: ser+ices
n Pro+ides DMS
n Comple( configuration
SOC*S Ser:er
n Circuit le+el pro(y ser+er
n Re;uires S,C"S client on all machines
n <sed to manage outbound Internet access
n IT ,+erhead intensi+e
NAT $ Networ8 Address Tr5ns95tion
( Pri:5te IP Address !5nges $ G9o<59 Nonrout5<9e Addresses
5N!N!N!N to 5N!0EE!0EE!0EE
5I0!5F!N!N to 5I0!15!0EE!0EE
5K0!5FJ!N!N to 5K0!5FJ!0EE!0EE
n Class 7 addresses are for large networ's with many de+ices! 5>50I
n Class - addresses are for medium>si#ed networ's! 50J>5K5
n Class C addresses are for small networ's 9fewer than 0EF de+ices:! 5K0>001
n Class D addresses are multicast addresses.
/irtu59 Pri:5te Networ8s;
n Secure connection between two nodes using secret encapsulation method!
n Secure &ncrypted Tunnel 6 encapsulated tunnel 9encryption may or may not be used:
n Tunnel can be created by the following three methods:
n Installing software or agents on client or networ' gateway!
n Implementing user or node authentication systems!
n Implementing 'ey and certificate e(change systems!
/PN Protoco9 St5nd5rds;
PPTP $ Point7to7Point Tunne9ing Protoco9
n 4or's at the Data in' ayer
n Single point to point connection from client to ser+er
n Common with asynchronous connections with =T and 4in KE
&%TP 7 &5yer % Tunne9ing Protoco9
n Combination of PPTP and earlier ayer 0 *orwarding Protocol 90*:
n Multiple protocols can be encapsulated within the 0TP
n Single point to point connection from client to ser+er
n Common with Dial up %P=s
IPSec
n ,perates at the networ' layer
n 7llows multiple and simultaneous tunnels
n &ncrypt and authenticate IP data
n *ocuses more on =etwor' to =etwor' Connecti+ity
/PN De:ices
n )ardware and Software de+ices that utili#e %P= Standards
0J
<ntrusted
networ'
Trusted
networ'
&(ternal Router
Multi>homed
-astion host
Internal
Router
DMS
n Two types: IPSec Compatible and =on>IPSec Compatible
IPSec Comp5ti<9e
n Installed on a networ's perimeter and encrypt traffic between the two
n -ecause IPSec only wor' with IP
n ,perate at =etwor' ayer
n Two "odes:
n Tunne9 "ode 6 entire pac'et is encrypted and encases in IPSec pac'et
n Tr5nsport "ode 6 ,nly datagram is encrypted lea+ing IP address +isible!
n D5t5gr5m: 7 self>contained$ independent entity of data carrying sufficient information to be routed
from the source to the destination!
Non7IPSec Comp5ti<9e
n Common non>IPSec compatible include S,C"S$ PPTP and SS)
n S,C"S is not traditional %P= protocol but is robust and operates at 7pplication ayer!
n PTP implemented in 4inKE and =T
n Multiprotocol and uses P7P and C)7P user authentication!
n Compresses Data
n &nd>to>&nd encryption
n Secure Shell SS)>0
n =ot strictly %P= but can be used as one with Terminal Session
irew599 15sed /PNs
n *re;uently a+ailable with Third Generation 9Stateful Inspection: *irewalls
n ,perate at the 7pplication layer
n Performance degradation is often a problem
D5t5 Networ8ing 15sics
D5t5 Networ8 Types;
n ocal 7rea =etwor' 97=:
n 4ide 7rea =etwor' 947=:
n Internet$ Intranet$ and &(tranet
&oc59 Are5 Networ8s $ &AN
n Discrete networ' for limited geographical area li'e a building or a single floor
n Two most popular 7=s are:
n CAN 7 C5mpus Are5 Networ8 6 connects multiple buildings with each other o+er switched
bac'bone
n "AN $ "etropo9it5n Are5 Networ8 6 7= o+er a city wide metropolitan area!
n -oth C7= and M7= can ha+e a connection to 47=
)ide Are5 Networ8s 7 )AN
n =etwor' of sub networ's that interconnect 7=s o+er large geographic areas!
n 47= is basically e+erything outside of 7=
Internet
n The Internet is a 47= originally funded by the D,D
n <ses TCPDIP
Intr5net
n Internet li'e logical networ' that uses a companies internal physical networ' structure
n More security and control than Internet
n <ses Internet tools li'e browsers!
0K
E>tr5net
n &(tranet can be accessed by users outside of the company$ 9i!e! +endors and partners: but not the
general public!
n Includes some type of authentication or encryption
Async6ronous :s. Sync6ronous Communic5tions
n 7synchronous is basis of modems and dial up remote access! Must operate at same speed!
n Start and stop bits mar' the beginning and the end of each transfer!
n Synchronous is +ery high speed$ go+erned by electronic cloc' timing signals!
Common D5t5 Networ8 Ser:ices;
i9es Ser:ices 6 Share data files and subdirectories on file ser+er
"5i9 Ser:ices 6 send and recei+e mail internally and e(ternally
Print Ser:ices 6 Print documents to shared printers
C9ientG Ser:er Ser:ices 6 7llocate computing resources among wor'stations
Dom5in N5me Ser:ice 6 Matches Internet <niform Resource ocator 9<R: with the actual IP address of
the ser+er pro+iding the <R! Maps host names to IP 7ddresses! The Domain =ame System 9D=S: is a
global networ' of ser+ers that pro+ide this ser+ice!
D5t5 Networ8ing Tec6no9ogies;
&AN C5<9ing Types;
Twisted P5ir C5<9e
n Relati+ely slow speed
n Two insulated wires can be shielded 9STP: or unshielded 9<TP:
n <TP is a four>pair medium comes in se+eral categories
n <TP can be easily tapped by ea+esdroppers than the other cable types!
n Category based on how tightly wound the wires are$ tighter the wind the higher the rating and
resistance to interference!
n Cat 5 <TP6 was used for telephone lines not good for data!
n Cat 0 <TP 6 up to C M-ps
n Cat 1 <TP 6 <sed for 5N-aseT networ's up to 5N M-ps
n Cat C <TP 6 <sed in To'en Ring =etwor's up to 5F M-ps
n Cat E <TP > Current <TP standard for new installations up to 5NN M-ps
n Cat F <TP 6 up to 5EE M-ps
n Cat I <TP 6 up to 5 G-ps
Co5>i59 C5<9e
n )ollow outer conductor surrounds inner wire conductor! Currently two types in 7=s
n EN>ohm Cable for digital signaling
n IE>ohm Cable for analog signaling and high speed digital signaling
n Coa( is more e(pensi+e but is more resistant to &lectromagnetic Interference 9&MI:!
n <sed rarely e(cept in -roadband communications
n Comes in two types:
n T6innet 6 9RGEJ:
n T6ic8net 6 9RGJ or RG55:
n Two common types of coa(ial transmission methods:
1N
n 15se<5nd 6 The cable carries a single channel
n 1ro5d<5nd 6 cable carries se+eral channels such as data$ +oice$ audio$ and +ideo
i<er Optic C5<9e
n Conducts modulated light transmission
n ight wa+es are faster and tra+el greater distances
n Difficult to tap
n Resistant to &MI
n <sually connects bac'bones in larger networ's
n Can be used to connect wor'stations to the networ'!
n &(pensi+e to install and to terminate!
&AN Tr5nsmission Protoco9s;
n Rules for communication between computers on a 7=
n *ormatting of the data frame$ the timing and se;uencing of pac'et deli+ery$ and resolution of error
states!
C5rrier Sense "u9tip9e Access ?CS"A@
n *oundation of &thernet Protocol!
n 4or'station continuously monitors the line waiting until it thin's it is free!
n If the wor'station doesnGt recei+e an ac'nowledgement from the destination to which it sent the pac'et$
it assumes a collision has occurred and it resends the pac'et!
n Persistent Carrier Sense > <nless recei+es ac'nowledgement it will resend!
n =onpersistent Carrier Sense 6 waits random amount of time and resends!
CS"AGCA 7 C5rrier Sense "u9tip9e Access Co99ision A:oid5nce 6 4or'stations connected to two coa(
cables$ one to send and one to recei+e data!
CS"AGCD 7 C5rrier Sense "u9tip9e Access Co99ision Detection 6 Et6ernet
If the host detects another signal while transmitting it will send a 8am signal causing all nodes to stop
sending data! =odes wait to resend! Designed to a+oid collisions!
Po99ing 6 a primary wor'station polls another at a predetermined time to determine if it has data to
transmit! Primary must gi+e permission to others to transmit!
To8en p5ssing
n To'en Ring and *DDI and 7RCnet
n Cannot transmit without the to'en
n &ach station can hold to'en for ma(imum predetermined amount of time
&AN Tr5nsmission "et6ods; refer to the way pac'ets are sent on the networ'
n <nicast 6 from single source to single destination
n Multicast > source copied and sent to multiple destinations
n -roadcast > source copied and sent to all nodes on the networ'
&AN Topo9ogies i:e common topo9ogies; defines the manner in which the networ' de+ices are
organi#ed to facilitate communications!
1us
n 7ll transmissions tra+el full length of the cable and recei+ed by all other stations!
n Single point of failure in the cable!
n If one of the lin's between any of the computers is bro'en$ the networ' is down!
n Primarily &thernet!
n These networ's were originally designed to wor' with more sporadic traffic!
15
!ing
n <nidirectional transmission lin's form closed loop!
n To'en Ring and *DDI!
n Similar to the Star topology$ howe+er thereGs a de+ice called a Multistation 7ccess <nit 9M7<:!
n M7< wor's the same as a hub$ but with To'en Ring networ's instead of &thernet networ's!
n These networ's were originally designed to ser+e large$ bandwidth>consuming applications!
St5r
n =odes connected to a central 7= or a 8unction bo( called a hub or a concentrator at the center of the
networ'!
n 7ds: reliability
n Ring and -us often use Star as physical connection!
Tree 6 branches can ha+e multiple nodes!
"es6 6 all nodes connected to e+ery other node!
&AN "edi5 Access "et6ods ?P6ysic59 5nd D5t5 &in8 &5yers@; control the use of a networ'!
Et6ernet 6 JN0!1
n &thernet 6 uses CSM7DCD 6 Designed for sporadic traffic
n &thernet defines a bus topology with three different cabling standards
n Thinnet 6 5N-ase0 6 coa( with segments up to 5JE meters!
n Thic'net 6 5N-aseS 6 coa( with segments up to ENN meters!
n <TP 6 <nshielded Twisted Pair 6 all de+ices connected to a hub or switch 5N-aseT 5N Mbps$
5NN-aseT 5NN Mbps and 5NNN-aseT 5 G-ps
A!Cnet $ 02%.-
n &arly 7= technologies
n <ses to'en passing in a Star topology on coa( cable!
To8en !ing
n Second to &thernet
n 7ll end stations connected to a Multistation 7ccess <nit 9MS7<:
n ,ne station is designated as the 7cti+e Monitor
n If a transmitting station fails$ the 7cti+e monitor will remo+e the to'en and generate a new one!
i<er Distri<uted D5t5 Interf5ce $ DDI
n Dual to'en ring 7= at 5NN M-ps on *iber
n Dual counter rotating rings only one acti+e at a time
n ,perates o+er long distances with minimal interference
n Predictable delays$ deterministic
n Permits se+eral to'ens to be present at a time
n &(pensi+e and re;uires e(pertise
n Copper Distributed Data Interface 9CDDI: 6 can be used with <TP cable but sub8ect to interference
and length issues associated with Copper!
&AN De:ices
!epe5ters 6 amplify signal$ no added intelligence$ no filtering 6 P6ysic59 &5yer ?#@
,u<s 6 used to connect multiple 7= de+ices$ no added intelligence 6 P6ysic59 &5yer ?#@
1ridges 6 7mplify signal$ add some intelligence! 7 bridge forwards the data to all other networ' segments
if the Media 7ccess Control 9M7C: or hardware address of the destination computer is not on the local
10
networ' segment! 7utomatically forwards all broadcast traffic! Does not use IP address because IP is
contained in the =etwor' ayer 91: 6 D5t5 &in8 &5yer ?%@
Switc6es 6 4ill only send data to the port where the destination M7C address is$ not to all ports! Primarily
operate at the D5t5 &in8 &5yer ?%@4 although e(tremely fast layer 1 de+ices combining switching and
routing are being used!
!outers 6 router opens pac'et and loo's at either the M7C or IP address only forwards to the networ' that
it is destined! ,perates at Networ8 &5yer ?(@
G5tew5ys 6 primarily software$ can be multi>protocol$ can e(amine entire pac'et!
Async6ronous Tr5nsfer "ode ?AT"@ Switc6es 6 <sed in 47=s and C7=s! <se cell relay technology!
&AN E>tenders 6 remote access multi layer switch connected to host router$ filters based on M7C address
or =etwor' ayer protocol$ not capable of firewalling!
)AN Tec6no9ogies
Rules for communicating between computers on a 47=
Communications between large disparate networ's!
Pri:5te Circuit Tec6no9ogies
&+ol+ed before pac'et switching networ's! Dedicated analog or digital point>to>point connection! Serial
ine Internet Protocol 9SIP:$ Point>to Point protocol 9PPP:$ ISD=$ (DS!
n Dedicated ine 6 indefinitely and continuously reser+e for transmissions!
n eased ine 6 Type of dedicated line leased from carrier!
Types and Speeds of eased ines:
n Digit59 Sign59 &e:e9 2 6 DS>N 6 single channel at FC"-ps on a T5
n Digit59 Sign59 &e:e9 # 6 DS>5 6 5!ECC M-ps in <S on a T5 and 0!5NJ M-ps in &urope on a &5
n Digit59 Sign59 &e:e9 ( 6 DS>1 6 CC!I1F M-ps on a T1
n T# 6 Transmits DS>5 data at 5!ECC M-ps on telephone switching networ'
n T( 6 Transmits DS>1 data at CC!I1F M-ps on telephone switching networ'
n E# 6 predominately used in &urope carries data at 0!5NJ M-ps
n E( > predominately used in &urope carries data at 1C!1FJ M-ps
S&IP > Serial ine Internet Protocol 6 de+eloped in 5KJC to support TCPDIP o+er low speed serial
interfaces! <sing 4indows =T R7S$ =T computers can use TCPDIP and SIP to communicate to remote
hosts!
PPP > Point>to Point protocol 6 o+er dial up and dedicated lin's$ includes login$ password$ and error
correction! ,perates at the Data in' ayer 90: and uses C)7P and P7P!
ISDN > Integrated Ser+ices Digital =etwor' > integration of digital telephony and data transport!
Digiti#ation of the telephone networ'$ allowing +oice$ data$ etc! ,+erta'en by DS!
>DS& > Digital Subscriber ine 6 uses e(isting twisted pair telephone lines!
n 7DS 6 7symmetric Digital Subscriber ine more bandwidth downstream from 5!E to K
M-ps with upstream 5F to FCN "-ps! 7DS wor's at 5J$NNN feet lengths$ theoretical and
5C$CNN practical o+er single copper twisted pair!
n SDS > Single>line 9Symmetric: Digital Subscriber ine pro+ides from 5CC "-ps up to 5!ECC
M-ps both down and up$ depending on distance$ o+er single copper twisted pair$ wor's at
5N$NNN feet lengths!
n )DS 6 )igh>Rate Digital Subscriber ine > 5!ECC M-ps both down and up o+er two copper
twisted pair! Pro+ides T5 speeds! Can do 0!NCJ M-ps on three copper twisted pair!
11
n %DS 6 %ery>high Rate Digital Subscriber ine 6 51>E0 M-ps down and 5!E M- to 0!1
M-ps upstream o+er single copper twisted pair operating range 5$NNN 6 C$ENN feet
Circuit Switc6ed :s. P5c8et Switc6ed
Circuit Switc6ed
n Defined as a switching system in which a physical circuit path must e(ist for the duration of the
transmission
n Physical permanent connections from one point to another
n ,lder technology than Pac'et Switching
n Phone companies use this a lot
P5c8et Switc6ed
n Create +irtual circuits used as needed and reduce cost!
n Defined as a switching system where nodes share bandwidth by sending small pac'ets!
n &ach pac'et sent to the ne(t destination by the router!
n Pac'ets reassembled based on original se;uence
"ess5ge switc6ing 6 Message sent from node to node and stored at each node until forwarding path is
a+ailable
P5c8et Switc6ing Tec6no9ogies $ V!0E$ in' 7ccess Procedure -alance 97-P:$ *rame Relay$ Switched
Multimegabit Data Ser+ice 9SMDS:$ 7synchronous Transfer Mode 97TM:$ %oice o+er IP 9%oIP:

H.%-
n *irst pac'et switching networ'
n Supports Switched %irtual Circuits 9S%Cs: and Permanent %irtual Circuits 9P%Cs:
n Designed to operate effecti+ely regardless of the type of systems connected to
n Currently much more predominant o+erseas than in the <S
&in8 Access Procedure 1595nce ?&AP1@
n Designed for use with V!0E
n Defines frame types
n Can retransmit$ e(change and detect out of se;uence frames or missing frames!
r5me !e95y
n )igh performance 47= protocol
n ,perates at Physical and Data in' ayers 95 and 0:
n ,riginally designed for ISD=
n Replaces V!0E and 7P-
n Simple and fast$ no error correcting
n Supports Switched %irtual Circuits 9S%Cs: and Permanent %irtual Circuits 9P%Cs:
n =ot a+ailable e+erywhere
Switc6ed "u9timeg5<it D5t5 Ser:ice ?S"DS@
n )igh Speed o+er public switched networ's
n Connectionless bandwidth on demand
Async6ronous Tr5nsfer "ode ?AT"@
n )igh bandwidth$ low delay
n <ses switching and multiple(ing
n <ses E1 byte fi(ed si#e cells instead of frames
n Can allocate bandwidth on demand
1C
n Ta'ing place of *DDI in Campus -ac'bone
/oice O:er IP
n Combines media types 9+oice$ +ideo$ data$ audio: into one IP pac'et
n Pro+ides benefits in cost$ performance and interoperability
n %ery new but far reaching potential
Ot6er Import5nt )AN Protoco9s
Sync6ronous D5t5 &in8 Contro9 ?SD&C@
n <ses polling access method for mainframes
n -ased on dedicated leased line
n &+ol+ed into )DC and 7P-
n ,perates at D5t5 &in8 &5yer ?%@
,ig67&e:e9 D5t5 &in8 Contro9 ?,D&C@
n Deri+ed from SDC
n Specifies data encapsulation method on synchronous serial lin's
n ,perates at D5t5 &in8 &5yer ?%@
,ig6 Speed Seri59 Interf5ce
n Defines the electrical and physical interfaces to be used by DT&DDC&
n ,perates and the P6ysic59 &5yer ?#@
)AN De:ices
!outers 6 router opens pac'et and loo's at either the M7C or IP address only forwards to the networ' that
it is destined! ,perates at =etwor' ayer 91:
"u9tip9e>ors 7 M<V enables more than one signal to be sent out o+er one physical circuit
)AN Switc6es 6 multi>port networ' de+ices operate at the Data in' ayer 90:! Typically switch *rame
Relay$ V!0E and SMDS
Access Ser:ers 6 pro+ides dial in and dial out access connections to a networ'! Typically asynchronous!
"odems 6 interprets digital and analog signals$ transmits o+er +oice grade telephone lines!
C65nne9 Ser:ice Unit ?CSU@GD5t5 Ser:ice Unit ?DSU@ 6 used to terminate the physical interface on a
DT& de+ice such as a terminal!
!emote Access Tec6no9ogies
Pro+ide remote user 9employee$ +endor$ partner: access into the networ' while maintaining C!I!7!
9Confidentiality$ Integrity$ 7+ailability:
1enefits of !emote Access;
n Reducing costs by replacing dedicated networ' lines
n Pro+iding employees fle(ible wor' styles$ Telecommuting
n -uilding efficient ties with +endors$ partners$ suppliers and employees!
!emote Access Types $ "5ny common wit6 )AN protoco9s.
Async6ronous Di59 up Access
n )ow most people access Internet
1E
n <se e(isting public switched phone networ' to access ISP
ISDN > Integrated Ser+ices Digital =etwor'
n Carries +oice$ data o+er telephone networ's
n Two Interface Types
n 1!I 6 -asic Rate Interface composed of two - channels and one D Channel
n P!I 6 Primary Rate Interface composed of a single FC "-ps D channel plus 019T5: or 1N 9&5:
channels
>DS& > Digital Subscriber ine
n <ses e(isting twisted pair telephone lines!
C5<9e "odems
n )igh speed access from the cable company
n <sers share the Coa( connection
n Throughput +aries depending on number of users
n Considered insecure because local segment is not filtered or firewalled 9Says 4hoW:
)ire9ess Tec6no9ogy
n *astest Growing area of connecti+ity
n &ncryption is being de+eloped
n JN0!55a 6 E Gh# wireless > +ery soon
n JN0!55b 6 0!C Gh# currently most popular up to 55 M-ps
n JN0!55g 6 0!C Gh# but faster than JN0!55b
n 4&P 6 4ired &;ui+alency Protocol 6 up to 50J>bit 4&P
n 47P > 4ireless 7ccess Point
n SSID 6 Ser+ice Set Identifier 6 =etwor' =ame
n <se encryption$ %P=$ treat as e(ternal connection$ directional antenna
Secure !emote Access "et6ods;
!estricted Address
n *iltering by source IP address
n =ode authentication not user authentication
C599er ID
n Caller ID chec's incoming number against appro+ed list
n %ery commonly used$ hard to defeat
n )ard to administer for tra+eling users
C599 15c8
n Caller supplies password or identifier and hangs up
n System dials bac' number listed for the user
n )ard to administer for tra+eling users
!emote Identific5tion 5nd Aut6entic5tion
n %erify who is remotely communication!
n Identification > 4ho
n 7uthentication 6 %erify and Trust
!emote Node Security Protoco9s;
P5ssword Aut6entic5tion Protoco9 ?PAP@
n Remote security protocol! Pro+ides Identification and 7uthentication!
n <ses static replayable password for authentication 9now considered wea':
n Does not encrypt the <ser ID or Password
1F
C6599enge ,5nds658e Protoco9 ?C,AP@
n =e(t e+olution of P7P uses stronger authentication
n =onreplayable ChallengeDResponse
n %erifies Identity of the node
n ,ften used to enable networ'>to>networ' communication
n Commonly used by remote access ser+ers and (DS$ ISD=$ and cable modems
!emote Access Aut6entic5tion Systems;
n T7C7CS 6 Terminal 7ccess Controller 7ccess Control System ?TCP@
n T7C7CSO 6 includes the use of two factor authentication
n R7DI<S 6 Remote 7ccess Dial>In <ser Ser+ice ?UDP@
TACACS $ Termin59 Access Contro99er Access Contro9 System
n Pro+ides remote authentication and related ser+ices
n <ser password administered in a central database rather than in indi+idual routers
n T7C7CS enabled networ' de+ice prompts for user name and st5tic p5ssword
n T7C7CS enabled networ' de+ice ;ueries T7C7C7 ser+er to +erify password
n Does not support prompting for password change or use of dynamic to'ens
TACACSI Termin59 Access Contro99er Access Contro9 System P9us
n Proprietary CISC, enhancement
n Two factor 7uthentication
n <ser can change password
n 7bility to use secure to'ens
n -etter 7udit Trails
!ADIUS $ !emote Access Di597In User Ser:ice
n ,ffers similar benefits to T7C7CSO
n ,ften used as a stepping stone to T7C7CSO
n Radius Ser+er contains dyn5mic p5ssword and networ' ser+ice access information 9=etwor' 7CS:
n Radius is a fully open protocol$ can be customi#ed for almost any security system
n Can be used with "erberos and pro+ides C)7P remote node authentication
n &(cept does not wor' with:
n 7pple Tal' Remote 7ccess Resolution Protocol
n =et-ios *rame Protocol Control Protocol
n =etware 7synchronous Ser+ices Interface
n V!0E P7D Connection
Does not pro+ide two>way authentication and is not used for router>to>router authentication!
1I
Dom5in + $ Cryptogr5p6y
Purpose of Cryptography is to protect information from being read and understood by anyone e(cept the
intended recipient!
In practice encryption can be a function of time$ the effort and time re;uired for an unauthori#ed person is
so large it is impractical! -y the time it is decrypted it is of little +alue!
19oc8 Cip6er 6 -rea's the plainte(t into bloc's and encrypts each with the same algorithm
Cip6er 6 Cryptographic transformation operates on the characters or bites
Cip6erte>t or Cryptogram 6 unintelligible message
C9ustering 6 plainte(t message generates identical cipherte(t using the same algorithm but different 'eys
Codes 6 7 cryptographic transformation that operates at the word or phrase le+el
Crypt5n59ysis 6 act of obtaining plainte(t or 'ey from cipherte(t
Cryptogr5p6ic A9gorit6m 6 Step>by>step procedure used to encipher plainte(t and decipher cipherte(t
Cryptogr5p6y 6 7rt and Science of hiding the meaning of communication
Crypto9ogy 6 encompasses cryptography and cryptanalysis
Cryptosystem 6 set of transformations from message space to cipherte(t space
Decip6er > to undo cipherment process
Encip6er 6 to ma'e a message unintelligible to all e(cept recipient
End7to7end encryption 6 &ncrypted information that is sent from sender to recei+er
E>c9usi:e Or
n -oolean ,peration
n Indicated by V,R
n Indicated by symbol
n &asily implemented in hardware
n NONBN$ NO5B5$ 5O5BN$ 5O5BN
Input 7 Input - ,utput T
N N N
N 5 5
5 N 5
5 5 N
n V,R operated on the bit le+el
n V,R the plain te(t 9byte le+el: with the 'eystream source
n Can be re+ersed by simple V,R of output plus 'eystream!
n 7 V,R - B T
n T V,R - B 7
*ey $ crypto:5ri5<9e
n Information or se;uence that controls enciphering and deciphering of message
1J
&in8 Encryption
n &ach entity has 'ey in common with two neighboring nodes!
n =ode 5 6&ncrypts with 'ey 7
n =ode 0 6 Decrypts with 'ey 7 and encrypts with 'ey -
n =ode 1 6 Decrypts with "ey - and encrypts with "ey C
One time p5d
n &ncryption with 'ey " with components '5$ '0$X'n$ the encipherment uses each component of ' to
encrypt message M with components m5$ m0$Xmn!
n The "ey is the same length as the Message
n "ey only used once and ne+er again
n "ey must be completely random
n =ot +ery practical
n <sed
n In+ented 5K5I by the <S 7rmy Signal Corps and 7TYT
P95inte>t 6 a message in clear te(t
Steg5nogrop6y
n Secret communication of a message where communication is hidden
n &(ample 6 last bit of each pi(el in an image file contains bit of a message!
)or8 unction ?5ctor@
n Difficulty in reco+ering plain te(t from cipherte(t as a factor of time and cost
n Systems security is directly proportional to the wor' function
n 4or' function should be commensurate with the +alue of the data
,istory of Cryptogr5p6y
Traced bac' to the &gyptians in 1NNN-!C!
Scyt59e
n used by Spartans in CNN-!C! 6 wrap message around wooden dowel
n diameter and length are the 'eys to the cipher!
C5es5r cip6er
n Monoalphabetic substitution 6 only used one alphabet
n Specifically > In+ol+ed shifting the alphabet three letters
n "nown as C1 9Caesar shift 1 places:
Cip6er Dis8s
n Two concentric dis's with letters on the edge
n Can be used to match up letters
Ar5<s in:ented crypt5n59ysis
n 7rab philosopher al>"indi wrote Manuscript on Deciphering Cryptographic Messages
T6om5s Fefferson 7 dis8s
n 5IKN de+eloped de+ice with 0F dis's that could be rotated indi+idually
n Message would assembled by lining up the dis's to the alignment bar
n Then the bar was rotated a gi+en angle and the resulting letters were the cipher te(t
n The angle of rotation of the alignment bar was the 'ey
1K
Dis's used e(tensi+ely during the ci+il war
UNIH $ !OT#( shift the alphabet 51 places
,5ge9in "5c6ine
n De+eloped in 5K0N by -oris )agelin 6 Stoc'holm Sweden
n "nown as the M>0NK in the <S
#3%2J5 ,er<ert O. Y5rd9ey w5s in c65rge of U.S. "I70 ?5.8.5. t6e 195c8 C65m<er@
n Crac'ed codes of a number of =ations
n Ga+e <!S edge in 3apanese negotiations in 5K05>5K00
n <!S! State Department shut down MI>J
n <pset$ Zardley published boo' The 7merican -lac' Chamber 5K15
n 3apanese got new codes
n Zardley is father of 7merican Cryptology
F5p5nese Purp9e "5c6ine
7fter Zardley 4illiam *riedman resumed cryptanalysis for <!S! 7rmy
-ro'e the new 3apanese cipher!
<!S! =a+y bro'e the Purple Machine na+al codes during 4orld 4ar II
Germ5n Enigm5 "5c6ine
n Polyalphabetic substitution cipher > using mechanical rotors
n De+eloped in 5K5K by Dutchman 7rthur Scherbius obtained <S Patent for -erlin firm
n Polish cryptanalyst bro'e the three>ring system with card file of all F ( 5I$EIF possible rotor positions
n 5K1J German went to si( rings
n In 5K1J Poles and *rench de+eloped the ?-ombe@ there own &nigma machine
n -ritish too' o+er in 5KCN and by 5KC1 -ritish and <S had high speed ?bombe@
n Dis's ha+e 0F contacts on each side$ to communicate with each neighboring dis' one of them ma'es
contact with the other dis'
n 7lso rotates the dis's after encryption of each letter
n Rotates ne(t highest rotor li'e a ?gas pump@ 6 polyalphabetic
n ,ther rotor machines 6 German &nigma$ 3apanese Red$ 3apanese Purple and 7merican SIG7-7 ?-ig
Machine@
Cryptogr5p6ic Tec6no9ogies
Symmetric "ey > 9Pri+ate "ey or Secret "ey:
7symmetric "ey 6 9Public "ey:
Public "ey cannot deri+e the pri+ate "ey
Pri+ate "ey Cryptography is 5$NNN times faster than public 'ey cryptography
/igenere Po9y59p65<etic Cip6er
n Caesar is a subset of the %igenere Polyalphabetic Cipher
n %igenere used 0F alphabets
n &ach letter of the message corresponds to a different alphabet
n Sub8ect to guessing the period$ when the alphabet changes
"odu9o returns t6e rem5inder o:er t6e modu9o :59ue
CB9MOb: mod =
4here
C B Cipher Te(t
MB Message
- B fi(ed integer
= B si#e of alphabet
CN
Tr5nsposition $ Permut5tion
n Columnar Transposition 6 write the message +ertically and read hori#ontally
n Can be attac'ed through fre;uency analysis
/ern5m Cip6er 7 ,ne time pad$ random set of non>repeating characters
1oo8 or !unning *ey Cip6er
n <sing te(t from a boo' as the 'ey and performing modulo0F addition on it!
n 4ould use specific line and page number
Codes 7 Deal with words and phrases and represent them with other numbers or letter
Conce59ment cip6er: &+ery V number of words within a te(t$ is a part of the real message!
Steg5nogrop6y
n )iding the e(istence of the message!
n 7 digital watermar' would be used to detect copying of digital images
Secret *ey Cryptogr5p6y $ Symmetric *ey
n Sender and recei+er both 'now the 'ey
n &ncrypt and decrypt with the same 'ey
n Secret 'ey should be changed fre;uently
n Re;uires secure distribution of 'eys 6 by alternate channel
n Ideally only used once
n Secret "ey Cryptosystem does ha+e both public and pri+ate information
n Pu<9ic
n 7lgorithm for enciphering plainte(t
n Possibly some plainte(t and cipher te(t
n Possibly encipherment of chosen plainte(t
n Pri:5te
n The "&Z
n ,ne cryptographic transformation out of many possible transformations
n arge 'eys li'e P50J bit are +ery hard to brea'
n %ery fast
n Sender re;uires different 'ey for each recei+er
n Time stamps can be associated to the 'ey so +alid only during time window 9counters replay:
n =o 7uthentication or repudiation
n -est 'nown is D&S de+eloped by I-M in 5KINGs for commercial use
DES $ D5t5 Encryption St5nd5rd
n Deri+ed in 5KI0 as deri+ation of ucifer algorithm de+eloped by )orst *iestel at I-M
n Patented in 5KIC > -loc' Cipher Cryptographic System
n Commercial and non>classified systems
n D&S describes the Data &ncryption 7lgorithm D&7
n *ederal Information Processing Standard *IPS adopted D&S in 5KII
n Re>certified in 5KK1 by =ational Institute of Standards and Technology but will be replaced by 7&S
7d+anced &ncryption Standard by Ri8ndael!
n D&S uses FC bit bloc' si#e and EF bit 'ey$ begins with FC bit 'ey and strips J parity bits
n D&7 is 5F round cryptosystem designed for implementation in hardware
n EF bit 'ey B 0
EF
or IN ;uadrillion possible 'eys
n Distributed systems can brea' it! <!S! Go+ernment no longer uses it
n Triple D&S 6 three encryptions using D&7 are now being used until 7&S is adopted
C5
n D&S uses confusion and diffusion as suggested by Claude Shannon
n Confusion conceals statistical connection
n 7ccomplished through s>bo(es
n Diffusion spread the influence of plainte(t character o+er many cipherte(t characters
n 7ccomplished through p>bo(es
DES Oper5tes in four modes
n &lectronic Code -oo' 9&C-:
n Cipher -loc' Chaining 9C-C:
n Cipher *eedbac' 9C*-:
n ,utput *eedbac' 9,*-:
E9ectronic Code 1oo8
n =ati+e encryption mode
n Pro+ides the recipe of substitutions and permutations that will be performed on the bloc' of plainte(t!
n Data within a file does not ha+e to be encrypted in a certain order!
n <sed for small amounts of data$ li'e challenge>response$ 'ey management tas's!
n 7lso used to encrypt PI=s in 7TM machines!
Cip6er 19oc8 C65ining
n &ach bloc' of te(t$ the 'ey$ and the +alue based on the pre+ious bloc' is processed in the algorithm and
applied to the ne(t bloc' of te(t!
Cip6er eed<5c8
n The pre+iously generated cipherte(t from the last encrypted bloc' of data is inputted into the algorithm
to generate random +alues!
n These random +alues are processed with the current bloc' of plainte(t to create cipherte(t!
n This mode is used when encrypting indi+idual characters is re;uired!
Output eed<5c8
n *unctioning li'e a stream cipher by generating a stream of random binary bits to be combined with the
plainte(t to create cipherte(t!
n The cipherte(t is fed bac' to the algorithm to form a portion of the ne(t input to encrypt the ne(t
stream of bits!
DES 65s <een <ro8en wit6 Internet networ8 of PCJs
D&S is considered +ulnerable by brute force search of the 'ey 6 replaced by triple D&S and 7&S
Trip9e DES
n Double encryption is sub8ect to meet in the middle attac'
n &ncrypt on one end decrypt on the other and compare the +alues
n So Triple D&S is used
n Can be done se+eral different ways:
n D&S 6 &D&0 9encrypt 'ey 5$ decrypt 'ey 0$ encrypt 'ey 5:
n D&S 6 &&0 9encrypt 'ey 5$ encrypt 'ey 0$ encrypt 'ey 5:
n D&S 6&&1 9encrypt 'ey 5$ encrypt 'ey 0$ encrypt 'ey 1: > most secure
n 7d+anced &ncryption Standard
n -loc' Cipher that will replace D&S
n 7nticipated that Triple D&S will remain appro+ed for Go+ernment <se
n 7&S announced by =IST in 3anuary 5KKI to find replacement for D&S
- in59ists
n M7RS
C0
n RCF
n Ri8ndael
n Serpent
n -lowfish
Octo<er %4 %222 NIST Se9ected !iDnd5e9
0 -elgian Cryptographers Dr! Daeman and Dr! Ri8men
4ill be used by go+ernment for sensiti+e but unclassified documents
!iDnd5e9 19oc8 Cip6er
n Resistance to all 'nown attac's
n Design Simplicity
n Code compactness and speed on wide +ariety of platforms
n Iterati+e bloc' cipher with +ariable bloc' length and 'ey lengths that can be independently chosen as
50J$ 5K0 or 0EF bits!
n 1!C ( 5N
1J
possible 50J bit 'ey combinations
n F!0 ( 5N
EI
possible 5K0 bit 'ey combinations
n 5!5 ( 5N
II
possible 0EF bit 'ey combinations
n Intermediate cipher result is called ?state@ that transformations operate on
n Does not use *eistel transposition structure from D&S
n <ses round transformation of 1 layers
n =on>linear layer
n inear mi(ing layer
n "ey addition layer
n Suitable for )igh Speed Chips and compact co>processor on smart cards
Twofis6
n 50J bit bloc's in 5F rounds$ up to 0EF bit 'eys
n De+eloped by Counterpane based on -lowfish 9also by Counterpane: > -ruce Schnier
n &mploys whitening before first round and after second round
n =eed to brea' whitening 'eys in addition to Twofish 'ey
n Transposition
IDEA Cip6er 7 International Data &ncryption 7lgorithm
n FC bit bloc'$ J rounds$ and 50J bit 'eys
n <sed in PGP
n Much more difficult than D&S
!C- $ 5mi9y of 59gorit6ms
n De+eloped by Ronald Ri+est in 5KKC
n 10$ FC or 50J bit bloc's$ up to N to 0EE rounds$ N to 0NCJ bit 'eys
n RS7 patented in 5KKI
Pu<9ic *ey Cryptogr5p6y
n &mployee pri+ate and public 'ey
n Public made a+ailable to anyone wanting to encrypt a message
n Pri+ate 'ey is used to decrypt
n Public "ey cannot decrypt the message it encrypted
n Ideally pri+ate 'ey cannot be deri+ed from the public 'ey
n The other can decrypt a message encrypted by one of the 'eys
n Pri+ate 'ey is 'ept pri+ate
C1
n Possible through the application of one>way functions! &asy to compute in one direction but difficult
to compute the other way
n In order to be useful should ha+e a trap door$ a secret mechanism that enables you to accomplish the
re+erse function in a one way function
n 5$NNN to 5N$NNN times slower than secret 'ey encryption
n )ybrids use public 'ey to encrypt the symmetric 'ey
n Important algorithms Diffie>)elllman RS7$ &l Gamal$ "napsac'$ &lliptic Cur+e
!SA
n Ri+est$ Shamir and 7ddleman
n -ased on difficulty of factoring a number which is the product of two large prime numbers$ may be 0NN
digits each!
n Can be used for &ncryption$ 'ey e(change$ and digital signatures
Diffie7,e99m5n
n &(change secret 'eys o+er insecure medium without e(posing 'eys
n 4ithout additional session 'ey
n Primarily 'ey e(change
E9 G5m59
n &(tended Diffie>)ellman to include signatures and encryption
"er89e7,e99m5n *n5ps5c8
n )a+ing set of items with fi(ed weights
n Determining which items can be added in order to obtain a gi+en total weight
n Illustrated using Super increasing weights 9all weights greater than sum of pre+ious:
E99iptic Cur:e
n &lliptic cur+e discrete logarithm are hard to compute than general discrete logarithm
n Smaller 'ey si#e same le+el of security
n &lliptic cur+e 'ey of 5FN bits B RS7 of 5N0C bits
n Suited to smart cards and wireless de+ices 9less memory and processing:
n Digital signatures$ encryption and 'ey management
Pu<9ic *ey Cryptosystem A9gorit6ms
n *actoring of arge Prime =umbers
n RS7
n *inding the discrete logarithm in a finite field
n &l Gamal
n Diffie>)ellman
n Shnorrs signature 7lgorithm
n &lliptic Cur+e
n =ybergrueppels signature algorithm
Asymmetric 5nd Symmetric *ey Comp5risons
7symmetric "ey Symmetric "ey
E50 bits FC bits
5IK0 bits 550 bits
01NC bits 50J bits
Purpose of Digit59 Sign5tures
n To detect unauthori#ed modifications and to authenticate identity and non>repudiation!
CC
n Generates bloc' of data smaller than the original data
n ,ne way hash functions
n ,ne way has produces fi(ed si#e output 9digest:
n =o two messages will ha+e same digest
n ,ne way no getting original file from hash
n Message digest should be calculated using all of original files data
n 7fter message digest is calculated it is encrypted with senders pri+ate 'ey
n Recei+er decrypts using senders public 'ey$ if it opens then it is from the sender!
n Then recei+er computes message digest of sent file if hash is the same it has not been modified
Digit59 Sign59 St5nd5rd ?DSS@ 5nd Secure ,5s6 St5nd5rd ?S,S@
n &nables use of RS7 digital signature algorithm or DS7 6Digital Signature 7lgorithm 9based on &l
Gamal:
n -oth use The Secure )ash 7lgorithm to compute message digest then processed by DS7 to +erify the
signature! Message digest is used instead of the longer message because faster!
S,A7# > Secure )ash 7lgorithm produces 5FN bit digest if message is less than 0[FC bits!
n It is computationally infeasible to find message from message digest
n It is computationally infeasible to find to different messages with same message digest
n Padding bits are added to message to ma'e it a multiple of E50
"D-
n De+eloped by Ronald Ri+est in 5KK5
n Produces 50J bit message digest
,5s6ed "ess5ge Aut6entic5tion Code ?,"AC@
n <ses 'ey to generate a Message 7uthentication Code which is used as a chec'sum
1irt6d5y Att5c8
n Zou in a room with better than ENDEN chance of another person ha+ing your birthdayW =eed 0E1 people
n Zou in a room with better than ENDEN chance of two people ha+ing the same birthdayW =eed 01 people
Cryptogr5p6ic Att5c8
1rute orce Att5c8 > try e+ery possible combination
*nown P95in Te>t 6 attac'er has copy of plain te(t and the associated cipherte(t of se+eral messages
C6osen P95in Te>t 6 chosen plain te(t is encrypted! The attac'er has the plainte(t and cipherte(t and can
choose the plainte(t that gets encrypted!
Ad5pti:e C6osen P95in Te>t 6 selection of plain te(t is altered based on pre+ious results
Cip6erte>t On9y 6 only cipherte(t is 'nown! The attac'er has the cipherte(t of se+eral messages! &ach of
the messages has been encrypted using the same encryption algorithm!
C6osen Cip6erte>t 6 Portions of the cipher te(t are selected for trial decryption while ha+ing access to
plain te(t! The attac'er can choose the cipherte(t to be decrypted and has access to the resulting decrypted
plainte(t!
Ad5pti:e C6osen Cip6erte>t 7 Chosen cipher te(t are selected for trial decryption where selection is based
on pre+ious results
1irt6d5y Att5c8 6 the probability of two different messages ha+ing same message digest or finding two
different messages that ha+e the same message digest
"eet in t6e "idd9e 6 *or attac'ing double encryption from each end and comparing in the middle
"5n in t6e "idd9e 6 intercepting messages and forwarding on modified +ersions
Differenti59 Crypt5n59ysis 6 Pri+ate 'ey cryptography loo'ing at te(t pairs after encryption loo'ing for
differences
&ine5r Crypt5n59ysis $ using plain te(t and cipher te(t to generate a linear appro(imation of a portion of
the 'ey
CE
Differenti59 &ine5r Crypt5n59ysis $ using both linear and differential approaches
5ctoring 6 using mathematics to determine the prime factors of large numbers
St5tistic59 6 e(ploiting the lac' of randomness in 'ey generation
Pu<9ic *ey Certific5tion Systems
n 7 source could post a public 'ey under the name of another indi+idual
n Digital certificates counter this attac'$ a certificate can bind indi+iduals to their 'ey
n 7 Certificate 7uthority 9C7: acts as a notary to bind the 'ey to the person
n C7 must be cross>certified by another C7
Pu<9ic *ey Infr5structure 7 ?P*I@
Integration of digital signatures and certificates!
n Digital Certificates
n Certificate 7uthorities 9C7:
n Registrations 7uthorities
n Policies and procedures
n Certificate Re+ocation
n =on>repudiation support
n Timestamping
n ightweight Directory 7ccess Protocol
n Security &nabled 7pplications
n Cross Certification
Appro5c6es to Escrowed Encryption
n 7llowing law enforcement to obtain the 'eys to +iew peoples encrypted data
n &scrow the 'ey in two pieces with two trusted escrow agents
n Court order to get both pieces
n Clipper Chip 6 implemented in tamper proof hardware
*ey Escrow using Pu<9ic *ey Cryptogr5p6y
n *air Cryptosystems 6 Syl+io Micali$ MIT
n Pri+ate 'ey is split and distributed
n Can +erify each portion of the 'ey without 8oining
*ey "5n5gement
n "ey control
n "ey reco+ery
n "ey storage
n "ey retirementDdestruction
n "ey Change
n "ey Generation
n "ey theft
n *re;uency of 'ey use
E7m5i9 Security
n =on>repudiation
n Confidentiality of messages
n 7uthentication of Source
n %erification of deli+ery
CF
n abeling of sensiti+e material
n Control 7ccess
Secure "u9tipurpose Internet "5i9 E>tensions ?SG"I"E@
n 7dds secure ser+ices to messages in MIM& format
n Pro+ides authentication through digital signatures
n *ollows Public "ey Cryptography Standards 9P"CS:
n <ses V!ENK Signatures
"I"E O<Dect Security Ser:ices ?"OSS@
n Pro+ides fle(ibility by supporting different trust models
n <ses MDE$ RS7 Public "ey and D&S
n Permits identification outside of the V!ENK Standard
Pri:5cy En65nced "5i9 ?PE"@
n Compliant with Public "ey Cryptography Standards 9P"CS:
n De+eloped by consortium of Microsoft$ Sun$ and =o+ell
n Triple D&S>&D& 6 Symmetric &ncryption
n MD0 and MDE Message Digest
n RS7 Public "ey 6 signatures and 'ey distribution
n V!ENK Certificates and formal C7
Pretty Good Pri:5cy 7 PGP
n Phil Simmerman
n Symmetric Cipher using ID&7
n RS7 is used for signatures and 'ey distribution
n =o C7$ uses ?web of trust@
n <sers can certify each other
"ess5ge Aut6entic5tion Code
n Chec' +alue deri+ed from message contents
SET $ Secure E9ectronic Tr5ns5ction
n %isa and Mastercard de+eloped in 5KKI
n &ncrypts the payment information
n D&S 6 Symmetric &ncryption
n RS7 Public "ey 6 signatures and 'ey distribution
Secure Soc8ets &5yer ?SS&@ 7 )TTPS
n De+eloped by =etscape in 5KKC
n <ses public 'ey to authenticate ser+er to the client
n 7lso pro+ides option client to se+er authentication
n Supports RS7 public "ey 7lgorithms$ ID&7$ D&S$ and 1D&S
n Supports MDE )ashing
n )TTPS header
n Resides between the application and TCP layer
n Can be used by telnet$ *TP$ )TTP and e>mail protocols!
n -ased on V!ENK
Tr5ns5ction &5yer Security
n Successor to SS
CI
Internet Open Tr5ding Protoco9 $ ?IOTP@
n 7imed at consumer to business transaction
n *le(ible and future focused
"ONDEH
n Smart cash card application
n Proprietary encryption algorithm
n Card is same as cash
IPSec
n Pro+ides encryption$ access control$ and non>repudiation o+er IP!
n Two Main Protocols are
n 7uthentication )eader 6 integrity$ authentication and non>repudiation
n &ncapsulating Security Payload 6 encryption$ limited authentication
n Security 7ssociation is re;uired between two parties 6 one way connection > Comprised of Security
Parameter Inde( 6 9SPI: 6 10 bit identifier
n -i>directional communication re;uires two Security 7ssociations
n In %P= implementation IPSec can operate in transport or tunnel mode
n Tunnel mode 6 data and original IP header encrypted$ new header is added
n Transport mode 6 data encrypted$ header not
n =ew header has address of %P= gateway
n MDE and S)7 are used for integrity
n Security 7ssociations can be combined into bundles using either
n Transport 7d8acency
n Iterated Tunneling
n I*E $ Internet *ey E>c65nge is used for 8ey m5n5gement wit6 IPSEC
n I"& is set of three protocols:
n Internet Security and "ey Management Protocol 9IS7"MP: 6phases for establishing relationship
n Secure "ey &(change Mechanism 6 S"&M& 6 secure e(change mechanism
n ,a'ley 6 modes of operation needed to establish secure connection
SD47= 6 Secure 47= 6 defines IPSec based widespread use of %P=s on the internet
S7,TTP 6 7lternati+e to SS
n Can be used to secure indi+idual 444 Documents
n SS is session based
Secure S6e99 6 SS)>0
n Remote access +ia encrypted tunnel
n Client to ser+er authentication
n Comprised of:
n Transport ayer protocol
n <ser 7uthentication protocol
n Connection Protocol
)ire9ess Security
)AP $ )ire9ess App9ic5tion Protoco9
Designed for mobile de+ices 9PD7$ Phones:
Set of protocols co+ering layers I to 1 of the ,SI model
ess o+erhead than TCPDIP
n 4ireless Mar'up language 94M:
n 4ireless 7pplication &n+ironment 947&:
n 4ireless Session Protocol 94SP:
CJ
n 4ireless Transport Security Protocol 94TS:
n 4ireless Datagram Protocol 94DP:
or security )AP uses )ire9ess Tr5nsport Security Protoco9 ?)T&S@
Three classes of security
n Class 5 6 7nonymous 7uthentication
n Class 0> Se+er 7uthentication
n Class 1 6 Two way client and ser+er authentication
Security :u9ner5<i9ity of )AP
n 47P G7P 6 where 4TS is decrypted and re>encrypted to SS at the 47P gateway
C>)TM is competing with 4M from 3apan
C>)TM is stripped down )TM$ C>)TM can be displayed on standard browser
IEEE $ 02%.## St5nd5rds
n Interface between clients and base station
n JN0!55 ayers
n The physical layer P)Z can use:
n DSSS > Direct Se;uence Spread Spectrum
n *) 6 *re;uency )oping Spread Spectrum
n IR 6 Infrared pulse modulation
n M7C ayer 6 Medium 7ccess Control
n Specifies CSM7DC7 Carrier Sense Multiple 7ccess Collision 7+oidance
n Pro+ides:
n Data Transfer
n 7ssociation
n Re>association
n 7uthentication > 4&P
n Pri+acy > 4&P
n Power Management
CK
Dom5in - $ Security Arc6itecture 5nd "ode9s
Computer Arc6itecture > ,rgani#ation of the fundamental elements comprising the computer
Main components
n CP< 6 Central Processing <nit
n Memory
n Input D ,utput de+ices
Arit6metic &ogic Unit > CP< contains 7< performs arithmetic and logical operations on binary
Computer elements connected +ia a group of conductors called the -<S
n 7ddress -us
n Data -us
n Control -us
"emory
C5c6e "emory
n Small amount of +ery high speed R7M
n )olds instruction and data from primary memory that is li'ely to be used in the current operation$
increases apparent R7M access time
!5ndom Access "emory
n Memory where locations can be directly addressed and the data that is stored can be altered!
n R7M is +olatile 6 lose power B lose data
n DR7M 6 Dynamic R7M
n data is stored in parasitic capacitance and needs to be refreshed 6 read and rewritten e+ery few
milliseconds
n Multi>phase cloc' signals used
n SR7M 6 Static R7M
n <ses latches to store the bits does not need refreshing
n Single>phase cloc' signals used
Progr5mm5<9e &ogic De:ice
n Integrated circuit with connections or internal logic gates that can be changed through programming
n &(amples of PD
n R,M 6 Read ,nly Memory
n P7 6 Programmable 7rray ogic
!O" 7 !e5d On9y "emory
n =on>+olatile storage where locations can be directly addressed
n Data can not be altered dynamically
n Data remains when power is lost
n Some R,Ms can not be altered
n ,ther *lash type memories can be altered but slow data transfer compared to other types of memory
n &PR,MS 6 &rasable Programmable Read ,nly Memories
n &&PR,MS 6 &lectrically &rasable Programmable Read ,nly Memories
n Infre;uent changes
n 7"7 > firmware
!e59 or Prim5ry "emory
n Directly addressable by the CP<
n <sually R7M
EN
Second5ry "emory
n =on>+olatile
n Slower
n &(ample Magnetic Dis's
Se=uenti59 "emory
n Must be searched from beginning
n &(ample 6 Magnetic Tape Dri+e
/irtu59 "emory
n <ses secondary memory in con8unction with primary memory to present the CP< with more +irtual
primary memory
Addressing "odu9es $ CPU uses to 5ddress memory
n Register 7ddressing 6 7ddressing registers within the CP< or registers in the primary memory
n Direct 7ddressing 6 7ddressing a portion of primary memory with actual address of the memory
n 7bsolute 7ddressing 6 addressing all of the primary memory space
n Inde(ed 7ddressing 6 adding the memory address to and inde( register to then address memory
location
n Implied 7ddressing 6 Internal register no need to supply the address
n Indirect 7ddressing 6 address specified in the instruction contains final desired location
"emory protection 6 means to pre+ent one program from modifying the memory contents of another!
Implemented by the ,perating System or the )ardware!
Instruction E>ecution Cyc9e
Two P65ses
n etc6
n CP< presents address of the instruction to memory
n Retrie+es instructions located at that address
n E>ecute
n Instruction is decoded and e(ecuted
n Controlled by the CP< cloc' signals
n Multi>Phase cloc' signals used for DR7M
n Single Phase cloc' signals used for SR7M
n Some instructions re;uire more than one machine cycle to e(ecute
n Different States of ,peration:
n Run or operating state
n 7pplication or problem state
n =on>pri+ileged instruction 6 subset of instructions for user
n Super+isory State
n Pri+ileged instructions 6 System 7dministrator may e(ecute
n 4ait State > accessing slow memory
"odern Computer En65ncements
n Pipe9ining 6 increases performance by o+erlapping the steps of instructions
n Three Phases > *etch 6 Decode 6 &(ecute
n Comp9e> Instruction Set 6 instructions perform many operations per instruction$ based on ta'ing
ad+antage of longer fetch times
n !educed Instruction Set 7 simpler instruction that re;uire less cloc' cycles to complete
E5
n Result of faster processors that enabled the fetch process to be done as ;uic'ly as decode and
&(ecute
n Sc595r Processor 6 processor that e(ecutes one instruction at a time
n Supersc595r Processor 6 processor that enables concurrent e(ecution of multiple instructions in the
same pipeline
n /ery &ong Instruction )ord Processor $ /&I) 6 processor in which a single instruction specifies
more than one concurrent operation
n "u9tiprogr5mming $ &(ecutes two or more programs simultaneously on a single processor
n "u9tit5s8ing $ &(ecutes two or more subprograms at the same time on a single processor
n "u9tiprocessor 6 &(ecutes two or more programs at the same time on multiple processors
Input G Output Structures
n 7 processor communicates with outside de+ices through 9ID,: interface adapters
n Comple( pro+ide
n Data buffering
n Timing and interrupt controls
n 7dapters ha+e addresses on the computer bus
n If the adapter has address in the memory space it is 'nown on memory>mapped 9ID,:
n -enefit is that CP< sees adapter as any other memory de+ice
Types of IGO;
n -loc' de+ices 9write bloc's of data\ hard dis':
n Character de+ices 9not addressable\ 'eyboard and printer:
CPU oper5ting st5tes; ready state$ problem state$ super+isory state$ and wait state
Direct "emory Access $ D"A
Data is transferred directly to and from the memory bypassing the CP<
Interrupt Processing $ an e(ternal signal interrupts the normal program flow and re;uests ser+ice$ when
the ser+ice is complete the CP< restores the state of the original program$ CP< can turn off interrupts
n Softw5re 6 -inary codes is machine language instructions
n Assem<9y &5ngu5ge > Mnemonics for basic instruction set specific to the computer
n ,ne to one relationship for each assembly instruction to each machine instruction
n Source code > assembly goes through assembler to become ob8ect 9machine: code
n Dis5ssem<9er will re+erse machine code into assembly
n "AC!OJs can be used to represent se+eral functions in assembly
n ,ig6 9e:e9 95ngu5ges 6 &nglish li'e statements$ C$ 3a+a$ Pascal *,RT7=$ -7SIC
n )igh le+el code is compiled in compiler or interpreter into machine code
n Compiler 6 *,RT7=$ C$ 3a+a
n Interpreter 6 3a+a$ -7SIC
Gener5tion &5ngu5ge ?G&@ #G& ?m5c6ine@4 %G& ?5ssem<9y@4 (7- G& ?,ig6 9e:e9@
n 5 G 6 machine language: Assem<9er 6 translates from assembly language to machine language!
n 0 G 6 assembly language: Dis5ssem<9er 6 translates machine language to assembly!
n 1 G 6 *ortran$ -7SIC$ C languages: Compi9er 6 translates high>le+el language to machine code!
n C G 6 =7T<R7$ *,C<S$ and database ;uery languages: Decompi9er 6 translates machine
language into high>le+el language!
n EG 6 Prolog$ ISP and other 7rtificial Intelligence languages: Interpreter 6 translates high>le+el
language one command at time to machine code!
E0
Oper5ting System ?OS@6 program or set of programs that controls the resources and operations of the
computer
Contro99er 7 ,S communicates with ID, through controller 9i!e! dis' controller:
Open systems 6 published specifications$ sub8ect to open re+iew and e+aluation$ +ulnerabilities e(posed
during re+iew!
C9osed systems 6 +endor proprietary usually not compatible with other systems$ no open re+iew$ may ha+e
une(posed +ulnerabilities
Distri<uted Computing
Migration from central computing to the client ser+er model$ including des'tops!
Ma8or concerns:
n Des'tops can contain sensiti+e information but are at ris'
n <sers lac' general security awareness
n Des'top can pro+ide an a+enue of access into other critical systems
n Modems can ma'e the networ' +ulnerable
n Downloading data from the Internet increases ris' of infection with malicious code
n Des'top may not be physically secure
n ac' of bac'ups on des'top
Security "ec65nisms
n &>mail and download policies
n Robust 7ccess control$ including biometrics at the des'top
n G<I access to restrict access to critical information
n *ile encryption
n Separation of the processes that run in pri+ileged mode
n Protection of domains
n Protection of sensiti+e dis's with physical security
n Distinct labeling according tom classification
n Centrali#ed bac'up of des'top files
n Regular security awareness training
n Control of software installed on des'tops
n &ncryption and hash totals for use in sending information
n ogging of transactions and transmissions
n 7pplication of other physical$ logical and administrati+e access controls
n D-MS systems that restrict access to data
n Protection against en+ironmental damage
n *ormal change management and de+elopment and implementations
n Des'tops included in DR and -CP plans
Protection "ec65nisms
n Protection Dom5in > &(ecution of memory space assigned to each process
n Protects from unauthori#ed modification and e(ecutional interference
n Trusted Computing 15se 6 Total Combination of protection mechanisms
n )ardware
n Software
n *irmware
n Security perimeter > separates TC- from the rest of the system
n Trusted P5t6 > must e(ist for user to gain protected access to the TC-
E1
Protection !ings
n !ing 2 > Most pri+ileged domain is in the middle ring N$ usually the ,S "ernel
n Security *erne9 > is hardware$ firmware and software 9TC-: that implements the Reference Monitor
n !eference "onitor 6 a system component that enforces access control of an ob8ect
n !eference "onitor Concept > an abstract machine that mediates all access of sub8ects to ob8ects
n Security *erne9 must
n Mediate all access
n -e protected from modification
n -e +erified as correct
n 7ccess rights decrease as rings increase$ according to least pri+ilege
n Ring system implemented by MIT in M<TICS designed FC rings$ in practice J rings were used
Ot6er Appro5c6es
n <sing separate hardware
n <sing +irtual machines on the same machine with different le+els of security
n <sing a software security 'ernel that has its own hardware protection domain
Security &5<e9s
n 7ssigned to a resource to indicate classification le+el
n <sually not changed
n &ffecti+e access control mechanism
n Re;uire additional o+erhead for +erification
Security "odes
Systems operate in different modes based on the le+el of classification and clearance of the users
n ,ig6 "ode of Oper5tion 6 599 users ha+e a security c9e5r5nce or authori#ation to access the
information but not necessarily a need7to78now for all the information processed on the system 9only
some of the data:!
n "u9ti &e:e9 Oper5tion > Permits two or more c95ssific5tion 9e:e9s of information to be processed at
the s5me time when all the users do not ha+e the clearance of formal appro+al to 5ccess 599 the
information being processed by the system
n Dedic5ted 6 599 users ha+e the c9e5r5nce or authori#ation and need7to78now to all data processed
within the system!
n Comp5rtmented 6 599 users ha+e the c9e5r5nce to access all the information processed by the system$
but might not ha+e the need7to78now and formal access appro+al!
n Contro99ed 6 type of multile+el security limited le+el of trust in the systems hardwareDsoftware
n &imited Access 6 minimum le+el of clearance is uncleared 9no clearance: and sensiti+e but
unclassified data
Addition59 Consider5tions
n Co:ert C65nne9 6 <nintended communication path between two resources that allows transfer of
information in +iolation of security policy
n &5c8 of P5r5meter C6ec8ing 6 *ailure to chec' the si#e of input streams$ Can allow -uffer ,+erflow
n "5inten5nce ,oo8 $ 9trapdoor: allows maintenance of system bypassing security
n Time of C6ec8 to Time of Use 6 attac' that e(ploits the difference in time between time security
applied and time that ser+ice is used
!eco:ery Procedures
n *ailure must not compromise the security of the system
n If system restart is re;uired it must re>start in safe mode 9maintenance mode:
n "5inten5nce "ode > allows access only by pri+ileged users
n 5u9t To9er5nce 6 allows component of system to fail and reco+er
n 5i9 S5fe System 6 processing is halted if component of system fails
n 5i9 Soft ?resi9ient@ 6 non critical processing is halted if component of system fails
EC
n 5i9o:er 6 switching to duplicate or ?hot@ bac'up
n Co9d St5rt 6 when the TC- and software may be inconsistent and outside inter+ention is re;uired
Assur5nce
n Degree of confidence in satisfaction of security needs
E:59u5tion Criteri5
n Trusted Computer Security E:59u5tion Criteri5 6 9TCS&C: was de+eloped in 5KJE by =ational
Computer Security Center 9=CSC:
TCSEC Pro:ides t6e fo99owing;
n -asis for establishing security re;uirements in the ac;uisition specifications
n Standard of security ser+ices that should be pro+ided by the +endor
n Means to measure trustworthiness of an information system
TCSEC is t6e Or5nge 1oo8 6 part of rainbow series
n -asic control ob8ecti+es of ,range -oo':
n Security Policy
n 7ssurance
n 7ccountability
Or5nge 1oo8 Addresses:
n Confidentiality
n NOT Integrity
n It loo's specifically at the operating system and not other issues
&e:e9s
D 6 Minimal Protection
C 6 Discretionary Protection 6 9C5 and C0:
- 6 Mandatory Protection 6 9-5$ -0$ and -1:
7 6 %erified protection$ formal methods 975:
Trusted Networ8 Interpret5tion ?TNI@$ !ed 1oo8
n 7ddresses confidentiality and integrity in trusted computerDcommunications networ' systems
Trusted D5t5<5se "5n5gement System Interpret5tion $ ?TDI@
n 7ddresses trusted database management systems
Europe5n Inform5tion Tec6no9ogy Security E:59u5tion Criteri5 ?ITSEC@
n 7ddresses confidentiality and integrity and a+ailability
n Target of &+aluation 9T,&: 6 system to be e+aluated
n T,& must ha+e a security target 6 including security enforcing mechanisms and security policy
n Separately e+aluates functionality and assurance
n Ten *unctionality Classes > *
n &ight 7ssurance e+els > .
n Se+en e+els of Correctness 6 &
n &ight basic security functions
n isted as *>V$ &
&uropean ITS&C TCS&C
*>C5$ &5 C5
*>C0$ &0 C0
*>-5$ &1 -5
*>-0$ &C -0
*>-1$ &E -1
*>-1$ &F 75
EE
,ther Classes of ITS&C address high integrity and high a+ailability
Common Criteri5
n TCS&C$ ITS&C and Canadian Trusted Computer Product &+aluation Criteria 9CTCP&C: ha+e e+ol+ed
into one common criteria
n Common Criteria defines Protection Profile that specifies the security re;uirements and protections of
the product to be e+aluated!
n ,rgani#ed around TC- entities
n Physical and logical controls
n Start up and reco+ery
n Reference mediation
n Pri+ileged States
Certific5tion 5nd Accredit5tion
n *ormal methods to ensure that appropriate safeguards are in place and functioning per the
specifications
n Must be regularly chec'ed after a defined period of time
Certific5tion 6 e+aluation of technical and non>technical security features to establish how the design
meets the security re;uirements
Accredit5tion 6 7 formal declaration by a Designated 7ppro+ing 7uthority 9D77: where a system is
appro+ed to operate in a security mode
US Defense 5nd Go:ernment Accredit5tion 5nd Certific5tion St5nd5rds
DITSCAP $ Defense Information Technology Security Certification 7ccreditation Process
NIACAP > =ational Information 7ssurance Certification 7ccreditation Process
DITSCAP $ Defense Information Technology Security Certification 7ccreditation Process
&stablishes a standard process$ a set acti+ities$ general tas' descriptions and a management structure to
certify and accredit system will maintain its re;uired security posture!
our P65ses of DITSCAP
n Definition 6 understanding of en+ironment and architecture
n %erification 6 %erify compliance with System Security 7uthori#ation 94hile e+ol+ing:
n %alidation > %alidate compliance with System Security 7uthori#ation 9final:
n Post 7ccreditation 6 continuing operation
NIACAP > =ational Information 7ssurance Certification 7ccreditation Process
n Minimum national standards for accrediting national security system
n &stablishes a standard process$ a set acti+ities$ general tas' descriptions and a management structure to
certify and accredit system will maintain its re;uired security posture!
T6ree types of NIACAP 5ccredit5tion
n Site accreditation 6 e+aluates application at self contained location
n Type accreditation 6 e+aluates application at number of locations
n System accreditation > e+aluates a ma8or application or support system
Inform5tion Security "ode9s
n 7ccess control models
n Integrity Models
n Information *low Models
Access Contro9 "ode9s
7ccess Matri(
EF
Ta'e>Grant
-ell>apadula Confidentiality
State Machine
Access "5tri>
Straight *orward pro+ides access rights to sub8ects for ob8ects!
n 7ccess Rights 6 Read$ write and e(ecute
n Sub8ect 6 can be a person or a program
n ,b8ects 6 file or storage de+ice
n Columns > are called 7ccess Control ists
n Rows > are capability lists
n Supports Discretionary 7ccess Control
n Trip9e > Sub8ects capability is defined by a triple 9ob8ect$ rights$ random/:
n The random number pre+ents spoofing
T58e7Gr5nt "ode9
<ses a directed graph to specify the rights a sub8ect can transfer to an ob8ect or ta'e from another sub8ect!
1e997&5p5du95 6 confidentiality model
n De+eloped to formali#e the <S Department of Defense multile+el security policy
n ,nly deals with confidentiality does not deal with integrity or a+ailability
n -ased on Go+ernment Classification 6 <nclassified$ Sensiti+e -ut <nclassified 9S-<:$ Confidential$
Secret$ Top Secret
n Must ha+e need to 'now
n 7 Trusted Sub8ect can +iolate the ]property
n Does not address clientDser+er model
n -ased on State Machine Concept
n Starts at secure state and transitions from one state to another!
n The initial state must be secure and the transitions result in a secure state
1e997&5p5du95 Security St5te Defined <y t6ree properties;
5! Simple Security Property 9ss Property: 6 no reading from lower sub8ect to higher ob8ect 9=o Read <p:
0! The ] 9star: security Property 6 =o writing from higher sub8ect to lower ob8ect 9=o write Down:
n Trusted Sub8ect can +iolate the star property but not its intent
n Strong ] property 6 no reading or writing to another le+el
1! Discretionary Security Property 6 <ses 7ccess Matri( to specify discretionary access control
Discretion5ry 5ccess c5n <e;
n Content Dependent 6 access decisions based on data contained in the ob8ect data!
n Conte(t Dependent 6 access based on sub8ect or ob8ect attributes to ma'e these decisions 9i!e! 8ob role$
earlier accesses$ and file creation dates and times:!
)e58nesses of 1e997&5p5du95
n Does not address co+ert channels
n Does not address modern systems that use file sharing and ser+er
n Does not define secure state transition
n -ased on multile+el security does not address other policy types
Integrity "ode9s
1i<5 Integrity "ode9
Integrity defined by three goals
n Data protected from modification by unauthori#ed users
n Data protected from unauthori#ed modification by authori#ed users
n Data is internally and e(ternally consistent!
EI
1i<5 Integrity "ode9
n De+eloped in 5KII as an integrity add on to -ell>apadula
n attice -ased uses less than or e;ual to relation
n 7 lattice structure is a set with a least upper bound 9<-: and a greatest lower bound 9G-:
n attice represents a set of integrity classes 9IC: and an ordered relationship
n attice B 9IC$

$ <-$ G<-:
Integrity 7(ioms
5 The Simple Integrity 7(iom > no reading of lower ob8ect from higher sub8ect 9=o Read Down:
0 The ] 9star: Integrity 7(iom 6 =o writing from lower sub8ect to higher ob8ect 9=o write <p:
1 7 sub8ect at a lower le+el of integrity can not in+o'e a sub8ect at a higher le+el of integrity
C95r87)i9son Integrity "ode9
n Two e9ements; well formed transaction and separation of duties.
n De+eloped in 5KJI for use in real>world commercial en+ironment
n 7ddresses the three integrity goals
n Constrained Data Item 9CDI: 6 7 data Item whose integrity is to be preser+ed
n Integrity %erification Procedure 9I%P: 6 confirms that all CDIs ha+e integrity
n Transformation Procedure 9TP: 6 transforms a CDI from one integrity state to another integrity state
n <nconstrained Data Item 6 data items outside of the control area of the modeled en+ironment
n Re;uires Integrity abels
Inform5tion 9ow "ode9s
n &ach ob8ect and sub8ect is assigned security class and +alue\ info is constrained to flow in directions
that are permitted by the security policy!
n -ased on state machine and consists of ob8ects$ state transitions and lattice 9flow policy: states!
n ,b8ect can be a user
n &ach ob8ect is assigned a security class and +alue
n Information is constrained to flow in the directions permitted by the policy
Non7interference "ode9
7ctions of group 7 using commands C are not seen by users in Group - using commands D
Composition T6eories
4hen smaller systems are combined they must maintain the component system security properties
McClean 6 defined internal and e(ternal compositional constructions
n &(ternal Constructs
n Cascading 6 one systems input is the output of another
n *eedbac' 6 one systems output is input to another system and returned as input to the first system
n )oo'up 6 a system that communicates with another system and e(ternal entities
n Internal Constructs:
n Intersection$ <nion and Difference
Conclusion 6 security maintained in cascading constructs but sub8ect to other system +ariables for other
constructs
Or5nge 1oo8 $ Trusted Computer Security E:59u5tion Criteri5
n 9TCS&C: was de+eloped in 5KJE by =ational Computer Security Center 9=CSC:
n D $ "inim59 protection
n &+aluated but fail to meet re;uirements
n C $ Discretion5ry Access Contro9
EJ
n C# $ Discretion5ry Security Protection
n =ominally satisfies discretionary controls
n C% $ Contro99ed Access protection
n <sers accountability > through login and auditing
n 1 $ "5nd5tory Access Contro9
n 1# $ &5<e9ed Security
n Data labeling
n Informal security policy model
n 1% $ Structured
n Trusted *acility Management > Support ,perator and Security 7dministrator
n Co+ert Channel 6 Co+ert Storage Channels
n Configuration Change Management 6 De+elopment and Maintenance
n 1(7 Security Dom5ins
n Trusted *acility Management 6 Identify Security 7dministrator *unctions
n Co+ert Channel 6 Co+ert Storage and Co+ert Timing Channels
n Trusted Reco+ery Re;uired
n Configuration Change Management 6 De+elopment and Maintenance
n A $ /erified Design
n A# $ /erified Design
n Trusted *acility Management 6 Identify Security 7dministrator *unctions
n Co+ert Channel 6 Co+ert Storage and Co+ert Timing Channels
n Trusted Reco+ery Re;uired
n Configuration Change Management 6 &ntire System ifecycle
&uropean ITS&C TCS&C Common Criteria
&N D &75
*>C5$ &5 C5 &70
*>C0$ &0 C0 &71
*>-5$ &1 -5 &7C
*>-0$ &C -0 &7E
*>-1$ &E -1 &7F
*>-1$ &F 75 &7I
EK
Dom5in . $ Oper5tions Security
Trip9es
n T6re5t 6 an e+ent that could cause harm by +iolating the security 9 i!e! ,perator abuse of pri+ileges:
n /u9ner5<i9ity 6 wea'ness in a system that enables security to be +iolated 9i!e! 4ea' Segregation of
duties:
n Asset 6 anything that is a computer resource 9i!e! software data:
C.I.A.
n Confidenti59ity 6 operations controls affect confidentiality of data!
n Integrity 6 how well operations controls are implemented affects data integrity
n A:5i95<i9ity 6 fault tolerance and ability to reco+er
Contro9s 5nd protections
Controls to protect hardware$ software and media from:
n Threats in an operating en+ironment
n Internal and e(ternal intruders
n ,perators inappropriately accessing resources
C5tegories of Contro9s
n Pre:ent5ti:e 6 pre+ent harmful occurrence
n ower amount and impact of errors entering the system
n Pre+ent unauthori#ed intruders from accessing the system
n Detecti:e 6 detect after harmful occurrence
n Trac' unauthori#ed transactions
n Correcti:e 6 restore after harmful occurrence
n Data reco+ery
Addition59 Contro9 C5tegories
n Deterrent Contro9 6 encourage compliance with e(ternal controls
n App9ic5tion Contro9s 6 designed into software applications
n Tr5ns5ction Contro9s 6 control o+er the +arious stages of a transaction
n Input Contro9s 6 ensure transactions properly input
n Processing Contro9s 6 guarantee transactions are proper and +alid
n Output Contro9s 6 protect the confidentiality and integrity of output
n C65nge Contro9s 6 preser+e integrity when configuration changes are made
n Test Contro9s 6 ensure data integrity and confidentiality of data during testing
Or5nge 1oo8 Contro9s 6 TCS&C 6 Trusted Computer Security &+aluation Criteria
Assur5nce 6 le+el of confidence that security policies ha+e been implemented correctly
Oper5tion59 Assur5nce 6 focuses on basic features and architecture of a system
n System 7rchitecture
n System Integrity
n Co:ert C65nne9 An59ysis
n Trusted 5ci9ity "5n5gement
n Trusted !eco:ery
&ife Cyc9e Assur5nce $ controls and standards re;uired for building and maintaining a system
n Security Testing
n Design Specification and testing
n Configur5tion "5n5gement
n Trusted Distribution
FN
Co:ert C65nne9 An59ysis
n 7n information path that is not normally within a system and is therefore not protected by the systemsG
normal security mechanism!
n Secret ways to con+ey information to another program or person
n Co:ert Stor5ge C65nne9s > con+ey information by changing stored data ?1%@
n Co:ert Timing C65nne9s 6 con+ey information by altering the performance of or modifying the
timing of system resources in measurable way! ?1(4 A#E Stor5ge 5nd Timing@
Com<5t Co:ert C65nne9 An59ysis 7 with noise and traffic generation
Trusted 5ci9ity "5n5gement 7 Re;uired for 1%4 1(4 5nd A#
n Defined as assignment of a specific indi+idual to administer the security of a system! 9Security
7dministrator:
Sep5r5tion of Duties
n 7ssign different tas's to different personnel
n =o single person can completely compromise a system
n Related to the concept of least pri+ileges 6 least pri+ileges re;uired to do oneGs 8ob
n Secure Systems > System 7dministrator and Security 7dministrator must be different roles!
n )ighly Secure Systems > System 7dministrator$ Security 7dministrator$ and &nhanced ,perator must
be different roles!
n If same person roles must be controlled and audited!
System Admin $ En65nced Oper5tor unctions
n Installing software
n Start up and shut down of system
n 7dding remo+ing users
n Performing bac' up and reco+ery
n )andling printers and ;ueues
Security Administr5tor unctions
n Setting user clearances$ initial passwords and other security characteristics for new users
n Changing security profiles for users
n Setting file sensiti+ity labels
n Setting security of de+ices
n Renewing audit data
n 1% security le+el re;uires that systems must support separate operator and system administrator roles!
n 1( 5nd A#$ systems must clearly identify the functions of the security administrator to perform the
security>related functions!
!ot5tion of duties
imiting the length of time a person performs duties before being mo+ed
Trusted !eco:ery 7 !e=uired for 1( 5nd A# 9e:e9s
n &nsures Security is not breached when a system crashes or fails
n System must be restarted without compromising security
n Two primary acti+ities
n *ailure Preparation 6
n -ac'ups on a regular basis
F5
n System Reco+ery >
n Rebooting in single user mode 6 no other users allowed on the system
n Reco+ering all file systems
n Restoring files
n Reco+ering security
n Chec'ing security critical files
T6ree 6ier5rc6ic59 reco:ery types;
n Manual Reco+ery $ Sys 7dmin must be in+ol+ed
n 7utomated Reco+ery 6 no inter+ention for single failure
n 7utomated Reco+ery without <ndue oss 6 similar to 7utomated Reco+ery$ higher le+el pf reco+ery
no undue loss of protected ob8ect
Configur5tion C65nge "5n5gement $ !e=uired 1%4 1( 5nd A#
n Process of trac'ing and appro+ing changes
n Identify$ control and audit changes
n Changes to the system must not diminish security
n Includes roll bac' procedures
n Documentation updates to reflect changes
n Recommended for systems below the re;uired -0$ -1 and 75
n Change Control *unctions:
n ,rderly manner and formali#ed testing
n <sers informed of changes
n 7naly#e effects of changes
n Reduce negati+e impact of changes
n Configuration Management re;uired for De+elopment and Implementation stages for 1% 5nd 1(
n Configuration Management re;uired for life cycle of system for A#
Administr5ti:e Contro9s
n )R and personnel controls
n Personnel Security 6
n &mployment screening
n Mandatory %acation
n 4arnings and Termination for +iolating security policy
n Separation of Duties
n east Pri+ileges
n =eed to "now
n Change ControlD Configuration Control
n Record Retention and Documentation
&e5st pri:i9ege
n =o access beyond 8ob re;uirements
n Group le+el pri+ileges for ,perators
n Read ,nly
n Read D4rite > usually copies of original data
n 7ccess Change 6 ma'e changes to original data
Oper5tions Fo<s
n Computer ,perator 6 bac'ups$ system console$ mounting tapes$ hardware$ software
n ,perations 7nalyst 6 wor's with application de+elopers$ maintenance programmers and computer
operators
n 3ob Control 7nalyst 6 responsible for o+erall 8ob control ;uality
n Production Scheduler 6 planning and timing of processing
F0
n Production Control 7nalyst 6 printing and distribution of reports
n Tape ibrarian 6 collects tapes$ manages off>site storage
!ecord !etention 7 Records should be maintained according to management$ legal$ audit and ta(
re;uirements
D5t5 !em5nence 6 Data left on media after it has been erased
Due c5re 5nd Due Di9igence $ Security 7wareness$ Signed 7cceptance of &mployee Computer <se Policy
Document5tion 6 procedures for operations$ contingency plans$ security polices and procedures
Oper5tion Contro9s
!esource Protection
n Protecting Resources from disclosure alteration or misuse
n )ardware 6 routers$ firewalls$ computers$ printers
n Software 6 libraries$ +endor software$ ,S software
n Data Resource 6 bac'up data$ user data$ logs
,5rdw5re Contro9s
n )ardware Maintenance
n Re;uires physical and logical access by support and +endors
n Super+ision of +endors and maintenance$ bac'ground chec's
n Maintenance 7ccounts
n Disable maintenance accounts when not needed
n Rename default passwords
n Diagnostic Port Control
n Specific ports for maintenance
n Should be bloc'ed from e(ternal access
n )ardware Physical Controls 6 re;uire loc's and alarms
n Sensiti+e operator terminals
n Media storage rooms
n Ser+er and communications e;uipment
n Modem pools and circuit rooms
Softw5re Contro9s
n 7nti>+irus Management 6 pre+ent download of +iruses
n Software Testing 6 formal rigid software testing process
n Software <tilities 6 control of powerful utilities
n Safe software Storage 6 pre+ent modification of software and copies of bac'ups
n -ac' up Controls 6 test and restore bac'ups
Pri:i9eged Entity Contro9s $K pri:i9eged oper5tions functionsL
n &(tended special access to system commands
n 7ccess to special parameters
n 7ccess to system control program 6 some only run in particular state
"edi5 !esource Protection
"edi5 Security Contro9s 6 pre+ent the loss of sensiti+e information when the media is stored outside the
system
n ogging 6 log the use of the media$ pro+ides accountability
n 7ccess Control 6 physical access control
F1
n Proper Disposal 6 saniti#ation of data 6 rewriting$ degaussing$ destruction
"edi5 /i5<i9ity Contro9s 6 protect during handling$ shipping and storage
n Mar'ing 6 label and mar' media$ bar codes
n )andling 6 physical protection of data
n Storage 6 security and en+ironmental protection from heat$ humidity$ li;uids$ dust$ smo'e$ magnetism
P6ysic59 Protection
Protection from p6ysic59 5ccess
n )ardware 6 routers$ firewalls$ computers$ printers
n Software 6 libraries$ +endor software$ ,S software
P6ysic59 piggy<5c8ing $ following an authori#ed person through a door
"onitoring 5nd Auditing
Monitoring 6 problem identification and resolution
Monitor for:
n Illegal Software Installation
n )ardware *aults
n &rror States
n ,perational &+ents

Penetr5tion Testing 6 Testing a networ's defenses by using the same techni;ues as e(ternal intruders
n Scanning and Probing 6 port scanners
n Demon Dialing 6 war dialing for modems
n Sniffing 6 capture data pac'ets
n Dumpster Di+ing 6 searching paper disposal areas
n Social &ngineering 6 most common$ get information by as'ing
/io95tion An59ysis
n Clipping le+els must be established to be effecti+e
n Clipping e+el 6 baseline of normal acti+ity$ used to ignore normal user errors
n Profile -ased 7nomaly Detection
n oo'ing for:
n Repetiti+e Mista'es
n Indi+iduals who e(ceed authority
n Too many people with unrestricted access
n Patterns indication serious intrusion attempts
Auditing
IT 7uditors 7udit:
n -ac'up Controls
n System and Transaction Controls
n Data ibrary Controls
n Systems De+elopment Standards
n Data Center Security
n Contingency Plans
Audit Tr5i9s
n &nables trac'ing of history of modifications$ deletions$ additions!
n 7llow for accountability
n 7udit logs should record:
n Transaction time and date
FC
n 4ho processed transaction
n 4hich terminal was used
n %arious security e+ents relating to transaction
7lso should loo' at:
n 7mendment to production 8obs
n Production 8ob reruns
n Computer ,perator practices
Ot6er issues wit6 5udit 9ogs;
Retention and Protection of audit media and reports
Protection against alteration
Pro<9em "5n5gement
Goals of problem management:
n Reduce failures to a manageable le+el
n Pre+ent occurrence of a problem
n Mitigate the impact of problems
Potenti59 Pro<9ems;
n Performance and a+ailability of computing resources
n The system and networ'ing infrastructure
n Procedures and transactions
n Safety and security of personnel
A<norm59 E:ents 7 that can be disco+ered by an audit
n Degraded resource a+ailability
n De+iations from the standard transaction procedures
n <ne(plained occurrences in a processing chain
,b8ecti+e of problem management is resolution of the problem
T6re5ts 5nd /u9ner5<i9ities
T6re5t > if reali#ed can cause damage to a system or create a loss of C!I!7!
/u9ner5<i9ity 6 a wea'ness in a system that can be e(ploited by a threat
T6re5ts;
Accident59 9oss
Oper5tor input error 5nd omissions > manual input errors
Tr5ns5ction processing errors 6 programming errors
In5ppropri5te Acti:ities;
n Can be grounds for 8ob action or dismissal
n Inappropriate content 6 storing inappropriate content li'e porn
n 4aste of Corporate Resources 6 personal use of hardware and software
n Se(ual or Racial )arassment 6 <sing e>mail or other resources to distribute inappropriate material
n 7buse of pri+ileges or rights 6 using unauthori#ed access le+els to +iolate confidentiality of company
data
I99eg59 Computer Oper5tions
n &a+esdropping 6 sniffing$ dumpster di+ing$ social engineering
n *raud 6 collusion$ falsified transactions
n Theft 6 information or trade secrets$ physical hardware and software theft
FE
n Sabotage 6 Denial of Ser+ice 9DoS:$ production delays
n &(ternal 7ttac's 6 malicious crac'ing$ scanning$ war dialing
/u9ner5<i9ities
n TrafficDTrend 7nalysis 6 analy#ing data characteristics
n Countermeasures include:
n Padding Messages 6 ma'ing messages uniform si#e
n Sending =oise 6 transmitting non>informational data elements to disguise real data
n Co+ert Channel 7nalysis 6 unintended channel
D5t5 Sc5:enging
n Piecing together information from bits of data
n "eyboard 7ttac's 6 sitting at the 'eyboard using normal utilities to gain information
n aboratory 7ttac' 6 using +ery precise electronic e;uipment
IP& /u9ner5<i9ities 6 Initial Program oad
n 7bility to put the system in single user mode at boot up
n Grants ,perator powerful features
Networ8 Address ,iD5c8ing
n &nables intruder to capture traffic for analysis or password theft
n Intruder can reroute the data output$ obtain super+isory terminal function and bypass system logs!

FF
Dom5in ' $ App9ic5tions 5nd System De:e9opment
Softw5re De:e9opment &ifecyc9e
n Goals:
n Produce .uality product that meets users needs
n Stay within budget and time schedule
Simp9istic "ode9
Too' into account each stage but did not ta'e into account any rewor' that may be re;uired by later stages
)5terf599 "ode9
n 7llows de+eloper to go bac' and wor' on the pre+ious stage
n imited to one stage bac'
n *undamental problem:
n 7ssumes that a stage will finish at a specific time
n <sually not the case in the real world
n If an ending phase is forcibly tied to a milestone$ the milestone can not be considered met until the
rewor' is concluded
n In 5KIF -arry -oehm$ rewor'ed waterfall model to ha+e all phases end with a Milestone and the
bac' references represents verification and validation against baselines
/erific5tion 6 e+aluates the product against the specification
/59id5tion 6 e+aluates the product against the real world re;uirements
4aterfall Model: System RequirementsSoftware RequirementsAnalysisProgram
DesignCodingTestingOperations & Maintenance
T6e Spir59 "ode9
n De+eloped in 5KJJ by -arry -oehm
n Incorporates the +arious phases of software de+elopment
n -ro'en out into .uadrants
n Cost is on the radial dimension 9Z 6 7(is:
n .uadrants:
n ower eft 6 De+eloping Plans
n <pper eft 6 Defines ,b8ecti+es
n <pper Right 6 Prototyping to identify ris's
n ower Right 6 *inal De+elopment
n eft )ori#ontal 7(is represents ma8or re+iew to complete each full cycle
Inform5tion Security 5nd t6e &ife Cyc9e "ode9
n Information Security: controls conception$ de+elopment$ implementation$ testing$ and maintenance
should be conducted concurrently with the system software life cycle phases
Testing Issues
n <nit testing should be addressed when modules are designed
n Personnel separate from the de+elopers should test
n Should include out of range situations
n Test cases should be used with 'nown e(pected +alues
Softw5re "5inten5nce P65se
n !e=uest Contro9 $ m5n5ge user re=uests
n &stablish priorities
n &stimate Costs
FI
n Determine interface presented to user
C65nge Contro9
n Recreating and analy#ing the problem
n De+eloping changes and tests
n Performing ;uality control
n Tools to be used for changes
n Documentation of changes
n Restriction of changesG effect on other parts of code
n Recertification and accreditation
n !e9e5se Contro9
n Issuing the latest release of the software
Configur5tion "5n5gement
-S IIKK 6 The discipline of identifying components of a continually e+ol+ing system for the purposes of
controlling changes to those components maintaining integrity and traceability throughout the lifecycle!
n Configuration Item 6 component which is to be changed
n %ersion 6 recorded state of the configuration item
n Configuration 6 collection of component configuration
n -uilding 6 process of assembling a +ersion
n -uild ist 6 set of +ersion used to build configuration item
n Software ibrary 6 controlled area
Configur5tion Identific5tion 6 identify and document the functional characteristics of configuration item
Configur5tion Contro9 6 control changes to configuration items from software library$ issuing +ersions
Configur5tion St5tus Accounting $ record the processing of changes
Configur5tion Audit > Control of the ;uality of configuration management
T6e Softw5re C5p5<i9ity "5turity "ode9
n .uality of finished product is a component of the ;uality of the de+elopment process
n CMM de+eloped by the Software &ngineering Group 9S&I: in 5KJF
n Defines *i+e Maturity e+els
n e+el 5 6 Initiating 6 competent people$ processes are informal and ad hoc
n e+el 0 6 Repeatable 6 has pro8ect management processes
n e+el 1 6 Defined 6 technical practices are integrated with management practices
n e+el C 6 Managed 6 product and processes are ;uantitati+ely controlled
n e+el E 6 ,ptimi#ing 6 Continuous process impro+ement
The Software CMM supports the concept of continuous impro+ement
Process Impro:ement IDEA& "ode9
Phase 5 6 Initiate 6 begin formal process impro+ement effort
Phase 0 6 Diagnose 6 Perform 7ssessment
Phase 1 6 &stablish 6 De+elop prioriti#ed action plan
Phase C 6 7ction 6 implement process impro+ement
Phase E 6 e+erage 6 reassess and continuously impro+e
1enefits;
n Impro+ed Software .uality
FJ
Phase 5
I=ITI7T&
-eing formal SPI effort
Phase 0
DI7G=,S&
Perform 7ssessment
Phase 1
&ST7-IS)
De+! Prioriti#ed action plan
Phase C
7CTI,=
Imp! process impro+ement
Phase E
&%&R7G&
Reassess Y continuously impro+e
processes
Continuous Process
Impro+ement
n Reduced ifecycle
n More accurate scheduling
n Management +isibility
n Proacti+e Planning and trac'ing
Softw5re De:e9opment &ife Cyc9e;
#. System e5si<i9ity
Information Security Policy egal Issues
Standards &arly %alidation of concepts
%. Softw5re P95ns C !e=uirements
Threats egal iabilities
%ulnerabilities CostD-enefit 7nalysis
Security Re;uirements e+el of Protection Desired
Reasonable Care De+elop Test Plans
Due Diligence %alidation
(. Product Design
Incorporate Security Specifications Design Documentation
7d8ust Test Plans and Data &+aluate &ncryption ,ptions
Determine 7ccess Controls %erification
+. Det5i9ed Design
Design Security Controls Commensurate with legal re;uirements Detailed Documentation Design
Design 7ccess Controls Consider -usiness Continuity Issues
&mploy &ncryption *inali#e <ser G<I
7dapt Security Test Plans %erification
-. Coding
De+elop information security>related code Support business continuity plan
Implement unit testing De+elop documentation
Incorporate other modules or units
.. Integr5tion Product
Integrate Security Components Refine Documentation
Test Integrated Modules Conduct Security Related product +erification
'.Imp9ement5tion
Install Security Software Test Security Software
Run Systems Complete Documentation$ certification$ and accreditation
Conduct 7cceptance Testing
0. Oper5tions C "5inten5nce
Re+alidate Security controls Deli+er changes
Conduct Penetration testing and +ulnerability analysis &+aluate conformance to S7 and +alidations
Manage Re;uest for Changes <pdate documentation$ recertification
Implement change control
O<Dect Oriented Systems
n Group of independent ob8ects$ cooperate to pro+ide systemGs functionality
n ,b8ects are encapsulated 6 can be +iewed as a blac' bo(
n 7ccording to -ooch$ each ob8ect has a State$ -eha+iour$ and Identity
FK
und5ment59s of O<Dect Oriented Systems
n "ess5ge 6 communication to an ob8ect to carry out an operation
n "et6od 6 the code that defines the action of the ob8ect in response to a message
n 1e65:ior 6 results e(hibited by an ob8ect in response to a message
n C95ss 6 collection of common ob8ects
n Inst5nce 6 ob8ects are instances of classes that contain their methods
n In6erit5nce 6 method and class are inherited by a subclass
n De9eg5tion 6 forwarding a re;uest by an ob8ect to another ob8ect$ no method to ser+ice the re;uest
itself
n Po9ymorp6ism 6 is ob8ects of many different classes that are related by some common superclass\ thus
any ob8ect denoted by this name is able to respond to some common set of operations in a different
way
n Po9yinst5nti5tion 6 is the de+elopment of a new +ersion of an ob8ect from another ob8ect replacing
+ariables with other +alues!
n *or e(ample$ relational database$ the name of a military unit may be classified in the database and
may ha+e an ID / as the primary 'ey! If another user at a lower classification le+el attempts to
create a confidential entry for another unit using the same id/ as a primary 'ey$ a re8ection of the
attempt would infer to the lower le+el user the same ID e(ists at a higher classification!
n To a+oid inference$ systems will allow same id/ for lower class and the D-MS would manage to
permit same primary 'ey for two different units
n Pre+ents inference +iolations
P65ses of de:e9opment for o<Dect orient5tion;
n O<Dect Oriented !e=uirements An59ysis ?OO!A@ 6 defines classes of ob8ects and interaction
n O<Dect Oriented An59ysis ?OOA@ 6 understanding and modeling a problem
n Dom5in An59ysis ?DA@ 6 identify ob8ects and classes common to all application
n O<Dect Oriented Design ?OOD@ 6 ob8ect is the basic unit of modularity
n O<Dect Oriented Progr5mming ?OOP@ $ emphasi#es employment of ob8ects in programming
Reusing tested ob8ects reduces time and testing for de+elopment
O<Dect !e=uest 1ro8ers;
n ,b8ects made a+ailable to users across networ's!
n ,R-s are middleware because they reside between two other entities
n &stablishes clientDser+er relationship between ob8ects
Common O<Dect !e=uest 1ro8er ?CO!1A@ Arc6itecture;
n De+eloped by ,b8ect Management Group 9,MG:
n Defines industry standard enabling different programs on different platforms to communicate
Common O<Dect "ode9 ?CO"@
n *ormerly 'nown as ,b8ect in'ing and &mbedding 9,&:
n Support e(change of ob8ects between programs
Distri<uted Common O<Dect "ode9 ?DCO"@
Support e(change of ob8ects across networ's
O<Dect Oriented &5ngu5ges;
n Simula FI 6 first ,b8ect ,riented anguage
n COO
n Smalltal'
Artifici59 Inte99igence Systems
<sing software and hardware to sol+e problems
IN
Two Types of 7I: 9&(pert Systems$ and =eural =etwor's:
E>pert Systems 6 e(hibits reasoning similar to that of a human
n -uilds 'nowledge base 9in the form of If>Then statements: of the domain to be addressed in the form of
rules and an inference mechanism to determine if the rules ha+e been satisfied by system input
n &(pert System B Inference engine O 'nowledge base
n "nowledge -ase > contains facts and rules
n Inference &ngine 6 compares information ac;uired to the 'nowledge base
n If there is a match the rule ?fires@
n Certain rules ha+e a higher priority 6 Salience
E>pert Systems Oper5te in two modes;
*orward Chaining 6 ac;uires information and comes to a conclusion
-ac'ward Chaining 6 bac'trac's to determine if a hypothesis is correct
Uncert5inty
-ayesian Theory or ?fu##y logic@
uAAy &ogic ?5ddresses uncert5inties@
n Degrees of uncertainty whether something is true or false
n *u##ification 6 apply membership function to input +ariable to determine degree of truth
n Inference 6 truth +alue applied to conclusion of each rule
n Composition 6 all subsets combined
n Defu##ification 6 con+ert fu##y subset to a number
Spir59 "ode9
n Can be used to build e(pert system
n 7c;uisition of "nowledge is 'ey
n Is a meta>model that incorporates a number of the software de+elopment models!
n Stages
n 7nalysis
n Specification
n De+elopment
n Deployment
n %erification and +alidation 6 concerned with inconsistencies and conflicting rules
Neur59 Networ8s 6 based on functioning of biological neurons
n =eurons$ signals are e(changed among neurons through electrical pulses tra+eling along an a(on
n &lectrical pulse arri+es at a neuron at points called synapses
n ,utput B Input5]4eight5 O Input0]4eight0
n Summation of inputs with dynamic weights assigned to them
n ,ne summing node is called a single>layer networ'
n Multiple summing nodes is a multi>layer networ'
n Training de+elops the weights
n =eural networ's can be trained to gi+e the correct response for each input!
D5t5<5se Systems
Can be used to define$ store and manipulate data without writing specific programs to perform these
functions!
Different Types of D5t5<5ses
n )ierarchical
n Mesh
n ,b8ect>,riented
n Relational
I5

D5t5<5se Security Issues
n Security is pro+ided in relational databases through +iews!
n %irtual relation that combines information from other relations!
n The D-MS can be compromised by circum+enting the normal security controls!
n Aggreg5tion 6 7ct of obtaining information of higher sensiti+ity by combining information from lower
le+els of sensiti+ity!
n Inference 6 is ability of users to infer or deduce info about data at sensiti+ity le+els for which they do
not ha+e access! 7 lin' that enables an inference to occur is called an inference channel!
n ,pen Database Connecti+ity 9,D-C: 6 de+eloped by Microsoft must be controlled!
D5t5 )5re6ouse 5nd D5t5 "ining
D5t5 )5re6ouse $ repository of information from heterogeneous databases that is a+ailable for users to
ma'e ;ueries!
n Data is normali#ed and redundant data is remo+ed!
n Data warehouse and mining can be applied to audit logs and other info to find system anomalies!
n D5t5 mining; ,b8ecti+e is to find relationships that were un'nown up until now among data in
warehouse! Searching for correlations
n "et5d5t5; Correlations or data about data
n D5t5 m5rt; Metadata is not stored in data warehouse! Metadata usually stored in a separate system!
D5t5 Diction5ry
n Database system for de+elopers
n Records all data structures used by an application
App9ic5tion Contro9s
App9ic5tion Contro9 Type Accur5cy Security Consistency
Pre:ent5ti:e D5t5 C6ec8s4 custom
screens4 :59idity
c6ec8s4 contingency
p95nning 5nd
<5c8ups
irew599s4 reference
monitors4 sensiti:ity
95<e9s4 tr5ffic
p5dding4 encryption4
d5t5 c95ssific5tion4
one7time p5sswords4
sep5r5te test 5nd
de:e9opment
en:ironments
D5t5 Diction5ry4
progr5mming
st5nd5rds4 D1"S
Detecti:e Cyc9ic redund5ncy
c6ec8s4 structured
w598 t6roug6s4 65s6
tot59s4
re5son5<9eness
c6ec8s
IDS4 5nd 5udit tr5i9s Comp5rison too9s4
re95tions6ip tests4
reconci9i5tion
contro9s
Correcti:e 15c8ups4 contro9
reports4 <efore 5nd
5fter im5ging
reports4 c6ec8point
rest5rts
Emergency
response4 5nd
reference monitor
Progr5ms comments4
d5t5<5se contro9s
Ser:ice &e:e9 Agreements
n Guarantees the le+el and ;uality of ser+ice
n Metrics in S7s
n Turn around times
I0
n 7+erage response times
n =umber of on>line users
n System utili#ation rates
n System up times
n %olume of transactions
n Production problems
Distri<uted Systems
n Pose special challenges to security
n Security for distributed systems should include:
n 7ccess control
n Identification
n 7uthentication
n Intrusion detection
n &mergency response
n ogs
n 7udit trails
n C9ientGSer:er 6 is a type of distributed system
n Agent 6 surrogate program performs ser+ices on behalf of another
n Pro>y 6 acts on behalf of principal but may hide the principal
n App9ets 6 small applications in 3a+a or COO$ mobile code
n 7pplets can be downloaded from the web into a web browser! 7pplet can e(ecute in the networ'
browser
n F5:5
n Designed to run on constrained space
n 3a+a is an ob8ect>oriented$ distributed$ interpreted 9not compiled:$ architecture>neutral$
multithreaded$ general purpose programming language
n T6re5d 6 lightweight process
n Interpreted 95ngu5ge e(ecutes one line at a time$ run>time biding
n Compi9ed 95ngu5ge is translated into machine code$ binding at compile time
n Acti:e H 6 can download mobile code in -7SIC and COO
n &stablishes trust between client and ser+er with digital certificates
"59icious "o<i9e Code Defenses
e ! "ava and Active# code downloaded into a $e% %rowser from t&e $$$'
n Configure firewall to screen applets
n Configure 4eb -rowser to restrict or pre+ent applets
n Configure 4eb -rowser to restrict or pre+ent applets from trusted ser+ers
n Pro+ide user awareness training on mobile code threats
Centr59iAed Arc6itecture
Centrali#ed is easier to protect than distributed!
!e59 Time Systems
n ,perate by ac;uiring data from sensors and transducers in real time and ma'e real time decisions
n &(ample: ?*ly by wire@ control of supersonic aircraft
n 7+ailability is crucial
n 7ddressed through R7ID 6 dis' mirroring
n *ault Tolerant Systems 6 has to detect and ta'e action to reco+er from faults
Ot6ers;
n 195c87<o> testing obser+es the system e(ternal beha+ior!
n )6ite7<o> testing is a detailed e(am of a logical path$ chec'ing the possible conditions!
I1
n Compi9ed code poses more ris' than interpreted code because malicious code can be embedded in the
compiled code and can be difficult to detect!
n !egression testing is the +erification that what is being installed does not affect any portion of the
application system already installed! It generally re;uires the support of automated process to repeat
tests pre+iously underta'en!
n Code comp5rison is normally used to identify the parts of the source code that ha+e changed!
n Integr5tion testing is aimed at finding bugs in the relationship and interfaces between pairs of
components! It does not normally test all functions!
n Unit testing is the testing of a piece of code! It will only detect errors in the piece of code being tested!
IC
Dom5in 0 $ 1usiness Continuity 5nd Dis5ster !eco:ery P95nning
Ma'ing the plans for reco+ery and putting them into action to reco+er with as little impact on the business
as possible!
1usiness Continuity 6 ensuring the business can continue in an emergency
Dis5ster !eco:ery 6 reco+er as ;uic'ly as possible
1CP Process inc9udes;
n Scope and Plan Initiation
n -usiness Impact 7nalysis 9-I7:
n -usiness Continuity Plan de+elopment
D!P Process inc9udes;
n DRP planning process
n Testing the DRP
n Disaster Reco+ery Procedures
*ey difference <etween 1CP 5nd D!P > DRP addresses the procedures to be followed during and after
the loss
1usiness Continuity P95nning
n Created to pre+ent interruptions to normal business acti+ity
n Protect critical business process from man made and natural disasters
n Minimi#e the effect and all resumption of business process
-CP Should 7ddress:
n ocal and 4ide 7rea =etwor's and ser+ers
n Telecommunications and data lin's
n 4or'stations and wor'spaces
n 7pplications software and data
n Media and records storage
n Staff duties
=umber ,ne priority is always People *irst2
Continuity Disrupti:e E:ents
N5tur59 E:ents;
n *ires$ &(plosions$ ha#ardous material spills of en+ironmental to(ins
n &arth;ua'es$ storms$ floods$ and fires from nature
n Power outages and utility failures
"5n "5de E:ents;
n -ombings Sabotage
n Stri'es$ 8ob actions
n &mployee or ,perator una+ailability due to emergency e+acuation
n Communications infrastructure failures
our Prime E9ements of 1CP
n Scope 5nd P95n Initi5tion 6 mar's the beginning of -CP process
n 1usiness Imp5ct An59ysis 6 used to help business understand the impact of a disrupti+e e+ent
n 1usiness Continuity P95n De:e9opment 6 using information from the -I7 to de+elop the actual -CP
Plan$ includes testing
IE
n P95n Appro:59 5nd Imp9ement5tion 6 This in+ol+es getting final management appro+al$ creating
awareness$ updating as needed
Scope 5nd P95n Initi5tion $
n Creating the scope
n Creating detailed account of wor' re;uired
n isting the resources to be used
n Defining management practices
!o9es 5nd !esponsi<i9ities
n -CP is enterprise wide$ re;uires in+ol+ement from many personnel enterprise wide
1CP Committee 6 Responsible to create$ implement and test the plan
n Made up of
n Senior Management
n -usiness <nits
n Information Systems
n Security 7dministrator
Senior "5n5gements !o9e
n )as ultimate responsibility for all phases of the plan
n Senior Management support is critical
Due Di9igence > Stoc' )olders may hold Senior Management responsible as well as the -oard of Directors
if a disrupti+e e+ent causes losses that could ha+e been pre+ented with base standards of care
1CP In:o9:ement
)6o Does )65t
&(ecuti+e Management Initiates pro8ect$ gi+es final
appro+al$ gi+es ongoing support
Senior -usiness <nit
Management
Identifies and prioriti#es time
critical systems
-CP Committee Directs the planning$
implementation and test
processes
*unctional -usiness <nits Participate in implementation
and testing
1usiness Imp5ct Assessment
n )elps to document what impact a disrupti+e e+ent will ha+e on the business
/u9ner5<i9ity Assessment
n T6ree E9ements;
n Critic59ity PrioritiA5tion 6 e+ery business unit process is identified and prioriti#ed
n Downtime Estim5tion 6 Determine Ma(imum Tolerable Downtime 9MTD:$ often much shorter
than e(pected
n !esource !e=uirements $ resource re;uirements for critical processes
1usiness Imp5ct An59ysis
n our Steps
n Gathering assessment material
n Perform the assessment
n 7naly#e the compiled information
n Document the results
IF
G5t6ering 5ssessment m5teri59
n ,rg Chart to determine functional relationships
n &(amine -usiness Success *actors$ priorities and alternate processing
T6e /u9ner5<i9ity Assessment
n ,ften part of the -I7$ similar to ris' assessment$ smaller than full ris' assessment
n -oth ;uantitati+e and ;ualitati+e approaches
n Conduct a loss impact analysis!
n =ecessary to define loss criteria ;uantitati+ely and ;ualitati+ely
Bu5ntit5ti:e &oss Criteri5
n Incurring financial loss from loss of re+enue or capital e(penditure
n 7dditional operational e(penses incurred due to disrupti+e e+ent
n Incurring financial loss from resolution of +iolated contract
n Incurring financial loss from regulatory compliance
Bu59it5ti:e &oss Criteri5
n oss of competiti+e edge
n oss of public confidence
n Incurring public embarrassment
Critic59 Support Are5s must <e defined;
n Telecommunications$ data communications$ Information Technology 7reas
n Physical Infrastructure or plant facilities$ transportation
n 7ccounting$ Payroll$ transaction processing$ customer ser+ice$ purchasing
An59yAe T6e Compi9ed Inform5tion
n Documenting the process
n Identify Interdependencies
n Determine acceptable interruption period
Document5tion 5nd !ecommend5tion
n *ull documentation of all processes$ procedures$ analysis and results
1usiness Continuity P95n De:e9opment
n <se of information from -I7 to create reco+ery strategy plan
n Map out strategy:
n Defining the continuity strategy
n Document the continuity strategy
Critic59ity Sur:ey 6 helps to identify the most critical business functions
IT Dep5rtment
n &nsures ade;uate bac'up and restoration process
n &nsures physical security of +ital networ' and hardware components
n &nsuring sufficient logical security
n &nsuring ade;uate system administration
Defining t6e Continuity Str5tegy
E9ements of Continuity Str5tegy
n Computing $ needs to preser+e hardware and software$ communication lines$ applications and data
n 5ci9ities $ needs to address use of buildings
II
n Peop9e 6 defined roles in implementing the strategy
n Supp9ies 5nd e=uipment 6 paper$ forms$ )%7C$ security e;uipment
Documenting t6e Continuity Str5tegy
n Creation of documentation
P95n Appro:59 5nd Imp9ement5tion
ast step plan is implemented
n 7ppro+al by Senior Management 6 must be able to ma'e informed decisions in the e+ent of a disaster
n Creating awareness 6 training and awareness enterprise wide
n Maintenance of the plan 6 plans get outdated ;uic'ly
Dis5ster !eco:ery P95nning
n Comprehensi+e statement of actions to be ta'en before$ during and after a disrupti+e e+ent causes loss
of Information Systems!
n Primary ob8ecti+e is to pro+ide an alternate site and return to primary site in a minimal time frame
Go59s 5nd O<Decti:es of D!P
n Pro+ide an organi#ed way to ma'e decisions if a disrupti+e e+ent occurs
n Reduce confusion and enhance the ability to deal with crisis
n Planning and de+elopment must occur before the disaster
n ,b8ecti+es:
n Protect the company from ma8or computer ser+ices failure
n Minimi#e the ris' from delays in pro+iding ser+ices
n Guarantee reliability of standby systems through testing
n Minimi#e decision ma'ing re;uired by personnel during a disaster
n DRP assumes -I7 has been done$ now focusing on the steps needed to protect the business!
D5t5 Processing Continuity P95nning $ planning for disaster and creating plans to cope with it
D5t5 !eco:ery p95n "5inten5nce $ 'eeping plans up to date
D5t5 Processing Continuity P95nning
n Mutual 7id 7greements 6 reciprocal agreement
n 7rrangement with another company with similar hardware or software configurations
n 7greement by both parties$ assumes sufficient capacity in time of need 9-ig 7ssumption:
n Should only be considered if no other options$ or perfect partner 9i!e! subsidiary:
n Ad:5nt5ges;
n %ery little or no cost
n If processing re;uirements are similar it may be wor'able
n Dis5d:5nt5ges;
n )ighly unli'ely the capacity will e(ist
n Se+erely limits responsi+eness and support
Su<scription Ser:ice
n Third party commercial ser+ices pro+ide alternate bac'up and processing facilities
n Most common of the implementations!
n Three -asic *orms:
n )ot Site
n 4arm Site
n Cold Site
,ot Site
n Re;uires:
IJ
n *ully configured facility with electrical power$ )eating %entilation and 7ir Conditioning 9)%7C:
n *ile and print ser+ers and wor'stations
n 7pplications are installed on the ser+ers
n 4or'stations are 'ept up to date
n 7llows wal' in with a data restoration and begin full operations in short time
n Remote 8ournaling 6 mirroring transaction processing o+er high>speed connections may eliminate bac'
up time!
n Ad:5nt5ges;
n 0CDI a+ailability
n &(clusi+ity of use
n Immediately a+ailable
n Supports short and long term outages
n Dis5d:5nt5ges;
n Most e(pensi+e
n Re;uires constant maintenance of hardware$ software$ data and applications
n 7dds administrati+e o+erhead and can be a strain on resources
n Ser+ice pro+ider may o+ersell processing capabilities
n Security of hot site$ primary site security must be duplicated
)5rm Site
Cross between hot and cold sites
n *acility with electrical power$ )eating %entilation and 7ir Conditioning 9)%7C:
n *ile and print ser+ers may not ha+e wor'stations$ software may not be installed
n &(ternal communications should be installed
n Ad:5nt5ges;
n Cost 6 much less than hot
n ocation 6 since less control re;uired sites can be more fle(ible
n Resources 6 resource drain is much lower than hot site
Dis5d:5nt5ges;
n Difference in time re;uired to be up and running
Co9d Site
east ready of all three$ but most common
n *acility with electrical power$ )eating %entilation and 7ir Conditioning 9)%7C:
n Ready for e;uipment but no computer hardware on site!
n Communications lin's may or may not be ready
n =ot considered ade;uate because of length of time for reco+ery
n Ad:5nt5ges;
n Cost
Dis5d:5nt5ges;
n *alse sense of security
"u9tip9e Centers
n Processing spread o+er multiple centers$ creating distributed redundancy! Can be in>house or through
reciprocal agreement!
n Cost is contained$ but same issues as Mutual 7id 7greements 9reciprocal agreement:
Ser:ice 1ure5us
n Contract with ser+ice bureau to pro+ide all alternate bac'up processing!
n 7d+antage 6 ;uic' response
n Disad+antage 6 cost$ resource contention during disaster
IK
Ot6er 59tern5ti:es;
!o99ing mo<i9e <5c8up sites
n %endor pro+ides mobile ser+ices$ mobile homes or flatbed truc's with power and )%7C sufficient for
alternate processing! Considered Cold Site +ariation!
In76ouse or e>tern59 supp9y of 65rdw5re rep95cements
n %endors resupply hardware or internal stoc'piling of critical components!
n Subscription ser+ice with +endor for o+ernight shipping
n May be ," for 4arm site but not )ot site
Pref5<ric5ted 1ui9dings
<se of prefabricated 9mobile homes:! %ery cold site!
Tr5ns5ction !edund5ncy Imp9ement5tions
*ault tolerance and redundancy in Transaction processing
n E9ectronic /5u9ting 6 transfer of bac'up date to off>site location! -atch process through
communication lines
n !emote Fourn59ing 6 parallel processing of transactions at remote site! i+e data is posted as it occurs
n D5t5<5se S65dowing 6 li+e processing of remote 8ournaling but creates more redundancy by
duplicating the database sets
Dis5ster !eco:ery P95n "5inten5nce
n Disaster Reco+ery Plans often get out of date
n Changes in technical infrastructure and company structure
n Plan maintenance must be employed from the outset
n 7udit procedures should report regularly on the plan
n %ersion control on all plan copies
Testing of t6e Dis5ster !eco:ery P95n
n Testing must be conducted in an orderly$ standardi#ed fashion$ e(ecuted on a regular basis
n =o demonstrated reco+ery ability e(ists until it is tested
n Testing +erifies the accuracy of the reco+ery procedures
n Testing prepares and trains personnel to e(ecute during emergency
n Testing +erifies the processing capability of the alternate bac'up site
Cre5ting t6e Test Document
Test document should include:
n Test scenarios
n Reasons for the test
n ,b8ecti+es of the test
n Type of tests
n Testing schedule
n Duration of the test
n Specific test steps
n 4ho will be the participants
n The tas' assignments of the test
n Resources and ser+ices re;uired
n Test must not disrupt normal business functions
n Testing should start with easy areas to build s'ills and confidence
n Purpose is to find wea'nesses$ update and retest
JN
T6e i:e Dis5ster !eco:ery P95n Types
n Chec'list
n Structured wal' through
n Simulation
n Parallel
n *ull>interruption
C6ec89ist
n Preliminary step to real test$ distribute plan for re+iew by business unit managers
Structured )598 T6roug6
n -usiness <nit Managers wal' through the test plan! &ach step is wal'ed through and mar'ed as
performed!
Simu95tion
n 7ll personnel with DR responsibilities will meet and go through a practice session
n &nacts reco+ery procedures but no alternate processing
P5r599e9
n *ull test of reco+ery plan using all personnel! Primary processing does not stop! &nsures processing
will run at alternate site! Most common type of reco+ery plan testing!
u997interruption
n Disaster is replicated to the point of ceasing normal operations! Plan is implemented as if it were a
disaster!
n Scary and can cause its own disaster$ but best way to test completely
Dis5ster !eco:ery Procedures
Primary elements of the disaster reco+ery process
n Reco+ery team
n Sal+age Team
n =ormal ,perations Team
n ,ther Reco+ery Issues
!eco:ery Te5m
n Implement the reco+ery procedures in a disaster
n Get critical functions operating at bac'up site
n Retrie+al of materials from off>site storage$ bac'ups$ wor'stations
n Installs critical systems and applications
S59:5ge Te5m
n Separate from reco+ery team
n Returns the primary site to normal operating conditions
n Safely clean$ repair$ sal+age the primary processing facility
Norm59 Oper5tions Te5m
n Tas' of Reco+ery Team$ or another separate team
n Returning production from the alternate site to the primary site
n Disaster is not o+er until all operations ha+e returned to their normal location and function!
Ot6er !eco:ery Issues
n Interf5cing wit6 e>tern59 groups
n Municipal &mergency Groups$ fire$ police$ ambulances$ &MS!
n &scalation and interaction should be included in the plan
J5
n Emp9oyee !e95tions
n Inherent responsibility to employees and their families
n Salaries must continue
n Insurance must be ade;uate
n r5ud 5nd crime
n *raudsters try to capitali#e on the disaster
n %andalism and looting may occur
n in5nci59 Dis<ursement
n &(pense disbursement
n Signed and authori#ed chec's will be needed
n "edi5 !e95tions
n <nified response
n Credible$ trained$ informed$ spo'esperson
n Company should be accessible
n Control dissemination of information
<nder U=amed PerilsU form of Property Insurance: -urden of proof that particular loss is co+ered is on
Insured
Ma(imum Tolerable Downtime 9MTD:: It is ma(imum delay businesses can tolerate and still remain +iable
System reliability is increased by: 7 higher MT-* and a lower MTTR!
%aluable paper insurance co+erage does not co+er damage to: Money and Securities
7 business continuity plan is an e(ample of which of the followingW : Correcti+e control
<nder U7ll Ris'U form of Property Insurance: -urden of proof that particular loss is not co+ered is on
Insurer
7 contingency plan should address: Residual ris's
-usiness Continuity and Disaster Reco+ery Planning 9Primarily: addresses the: 7+ailability of the CI7
triad
J0
Dom5in 3 $ &5w4 In:estig5tion 5nd Et6ics
Co+ers computer crimes$ preser+ing e+idence and conducting basic in+estigations!
"5ny computer crimes go unreported 6 difficult to estimate!
Two C5tegories;
n Crimes against the computer
n Crimes using a computer
"ost Common Crimes;
n Denial of Ser+ice 9DoS:> hogging system resources to point of degraded ser+ice
n Theft or passwords
n =etwor' Intrusions 6 unauthori#ed penetrations
n &manation &a+esdropping 6 interception of computer terminal images through use of Radio *re;uency
9R*: Signals! <!S! Go+ernment de+eloped Tempest to defeat this by shielding R*!
n Social &ngineering 6 social s'ills to gain information
n Illegal Content of Material > porn
n *raud 6 using computer to perpetuate crimes$ i!e! auctions of non>e(istent merchandise
n Software Piracy 6 illegal copying
n Dumpster Di+ing 6 paper trails
n Malicious Code 6 +iruses and Tro8an )orses
n Spoofing of IP 7ddresses 6 inserting false IP to disguise original location
n Information 4arfare 6 attac'ing infrastructure of a =ation$ including military and power grid
n &spionage
n Destruction or alteration of information
n <se of readily a+ailable 7ttac' Scripts 6 Script "iddies$ uns'illed users
n Mas;uerading 6 pretending to be someone else
n &mbe##lement 6 Illegally ac;uiring funds
n Data>Diddling 6 modification of data
n Terrorism
&(amples of Crime 6
n DDoS of Zahoo$ 7ma#on and SD=et in *eb! 0NNN
n o+e etter 4orm in May of 0NNN
n "aiser 6 transmissions of personal client information to unintended recipients in 7ug! 0NNN
n Penetration of Microsoft$ access to source code in ,ct! 0NNN
n Mitni'Rs attac's against telephone companies 5KJK$ bro'e into Tsutomo Shimomurs Corp in 5KKE and
was arrested
n 4isconsin medical records in 5KJ0
n Morris internet worm DDoS Cornell Student in 5KJJ
n Germans wor'ing for the "G- accessed <S Classified Systems 6 The Cuc'ooGs &gg
aws ha+e been passed in many countries! International boundaries cause issues! -eing addressed by
<nited =ations$ Interpol$ &uropean <nion and the GJ!
Tec6no9ogy outp5ces &5w
n aw enforcement relies on traditional laws against embe##lement$ fraud$ Denial of Ser+ice$
wiretapping and digital currency to prosecute!
"5ny types of 9eg59 systems in t6e wor9d
Common &5w 6 <nited States$ <nited "ingdom$ 7ustralia and Canada
n Is95mic &5w
n !e9igious &5w
n Ci:i9 &5w 6 *rance$ Germany$ .uebec
J1
Common &5w $ United St5tes
Three -ranches of Go+ernment
egislati+e 6 ma'es the statutory laws
7dministrati+e 6 administrati+e laws
3udicial 6 common laws found in court decisions
Compi95tion of St5tutory &5w
7rranged in order of enactment or as statutory codes
In the <!S! held in Statutes at arge in the <nited States Code 9<!S!C!:
<sually ;uoted ?5J <!S!C ^ 5NN5 95KK0:@
n The Code Title =umber
n 7bbre+iation of the Code 9<!S!C!:
n Statutory section
n Date of the edition
Tit9e #0 of t6e #33% Edition of t6e U.S.C. > contains Crimes and Criminal Procedures! Many computer
crimes are prosecuted under this title!
US Computer r5ud 5nd A<use Act 6 addresses fraud using go+ernment computers can be found at 5J
<!S!C! ^ 5N1N 95KJF:
Ot6er Tit9es Are;
Title 50 6 -an's and -an'ing
Title 5E 6 Commerce and Trade
Title 0F 6 Internal Re+enue Code
Title CK > Transportation
Compi95tion of Administr5ti:e &5w
Chronologically listed in administrati+e registers or by sub8ect matter in administrati+e codes! *ederal
Register 9*ed! Reg!: and Code of the *ederal Register 9C!*!R!:
Referenced ?50 C!*!R! ^ 5NN!C 95KK0:
n The Title =umber *ederal Register 9C!*!R!:
n 7bbre+iation of the Code 9C!*!R!:
n Section number
n Zear of publication
Compi95tion of Common &5w 7 common law from court decisions
n Common law is compiled as Case Reporters in chronological order and Case Digests by Sub8ect matter
Common &5w System C5tegories $ not to <e confused wit6 common 95w from court decisions
n Crimin59 &5w 6 %iolates go+ernment laws for the protection of the people! *inancial penalties and
imprisonment
n Ci:i9 &5w 6 wrong inflicted upon an indi+idual or organi#ation results in damage or loss$ no prison
n Administr5ti:e &5w 6 standards of performance and conduct$ financial penalties and imprisonment
Inte99ectu59 Property &5w
n P5tent 6 Pro+ides owner legally enforceable right to e(clude others for specified time 9<!S! 5I years:
n Copyrig6t 6 Protects original wor's of authorship$ can be used for software and databases
n Tr5de Secret 6 Secures confidentiality of proprietary technical and business related information
n Company must meet re;uirements:
n In+ested resources to de+elop the information
n %aluable to the business
n %aluable to competitor
n =on>ob+ious information
JC
n Tr5dem5r8 6 establishes word$ name$ symbol$ color or sounds used to identify and distinguish goods
Inform5tion Pri:5cy &5ws
n Intent +aries widely from country to country
n Europe5n Union > has de+eloped more protecti+e laws for indi+idual pri+acy
n Transfer of data from &< to <S is prohibited unless e;ui+alent protections are in place
EU Princip9es Inc9ude;
n Data collected in accordance with law
n Information cannot be disclosed without consent
n Records should be accurate and up to date
n Data should be used for the purpose it was collected
n Indi+iduals entitled to report of information 'ept about them
n Transfer of data is prohibited unless e;ui+alent protections are in place
,e59t6 C5re Issues;
n 7ccess controls do not pro+ide sufficient granularity to implement least pri+ilege rule
n Most off the shelf systems do not ha+e ade;uate controls
n Systems must be accessible to outside parties
n 7ccess to Internet creates potential problems
n Criminal and ci+il penalties can be imposed
n Public perception of large organi#ations misusing data
,e59t6 C5re S6ou9d fo99ow; 9based on &!<! principles:
n Indi+idual should ha+e ability to monitor stored information about themsel+es$ ability to correct
information
n Data should be used for the purpose it was collected
n ,rgani#ation should pro+ide safeguards to ensure data is used for the purpose it was collected
n &(istence of pri+ate information should not be 'ept secret
,IPAA $
<!S! "ennedy>"assenbaum )ealth Insurance portability and 7ccountability 7ct! )IP77 effecti+e 7ugust
05$ 5KKF!
7ddresses )ealth Care pri+acy in the <!S!
Still in draft form$ re;uired to be implemented soon!
Addresses;
n The rights of the indi+idual has o+er information about them
n Procedures for the e(ecution of such rights
n The uses and disclosures that should be authori#ed
Entity must 65:e in p95ce;
n St5nd5rd S5fe Gu5rds > must ha+e appropriate administrati+e$ technical and physical safeguards
n Imp9ement5tion of St5nd5rd S5fe Gu5rds > 7 co+ered entity must protect health care information
from intentional or unintentional disclosure
E9ectronic "onitoring
"eystro'e monitoring$ e>mail monitoring$ sur+eillance cameras$ badges and magnetic card 'eys all allow
monitoring of indi+iduals!
*ey to monitoring; Must be done in a lawful manner in a consistent fashion
E7m5i9 monitoring;
n Inform users that all e>mail is being monitored by displaying log>on banner
n -anner should state: logging on to system consents user to being monitored! <nauthori#ed access
is prohibited! Sub8ect to prosecution!
n &nsure monitoring is uniformly applied
JE
n &(plain acceptable use
n &(plain who can read e>mail and how long it is bac'ed up
n =o guarantee of pri+acy
Enticement :s. Entr5pment
n &nticement occurs after indi+idual has gained unlawful access to a system$ then lured to an attracti+e
area ?honey pot@ in order to pro+ide time to identify the indi+idual
n &ntrapment encourages the commitment of a crime that the indi+idual had no intention of committing
Computer Security4 Pri:5cy 5nd Crime &5ws;
n #3'2 $ US 5ir Credit !eporting Act 6 consumer reporting agencies
n #3'2 7 US !5c8eteer Inf9uenced 5nd Corrupt Org5niA5tion Ace 6 rac'eteers influencing business
n #3'( $ US Code of 5ir Inform5tion Pr5ctices 6 personal record 'eeping
n #3'+ $ US Pri:5cy Act 6 applies to federal agencies
n #302 Org5niA5tion for Economic Cooper5tion 5nd De:e9opment ?OECD@ $ data collection
limitations
n #30+ $ US "edic59 Computer Crime Act 6 illegal alteration of computeri#ed medical records
n #30+ $ ?Strengt6ened in #30. 5nd #33+@ $ irst US eder59 Computer Crime &5w 6 classified
defense$ felony for classified information
n #30. ?Amended #33.@ $ US Computer r5ud 5nd A<use Act 6 clarified 5KJC law$ 7dded three laws:
n use of federal interest computer to further intended fraud
n altering or destroying information on federal interest computer that causes Q5$NNN in loss or
medical treatment
n Traffic'ing in computer passwords if it affects commerce or allows access to go+ernment
computers
n #30. E9ectronic Communic5tions Pri:5cy Act 6 prohibits ea+esdropping
n #30' $ Computer Security Act 6 re;uires federal go+ernment to:
n Pro+ide security>related training
n Identify sensiti+e systems
n De+elop security plan for sensiti+e systems
n De+eloped Sensiti+e -ut <nclassified 9S-<: designation
n Split responsibility between =ational Institute of Standards and Technology 9=IST: and =ational
Security 7gency 9=S7:
n =IST 6 commercial and S-<
n =S7 6 cryptography and classified go+ernment and military applications
n #332 United *ingdom "isuse Act 6 defines computer related crimes
n #33# US eder59 Sentencing Guide9ines 6
n <nauthori#ed possession without the intent to profit is a crime
n 7ddress both indi+iduals and organi#ations
n Degree of punishment corresponds to le+el of due diligence
n In+o'e ?prudent man@ rule due care of Senior ,fficials 6 Ci+il aw
n Place responsibility on Senior Management for pre+ention and detection programs up to Q0KN
Million > Ci+il aw
n #33% OECD $ Guide9ines to ser:e 5s Tot59 Security r5mewor8 6 laws$ policies$ procedures$
training
n #33+ $ US Communic5tions Assist5nce for &5w Enforcement Act 6 re;uires communications
carriers to ma'e wiretaps possible
n #33+ 7 Computer A<use Amendments Act $
n Changed federal interest computer to a computer used in interstate commerce or communications
n Co+ers +iruses and worms
n Includes intentional damage as well as rec'less disregard
n imited imprisonment for unintentional damage to one year
n Pro+ides ci+il action for compensatory damages
JF
n #33- Counci9 Directi:e &5w on D5t5 Protection for t6e Europe5n Union 6 declares &< is similar to
,&CD
n #33. $ US Economic 5nd Protection of Propriet5ry Inform5tion Act $ industrial and corporate
espionage
n #33. U.S. *ennedy7*5ssen<5um ,e59t6 Insur5nce port5<i9ity 5nd Account5<i9ity Act. ,IPAA
n #33. N5tion59 Inform5tion Infr5structure Protection Act 6 amended the computer fraud and abuse
act patterned after the ,&CD!
n GAASSP 6 Generally 7ccepted Systems Security Principles 9=ot laws but accepted principles of the
,&CD:
n Computer security supports the business mission
n Computer security is integral to sound management
n Computer security should be cost effecti+e
n System ,wners ha+e responsibility outside of their organi#ation
n Computer security re;uires a comprehensi+e integrated approach
n Computer security should be periodically reassessed
n Computer security is constrained by societal factors
Pending &5ws
n <niform &lectronic Transactions 7ct 6 applies the *ederal &lectronic Signatures act to the state le+el
n <niform Computer Information Transactions 7ct 6 licensing terms on shrin' wrapped software
Gr5mm7&e5c6719i9ey
Gramm>each>-liley 9P 5NF>5N0: was signed into law on 50 =o+ember 5KKK! Title % of the law deals
with Pri+acy! Title % Section EN5 establishes policy for the protection of nonpublic personal information!
Section EN5 states$ ?It is the policy of the Congress that each financial institution has an affirmati+e and
continuing obligation to respect the pri+acy of its customers and to protect the security and confidentiality
of those customersR nonpublic personal information!@
The law further states$ financial regulatory agenciesDauthorities will ?establish appropriate standards for the
financial institutions sub8ect to their 8urisdiction relating to administrati+e$ technical$ and physical
safeguards:
95: to insure 9sic: the security and confidentiality of customer records and information\
90: to protect against any anticipated threats or ha#ards to the security or integrity of such records\ and
91: to protect against unauthori#ed access to or use of such records or information which could result in
substantial harm or incon+enience to any customer!@
In:estig5tion
7lso 'nown as computer forensics 6 collecting information from and about computer systems that is
admissible in a court of law!
Computer orensic Issues
n Compressed timeframe for in+estigation
n Information is intangible
n In+estigation may interfere with normal business operations
n May find difficulty in gathering e+idence
n Co>mingling of li+e production data and e+idence
n &(perts are re;uired
n ocations may be geographically in different 8urisdictions
n Differences in law and attitude
n "5ny Durisdictions 65:e e>p5nded definitions of property to inc9ude e9ectronic inform5tion
E:idence
n Gathering$ control and preser+ation are critical
n Sub8ect to easy modification without a trace$ must be carefully handled though its life cycle!
JI
n Chain of Command > must be followed
n C65in of Comm5nd components;
n ocation of e+idence
n Time e+idence obtained
n Identification of indi+idual who disco+ered e+idence
n Identification of indi+idual who obtained e+idence
n Identification of indi+idual who controlledDmaintained possession of e+idence
E:idence &ife Cyc9e
n Disco+ery and recognition
n Protection
n Recording
n Collection
n Collect all rele+ant storage media
n Ma'e image of hard dis' before remo+ing power
n Print out screen
n 7+oid degaussing e;uipment
n Identification 9tagging and mar'ing:
n Preser+ation
n Protect from magnetic erasure
n Store in proper en+ironment
n Transportation
n Presentation in court
n Return to e+idence owner
E:idence Admissi<i9ity
n &+idence must meet stringent re;uirements!
n Must be re9e:5nt4 9eg599y permissi<9e4 re9i5<9e4 proper9y identified 5nd preser:ed
n !e9e:5nt 6 must be related to the crime$ shows crime has been committed
n &eg599y Permissi<9e 6 obtained in lawful manner
n !e9i5<9e 6 not been tampered or modified
n Proper9y Identified 6 identified without changing or damaging e+idence
n Preser:5tion 6 not sub8ect to damage or destruction
n Ma'e bac'ups$ write protect$ ta'e digital signatures of files or dis' sectors
Types of E:idence
n -est &+idence 6 ,riginal or primary e+idence rather than a copy
n Secondary e+idence 6 a copy of e+idence$ or description of contents
n Direct &+idence 6 pro+es or dispro+es a specific act based on witness testimony using fi+e senses
n Conclusi+e &+idence 6 incontro+ertible$ o+errides all e+idence
n ,pinions Two Types:
n &(pert 6 may offer opinion based on e(pertise and facts
n =one(pert 6 may testify only to the facts
n Circumstantial 6 inference on other information
n )earsay 6 not based on first hand 'nowledge$ not admissible in court$ often computer generated reports
fall under this rule!
n &(ceptions to )earsay Rule:
n Made during the regular conduct of business with witnesses
n Made by a person with 'nowledge of records
n Made by person with 'nowledge
n Made at or near time of occurrence of act
n In the custody of the witness on regular basis
JJ
Se5rc6ing 5nd SeiAing Computers
<!S! D!,!3! Computer Crime and Intellectual Property Sections 9CCIPS: has issued the publication
?Searching and Sei#ing Computers and ,btaining &+idence in Criminal In+estigations@!
Sites the following <S Codes:
n 5J <!S!C! ^ 50E5N > Definitions
n 5J <!S!C! ^ 50E5 6 interception and disclosure of wire$ oral or electronic communications
n 5J <!S!C! ^ 0IN5 6 unlawful access to stored communications
n 5J <!S!C! ^ 0IN0 6 disclosure of contents
n 5J <!S!C! ^ 0IN1 6 re;uirements for go+ernmental access
n 5J <!S!C! ^ 0INE 6 delayed notice
n 5J <!S!C! ^ 0I55 6 definitions
n 5J <!S!C! ^ 0NNNaa 6 searches and sei#ures by go+ernment officers and employees in connection with
the in+estigation of a crime
E>port Issues wit6 Tec6no9ogy
n In 3uly of 0NNN <!S! rela(ed its encryption e(port policy to certain countries!
n 7merican companies can e(port encryption to any end user!
n &liminated third day of waiting period when e(porting
Conducting t6e In:estig5tion
n Corporate in+estigation should include Management$ corporate security$ )uman Resources$ legal
department and other appropriate staff!
n May prompt retaliatory acts from the in+estigate$ important to plan ahead
n Committee should be set up before hand to address the following issues:
n &stablishing liaison with law enforcement
n Deciding when and if to bring in law enforcement 9*-I and Secret Ser+ice:
n Setting up means of reporting computer crimes
n &stablishing procedures for handling reports of computer crimes
n Planning and conducting in+estigations
n In+ol+ing senior management and corporate security$ )uman Resources$ the legal dept!
n &nsuring proper collection of e+idence
n <!S! *ederal Re;uirements re;uires crimes to be reported!
n <!S! go+ernment must obtain warrant to search for e+idence under the C
th
amendment! Must be
probable cause!
n Pri+ate indi+iduals c5n conduct a search without a warrant!
n E>igent Circumst5nces Doctrine 6 9Probable Cause: then do not need a warrant!
Good sources of e:idence inc9ude;
n Telephone records
n %ideo cameras
n 7udit trails
n System logs
n System bac'ups
n 4itnesses
n Results of sur+eillance
n &>mails
"O"
n Moti+e
n ,pportunity
n Means
Inter:iew;
JK
n If inter+iewing do not gi+e information away to suspect
n .uestions should be scripted
n DonGt use original documents in the inter+iew
&i5<i9ity
#33# US eder59 Sentencing Guide9ines
n <nauthori#ed possession without the intent to profit is a crime
n 7ddress both indi+iduals and organi#ations
n Degree of punishment corresponds to le+el of due diligence
n In+o'e ?prudent man@ rule due care of Senior ,fficials 6 Ci+il aw
n Place responsibility on Senior Management for pre+ention and detection programs up to Q0KN Million
Due C5re !e=uirements;
n Means to pre+ent computer resources from being used as a source of attac' on another organi#ation
n Relates to pro(imate causation 6 part of a chain that results in negati+e conse;uence
n -ac'ups
n Scans for malicious code
n -usiness Continuity and Disaster Reco+ery
n ocal and remote access control
n &limination of unauthori#ed insecure modems
n Security polices and procedures
n &nsuing Confidentiality$ Integrity and 7+ailability
n 7ssessing responsibilities to third parties
n &stablished incident response capability
Downstre5m 9i5<i9ities; 4hen companies come together to wor' in an integrated manner$ special care
must be ta'en to ensure that each party promises to pro+ide the necessary le+el of protection$ liability and
responsibility needed which should be clearly defined in the contracts that each party signs!
Due C5re; Steps that are ta'en to show that a company has ta'en responsibility for the acti+ities that ta'e
place within the corporation and ha+e ta'en the necessary steps to help protect the company$ its resources
and employees!
Due Di9igence: Continual acti+ities that ma'e sure the protection mechanisms are continually maintained
and operational!
Prudent m5n ru9e; To perform duties that prudent people would e(ercise in similar circumstances!
Criteri5 for e:59u5ting 9eg59 re=uirements;
C 6 cost of implementing the control
6 estimated loss from e(ploitation
If 6 C _ $ then a legal liability e(ists!
Incident ,5nd9ing s6ou9d 5ddress;
n 4hat constitutes an incident
n )ow should an incident be reported
n To who should an incident be reported
n 4hen should management be informed of an incident
n 4hat action should be ta'en if an incident occurs
n 4ho should handle the response to the incident
n )ow much damage was caused by the incident
n 4hat data was damaged by the incident
n 7re reco+ery procedures re;uired
n 4hat type of follow up or re+iew is re;uired
KN
n Should additional safeguards be implemented
&stablish a CIRT 6 Computer Incident Response Team
Et6ics
Certified professionals are morally and legally held to a higher standard!
Should be included in organi#ational computing policy
ISC% Code of Et6ics;
CISSPs Shall:
5! Conduct themsel+es with highest standards of ethical$ moral and legal beha+ior
0! =ot commit any unlawful or unethical act that may impact the reputation of the profession
1! 7ppropriately report unlawful beha+ior
C! Support efforts to promote prudent information security measures
E! Pro+ide competent ser+ice to their employers and clients\ a+oid conflicts of interest
F! &(ecute responsibilities with highest standards
I! =ot misuse information in which they come into contact with during their duties
T6e Computer Et6ics Institute Top Ten: 94hat is this cr5p doing in hereW:
5! =ot use a computer to harm others
0! Interfere with otherGs computer wor'
1! Snoop around other files
C! <se a computer to steal
E! <se a computer to bear false witness
F! =ot copy or use proprietary software
I! =ot use others computer without permission
J! =ot appropriate others intellectual output
K! Thin' about social conse;uences of the programs you write
5N! &nsure considerations and respect for others
Internet Acti:ities 1o5rd ?IA1@
?Internet 7cti+ity Should be treated as a pri+ilege@
<nacceptable actions:
n See's to gain unauthori#ed access to resources of the Internet
n Disrupts intended use of the internet
n 4astes resources
n Compromises pri+acy of others
n In+ol+es negligence in conduct of Internet &(periments
US Dept. Of ,e59t64 Educ5tion 5nd )5rf5re
*air information practices$ indi+idually identifiable information
n =o personal record 'eeping on systems that are secret
n 4ay for person to find out what information is contained and how it is used
n 4ay for person to pre+ent information from being used for other purposes than originally intended
n ,rgani#ations must ensure reliability of data
P6one P6re58ers
n 19ue <o>ing > 7 de+ice that simulates a tone that tric's the telephone companyGs system into thin'ing
the user is authori#ed for long distance ser+ice$ which enables him to ma'e the call!
n !ed <o>es > Simulates the sound of coins being dropped into a payphone!
n 195c8 <o>es > Manipulates the line +oltage to recei+e a toll>free call!
K5
Dom5in #2 $ P6ysic59 Security
T6re5ts4 /u9ner5<i9ities 5nd Counterme5sures
n Goal is to protect resources including$ personnel$ the facility in which they wor'$ data$ e;uipment$
support systems$ and media!
T6re5ts to P6ysic59 Security
!is8s to P6ysic59 Security
n Interruptions in pro+iding computer ser+ices 6 7+ailability
n Physical Damage 6 7+ailability
n <nauthori#ed disclosure of information 6 Confidentiality
n oss of control o+er the system 6 Integrity
n Physical theft 6 Confidentiality$ 7+ailability$ Integrity
T6re5ts to P6ysic59 Security
n &mergencies
n *ire and smo'e
n -uilding collapse
n <tility loss
n 4ater Damage
n To(ic Materials
n =atural Disasters
n &arth .ua'es
n Storm Damage
n )uman Inter+ention
n Sabotage
n %andalism
n 4ar
n Stri'es
n Se:en m5Dor sources of p6ysic59 9oss $ from Kig6ting Computer CrimeL
5! Temperature 6 e(treme +ariations in heat or cold
0! Gases 6 war gases$ commercial +apors$ humidity$ dry air$ fuel +apors
1! i;uids >> water and chemicals
C! ,rganisms 6 +iruses$ bacteria$ people$ animals$ insects
E! Pro8ectiles 6 meteorites$ falling ob8ects$ cars$ truc'$ bullets$ roc'ets
F! Mo+ement 6 collapse$ shearing$ sha'ing$ +ibration$ slides
I! &nergy 7nomalies 6 electric surges$ magnetism$ static electricity$ radio wa+es$ micro wa+es
Contro9s for P6ysic59 Security
Two areas:
n 7dministrati+e
n Physical and Technical
Administr5ti:e Contro9s
n -enefits from the proper administrati+e steps
n &mergency procedures$ personnel control$ proper planning$ policy implementation
5ci9ity !e=uirements P95nning $ need for planning of security early on in construction
C6oosing 5 Secure Site
n %isibility 6 what 'ind of neighbors$ e(ternal mar'ings$ low +isibility is the 'ey
n ocal Considerations 6 near ha#ards$ high crime areas
n =atural Disaster 6 on a fault line$ in a flood plain
K0
n Transportation 6 e(cessi+e air or highway and road traffic
n 3oint Tenancy 6 are en+ironmental controls shared
n &(ternal Ser+ices 6 pro(imity of local emergency ser+ices
Designing 5 Secure Site
n )599s 6 acceptable fire rating$ media rooms should ha+e a high fire rating
n Cei9ings 6 weight bearing and fire rating
n 9oors:
n S95< 6 Physical weight the concrete slab can bear and its fire rating
n !5ised 6 fire rating$ electrical conducti+ity$ non conducting surface material
n )indows 6 not acceptable in the data center$ if so translucent and shatterproof
n Doors 6 must resist forcible entry$ clear emergency e(its$ doors should open in an emergency 9fail>soft:
n Sprin89er System 6 location and type of suppression system
n &i=uid 5nd g5s 9ines 6 shutoff locations$ water drains should be ?positi+e@ carry away from the
building
n Air Conditioning 6 7C should ha+e dedicated power circuits$ ocation of &mergency Power ,ff
9&P,: switch$ should pro+ide outward positi+e air pressure to pre+ent contaminants
n E9ectric59 !e=uirements 6 bac'up alternate power$ dedicated circuits$ access controls o+er panels
5ci9ity Security "5n5gement
7udit Trails and &mergency Procedures
Audit Tr5i9s $ log of e+ents$ systems may ha+e many audit logs each capturing specific information
n 7ccess logs should contain:
n Date and Time 7ccess attempted
n 4hether the attempt was successful or not
n 4here was access granted 9which door:
n 4ho attempted 7ccess
n 4ho modified access pri+ileges at the super+isor le+el
n Some trails can send alerts
n 7udit Trails are detecti+e not pre+entati+e
Emergency Procedures
Clearly documented$ readily accessible and updated periodically
n Should include:
n &mergency Shutdown procedures
n &+acuation procedures
n &mployee training$ awareness and periodic drills
n Periodic System tests
Administr5ti:e Personne9 Contro9s
Implemented commonly by the )R department during hiring and firing
n Pre>employment screening
n &mployment references$ educational history
n -ac'ground chec's$ credit
n ,n going employee chec's
n Security clearances 6 if re;uired
n ,ngoing e+aluations and re+iews
n Post>employment
n &(it inter+iew
n Remo+al of networ' access
n Return of computer in+entory$ laptops
En:ironment59 5nd &ife S5fety
K1
Sustain computer and personnel operating en+ironment
Three focus areas:
n &lectrical power
n *ire detection and suppression
n )eating %entilation and 7ir Conditioning
E9ectric59 power
E9ectric59 Power Termino9ogy Description
*ault Momentary loss of power
-lac'out Complete loss of power
Sag Momentary low +oltage
-rownout Prolonged low +oltage
Spi'e Momentary high +oltage
Surge Prolonged high +oltage
Inrush Initial surge of power
=oise Steady interference
Transient Short duration of line noise
Clean =on>fluctuating power
Ground ,ne wire is grounded
C9e5n ste5dy power supp9y 7 Most common threats are noise$ brown outs$ and humidity
Noise 7 Presence of electrical radiation in the system interferes with distribution of clean power
Se:er59 Types of Noise;
n Most common is &lectromagnetic Interference 9&MI: and Radio *re;uency Interference 9R*I:
n &MI is caused by the generation of radiation due to charge differences between the hot$ neutral and
ground wires!
n Two common types of &lectromagnetic Interference > &MI are:
n Common "ode noise > the generation of radiation due to charge differences between the hot and
ground wires
n Tr5:erse "ode Noise; the generation of radiation due to charge differences between the hot and
neutral wires
n Radio *re;uency Interference 9R*I: is generated by the components of an electrical system$ can
damage e;uipment
Protecti:e me5sures for noise;
n Power ine Conditioning
n Proper Grounding
n Cable shielding
n imiting e(posure to magnets$ fluorescent lights$ motors and space heaters
1rownouts
-rownout is a prolonged drop in supplied usable +oltage\ can do serious damage to sensiti+e e;uipment
n 7merican =ational Standards Institute allows:
n JA drop between building meter and the power source
n 1!EA drop from the meter to the wall
n Surges and spi'es as power comes bac' on line can also cause problems!
n Surge suppressors should protect all e;uipment and critical components re;uire <PS!
,umidity
n The ideal ,perating Range is between CN to FN percent!
KC
n )igh humidity abo+e FNA can cause condensation on parts! 7lso can cause corrosion of components
n Sil+er plating goes to copper circuits impeding the electrical efficiency
n ow humidity less than CNA increase static electricity
n 7 static charge of C$NNN +olts is possible under normal humidity on a hard wood floor
n Charges up to 0N$NNN +olts or more are possible under +ery low humidity with non>static free carpeting
St5tic C65rge /o9ts D5m5ge
CN Sensiti+e circuits
5$NNN Scramble monitor display
5$ENN Dis' dri+e data loss
0$NNN System shutdown
C$NNN Printer 8am
5I$NNN Permanent chip damage
Contro9 to pre:ent St5tic E9ectricity
n 7nti>static sprays where possible
n 7nti static flooring
n Proper grounding
n 7nti>static tables
n )%7C should maintain proper humidity le+els
ire Detection 5nd Suppression
T6ree e9ements to sust5in fire;
n ,(ygen
n )eat > temperature
n *uel
C95ss Description Suppression "edium
7 Common combustibles 4ater or soda acid
- i;uid C,0$ soda acid$ )alon
C &lectrical C,0 or )alon
D Combustible metals Dry powder
n )5ter 6 suppresses temperature re;uired to sustain fire
n Sod5 Acid 6 suppressed the fuel
n CO% 6 Suppresses the o(ygen
n ,59on $ suppresses through chemical reaction that 'ills the fire
ire Detectors
n )eat sensing 6 detects one of two things:
n Temperature reaches specified le+el 9less false positi+es:
n Temperature rises ;uic'ly
n *lame 7ctuated 6 fairly e(pensi+e
n Sense infrared energy of flame or pulsation of the flame
n Smo'e 7ctuated 6 two types
n Photoelectric de+ices triggered by +ariation in light hitting photoelectric cells
n Radioacti+e de+ice goes off when ioni#ation current is created by radioacti+e reaction to smo'e
ire E>tinguis6ing Systems
)et Pipe
n Sprin'ler always contain water
n 7t 5FE ` * > fusible lin' in no##le melts
n Most reliable
KE
n Sub8ect to lea'ing and free#ing
Dry Pipe
n =o water standing in the pipe
n 7ir is blown out and water is released
n Time delay can allow systems to power down
De9uge
n Dry pipe system
n arge %olume of 4ater
n =ot good for computer e;uipment
Pre5ction
n Most recommended for computer room
n Combines wet and dry
n Charges pipe when heat is detected
n Releases water when > fusible lin' in no##le melts
G5s Disc65rge
Pressuri#ed inert gas released through raised floor
n Carbon Dio(ide C,0
n )alon 5055 6 does not re;uire sophisticated pressuri#ation
n )alon 51N5 > re;uires sophisticated pressuri#ation
n *M 60NN is now most common )alon replacement
C5r<on Dio>ide CO%
n Colorless and odorless gas
n Remo+es o(ygen and can be lethal if all o(ygen is remo+ed
n <sed in unmanned facilities
n If used in manned system alarm must allow ade;uate time to e+acuate or cancel
Port5<9e E>tinguis6ers s6ou9d <e 9oc5ted;
n Commonly located e(its
n Clearly mar'ed with their fire types
n Chec'ed regularly
,59on 6 at one time was considered perfect suppression medium
n The two Types
n )alon 5055 6 li;uid streaming agent used in portable e(tinguishers
n )alon 51N5 6 gaseous agent used in fi(ed total flooding
n =ot harmful to e;uipment
n Mi(es thoroughly with air
n Spreads e(tremely fast
n Pro<9ems;
n Can not be breathed safely in concentrations greater than 5NA
n *ires greater than KNN` * it degrades to to(ic chemicals )ydrogen *luoride$ )ydrogen -romide
and -romine
n Must allow ade;uate time to e+acuate or cancel
n ,#one depleting due to use of C*Cs! %ery high o#one depleting potential
n =o new )alon 51N5 installations allowed
n &(isting encouraged to replace
n *ederal law prohibits production of )alon
n )alon 5055 is being replaced
n )alon 51N5 is being ban'ed for future use
KF
Common EPA rep95cements;
n *M>0NN
n C&7>C5N
n =7*>S>III
n *&>51
n 7rgon
n Inergen
n ow Pressure 4ater Mists
Cont5min5tion 5nd D5m5ge
n Smo'e
n 4ater
n )eat
n Suppression Medium
Temper5ture D5m5ge Points
n Computer )ardware > 5IE` *
n Magnetic Storage > 5NN` *
n Paper Products > 1EN` *
,e5ting /enti95tion 5nd Air Conditioning
n Designate who is responsible
n Clear escalation step in case of problems
P6ysic59 Tec6nic59 Contro9s
P6ysic59 site security
n Guards
n Dogs
n *encing
n ighting
n oc's
n CCT%
Gu5rds
n Can ma'e 8udgments and ad8ust to rapidly changing conditions
n Pro+ide deterrent capability
n Response and control
n Reception and escort
n &specially useful in personnel safety issues
n Drawbac's:
n 7+ailability 6 human inter+ention
n Reliability 6 pre>employment screening not foolproof
n Training 6 sub8ect to social engineering$ not always up to date
n Cost 6 e(pensi+e
Dogs
n oyal and reliable
n "een senses
n &specially useful in Perimeter control
n Drawbac's:
n Cost 6 e(pensi+e
n Insurance 6 liability
KI
encing
n Primary means of boundary control
,eig6t Protection
1G to CG 95 meter: Deters casual trespasser
FG to IG 90 meters: Too hard to climb easily
JG with 1 strands of barbed wire 90!C meters: Deters intruders
"5ntr5p H physical access control routed though a set of double doors that may be monitored by a guard
&ig6ting
n ighting types 6 floodlights$ street lights$ and searchlights
n J feet high with 0 foot candle
&oc8s
n Two Types Preset and Programmable
n Preset &oc8s 6 Typical Door oc's$ must remo+e loc' to change 'ey
n Progr5mm5<9e 6 Mechanical or electronic$ dial combination loc'
Cip6er 9oc8 > "eypad$ numbers change randomly
C9osed Circuit Te9e:ision
n %isual sur+eillance
n Record for analysis
n Photographic or &lectronic
n Monitoring > pre+entati+e control
n Recording > detecti+e control
5ci9ity Access Contro9 De:ices
n Security 7ccess Cards
n Two Types:
n Photo image 6 dumb
n Digitally &ncoded 6 smart
P6oto Im5ge C5rds
n Simple ID cards
n Re;uire decision by guards
Digit599y Encoded C5rds
n Contain chips or magnetic stripes
n Card reader ma'es decisions as to access
n Can pro+ide logging of acti+ity
n Multi le+el access groupings
n Smart Card > 7TM Card may re;uire PI=
n Smart Card may be coupled with a to'en
)ire9ess Pro>imity !e5ders
n Does not re;uire physically inserting the card
n Card reader senses the card
n Two Types:
n <ser 7cti+ated 6 transmits 'eystro'e se;uence to a wireless 'eypad reader
n System Sensing 6 senses card
KJ
n Passi+e De+ices 6 card contains no battery$ senses electromagnetic field of reader and
transmits fre;uency using power of reader
n *ield Powered De+ices 6 contain acti+e electronics on the card
n Transponders > -oth card and reader contain acti+e electronics$ transmitter$ battery
n Reader sends signal$ card sends signal bac'
C5rd Types
Type of C5rd Description
Photo ID *acial photograph
,ptical coded aser burned lattice of digital dots
&lectric circuit Printed chip on the card
Magnetic stripe Stripe of magnetic material
Magnetic strip Rows of copper strings
Passi+e electronic &lectrically>tuned circuitry read by R*
7cti+e electronic -adge transmits encoded electronics
1iometric De:ices
n 7re physical access de+ices
Intrusion Detection A95rms
n Identifying attempts to access a building
n Two most common types:
n Photoelectric sensors
n dry contact switches
P6otoe9ectric sensors
n Recei+e beam of light from tight emitter
n Can be +isible light$ white light or infrared
n 7larm sounds if beam is bro'en
n Can be a+oided if seen
n In+isible Infrared is often used
n &mploying substitute light source can fool sensor
Dry Cont5ct Switc6es
n Most common
n Metallic foil tape on windows and doors
n &asy and cheap
"otion Detectors
)5:e P5ttern
n Generate fre;uency wa+e pattern
n Sound alarm if disturbed
n Can be low fre;uency$ ultrasonic$ or microwa+e
C5p5cit5nce
n Monitor electrical field surrounding ob8ect
KK
n Spot protections within a few inches of the ob8ect
n =ot for entire room
n Penetration of field changes capacitance
Audio Detectors
n Passi+e$ no generation of fields
n Simply monitor room for abnormal noise
n )igh number of false positi+es
A95rm Systems
&oc59 A95rm Systems
n Rings an audible signal
n Must be protected from tampering
n 7udible for at least CNN ft
n Re;uires guards to respond locally
Centr59 A95rm Systems
n Pri+ate security firms
n Central station
n ,ffer CCT% monitoring
n Reporting
n Commonly 5N minutes or less tra+el time
Propriet5ry A95rm Systems
n Similar to central
n The company owns monitoring
n i'e local but with features of the central system
Au>i9i5ry St5tion Systems
n 7ny of the pre+ious three may ha+e au(iliary alarms ring at the fire or police station!
n =eed permission from local authorities
Ot6er !e=uirements;
&ine Super:ision
n ine is monitored to pre+ent tampering to sub+ert the alarm system!
Power Supp9ies
n 7larms should ha+e bac'up power for a minimum of 0C hours
Computer In:entory Contro9
n Control of e;uipment from theft
n PC Control and laptop control
PC Contro9
n Cable loc's 6 anchor the PC to the des'
n Port Controls 6 secure data ports 9i!e! floppy dri+e: or serial or data ports and pre+ent their use
n Switch Controls 6 co+er for onDoff switch which pre+ent user from switching off file ser+ers
n Peripheral switch controls 6 loc'able switches pre+ent 'eyboard from being used
n &lectronic Security -oards 6 inserted into a PC slot re;uire password to boot$ also included in -I,S
&5ptop Contro9
n &ncrypt the dri+e
"edi5 Stor5ge
5NN
n Proper disposal
!e=uire stor5ge4 destruction or reuse;
n Data bac'ups
n CDs
n Dis'ettes
n )ard Dri+es
n Paper printout
Common Stor5ge 5re5s;
n ,n>Site 6 areas within the facility
n ,ff>site 6 areas outside the facility$ data bac'up ser+ice
n &(amine +endor security
D5t5 Destruction 5nd !euse
n Must reformat se:en times according to TCS&C ,range -oo' standards
n Shredders should crosscut
n Military will burn reports
O<Dect !euse
n Clearing 6 o+erwriting data media to be reused in same en+ironment
n Purging 6 degaussing or o+erwriting to be used in another en+ironment
n Destruction 6 completely destroying
Common Pro<9ems
n &rasing 8ust deletes file header not data
n Damaged sectors may not be o+er written
n Rewriting may not write o+er all data areas$ 9slac' space:
n Degauser e;uipment failure
n Inade;uate number of formats
5N5