Download cissp笔记

文档下载 免费文档下载
http://doc.xuehai.net/
CISSP 笔记
本文档下载自文档下载网，内容可能不完整，您可以复制以下网址继续阅读或下载：
http://doc.xuehai.net/bff69c6183e6980b054e00dcd.html
CISSP
CI SSPCertified I nformation System Security ProfessionalOp basis van de boeken:
CISSP Certification, Training Guide, Roberta Bragg The CISSP Prep Guide, Ronald L.
Krutz & Russel Dean Vines Samenvatting door Jos Engelhart MSc CISSPBezoek ook onze
website http://www.enacom.nl.
Table of Contents1 1.1 1.2 1.3ACCESS CONTROL SYSTEMS AND METHODOLOGY11.4 1.51.61.7
1.81.91.10AUTHENTICATION
CONTROL
AND
ACCESS
..............................................................1
ACCOUNTABILITY .................................................................
.........................1
ACCESS
CONTROL
TECHNIQUES .....................................................................
....1
DAC
Discretionary
Access
Control
..............................................................1
Access
MAC
Mandatory
Control
.................................................................1
Lattice-Based
Access
Control...................................................http://doc.xuehai.net/
bff69c6183e6980b054e00dcd.html....................1
Rule-Based
Access
Control.........................................................................
.2
Role-based
access
control.........................................................................
文档下载 免费文档下载
http://doc.xuehai.net/
..2
Access
Control
Lists ..........................................................................
.........2
ACCESS
CONTROL
ADMINISTRATION .................................................................
..2
Account
administration .................................................................
..............2
STRATEGIES
ACCESS
CONTROL
MODELS
/
.............................................................3
Bell-LaPadula ..................................................................
..........................3
Biba ...........................................................................
..............................3
Liptner
s
Lattice.........................................................................
......http://doc.xuehai.net/bff69c6183e6980b054e00dcd.html..........4
Non-inference
Models..........................................................................
.......4
IDENTIFICATION
AND
AUTHENTICATION
TECHNIQUES................................................4
Passwords ......................................................................
..........................4
One-Time
Passwords.......................................................................
...........4
Challenge
Response .......................................................................
............4
Biometrics .....................................................................
...........................4
Tickets ........................................................................
.............................4
Single
Sign-On ........................................................................
..................5
ACCESS
CONTROL
文档下载 免费文档下载
http://doc.xuehai.net/
METHODOLOGIES...................................................................
.5
http://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlCentralized/Remote
Authentication
Access
Controls
.......................................5
Decentralized
Access
Control.......................................................................5
METHODS
OF
ATTACK .........................................................................
............5
Brute
force ..........................................................................
.....................5
Denial
of
service.........................................................................
...............5
Spoofing........................................................................
...........................6
Sniffing .......................................................................
.............................6
MONITORING .....................................................................
..........................6
Intrusion
detection ......................................................................
..............6
Ihttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlntrusion
prevention .....................................................................
.............6
How
intrusion
detection
works.....................................................................6
PENETRATION
TESTING ........................................................................
...........7
Penetration
Testing
versus
Security
Assessments
..........................................7
Ethical
Issues .........................................................................
...................7
Performing
a
Penetration
Test .....................................................................72 2.1
文档下载 免费文档下载
http://doc.xuehai.net/
2.2TELECOMMUNICATIONS AND NETWORK SECURITY12.32.4THE OPEN SYSTEMS INTERCONNECTION
MODEL
......................................................1
THE
OSI
LAYERS .........................................................................
.................1
Layer
7
-
Application
Layer .........................................http://doc.xuehai.net/bff69c6183e
6980b054e00dcd.html................................1
layer
Layer
6
-
Presentation
........................................................................2
Layer
5
-
Session
Layer ..........................................................................
....2
Layer
4
-
Transport
Layer ..........................................................................
.2
Layer
3
-
Network
Layer ..........................................................................
...2
Layer
2
-
Data
Link
Layer ..........................................................................
.3
Layer
1
-
Physical
Layer ..........................................................................
...3
NETWORK
TOPOLOGIES
CHARACTERISTICS
AND
......................................................3
Coax ...........................................................................
.............................3
UTP.............................................................................
........http://doc.xuehai.net/bff69c6183e6980b054e00dcd.html....................
.4
Fiber
Optic ..........................................................................
......................4
Multi-Mode
Fiber...........................................................................
.............5
Single-Mode
Fiber...........................................................................
...........5
Dense
Wave
Division
文档下载 免费文档下载
http://doc.xuehai.net/
Multiplexing
................................................................5
Wireless .......................................................................
............................5
NETWORK
TOPOLOGIES .....................................................................
..............5
Linear
Bus
Topology........................................................................
...........5
Star
Topology .......................................................................
....................6
Ring
Topology ..................................................................http:
//doc.xuehai.net/bff69c6183e6980b054e00dcd.html.........................6
Tree
Topology .......................................................................
....................6
Mesh
Topology .......................................................................
...................6
LAN
and
WAN
Technologies....................................................................
.....6CISSPi
Table
of
Contents
Ethernet .......................................................................
............................6
Token-Ring
and
FDDI ...........................................................................
......6
ARCnet
Attached
Resource
Network............................................7
Computer
LAN
DEVICES ........................................................................
......................7
Hubs
and
Repeaters ......................................................................
.............7
Switches
and
bridges ...................................http://doc.xuehai.net/bff69c6183e6980
b054e00dcd.html..............................................7
文档下载 免费文档下载
http://doc.xuehai.net/
VLANs ..........................................................................
............................7
Routers ........................................................................
............................8
Firewalls ......................................................................
.............................8
Gateways
and
Proxies ........................................................................
......10
WAN
TECHNOLOGIES ...................................................................
................10
WAN
Connections ....................................................................
................10
WAN
Services........................................................................
..................10
WAN
Devices ........................................................................
..................12
PROVIDING
REMOTE
ACCESS
CAPABILITIES ..............http://doc.xuehai.net/bff69c6183e6980b054e00dcd.html.
..........................................12
Access
tunneling
method
Dial-In
Remote
...........................................................12
Using
as
Client-Based
a
.........................................................12
security
Virtual
Private
Networks .......................................................................
....12
Remote
access
Authentication .................................................................
..13
NETWORKING
PROTOCOLS ......................................................................
.......13
Application
Layer
Protocols ......................................................................
.13
Transport
Layer
文档下载 免费文档下载
http://doc.xuehai.net/
Protocols ......................................................................
...14
Internet
Layer
Protocols ......................................................................
.....14 PROTECTING THE INTEGRITY, AVAILABILITY AND CONFIDENTIALITY OF NETWORK
DATA
.....14
The
CIA-triad .http://doc.xuehai.net/bff69c6183e6980b054e00dcd.html.................
........................................................................14
Security
Boundaries
and
Translating
Controls.....................15
Security
Policy
Trusted
to
Network
Interpretation .................................................................
15
Network
Layer
Security
Protocols...............................................................15
Transport
Layer
Security
Protocols.............................................................16
Application
Layer
Security
Protocols ...........................................................16 Network
Monitoring
and
Packet
Sniffers......................................................16
Intrusion
Detection ......................................................................
............16
Intrusion
Response .......................................................................
...........17
Network
Address
Translation............................................http://doc.xuehai.net/bff
69c6183e6980b054e00dcd.html.........................17
Addresses
Public
and
Private
IP
.................................................................18
Transparency ...................................................................
.......................18
Hash
Totals..........................................................................
...................18
Email
Security .......................................................................
文档下载 免费文档下载
http://doc.xuehai.net/
..................18
Security
Facsimile
and
Printer
...................................................................18
Common
Attacks
Countermeasures
and
.....................................................18
TOLERANCE
AND
RESTORATION
FAULT
DATA
........................................................19
ADDENDUM .......................................................................
........................202.52.62.72.82.92.10 2.113 3.1SECURITY MANAGEMENT AND
PRACTICES13.2
3.33.4
3.5
3.6
3.http://doc.xuehai.net/bff69c6183e6980b054e00dcd.html7 3.8 3.9DEFINING SECURITY
PRINCIPLES .....................................................................
...1
CIA:
Information
Principles
Security
s
Fundamental
.......................................1
Privacy ........................................................................
.............................1
Identification
and
Authentication .................................................................
1
Nonrepudiation..................................................................
........................2
Accountability
and
Auditing .......................................................................
..2
SECURITY
MANAGEMENT
PLANNING.....................................................................2
RISK
ANALYSIS
MANAGEMENT
AND
.....................................................................2
Risk
analysis .......................................................................
......................3
thttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlhreats
Identifying
and
Vulnerabilities ..........................................................3 Asset
Valuation ......................................................................
文档下载 免费文档下载
http://doc.xuehai.net/
...................3
Qualitative
Risk
Analysis........................................................................
.....4
Countermeasure
Evaluation
Selection
and
....................................................4
POLICIES,
STANDARDS, GUIDELINES AND PROCEDURES ............................................5
ROLES
AND
RESPONSIBILITIES ...............................................................
...........5
UNDERSTANDING
PROTECTION
MECHANISMS .........................................................6 CLASSIFYING
DATA ...........................................................................
.............6
PRACTICES
EMPLOYMENT
POLICIES
AND
...............................................................7
MANAGING
CHANGE
CONTROL ...................................http://doc.xuehai.net/bff69c6183e6980
b054e00dcd.html........................................74
SYSTEM
DEVELOPMENT
ISSUES
SECURITY1SOFTWARE
4.1APPLICATIONS
APPLICATIONS
AND
AND
................................................................1
Centralized,
decentralized
and
distributed
systems ........................................1CISSPii
Table
of
Contents
Malicious
software
(malware) ......................................................................
1
Databases ......................................................................
..........................2
Data
warehouses .....................................................................
..................2
Systems
Storage
and
Storage
.....................................................................2
Knowledge-Based
Systems ........................................................................
文档下载 免费文档下载
http://doc.xuehai.net/
.3
Web
Computing
Services
and
Other
Examples
of
Edge
...................................3
ATTACKING
SOFTWAhttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlRE ...................
................................................................3
UNDERSTANDING
MALICIOUS
CODE
....................................................................4
IMPLEMENTING
CONTROLS
SYSTEM
DEVELOPMENT
...................................................4
USING
CODING
PRACTICES THAT REDUCE SYSTEM VULNERABILITY ...............................54.2 4.3
4.4
4.55
5.1
5.2CRYPTOGRAPHY15.3
5.4USES
OF
CRYPTOGRAPHY ...................................................................
..............1
CRYPTOGRAPHIC
CONCEPTS,
METHODOLOGIES
PRACTICES
...................................1
AND
Symmetric
Algorithms .....................................................................
...........1
Asymmetric
Algorithms .....................................................................
.........1
Safety
mechanisms......................................................................
..............1
PKI
AND
KEY
MANAGEMENThttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.html .................
............................................................2
METHODS
OF
ATTACK .........................................................................
............26 6.1 6.2 6.3 6.4SECURITY ARCHITECTURE AND MODELS26.56.6REQUIREMENTS
FOR SECURITY ARCHITECTURE AND MODELS .......................................2
SECURITY
MODELS .........................................................................
...............2
Clark-Wilson
Model ..........................................................................
..........2
Access
Control
Lists ..........................................................................
文档下载 免费文档下载
http://doc.xuehai.net/
.........2
SECURITY
SYSTEM
ARCHITECTURE ...................................................................
...2
Security
Principles .....................................................................
................2
Security
Modes..................................................................http://do
c.xuehai.net/bff69c6183e6980b054e00dcd.html........................3 INFORMATION
SYSTEM
STANDARDS
SECURITY
........................................................3
TCSEC
The
Orange Book and the Rainbow Series ........................................4 ITSEC
Information Technology Security Evaluation Criteria ..........................4
Common
Criteria .......................................................................
................5
COMMON
CRITERIA .......................................................................
.................5
Introduction
and
general
model...................................................................6
Security
Requirements
Functional
................................................................6
Security
Requirements
Evaluation
Assurance
................................................................6
Assurance
Packages
or
Levels
-
EALs ............................................7 Areas not Addressed by the
Common
Criteria...........http://doc.xuehai.net/bff69c6183e6980b054e00dcd.html.........
............................7 A Comparison of the Orange Book, ITSEC and Common
Criteria
......................7
IPSEC ..........................................................................
.............................8
Uses
for
IPSec...........................................................................
文档下载 免费文档下载
http://doc.xuehai.net/
................8
IPSec
Architectural
Components
of
..............................................................87
7.2OPERATIONS
SECURITY
SECURITY17.37.4EXAMINING
THE
KEY
ROLES
.............................................1
OF
7.1
OPERATIONS
The
OPSEC
Process ........................................................................
............1
THE
ROLES
OF
AUDITING
AND
MONITORING ..........................................................2 Using Logs
to Audit Activity and Detect Intrusion...........................................2
Detection
Intrusion .......................................................http://doc.xueh
ai.net/bff69c6183e6980b054e00dcd.html.............................2
Penetration
Testing
Techniques
...................................................................2
DEVELOPING
COUNTERMEASURES
THREATS
TO
.......................................................3
Risk
analysis .......................................................................
......................3
Threats ........................................................................
............................3
Countermeasures ................................................................
......................3
CONCEPTS
AND
BEST
PRACTICES ......................................................................
.4
Functions
Privileged
Operations
...................................................................4
Understanding
Antiviral
Controls..................................................................4
Protecting
Media
Sensitive
Information
and
..................................................4
Chhttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlange
Management
Control ......................................................................58
文档下载 免费文档下载
http://doc.xuehai.net/
BUSINESS CONTINUITY PLANNING AND DISASTER RECOVERY PLANNING1CISSPiii
Table of Contents 8.1 8.2 8.3 WHAT ARE THE DISASTERS THAT INTERRUPT BUSINESS
OPERATION?............................1 QUANTIFYING THE DIFFERENCE BETWEEN DRP AND
BCP...........................................1
EXAMINING
THE
BCP
PROCESS ........................................................................
..1
Define
the
scope...........................................................................
.............1
Perform
a
business
impact
analysis
(BIA) .....................................................1 Develop operational
plans for each business process ......................................2 Implement
plans ..........................................................................
.............3
Test
plans.........................................http://doc.xuehai.net/bff69c6183e6
980b054e00dcd.html........................................................3
Maintain
plans ..........................................................................
.................3
DEFINING
DRP ............................................................................
................3
Determining
the
scope
of
the
recovery
plan ..................................................4 Creating antidisaster
Procedures
.................................................................4
Listing
necessary
resources.......................................................................
..4
procedures
DEVELOPING
Emergency
response
.................................................................4
A
BACKUP
STRATEGY ......................................................................4
Backup
policies
procedures
and
...................................................................4
文档下载 免费文档下载
http://doc.xuehai.net/
Vital
records
program...........................................................http://doc.xue
hai.net/bff69c6183e6980b054e00dcd.html......................4
Hardware
backups ........................................................................
.............58.48.59
9.1LAW,
INVESTIGATION
AND
ETHICS19.2
9.3
9.4
9.6FUNDAMENTALS
9.5
OF
LAW ............................................................................
......1
Intellectual
property
law ............................................................................
.1
Privacy
law ............................................................................
...................1
Governmental
regulations.....................................................................
......1
CRIMINAL
LAW
AND
COMPUTER
CRIME .................................................................2 COMPUTER
SECURITY
INCIDENTS ......................................................................
.2
Advance
planning .......................................................................
...............2
Computer
crime
investighttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlation...............
.......................................................3
LEGAL
EVIDENCE........................................................................
...................3
The
fourth
amendment.......................................................................
........3
COMPUTER
FORENSICS ......................................................................
.............3
COMPUTER
ETHICS .........................................................................
...............410
10.1
10.2
10.3PHYSICAL
SECURITY110.4
10.5
10.6
10.7
文档下载 免费文档下载
http://doc.xuehai.net/
10.8CLASSIFYING
ASSETS
TO
SIMPLIFY
DISCUSSIONS
PHYSICAL
SECURITY
...........................1
VULNERABILITIES ................................................................
..........................1 SELECTING, DESIGNING, CONSTRUCTING AND MAINTAINING A
SECURE
SITE
...................1
Site
location
and
construction ...................................................................
..1http://doc.xuehai.net/bff69c6183e6980b054e00dcd.html
Physical
access
controls........................................................................
......1
Power
issues
and
controls .......................................................................
....2
Environmental
controls........................................................................
.......2
controls
Water
exposure
problems
.........................................................2
prevention
and
Fire
and
protection.....................................................................3
TAPE
POLICIES
AND
MEDIA
LIBRARY
.....................................................3
RETENTION
DOCUMENT
(HARD-COPY)
LIBRARIES
...................................................................3
WASTE
DISPOSAL .......................................................................
..................4
PHYSICAL
INTRUSION
DETECTION.......................................................................
4
ADDENDUM ...........................http://doc.xuehai.net/bff69c6183e6980b054e00
dcd.html......................................................................4A
BBREVIATIONSICISSPiv
1Access Control Systems and MethodologyAccess control is the collection of mechanisms
文档下载 免费文档下载
http://doc.xuehai.net/
that permits managers of a system to exercise a directing or restraining influence
over the behavior, use, and content of a system.1.1 Authentication and access
controlThe key part of security is controlling access to critical information. We
distinguish between authentication and access control. Authentication identifies a
user and verifies that the user is who he says he is. Access control systems control
what access he is given on the system. This is called the The principle of least
privilege : to give an user the least amount of access he needs to do his job an nothing
else.1.2 AccountabilityAccountability is the process of tracking the behavior of
people regarding their actions and given access controls. Then, you can
makehttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.html people accountable for
their actions so you can properly enforce access controls. A commonly used way is
logging.1.3 Access Control TechniquesDAC MAC Access control techniques are:
Discretionary Access Control Mandatory Access Control Lattice-based access control
Rule-based access control Role-based access control The use of access control
listsACLD ISCRETIONARY A CCESS CONTROL - DACThis type is control is essentially based
on human decisions about whether someone/something should be allowed access tot a
particular resource. Most times guidelines or policies are rigidly used. They are
open to mistakes and can easily be overwritten. The biggest problem is humans
(managers) overriding access controls for certain individuals who complain they have
too less permissions. DAC is a low level of access control and very subjective.M
ANDATORY A CCESS CONTROLMACMAC is based on using classification levels controlled
by computer syshttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmltems. These
systems are popular in government-type environments and financial institutes. Each
user gets a classification level associated with their account and each piece of data
has a classification level. Multilevel security Most times accounts can include a
hierarchy in access rights. We call this multilevel security. This is not always
wanted.
Another
classification
is
compartimentation,
i.e.
HR-accounts
and
Finance-accounts.LATTICE- B ASED A CCESS CONTROLThis type of control is based on a
set of security classes that can be assigned to users or objects. For example:
confidential, secret, top secret. Bases on these classes a set of flow operations
文档下载 免费文档下载
http://doc.xuehai.net/
are defined showing how information can flow from one class to another. The
requirements for a lattice are: A security class must be finite and not change All
the flow operations must take a partial order with one of the following properties:
Reflexive
An
item
can
always
flow
back
thttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlo the security class it came
from (two way direction).CISSP1-1
Access Control Systems and Methodology confidential Anti- symmetric secret
confidentialAn item cannot flow back to the security class it came from (one way
direction) confidential secretTransitiveInformation flowing into a certain security
class by going through another security class, can also directly flow into that class.
confidential secret top secretincludes the property confidential top secretIt must
have a lower bound (the null class). It must have an upper bound which represents
a combination of all the items in the security class. A, B B AR ULE- B ASED A CCESS
CONTROLThis kind of control is based on rule sets for individuals. These are not needed
for small companies because everybody knows his role is trusted to some extend.
However for larger organizations they provide a fine level of granularity.
Disadvantages
are:
Time
cohttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlnsuming - you have to figure
out what everybody is allowed to do Maintainability - it becomes a complex list This
is why some companies prefer role-based access control.R OLE- BASED ACCESS
CONTROLAccess is provided to roles or positions across a company. Access is then
assigned to the role based on the job function of a position. This control is easy
to maintain and manage. It is typically implemented by using groups to which
permissions are given.A CCESS CONTROL LISTSThese are similar to rule-based access
controls but more formalized. ACLs contain a list of rules usually based on IP
addresses of some other piece of information that can easily be discernable in the
package that goes across the network. ACLs are often associated with routers.1.4
Access Control AdministrationSetting up an administration is easy; the ongoing
maintenance is the difficult part. It essentially involves a user ID and a password
文档下载 免费文档下载
http://doc.xuehai.net/
which has to be set uhttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlp and
maintained for every user of the system. User accounts should be disabled when an
employee leaves the company instead of deleting them.A CCOUNT ADMINISTRATIONWith a
new account: Assign an unique initial random temporary password for the account. Force
the person to change it to another password only known to him. Prevent multiple people
to have access to the same password: you loose accountability. Keep track of all access
controls through logging (successes and failures). Always give someone the least
amount of access he needs to do his job and nothing else. Maintain separation of duties
for access to sensitive information. This means that multiple people must participate
to gain access (i.e. fire a nuke).The principle of least privilege Separation of
dutiesCISSP1-2
Access Control Systems and Methodology1.5 Access Control models / strategiesThe
models
in
this
section
serve
as
a
rule
for
fihttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlguring
the
out
road
some
when
general
principles that should be followed when implementing access control. With the
explanation two terms are used: objects which refers to passive items such as hardware,
software and processes that store information and subjects which are active processes
that move information (such as persons or devices).B ELL- LA P ADULABLP:
confidentiality Bell-LaPadula (1970s) is a governmental information flow security
model and focuses on confidentiality. Access to information is controlled by access
lists but the movement is controlled by this paradigm: it protects people from
accessing information they should not have access to. It is a bottom-up model which
says that information can flow from the bottom to the top but not downwards. It is
composed of two rules: The simple security rule deals with reading information or
files. The star property rule deals with writing information or creating new files.
Simple
Security
Ruhttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlle
A
principal P can read an object O only if the security level of P is higher than or
equal to the secur it y level of O . This rule ensures that someone can only read
information up to the level he is classified for, but not higher. Star Property Rule
文档下载 免费文档下载
http://doc.xuehai.net/
A principal P can write to an object O only if the security label of O is higher than
or equal to the security label of P . Information cannot be written to a lower
classification level. This property prevents the leakage of information; for example
against writedown Trojan horses who attempt to read secure information and write it
down into a general accessible file so an evildoer has access to it. Or to prevent
copying classified data from a protected folder to a general folder. Bell-LaPadula
follows the Basic Security Theorem and has the following basic concepts: Fundamental
modes of access Access modes such as read, write, read only and so on are defined
to
permit
access
shttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlubject
between
and
objects;
A
relationship; between the formal security levels of subjects and objects describes
the access permitted between them See above. A specific subject is authorized for
a particular mode of access that is required for state transition. A matrix is used
to specify discretionary access controls. See above. Reading/writing is permitted
at a particular level of sensitivity, but not on higher or lower levels. Access under
this option is not constrained by the start property. Where the * property is too
rigid, data can be moved using a Trusted Subject. Access under this option is
constrained by the start property.You cannot read upYou cannot write downDominance
relationsSimple Security Condition Discretionary security propertyStar * property
Strong * propertyTrusted subjectUntrusted subjectB IBABiba: integrity Biba is like
BLP an information-flow model but deals with integrity in computer systems. It is
alhttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmll about modification of data.
It has the same two rules (simple security and star property) as BLP but both rules
are the opposite of the BLP model. Within Biba information can flow from the top down.
Simple Security Rule A principal P can read an object O only if the security level
of P is lower than or equal to the security level of O . Because Biba deals with
integrity, you cannot read down. There is no need to read information that isn t
relevant to a certain transaction; for example the withdrawal of money from your bank
account. Star Property Rule A principal P can write to an object O only if the security
label of O is lower than or equal to the security label of P . Because Biba deals
文档下载 免费文档下载
http://doc.xuehai.net/
with integrity, you cannot writeYou cannot read downYou cannot write upCISSP1-3
Access Control Systems and Methodology up. To withdraw 100 from your account the bank,
it
is
not
accepted
that
you
tell
the
ihttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmls
employee
enough
that
money
there
on
your
account (write up). The employee checks the system to see if you have enough money
on your account.LIPTNERSLATTICELiptner applied the former models, which apply to
government settings, to commercial settings. He changed terms such as confidential
and secret to system programmer, production code and so on.N ON- INFERENCE M
ODELSNon-inference models deal with examining the input and the output from a system
to see if they can infer any information that you should not have access to. An example
is two groups using a system. Group A uses commands X; group B uses commands Y. A
does not know about the commands of B and X does not interfere with Y.1.6
Identification and Authentication TechniquesAuthentication is the process of proving
that you are the person you tell you are. For this there are several techniques:
Passwords One-time passwords Challenge response Biometrics Tickets Single sign-on
There are http://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlthree things that
can be used to authenticate yourself: Something you know passwords Something you have
one-time passwords Something you are biometricsSSOP ASSWORDSThe problem is that users
tend to choose easy-to-guess passwords. People tend to write down difficult passwords.
This makes it easy for others to find out the password.O NE- T IME P ASSWORDSThese
passwords solve the problems of normal passwords. These systems normally use hardware
devices that generate passwords (i.e. every minute) but there are also software tools.
The server runs the same software so the password can easily be checked. The problem
is that users have to ensure that they have the device with them all the time. Another
problem is that the clocks of the device and the server may get out of sync.CHALLENGE
R ESPONSEChallenge response schemes are an alternative to one-time passwords. The
user
identifies
himself
to
the
server
with
his
user
ID.
The
servhttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmler responds with a code
which has to be entered on a device. The device responds with an output which has
文档下载 免费文档下载
http://doc.xuehai.net/
to be provided to the server.B IOMETRICSYou don t have to carry devices around which
can break or get lost. Biometric devices can be used to authenticate fingerprints
and hand, face and retinal scans.T ICKETSThese systems provide you with a ticket which
has to be unencrypted. Secret keys have to be exchanged prior to the authentication
process. When you connect to the system, you give him your user ID. The server sends
you an encrypted ticket. If you are who you tell you are, you can unencrypt the ticket.
Kerberos An example of a common program is Kerberos. The problem of these systems
is that they do not scale very well.CISSP1-4
Access Control Systems and MethodologyS INGLE S IGN- O NSSO Single sign-on is used
when you have a large number of applications that needs to authenticate the same user.
To prevehttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlnt logging in many
times, the user logs on once to a central server that authenticates the user to the
other applications. The disadvantage is that an evildoer has access to all the system
once he knows the primary user ID and password.1.7 Access Control MethodologiesRADIUS
TACACS There are two primary remote access controls: RADIUS Remote Authentication
Dial-In User Service TACACS Terminal Access Controller Access Control System TACACS
is the same as TACACS but has more advanced features.CENTRALIZED/REMOTE A
UTHENTICATION A CCESS CONTROLSRADIUS and TACACS
are used when users are required
to authenticate to different applications and you do not want to manage a separate
listing of user accounts for each application. All the applications point to the
RADIUS or TACACS
server to authenticate the users. This way you only have to
administer and manage only one set of accounts and credentials. RADIUS and TACACS
are also used with http://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmldevices and
applications that do not have built-in facilities for authentication, such as routers.
The (dis)advandage of centralized access control is that it is a SPOF (single point
of failure). It works well with small companies but not at bigger ones. You need backup
and failover capabilities or decentralized control.D ECENTRALIZED A CCESS
CONTROLWith this kind of control each individual or department is responsible for
its own access control (i.e. Windows for Workgroups). Most organizations tend to use
文档下载 免费文档下载
http://doc.xuehai.net/
hybrid systems and setup zones or domains with each a centralized access control for
that domain. Domain A domain is a group of computers under the same administrative
authority. From an access control standpoint, a domain is a group of systems that
all authenticate to a central system or group of systems. As each zone has its own
controller, the controllers pushes a copy of their databases at regular intervals
to the other contrhttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlollers. They
are only allowed to read these databases unless a controller goes down. Another
controller then takes over the function of the down controller. Trust If a user wants
to get access to another domain, trust comes into play. This is done by setting up
trust relationships between domains. You can have a full trust or a one- waytrust.
Full trust means that two domains have access to the other s domain. One-waytrust
means that one domain does have access to another domain but not the other way
around.1.8 Methods of AttackMethods of attack are: Brute force Denial of service
Spoofing SniffingB RUTE FORCETrying all possible combinations; most popular with
cracking passwords. A subset of the brute-force attack is the dictionary attack
(passwords based on dictionary words).D ENIAL OF SERVICEPreventing others from
gaining access to a server. Ways to launch a DOS-attack against control are: locking
all accounts by entering fahttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmllse
passwords (most times the third time a wrong password is provided the account is
locked)CISSP1-5
Access Control Systems and Methodology to flood the pipes (using up all available
resources).S POOFINGSpoofing is using somebody else s identity pretending that you
are that person. To prevent this, you should have multilevel access control so that
you need something you know and something you have.S NIFFINGUsing a tool (sniffer)
on a wire which reads unencrypted user IDs and passwords.1.9 MonitoringI NTRUSION
DETECTIONPassive, detection, no prevention, only alerts Intrusion detection is the
field of study dealing with monitoring networks and hosts and looking for attacks.
It is passive, the emphasis is on detection: you monitor a network or host looking
for signs of an attack. They do not prevent an attack, they alert that a potential
文档下载 免费文档下载
http://doc.xuehai.net/
problem
exists.
Types
of
intrusions
are:
Host
versus
network
Passive
versuhttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmls active Known versus
unknown Host versus network Is the attacker trying to gain access to a single host
or the entire network? Entering a company s network through a single host requires
physical access to that host or by a stolen computer which has access to that host.
IDS, HIDS, NIDS HIDS are passive NIDs are active Intrusion Detection Systems (IDS)
are broken down into host-based intrusion detection systems (HIDS) and network-based
intrusion detection systems (NIDS). HIDSs are passive components (analyze logs) and
sit on a single computer and are configured for a special purpose and do not scale
very well. NIDSs are active components, sit on a network like a sniffer examining
the network traffic real-time, scale very well and look out for general types of
attacks. Passive versus active An active attack means that an intruder is actively
doing something on the network once he has access to it. A passive attack means that
once the ihttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlntruder is in the
network, the attacker monitors traffic of keystrokes to find information. Active
attacks are more easy to detect because the intruder is actually doing something.
Passive attacks are very difficult to detect because they are just listening. Known
versus unknown A known attack is something the vendor has acknowledged to be a security
hole in its software. Most times these holes are patched. But, as long as they are
not applied by the customer, their network is still vulnerable. Unknown attacks are
known by a small group of people but it is not public knowledge. Because the vendor
doesn t know these vulnerabilities, he cannot release a patch.I NTRUSION
PREVENTIONTill 2002 intrusion prevention was about preventing intrusions by strong
identification and authentication (one-time passwords, biometrics, ). IDS From 2002
intrusion prevention describes a new class of systems: IDS. The look for possible
attacks
on
the
netwhttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlork
(passive) but also act as an active device like firewalls through which traffic must
pass. If an attack is sensed, it stops the attack by blocking the traffic of preventing
malicious behavior by enforcing rules and policies.H OW INTRUSION DETECTION
WORKSThere are two typical types of IDS: signature matching and anomaly detection.
文档下载 免费文档下载
http://doc.xuehai.net/
Signature matching Signature or pattern matching uses a database of known attack
signatures. When a signature is found, it sends an alert.CISSP1-6
Access Control Systems and Methodology Positive aspects of signature matching: Easy
to update You can create your own signatures Negative aspects of signature matching:
They detect only known attacks They are based on static signatures thus tending to
generate a high number of false attacks Anomaly matching The concept is to determine
what is normal traffic and not. Positive aspects of anomaly matching are: You don
t have to worry about updahttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmltes
Negative aspects of anomaly matching: You have to determine what is normal and not
After an IDS determines that an attack has been detected, it sets of some type of
alarm. For example to a pager or to a firewall to update its rule sets (which can
be tricky because an intruder may want this to happen).1.10 Penetration
testingPenetration testing is also called ethical hacking. The idea is that you can
find weaknesses in your access control system policy and fix them before a real
attacker breaks in.P ENETRATION T ESTING VERSUS S ECURITY A SSESSMENTSA penetration
test tests the security from the Internet using a domain and an IP address; nothing
else. The goal is to find out as much as possible about the company, including ways
to break in. You are proving that you can get in. Security assessments do include
a pen test but are much more thorough. You get access to all the key systems within
a
company
to
evaluate
the
current
levhttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlel of security. You are
trying to paint a picture of the current threats that exist and what can be done to
protect against them.ETHICAL I SSUESFirst of all get written permission before
starting a pen test. Keep in mind that although you do not mean to do harm, the system
doesn t belong to you. Therefore you need permission before you can do anything.P
ERFORMING A P ENETRATION T ESTThe steps are: 1. Perform passive reconnaissance 2.
Perform active reconnaissance (scanning) 3. Exploit the system by gaining access
through the following stacks: Operating systems attacks Application-level attacks
Scripts and sample program attacks Misconfiguration attacks Elevating of privileges
文档下载 免费文档下载
http://doc.xuehai.net/
Denial-of-service attacks 4. Upload programs 5. Download data 6. Maintain access by:
Back doors Trojan horses 7. Cover your tracks In most cases the pen test includes
just 1-3. Nessus NMAP Common tools for pen tests are Nessus and NMAP. Nessus scans
for (knhttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlown) vulnerabilities
across various operating systems and reports back. NMAP scans which ports are open,
performs OS fingerprinting and has other advanced features like spoofing.CISSP1-7
2Telecommunications and Network Security2.1 The Open Systems Interconnection
ModelMonolithic networking model The need for network computers came with the desire
to share resources like printers. The biggest hindrance was the lack of networking
standards. Clients could only be connected to one kind of network, like Novell, Unix
or Microsoft, which didn t scale at all. The OSI-model was a scalable open standard
facilitating the open communications between all systems. It is a framework of how
networking functions.2.2 The OSI LayersThe benefits of a layered reference model are:
It divides the complex network operation into smaller pieces or layers; It facilitates
the
ability
to
change
at
one
layer
without
having
thhttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmle
to
layers;
change
It
all
defines
a
standard interface for multi-vendor integration.L AYER 7APPLICATIONResponsible for
interfacing with the userL AYER 6PRESENTATIONResponsible for translating the data
from something the user expects to something the network expects Responsible for
dialog
control
between
systems
and
applicationsL
AYER
5SESSIONL
AYER
4TRANSPORTResponsible for handling end-to-end data transport servicesS EGMENTL AYER
3NETWORKResponsible for logical addressingP ACKETL AYER 2DATALINKResponsible for
physical addressingFRAMEL AYER 1PHYSICALResponsible for physical delivery and
specificationB ITSNote: A protocol may perform multiple functions across multiple
layers.LAYER 7 - A PPLICATION LAYERThe Application layer is responsible for providing
the user access to network resources via the use of network-aware applications. Note:
Not
every
program
is
network-aware
thus
are
thttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlhe
not
defined
Application
in
layer.
Examples of network-aware programs are: Email gateways - POP3, SMTP, X.400. These
文档下载 免费文档下载
http://doc.xuehai.net/
programs deliver messages between applications; Newsgroup and IRC programs using NNTP
and IRC providing for communication between hosts by allowing posting messages to
a news server or the typing of a live conversation between chat clients; Database
applications providing data storage and warehousing capabilities in central data
repositories that can be accessed, managed and updated; WWW- applications providing
access to Web resources; these applications include client Web browsers and Web
servers.CISSP2-1
Telecommunication and Network SecurityLAYER 6 - P RESENTATION LAYERThe Presentation
layer is the translator of the network. It translates data which the user understands
to data which the network understands. The following protocols reside at this layer:
Graphic
formats
such
as
JPEG,
TIFF,
GIF
and
BMP
handle
thhttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmle presentation and display
of graphic images; Sound and movie formats such as QuickTime, MPEG, WMF provide for
the translation and presentation of sound and video files; Network redirectors
handling the protocol conversions from the network based formats (Server Message
Block and Netware Core Protocol) and the end user applications.LAYER 5 - S ESSION
LAYERNetwork hosts run multiple applications and can connect to several other hosts
running multiple applications. The Session layer sets up the logical communications
channels between network hosts and applications. Each time a connections is made,
it is called a session. It provides a mechanism for setting up, maintaining and tearing
down sessions, keeping data separate from other applications. Examples of Session
layer protocols are: NFS RPC SQL Network File Systems sources; Remote Procedure Calls
used with TCP/IP and Unix for remote access to rea client/server redirection
mechanismhttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.html;Structured
Query
Language a mechanism to access and define a user s information requirements connecting
to a database;LAYER 4 - T RANSPORT LAYERSegmentation and reassembly Virtual circuits
The Transport layer I responsible for handling the end-to-end communications between
host systems. I.e. via a process knows as segmentation and reassembly. Data from the
upper layer is broken up into segments with a certain maximum size and passed to the
文档下载 免费文档下载
http://doc.xuehai.net/
Network layer. Segments are labeled so that the receiving system knows how to
reassemble them. The logical communication between hosts is referred at as virtual
circuits. Protocols that reside on this layer are TCP (Transmission Control Protocol)
and UDP (User Datagram Protocol).TCP, UPDLAYER 3 - N ETWORK LAYERLocal hosts Remote
hosts The Network layer is responsible for the logical addressing of packets end the
routing of data between networks. There are local and remote hosts. Local
hoshttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlts can receive the physical
signal that the source host transmits. Remote hosts are hosts in physical different
locations and/or networks; they cannot receive the physical signal. Therefore the
network layer uses logical addresses to logically define hosts. The process of
transmitting data regardless of physical location is known as routing. Protocols that
reside on this layer are IP (Internet Protocol) and IPX (Internet Packet Exchange).
Routers and Layer-3 switches are considered Network layer devices because of their
special capabilities. They know the difference between networks, thus they can be
used to separate broadcast domains; they will not forward broadcasts1 from one network
to another by default. Broadcasts and collisions Broadcasts and collisions can
greatly degrade the network performance. Forwarding broadcasts prevents the host from
doing other tasks. You can improve performance by using routers to separate broadcast
dohttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlmains, thus reducing the
number of systems that have to deal with broadcasts. Collisions occur when multiple
devices share the same single segment of a cable. A cable can only carry one signal
at a time. Collisions cause devices to retransmit data thus decreasing the performance
of the network. IP handles the logical addressing of hosts and the routing of data
via a hierarchal addressing scheme. The benefits are scalability (it can handle more
addresses than a flat scheme) and it is much easier to enable routing because networks
can be grouped together and treated as single entries in the routing table making
routing much more efficient. IP is defined in RFC 791.RoutingInternet protocol - IP1A
broadcast is data addressed for all the hosts regardless as to whether the destination
can do anything with the data.CISSP2-2
文档下载 免费文档下载
http://doc.xuehai.net/
Telecommunication and Network Security Internet Packet Exchange IPX IPX is used
primarily
on
Nhttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlovell-based
networks and provides for the logical addressing of hosts via network and host
addresses.LAYER 2 - D ATA LINK LAYERThis layer is responsible for the physical
addressing of frames and the translations of packets from the Network layer into bits
for the Physical layer to transmit. Packets from the Network Layer are encapsulated
with datalink header and footer information to become frames. CRC (Cyclic Redundancy
Check) is used to ensure error-free delivery. The Data Link layer uses the hardware
address to identify the source and destination devices. The following protocols are
used at this layer: The LLC sublayer it defines the interface between the Network
layer and the underlying network architecture. The MAC sublayer it defines how the
packets are transmitted on the data.IEEE 802.2 IEEE 802.3LAYER 1 - P HYSICAL LAYERThis
layer is responsible for sending and receiving data. It also handles the
specifications
for
thehttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.html
electrical, mechanical and procedural components of the communications media. It also
identifies DTE (Data Terminal Equipment) and DCE (Data CircuitTermination Equipment)
used in physical signaling and transmitting and receiving of data. Hubs and repeaters
are considered physical-layer devices because the simply receive, re-amplify and
forward
the
signal
without
actually
looking
at
the
data
that
is
being
transmitted.Upper Layer Data TCP/UDP Header Upper Layer DataSession Layer Transport
LayerSegmentIP HeaderDataNetwork LayerPackageLLC Header MAC HeaderData DataFCS
FCSData Link LayerFrame01001101010101Physical LayerBits2.3 Network Characteristics
and TopologiesTypes of networks and connection types Network Ethernet Thin coax /
10BASE-2 10BASE-T Fiber Wireless Connections Coax, UTP, fiber optic, wireless
transmission RG58/U Category 3, 4, 5, 5E or better cabling 62.5 / 125 micron multimode
fiber (short http://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlhaul) or 9 micron
single mode (long haul) Radio or microwave transmission methodsCOAXThin coax networks
(thin-net or 10BASE-2) use coaxial cabling with T-connectors to connect to NICs.
Thick-net or 10BASE-5 uses coaxial cabling with vampire tabs and AUI transceivers
to connect to the NICs. Existing cable specifications for coax cable are RG-58 /U,
文档下载 免费文档下载
http://doc.xuehai.net/
RG-58 A/U, RG-58 C/U, RG-59, RG-6, RG-62 and RG-8.CISSP2-3
Telecommunication and Network Security Coax is a bus network. There is a 50 resistor
(terminator) at the end of a bus system to stop the signal from bouncing back the
wire (the resistance of the network is 50 at three feet or more). Because coax has
a single point of failure for the entire segment which is difficult to troubleshoot,
these networks are less commonly used. A TDR (Time Domain Reflectometer) can be used
to give an approximate distance to the break in a wire. 10BASE-2 10BASE-2 stands for
10Mbps for a mhttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlaximum length of
200 meters (actually 185). It adheres the 5-4-3 rule meaning that you can have a
maximum of 5 segments via 4 repeaters but only 3 segments can have hosts on them.
The other 2 segments are called IRLs (Inter-repeater Links). The maximum number of
nodes per segment is 30. 10BASE-2 uses BNC (British Naval Connector) type connections:
a BNC cable connector at the end of each cable and a BNC barrel connector or BNC T
connector to establish connections between cables. 10BASE-5 10BASE-5 uses a Vampire
tap and a transceiver tot connect to devices. 10BASE-5 supports a maximum of 100 taps.
The transceiver provides for the connectivity to devices via AUI (Attachment Unit
Interface) connections. Per segment 10BASE-5 supports a maximum of 1024 hosts and
the maximum length of a segment is 500 m. 10BASE-5 adheres to the 5-4-3 rule and uses
barrels and terminators. It also uses NType connections: plugs, jacks, barrels and
terminatorshttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.html.UTPUTP comes in
10BASE-T and 100BASE-TX media type (10 Mbs / 100 Mbs). The category indicates the
quality of the signal carrying, the number of used wires and the number of twists
in the wires. These factors contribute to the potential speed. Category Category 3
Category 4 Category 5 Category 5e Category 6 Category 7 Speed Rating Voice and data
up to 10 Mbps / 16 MHz Voice and data up to 16 Mbps / 20 MHz Voice and data up to
100 Mbps / 100 MHz Voice and data up to 1.000 Mbps / 100 MHz Voice and data up to
1.000 Mbps / 250 MHz Voice and data up to 10.000 Mbps / 600 MHzCAT5 and CAT5e are
mostly used. These categories use RJ-45 connectors, modular jacks, punch-down blocks
or switches. The four pairs of conductors twist around each other inside the cable
文档下载 免费文档下载
http://doc.xuehai.net/
jacket. UPT has no shielding and is very susceptible to EMI (electromagnetic
interference) and should not be placed nearby EMI sources. It is also very easy to
capture
the
data
beinhttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlg
transmitted without placing a tap into the cable. UPT has a maximum length of 100
meters and a maximum of 4 repeaters between end stations (hubs act as repeaters).
There can be a maximum of 1024 stations per network. UTP supports only two devices
on a cable: a computer and a hub. Therefore, failures are easy to pinpoint. Generally,
if you have a link light with UTP the problem is elsewhere.F IBER O PTICFiber-optic
cable is used for backbone and device interconnectivity. Because of its costs and
fragility it is not used for end-user connectivity. It has now replaced 10BASE-5 for
the backbone device interconnectivity method due to speed and distance. A fiber
consists of a core (silica glass or plastic, 8-1000 microns) and a cladding which
reflects the light that tries to escape the core. The cladding is surrounded by a
coating (buffer). In a loose buffer construction, there is a layer of gel between
the
buffer
and
the
fiber,
thttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlight
in
buffer
a
construction
there is not. Fibers are typically bundled in (multiple) pairs (strands) because fiber
can only send a signal in a single direction. The strands are reinforced by a plastic
coating and then wrapped in Kevlar to provide both strength and flexibility.CISSP2-4
Telecommunication and Network Security One pair cables are used in patch cord
implementations. These are called simplex or zipcord. Multiple fiber cable that is
double buffered is referred to as distribution cable. To terminate such a cable, one
needs a breakout box. A breakout cable is made of several simplex/zipcord cables.M
ULTI- M ODE F IBERMulti-mode fiber is mainly used for short or medium distances and
for low bandwidth applications. It is called multi-fiber because it is designed to
carry multiple light rays (modes) each using a slightly different reflection angle
within
the
core.
For
100
Mbps
Ethernet
the
max.
distance
2
km;
forhttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.html 1 Gbps Ethernet the max.
distance is 550 m.S INGLE- M ODE F IBERBecause single-mode fiber carries only a single
文档下载 免费文档下载
http://doc.xuehai.net/
ray it can be used for longer distances and a smaller core can be used. For 100 Mbps
Ethernet the max. distance 20 km; for 1 Gbps Ethernet the max. distance is about 3
km up to 100 km. The mostly used connectors are the Stick and Turn (ST), Stick and
Click (SC) and SC Duplex connectors. Fibers are connected via splicing (fusion or
mechanical). Fusion uses welding while mechanical uses an alignment fixture to mate
the fibers.D ENSE W AVE D IVISION M ULTIPLEXINGDense Wave Division Multiplexing (DWDM)
is one of the newest forms of fiber-optic transmission and works by the principle
that different color light resides at different frequencies and the light at one
frequency des not interfere with light in a different frequency. The advantage is
that you have multiple channels of data (4 to 32 and even more as times goes
by)http://doc.xuehai.net/bff69c6183e6980b054e00dcd.html. OC-48 transmits at 2.5
Gbps per channel. The more channels the more bandwidth you have.W IRELESSA big push
for wireless has been with the small office/home office (SOHO) users because houses
are not designed for network cabling. Another deployment has been with the PoS (Point
of Sales) systems. Drawbacks are: The lack of standardization. Think of 802.11 Wi-Fi
to 802.11a to 802.11b to 802.11g to 802.15 Bluetooth. The signal can easily be picked
up from the air. Security. One can easily connect to such a system using the
appropriate equipment. Interference. Interference can severely limit distances that
wireless networks cover.2.4 Network TopologiesLINEAR B US T OPOLOGYSegment Within
a linear bus all systems are connected in a row to a single cable. All computers share
the same single piece of wire. This piece of cable is known as a segment. Linear bus
uses
three
core
concepts:
How
the
signal
is
transmitted
Signalhttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.html
Signal
bounce
termination
Transmission The signal is sent to all devices connected to the linear bus segment
(this is not a broadcast!). All devices connected to the segment get the signal but
not all do process this signal. Signal bounce Only one signal can exist on the segment
at a time. This means that only one device can transmit at a time. The more devices
you have, the worse the performance will get (contention). It is also a passive
technology because the devices do not move the data from one device to another it
is generated at the source and all devices passively receive the signal. To prevent
文档下载 免费文档下载
http://doc.xuehai.net/
the signal bouncing from the end may cause problems to other systems to communicate.
To prevent this, a linear bus uses terminators at the end of a bus to absorb the
signal.Contention, Passive technologyCISSP2-5
Telecommunication and Network SecuritySignal termination If any part of the bus is
not
properly
terminated,
entirehttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.html
the
bus
will
cease
to
function properly. Someone can take out all of the devices on the bys by removing
the termination (by cutting the cable). Linear bus is very susceptible to cable
faults.S TAR T OPOLOGYAll devices are connected to an active hub or switch. The benefit
is that in case of a cable fault only one device is affected. Logically this network
operates as a bus due to the hub/switch. Collapsed backbone Star topologies are used
to implement a collapsed backbone. The backbone exists between hubs/switches and
requires less cabling. If an individual cable fault occurs, the hub/switch short the
port on which the cable fault occurs and allows the other devices to continue
functioning. However, the hub/switch is a SPOF.R ING T OPOLOGYActive topology A loop
of cable is used to interconnect devices. The signal is transmitted in a single
direction with each device retransmitting the signal. Therefore, it is an active
topology. A dhttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlrawback is that
if any system stops passing the signal or starts generating bad signals, it can take
the entire ring out.T REE T OPOLOGYThe tree topology is based on the bus and star
topology. There are multiple nodes supported on each potential branch.M ESH T
OPOLOGYIn a mesh topology each node is connected to every other node. These networks
are typically deployed to create backbone and WAN-networks.LAN AND WAN T
ECHNOLOGIESData is transmitted on LANs using one of three transmission techniques:
Unicast 1 specific destination host (physically and logically) Broadcast To all hosts
within a subnet or network. A directed broadcast is a broadcast on Layer 2 but the
destination address is a unicast address on Layer 3. Multicast To multiple hosts via
the use of group membership addresses.ETHERNETEthernet is the most popular topology
because it can be implemented to be very tolerant of network failures. Ethernet is
文档下载 免费文档下载
http://doc.xuehai.net/
specified
in
http://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlthe
802.3-spedifications al a CSMA/CD methodology and is mostly used as a star topology
(but functioning like a linear bus). This means that multiple devices share the same
bandwidth. CSMA/CD is also known as collision management: Carrier Sense The hosts
checks if it can start a transmission. Multiple Access Multiple devices access the
same network. After sending the data, the host checks if other hosts are trying to
send data. If so, it sends a warning signal and tries to resend the data again after
a while. Collision Detection Detect if collisions take place the host will be informed
so it can retransmit the data. Ethernet can function in half-duplex (like a
walky-talky) or full-duplex mode. For fullduplex mode you need two pairs of wires.T
OKEN- R ING AND FDDIWithin a ring topology the most predominant method of transmitting
data is token passing. In a token-ring architecture the data is appended to a packet
the token. TheCISShttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlP2-6
Telecommunication and Network Security sending host must get the token first before
it can append the data to it and transmit the token. The token is sent through the
ring until it reaches it designation or passes the active monitor twice (in which
case it is deleted). Token ring uses a logical ring but is mostly cabled as a star.
It is an active technology which uses the following ports: Station ports These exist
on token ring NICs and connect to the network Lobe ports These exist on the token
ring hub or MAU and connect to station ports Ring in / Ring out ports Connect one
ring to another ring. The first system brought alive in a network is assigned as the
active monitor. The active monitor is responsible for generating the token, removing
bad tokens, providing clocking, maintaining ring delay, handling orphaned frames en
purging the ring. Malicious users can try to take over the role of active monitor
and createhttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.html a DoS. Token-ring
can be designed very fault tolerant but it is very costly. FDDI uses a redundant ring
to ensure fault tolerance.ARCNETA TTACHED R ESOURCE COMPUTER N ETWORKThis is a dead
network topology because it is a bus technology. ARCnet uses CSMA/CA ( Collision
Avoidance) using a token to transmit data.2.5 LAN DevicesLAN technologies tend to
文档下载 免费文档下载
http://doc.xuehai.net/
focus on connecting a large number of systems that are in close proximity to each
other to a very fast network.H UBS AND R EPEATERSLayer-1 device Hubs and repeaters
do the same thing. As hubs have more ports than repeaters they are also called
multi-port repeaters. Hubs just amplify the signal and repeat it out all ports.
Therefore they are layer-1 devices.S WITCHES AND BRIDGESSwitches and bridges are in
general the same. Differences are: Switches are hardware based and use ASICs to make
decisions; bridges use software and are therefore slower; Switches have more ports
(theyhttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.html are called multi-port
bridge); Switches can run multiple instances of running tree; bridged can run only
one. Layer-2 device Spanning tree is a protocol used to determine redundant paths
in a network and blocking any paths that would create loops (which can result in
broadcast storms). Switches are layer-2 devices because they are Data Link layer aware
(they know how physical addressing occurs and they use this to optimize network
communications). Switches use segmentation. Each port is considered by the switch
as a segment. If a signal is received, it tries to determine to which port the
destination host of a signal is connected and forwards the message to that specific
port (designation port). If it cannot, it falls back to basic Ethernet and forwards
the signal to all ports. A switch can provide some security via VLANs and port-based
security. Layer-3 switches are hybrid devices that combine layer-2 and layer-3
functionality
allowhttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmling
the
switch to forward frames when possible and route packets when needed. Layer-3 switches
are particularly suited for VLAN environments.SegmentationVLANSThe goal of VLANs
(Virtual Local Area Network) is the separation of broadcast domains and the creation
of subnets. They are logically segmented networks within a single switch or within
a single switch fabric (group of physically connected switches). A router is needed
to communicate between subnets. By restricting the traffic at the router and
separating hosts between VLANs you gain a degree of security. A drawback on security
is that it is possible for data to transfer from one VLAN to another even though it
normally shouldn t due to exploits such as buffer overruns.CISSP2-7
文档下载 免费文档下载
http://doc.xuehai.net/
Telecommunication and Network SecurityR OUTERSLayer-3 device Routers are network
aware: they can differentiate between different networks. They use this information
to
build
routinghttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.html
tables
containing: the networks the router knows about, the remote router to use to connect
to those networks, the paths (routes) to the networks, the costs (metrics) of sending
data over the paths. Routers are used to segment networks as well as to reduce
broadcasts on a network. They provide better traffic management and security
capabilities than switches and hubs can. They are able to examine logical addresses
and layer-3 header information to determine what application ports are being used.
This
information
is
used
for
traffic
filtering
and
blocking
purposes.F
IREWALLSFirewalls prevent traffic that is not authorized from entering or leaving
the network. They are deployed as a perimeter security mechanism. There are six main
types (generations) of firewalls: 1st Generation 1. Packet filtering Traffic is
checked against rules set that defines what traffic is allowed and what is not by
using
IP-addresses
and/or
port
numbers.
If
http://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlthere is a match, it can pass.
Otherwise the packet is discarded. They operate very fast because they only need to
read the layer-3/4 information to make a decision. A packet filtering firewall is
also called a screening router. These firewalls reside on the network/transport layer
and use ACLs. 2. Application proxy These kind of firewalls read the entire packet
into the application layer before making a decision. This allows an application proxy
firewall to recognize CodeRed data. They are slower than packet filtering firewalls.
Another drawback is that the provided services are limited; if you need another
service, you need an additional proxy. An application proxy firewall is sometimes
called an ALG (Application Level Gateway). These firewalls reside on the application
layer. 3. Circuit proxy A bit of a hybrid between application proxies and packet
filtering firewalls. A circuit is created between the source and destination
withouthttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.html actually reading and
processing the application data. The functionality is close to a packet filter.
Circuit proxy firewalls are easier to maintain than an application proxy. 3rd
文档下载 免费文档下载
http://doc.xuehai.net/
Generation 4. Stateful inspection After a host sent a packet to a destination, the
destination host processes the data and sends a response. This network connection
state is tracked by the firewall and then used in determining what traffic should
be allowed to pass back through the firewall. Because these firewalls can examine
the state of the conversation, they can monitor and track protocols as well; even
UDP which is connectionless. Many Stateful packet inspection firewalls perform packet
reassembly and check for harmful data. If so, the data is dropped. These firewalls
reside on the network layer. 5. Dynamic packet filtering A dynamic packet filtering
firewall is used for providing limited support of connectionless protocols (UDP).
It queues all the UPD http://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlpackets
that crossed the network perimeter and based on that will allow responses to pass
back through the firewall. 6. Kernel proxy These firewall are highly customized and
specialized to function in kernel mode of the operating system. This provides for
modular, kernelbased, multi-layer session evaluation using customized TCP/IP stacks
and kernel level proxies. There are four general types of firewall architectures:
Packet- filtering routers A packet-filtering router sits along the boundary of two
networks and is therefore called a boundary or perimeter router. Security is
maintained by ACLs (Access Control Lists) that define allowed IP addresses, protocols
and
port
numbers.2nd
Generation4th
Generation5th
GenerationFirewall
architecturesCISSP2-8
Telecommunication and Network Security Plusses: Excellent first security boundary
as a bulk filtering device Minors: Maintaining the ACL can be very complex and
timehttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.html-consuming.
Lack
of
authentication and weak auditing capabilities Screened- host firewall These
firewalls employ both a packet-filtering firewall and a bastion host (a system that
is directly exposed to external threats. It is the only host on the internal network
that is accessible to external hosts. An intruder hast to pass the external router
(packet filtering) and the bastion host (proxy) to get access to internal
resources.When compromised, nothing stops the intruder having full run of the
文档下载 免费文档下载
http://doc.xuehai.net/
internal network. Therefore is should never be used for high-risk access such as
public web server access. Screened- subnet firewall (with demilitarized zone DMZ)
A screenedsubnet firewall system provide additional network security by introducing
a perimeter network DMZ that the bastion host resides on. This requires an intruder
to bypass two packet-filtering routers before he gains access to the internal network.
This design is one of the mohttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlst
secure methods of providing external access to resources but it is costly and
complex.Dual homed host firewall The bastion host has two interfaces (one connected
to the external network and one connected to the internal network) but IP-forwarding
is disabled. This means that there is no straight connection between hosts on the
external and internal network. Minors: If the bastion host is compromised the intruder
has potentially free access to the internal network; If you allow the bastion host
to route, it doesn t perform well because it isn t designed that way;CISSP2-9
Telecommunication and Network Security Internal routing may accidentally become
enabled.G ATEWAYS AND P ROXIESThe term gateway has many meanings such as: a router,
providing proxy functionality and providing access to a network or service. Proxies
are used as an intermediary device between a client and a server providing transparent
access to rhttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlesources on the
server. All traffic goes through the proxy. This allows administrators to restrict
access, i.e. on outbound internet access. Proxies have caching functionality so they
can provide better network performance.2.6 WAN TechnologiesWAN technologies tend to
focus on interconnecting LANs and making connection to remote sites and resources.
There are three main categories of WAN networks: Internet Intranet ExtranetWAN
CONNECTIONSDedicated
Connections
Dedicated
connections
exist
between
two
point-topoint sites and are available all the time. The connection is exclusive and
tends to be synchronous serial connections (using precision clocking and control
bits). Examples are T1, T3 and E1, E3 (Europe). OC-x is for optical carries. DS-0
thru DS-3 define the framing specifications for transmitting data over Tx and Exlines.
Circuit- Switched Connections Circuit-switched connections dynamically bring up the
文档下载 免费文档下载
http://doc.xuehai.net/
circuits
(connectionshttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.html)
between two devices. These circuits are maintained for the duration of the call. They
tend to use asynchronous serial connections, dialup modems and ISDN and are thus used
for low bandwidth or backup purposes. Because with every connection authentication
is required, it is considered to be a fairly secure connection. Packet- Switched
Connections Packet-switched connections use synchronous serial connections (like
dedicated connections) but share the network with multiple systems. It is less secure
but cheaper. The company simply purchases a guaranteed amount of bandwidth. The
classic packet-switched network is frame relay or X.25. Cell- Switched Connections
These connections are similar to packetswitched connections but are ATM (Asynchronous
Transfer Mode) networks. This is a standard that use fixed length cells thus reducing
transit delays. ATM is used on high speed media (SONET, T3, E3). It is considered
to
be
a
fairly
techhttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlnology.WAN
secure
S
ERVICESPoint- to- point and Serial Line Internet Protocol (PPP and SLIP). These
protocols are used for providing data link connectivity over asynchronous
(dial-CISSP2-10
Telecommunication and Network Security up) and synchronous (ISDN, dedicated serial
line) connections. PPP is the successor of SLIP. Both provide to authenticate the
connection. PPP primarily exist to transport Network layer protocols across an
point-to-point connection. When an attempt is made, three phases of communication
occur: Link Establishment Phase LCP packets are exchanged to configure and test the
link; Authentication Phase CHAP, PAP or manual authentication of the connecting
devices occur; Network Layer Protocol Phase NCP is used to determine what Network
layer protocols need to be encapsulated and are transmitted accordingly. CHAP and
PAP are authentication protocols. PAP (Password Authentication Protocol) is the less
securehttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.html of the two because
passwords are sent in clear text. CHAP (Challenge Handshake Authentication Protocol)
performs authentication during the initial handshake phase and periodically
文档下载 免费文档下载
http://doc.xuehai.net/
revalidates the password for the duration of the connection. High- Level Data- Link
Control HDLC is an ISO-based standard for delivering data over synchronous lines.
This protocol is bit-oriented and uses frame characters and checksums as part of the
data encapsulation, but uses no authentication. Also it doesn t provide for specifying
the network-layer protocol that was encapsulated. Because each vendor developed its
own method for doing this, it cannot be used between devices from different vendors.
X.25 X.25 operates on the physical and Data Link layers. It uses virtual circuits
for establishing the communication channel between hosts. Now, it has been replaced
by the faster Frame Relay. Link Access Procedure Balanced LAPB is a bit oriented
protocol likehttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.html HDLC and was
originally created for use on the X.25 networks. It functions by assuring that frames
are correctly ordered and error free. Frame Relay Reliable and supports multiple
protocols. It is based on X.25 (uses virtual circuits, operates on the physical and
Data Link layers) but is much faster because error checking is left to the higher
layers. It provides the communication interface between the DTE (Data Terminating
Equipment) and the DCE (Data Circuit-Terminating Equipment). Frame Relay uses DLCIs
(Data-Link Connection Identifiers) to identify the end points of communication of
a circuit. It does not use authentication; you need something like PPP if needed.
Frame Relay is one of the most fault tolerant network topologies because network
traffic can be diverted to another network segment. Synchronous Data- Link Control
SDLC is designed by IBM for use in mainframe connectivity but is also used for
point-to-point
connectiohttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlns.
WAN
It
is
incorporated into SNA and SAA but now largely replaced by HDLC. Integrated Services
Data Network ISDN was developed to transmit digital signal over a standard telephone
wire. The BRI is 128 Kbps; the PRI up to 1.544 Mbps. BRI is intended for small office
and home user usage and uses 1 16 Kbps D (Delta) channel and two 64 Kbps B (Bearer)
channels. PRI is intended for greater usage and uses one 64 Kbps D channel and 23
Mbps B channels. In conjunction with PPP ISDN allows 128 Kbps by bonding together
the two B channels. Digital Subscriber Line xDSL allows broadband transmission of
文档下载 免费文档下载
http://doc.xuehai.net/
data up to 53 Mbps over the existing telephone network. There are four primary types
of DSL: Asymmetric Digital Subscriber Line ADSL delivers 1.5-9 Mbps download speed
and 16-640 Kbps upload speed up to 18,000 feet from the central office using a single
line; Single- line Digital Subscriber Line SDSL delivers download and upload up to
1.544 Mbps up tohttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.html 10,000 feet
from the central office using a single line; High- rate Digital Subscriber Line HDSL
delivers download and upload up to 1.544 Mbps using two lines thus allowing full duplex
mode up to 12,000 feet from the central office. HDSL allows T1-functionality; Veryhigh Digital Subscriber Line VDSL delivers 13-52 Mbps download speed and 1.5-2.3 Mbps
upload speed up to 1,000-4,500 feet from the central office using a single line.
Switched Multimegabit Data Service SMDS is a high-speed packetswitching technology
for use over public networks. It is for companies that need to send and receive large
amounts of data on a bursty basis. High Speed Serial Interface HSSI provides an
extremely fast (53 Mbps) point-to-point connection between devices up to 50 feet.
It can be used to connect devices at T3 or OC-1 speeds. It is often used for
interconnect LAN equipment for backup and fault tolerant network uses.CISSP2-11
Telecohttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlmmunication and Network
SecurityWAN D EVICESWAN devices are: Routers WAN switches to connect private data
over public circuits Multiplexors MUX enable more than one signal to be transmitted
simultaneously over a single circuit; Access Servers equipment used for dial-in and
dial-out access to the network. Modems to convert digital and analog signals; CSU/DSU
Channel Service Unit / Data Service Unit digital devices used to terminate the
physical connection on a DTE-device ot the DCE.2.7 Providing Remote Access
CapabilitiesRemote access techniques and technologies are used for telecommuting (a
user is called a telecommuter).CLIENT- B ASED D IAL- I N R EMOTE A CCESSAlso called
dial-in access, this connectivity needs a modem to dial in the corporate network.
Secure connections can be made via the ISP, using a POTS2 and creating a VPN tunnel
to a VPN server on the corporate network.U SING TUNNELING AS A SECURITY
METHODTunneling http://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlTunneling is
文档下载 免费文档下载
http://doc.xuehai.net/
he process of transmitting one protocol encapsulated within another protocol. This
can be used to transmit data that might not be supported on the network or to create
a secure channel. Tunnels designate two endpoints of communication and than
encapsulate the data within some other packet format. Tunneling techniques are PPTP
(Point-to-point Tunneling Protocol) which provide encryption capabilities. Cisco
uses GRE (General Routing Encapsulation). IPSec is often used in conjunction with
GRE.V IRTUAL P RIVATE N ETWORKSA VPN is the sue of a tunnel or secure channel across
the internet or other public network. The data within the tunnel is encrypted. VPNs
are client-based or site-to-site. Client- based VPNs These VPNs provide remote access
to users across the Internet. Users have VPN client software on their PC which allow
them to connect to the network as if they are a (virtual) node on that network. Siteto- site VPNs Thttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlhis is a (semi-)
permanent connection across the Internet between two devices, typically routers or
firewalls. Clients do not need to have special software; the secure connection is
established by special VPN hardware devices, such as routers. This is known as split
tunneling. VPN devices are IPSec-compatible or not. IPSec compatible devices are
installed on a network s perimeter using tunnel mode or transport mode. Non IPSec
compatible devices include SOCKS-based proxy servers, PPTP compatible devices and
SSH-using devices. There are three protocols that provide remote access VPN
capabilities: PPTP A Microsoft-developed technology that provides remote access by
encapsulating PPP inside a PPTP packet. It uses the PP authentication mechanism of
PAP, CHAP or MS-CHAP and encryption (40 or 128 bit session keys and encryption). PPTP
supports multi-protocol tunneling. PPTP resides on the Data Link layer. L2TP Layer
2 Tunneling Protocol. Simhttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlular
to PPTP but supports RADIUS and TACACS for authentication and IPSec and IKE for
encryption and key exchange. L2TP supports multi-protocol tunneling. L2TP resides
on the Data Link layer. IPSec This is a network-layer encryption and security
mechanism that can be used a standalone VPN solution or as a component of an L2TP
VPN solution. It supports DES (hacked) and 3DES (recommended) as well as 128/160 bit
encryption. IPSec further support the use of AH (Authentication Header) security and
文档下载 免费文档下载
http://doc.xuehai.net/
ESP (Encapsulation Security Payload). AH secures the IP header; ESP secures the entire
packet. IPSec resides on the Network layer.2Split tunnelingPlain old telephone
systemCISSP2-12
Telecommunication and Network SecurityR EMOTE ACCESS A UTHENTICATIONThere are three
technologies for authentication: RADIUS A UDP based industry standard for
authentication via a client/server model. The user is asked for a name and password
whhttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlich is checked against a
database. RADIUS simply allows or denies access. TACACS an older and end-of-life
authentication technology. TACACS
Like RADIUS it separates the authentication and
authorization capabilities but uses TCP for connectivity. Therefore it is regarded
to be more reliable than Radius.2.8 Networking ProtocolsTCP/IP is a suite of protocols
developed by the Department of Defense. It was designed following a four layer
architectural model:APPLICATIONPRESENTATIONAPPLICATIONSESSION TRANSPORT / HOST TO
HOST INTERNETTRANSPORTNETWORKDATALINK NETWORK PHYSICALApplication layer run on a
network.It provides for the application, services and processes thatTransport layer
The host-to-host layer. It is responsible for handling the end-to-end data delivery
on a network. Internet layer the network. Network layer Provides logical addressing
and routing of IP datagrams on Responsible for the physical delivery of
http://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmldata
on
the
network.A
PPLICATION LAYER P ROTOCOLSThese protocols are services. Some of the common protocols
are: Bootstrap Protocol BootP provides automatic configuration of diskless
workstations by looking up the MAC-address in the BootP-file. If found, it sends the
necessary information tot complete the system boot process. File Transfer Protocol
FTP is used to send and receive files between two systems. It provides authentication
using clear-text passwords. It doesn t provide for remote execution of programs. Line
Printer Daemon LPD is used in conjunction with LPR (Line Printer Remote) for
connecting to network-attached print devices. Network File Systems ments. NFS is a
file-sharing protocol used in UNIX environ-Post Office Protocol 3 POP3 provides for
the connecting to and receipt of email from a mail server to the email client. Simple
文档下载 免费文档下载
http://doc.xuehai.net/
Mail Transfer Protocol SMTP provides for the delivery of email across servers. POP3
is reshttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlponsible for the receipt
of email; SMTP for sending it. Simple Network Mangement Protocol SNMP supports the
transmission and collection of management information and statistics for network
devices. ItCISSP2-13
Telecommunication and Network Security sends traps whenever a network event occurs.
It also allows administrators to make changes on remote systems via set operations.
The information that a device can report on is maintained via MIBs (files containing
Management
Information
Bases).
Telnet
A
command
line
functionality
(terminal-emulation program) used to execute commands and run applications. Not
suitable for file transfers. Trivial File Transfer Protocol TFTP is a subset of FTP
for file transfer. It doesn t support authentication and directory browsing and is
used for updating the configuration files of routers and switches. X Windows A
protocol
that
allows
remote
display
of
a
GUI.T
RANSPORT
LAYER
P
ROTOCOLShttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlThe most significant
Transport layer protocols are TCP and UDP. Compared with communicating between two
people TCP can be seen as using a telephone; UDP as using a letter. TCP and UDP use
port numbers as endpoints of communications. TCP TCP is responsible for creating
connection-oriented, reliable end-to-end communications between host systems. It
does this via series of synchronizations (SYNs) and acknowledgements (ACKs) prior
to data transfer. This is called the TCP three-way handshake. It also uses windowing
to determine how much data can be send before an ACK must be received. TCP also uses
sequence numbers for the segments it sends. UDP UDP is responsible for connectionless
(doesn t check if a designation is up, just sends), unreliable end-to-end
communications between systems. It is used when the receipt of data is not important
(streaming audio/video) or when the overhead of ensuring the reliable delivery is
too high. TCP Acknohttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlwledged
data transfer Uses sequencing Connection-oriented Reliable Higher overhead UDP
Unacknowledged data transfer Does not use sequencing Connectionless Unreliable Lower
文档下载 免费文档下载
http://doc.xuehai.net/
overheadTCP/IP protocols are: Host-to-host Transport Layer Protocols such as TCP and
UPD. Internet Layer Protocols such as IP, ARP/RARP en ICMP. TCP/IP provides simplex,
half-duplex and full-duplex connections.I NTERNET LAYER P ROTOCOLSThe Internet layer
is TCP/IP. Some common Internet-layer protocols are: IP Responsible for handling the
logical addressing of hosts. IP is considered to be unreliable which is fine because
TCP can provide reliability if needed. I nternet Control Message Protocol ICMP is
a management and control protocol for IP and is responsible for delivering messages
between hosts regarding the health of a network. It is used by IP diagnostic tools
such as PING and Traceroute. ARP IP addresses and their respective MAC addresses.
It issues an ARhttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlP broadcast
with an IP address and the host that owns the IP address responds with its MAC address.
Reversed ARP RARP is used to discover the IP-adresses if the MAC-address is known.
It is used in diskless workstations to get the IP configuration information from a
RARP server.2.9 Protecting the Integrity, Availability and Confidentiality of
Network DataT HE CIA- TRIADConfidentiality Confidentiality is ensuring that the data
transmitted is only able to be read by the intended recipient. Confidentiality can
be protected by network security protocols, network authentication services of data
encryption services.CISSP2-14
Telecommunication and Network Security Integrity Integrity is the assurance that the
data that was received is the data that was transmitted. Techniques are
nonrepudiation3, firewall systems, communication security and intrusion detection
systems.
Availability
is
a
concept
that
can
creahttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlte
be
applied
reliability
to
and
stability of network systems and applications. It ensures tat data is available when
required. Techniques are fault tolerance of disks, systems and backups, acceptable
log-in and process performance, reliable and functional security processes and
mechanisms.AvailabilityS ECURITY B OUNDARIES AND T RANSLATING S ECURITY P OLICY TO
CONTROLSThere are three major groupings of networks: External subnets Containing
those resources that the administrator has no control over (Internet). Systems
文档下载 免费文档下载
http://doc.xuehai.net/
connected to the boundary must be hardened (run the bare minimum of services and
applications). Internal subnets Containing those resources that the administrator
has control over. The key to securing internal subnets is the separation of resources,
auditing of transactions and the definition of an enforceable security policy.
Screened subnets Also referred at as DMZ, are used to provide limited access to
external users. An examplhttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmle is
allowing external access to a server by port 80 but preventing other external access
by packet filtering. Type enforcement Type enforcement is about defining groups of
processes into domains and types based on least privilege. You group resources based
on how it can be used and by whom. Access is only granted to users who need the data.
These groups of resources can further be separated onto different servers and subnets
to provide for granular audit and access control.T RUSTED N ETWORK I NTERPRETATIONThe
DoD develop a series of books the Rainbow Series of which the Orange Book is well
known. The Orange Book defines the TCSEC (Trusted Computer Security Evaluation
Criteria). The other books expound upon the concepts described in this book. See
paragraph TCSEC The Orange Book and the Rainbow Series on page 6-4 for a detailed
description. Security policy A security policy should: Clearly define what is and
is not permitted by bothttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlh users
and administrators; Serve as the guideline for defining the types of resources and
access that users require to those resources; Define the procedures that should be
followed in the event of a compromise.N ETWORK LAYER S ECURITY P ROTOCOLSThough
encryption occurs at the Presentation layer, protocols have been designed to provide
this functionality at the Network layer: IPSec IPSec offers two choices of security:
AH and ESP. AH (Authentication Header) authenticates the sender but the payload is
not encrypted. ESP (Encapsulated Security Payload) also authenticates the sender but
also encrypts the payload. Key management is handled by the ISAKMP/Oakley protocol.
IPSec functions in tunnel and transport mode. Tunnel mode is used to encapsulate the
entire original IP datagram in situations where the datagrams are sourced or destined
to systems that do not use IPSec (i.e. in the case of a VPN). Transport mode
encapsulates the uppehttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlr layer
文档下载 免费文档下载
http://doc.xuehai.net/
(Transport layer and above) data of the original packet and is used in cases where
the end points of communications both support IPSec. A drawback of IPSec is that it
is largely incompatible with NAT because IPSec requires that data integrity not be
compromised and NAT translates data midstream between hosts. Because source addresses
are changed, the data is dropped. A workaround is encapsulating IPSec traffic in TCP
or UDP. SWIPE SWIPE is the predecessor to IPSec and provides encryption at the Network
layer by encapsulation the packet within the SWIPE packet. It does not have policy
or key management functionality. Simple Key Management for Internet Protocol SKIP
is a stateless Network layer encryption mechanism for primarily SUN Solaris
environments.3Nonrepudiation is a way to guarantee that the sender of a message cannot
later deny having sent the message and that the recipient cannot deny having received
the
message.
Shttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlee
also
Nonrepudiation on page 3-2.CISSP2-15
Telecommunication and Network Security(1) According to the DoD these protocols
resides within the Application layer.T RANSPORT LAYER S ECURITY P ROTOCOLSSSL A well
known security protocol is SSL (Secure Socket Layer) which is supported by firewalls
and tunneling. It provides data encryption, server authentication, data integrity
and optional client authentication via TCP/IP. It is primarily used for HTTP-traffic
and securing the communications between Web browsers and Web servers. SSL uses digital
certificates for server authentication, encryption for transmission privacy and
end-to-end connections to ensure data integrity. TLS (Transport Layer Security) is
the successor to SSL. Though built on SSL 3.0, it does not support SSL directly.TLSA
PPLICATION LAYER S ECURITY P ROTOCOLSFor securing email the following protocols are
widely
used:
S/MIME
Secure
Multipurposehttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.html
/
Internet
Mail
Extensions. Based on MIME to secure email transmissions and RSA encryption, is
provides for cryptographic security through MIME encapsulation of digitally signed
and encrypted objects. It ensures that authentication, nonrepudiation, message
integrity and confidentiality occur. PEM Privacy Enhanced Mail. PEM provides for
文档下载 免费文档下载
http://doc.xuehai.net/
message encryption and authentication by using symmetric (secret-key) and asymmetric
(public-key) encryption methods for encryption of data encryption keys. through
encapsulation Secure / Multipurpose Internet Mail Extensions. It is rarely used. For
securing financial transactions the SET protocol can be used. SET Secure Electronic
Transmission is a framework for protection against credit card fraud. It uses a PKI
(Public Key Infrastructure) to provide for the confidentiality and integrity of the
cardholder data, while at the same time providing for the authentication of the card.N
ETWORK M ONITORING Ahttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlND P ACKET
S NIFFERSPacket sniffing is about capturing the data on a segment. A packet sniffer
can be used to observe traffic patterns that the software uses and use that information
to configure perimeter security devices (pattern-based application recognition).I
NTRUSION D ETECTIONIntrusion detection is the process of monitoring systems for
evidence of an intrusion or misuse. Intrusion Detection Systems (IDSs) are
responsible for performing the following tasks: Monitoring and analyzing user, system
and network access Auditing system configurations and vulnerabilities Assessing the
integrity of system and data files Recognizing activity patterns that would seem to
indicate and incident Analyzing abnormal use patternsCISSP2-16
Telecommunication and Network Security Operating system auditing Automatic patching
of vulnerable systems through recovery actions and scripting (*) Installing and
monitoring decoy servers thttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlo
gather information (*) (*) Only with advanced IDSs.There are two kinds of IDSs:
network-based versus server-based and knowledge-based versus behavior-based IDSs.
Network- based IDSs These IDSs analyze packets real time against a known database
or pattern attacks and are typically deployed to monitor traffic on a network segment.
Host- based IDSs These IDSs are often system-centric in their design. Most host-based
IDSs are designed to monitor logins and processes, typically through the use of
auditing system logs. These IDSs are designed to specifically identify inappropriate
activity on the host system only and are agent-based (an agent is required to be
running on monitored system. As a result, host-based IDSs can be difficult to deploy
文档下载 免费文档下载
http://doc.xuehai.net/
and manage. Knowledge- based IDSs These IDSs are network- or host-based. It maintains
a database of known attacks and vulnerabilities and detects whether attempts to
exploit
these
vulnerabilities
http://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlare
occurring.
Knowledge-based IDSs are more sometimes referred to as signature based. Benefits of
knowledge-based IDSs are: - Low degree of false positives; - Alarms are easy to
understand. Drawbacks are: - Resource intensive because it must be constantly updated;
- New attacks can go unnoticed because of outdated signature files. Behavior- based
IDSs These IDSs are more complex than knowledge-based IDSs because they are capable
to learn. Sometimes it is referred at as anomaly based IDSs. Benefits of
knowledge-based IDSs are: - Systems can dynamically respond to new, original or unique
exploits and attacks; - Not dependent on specific operating systems. Drawbacks are:
- High false alarms are very common; - In environments where the usage patterns of
users and network resources frequently change, the IDS is unable to establish a
baseline of normal behavior upon which to base any deviations. Active IDSs check
real-time
for
pashttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlsive
attacks;
IDSs
do
log
analyzing.I NTRUSION R ESPONSEIntrusion Response occurs after an event has been
detected. It is often defined as a part of the responsibilities of a CIRT. The primary
response of a CIRT is to define and execute the company s response to an incident
via a process known as Incident Response Management. The CIRT response consists of
the following: Coordinate how the notification and distribution of incidents should
occur. There should be a defined escalation path. Mitigate the risk of an incident
by minimizing disruptions and the costs involveld in remediating the incident.
Assemble teams of people to investigate and resolve potential incidents. Provide
active input in the design and development of the company security policy. Manage
and monitor logs. Manage the resolution of incidents, including post mortems of
incidents.N ETWORK A DDRESS T RANSLATIONTypically NAT translates each internal
address to a unique exterhttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlnal
address (one to one mapping). PAT (Port Address Translation) performs one to many
文档下载 免费文档下载
http://doc.xuehai.net/
mapping by using unique port numbers. Inbound NAT Inbound NAT is used to provide access
to internal resources in conjunction with policy routing. The administrator creates
a table in which an entry maps the externally used IP address to the internally used
IP address (the system that provides a service). Inbound NAT can also be used with
PAT.CISSP2-17
Telecommunication and Network Security Because NAT can hide the internal IP addresses,
it provides a (light) degree of security. Effectively NAT provides a boundary between
networks. It does not protect against spoofing. Therefore NAT is nothing more than
a component of a security solution. Another drawback is the incompatibility of many
types of encryption. NAT receives packages, builds a new package and sends it to the
host.
A
response
from
the
host
is
translated
and
sent
to
the
origihttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlnal requestor. As many
encryption methods do not allow manipulation of data, the package is rejected. Unless
the NAT-device is configured not to do so. Another alternative is to encapsulate the
encrypted data in TCP or UDP before sending it.P UBLIC AND P RIVATE IP A DDRESSESIANA
There are five blocks of IP Addresses reserved by the IANA (Internet Assigned Numbers
Authority: Class A B C D E Public IP Ranges 1.0.0.0 to 9.255.255.255 11.0.0.0 to
126.255.255.255 128.0.0.0 to 171.255.255.255 173.0.0.0 to 191.255.255.255 192.0.0.0
to 195.255.255.255 197.0.0.0 to 223.255.255.255 224.0.0.0 to 239.255.255.255
248.0.0.0 to 255.255.255.255 Experimental use. Multicast IP addresses3 Blocks of IP
addresses are reseverd for private network use: 10.0.0.0 to 10.255.255.255 172.16.0.0
to 172.31.255.255 192.168.0.0 to 192.168.255.255 Available IP addresses are:
127.0.0.0 to 127.255.255.255 (loopback IP-addresses) 224.0.0.0 to 243.255.255.255
240.0.http://doc.xuehai.net/bff69c6183e6980b054e00dcd.html0.0 to 247.255.255.255T
RANSPARENCYTransparency is the ability of a device to not appear to exist. By not
responding to illegal request an attacker doesn t know what kind of device exist at
a given IP address. Another method of transparency is to configure a device to receive
packets but not be able to send (like IDSs).H ASH T OTALSHashing is the process of
assigning a value to represent some original data string. The value is the hash total.
文档下载 免费文档下载
http://doc.xuehai.net/
An example of the usage of hash totals is the Windows authentication. The client
generates a hash total based on the password and sends it to the domain controller
for validation against a database with hash totals.EMAIL S ECURITYSMTP-servers should
not permit relaying of mail because spammers look for these servers to send bulk mail.
If you don t, you may be added to various black lists of Internet servers. Other email
servers
will
not
accept
mail
from
blacklisted
servers.F
ACSIMILE
Ahttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlND P RINTER S ECURITYOne
should think carefully about the use of printers and faxes. Often they are used by
several employees but maybe it would be better to place them in separate rooms with
restricted access. The best way to handle the disposing of documents is to burn
them.COMMON A TTACKS AND COUNTERMEASURESThere are six classifications of network
abuse: Class A thru Class F abuses.CISSP2-18
Telecommunication and Network Security Class A Abuses A class A network abuse is the
result of unauthorized network access through the circumvention of security access
controls. This is sometimes referred at as logon abuse. Techniques for class A network
abuses are: Social Engineering Brute force Class B Abuses A class B network abuse
is defined by non-business use of systems. Examples are visiting unauthorized
websites or using companies resources for personal benefit. An acceptable user policy
(AUP)
and
securihttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlty
enforceable
policy
is
an
effective way to handle class B network abuses. Types of these kind of abuses are:
PBX fraud and abuse Email and Internet abuse Class C Abuses Class C network abuses
are identified by the use of eavesdropping techniques. Examples are: Network sniffing
Dumpster diving (going through the trash) Keystroke recording Class D Abuses A class
D network abuse is identified by denial of service saturation of network devices and
resources. Examples are: SYN flooding Buffer overflows Teardrop attacks The use of
overlapping IP fragments LAND attacks A packet with the same source and destination
IP address SMURF attacks Using ICMP to spoof ICMP echo requests to a network broadcast
address. DDos attacks Multiple hosts attacking one device and using all its bandwidth.
文档下载 免费文档下载
http://doc.xuehai.net/
Class E Abuses A class E network abuse is defined by network intrusion and prevention.
Examples are: Spoof attacks An attacker appearing to be something other than he
ishttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.html. A common spoof attack is an
ARP redirect in a switched environment. Trojans Viruses and worms Back doors The only
remedy is a format and complete rebuilding TCP hijacking Inserting TCP-packets by
using the sequence numbers. Piggy-backing The process of using a legitimate user s
connection to gain access to a system (i.e. by using open not correctly closed
connections) Class F Abuses A class F network abuse refers to probing attacks. First
information is gathered about the network. Examples are: Port scans Banner abuse many
services use banners that include information about the type of system the service
is running on. Examples are HTTP, FTP and SMTP banners. This information can be used
to determine the types of exploits to which a system might be vulnerable. Sniffing
-2.10 Fault Tolerance and Data RestorationReliability of data can be handled through
the use of redundant array of inexpensive disks (RAID). There are five levels
http://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlof
RAID:
Striping
RAID
0
Creates one large disk by using several disks. Used to improve performance by
simultaneous reads and writes through striping of data across multiple disks. It
provides no fault tolerance. RAID 1 Mirroring: data on one disk is duplicated on
another disk. Fairly expensive because it requires the double amount of storage. RAID
2 No longer in use. Used multiple disks and parity information. It consists of
bit-interleaved data on multiple disks. Parity information is created using a hamming
code. There are 32 disks used for storage and 7 for parity.Mirroring Hamming Code
ParityCISSP2-19
Telecommunication and Network Security RAID 3 Similar to RAID 0 but now uses parity
information. Performs bytelevel striping. Parity information is stored on a specific
parity drive. RAID 4 As RAID 3 but it performs block level striping across multiple
drives.
RAID
5
Stripes
data
and
parity
at
acrohttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlss
the
block
level
all
drives
using
interleave parity for data re-creation. Reads and writes can be performed
文档下载 免费文档下载
http://doc.xuehai.net/
simultaneously, offering a very good performance. RAID 7 A variation of RAID 5 wherein
the array functions as a single virtual disk in the hardware. Clustering technologies
are used to prevent a server entirely fail. There are two types of clustering concepts:
Data clustering Two data servers are configured exactly the same; one is the mirror
of the other. There is a fail-over link between the 2 servers. Load balancing Network
services clustering or Server clustering Load balancing. Used to improve system
performance by distributing network requests among multiple servers who have the same
functionality. Of course you need data backups. Popular backup methodologies are:
Full backup All data is saved every time. Can cost a lot of time and tapes. Backing
up only the changed and added files. Incremental backupByte Level Parity Block Level
Parihttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlty
Interleave
ParitySingle Virtual DiskDifferential backup All files that have changed since the
last full backup are back upped. You only need the full backup tape and the last
differential backup tape. Backup-media: Digital audio tape (DAT) Quarter-inch
cartridge (QIC) 8mm tape Digital linear tape (DLT) CD/DVD Zip Tape array Hierarchical
storage management (HSM) Cheap and compact; max. 40 Gb 50 Gb (most systems 8 Gb) Older
system; replaced by DLT 4 mm tape; up to 320 Gb; very fast Widely used for desktop
backup For desktop backup; up to 250 Mb Cluster of 32-62 tape drives; RAID fashion
Methodology for backing up and restoring data in an enterprise.Identity Management
Is a general term and encompasses technologies including password management
(synchronization and self reset), user provisioning and access management. Enables
and maintains user access to network resources. This includes the creation of the
user
entity
(functionahttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmllity
typically found in a human resource applications), authorization and permissions (SSO
and password management functionality), and a single point of administration for
de/provisioning accounts (as in provisioning).2.11 AddendumData transmission
methods: Asynchronous Data transmission method using a start bit at the beginning
of the data value and a stop bit at the end. Synchronous A message framed transmission
method that used clock pulses to match the speed of data transmission. Isochronous
Synchronous data transmission without a clocking source, with the bits sent
文档下载 免费文档下载
http://doc.xuehai.net/
continuously and no start or stop bits. Pleisiochronous A transmission method that
uses more than one timing source, sometimes running at different speed. It requires
master and slave clock devices. The enforced path refers to the limitations for
network access to users. Individuals are authorized access to resources on a network
through
specific
paths.
The
user
is
http://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlnot authorized to access a
resource through a different route. VPN is an example of an enforced path.CISSP2-20
3Security Management and PracticesF UNDAMENTAL P RINCIPLES3.1 Defining Security
PrinciplesCIA: I NFORMATION S ECURITYCIA-triadSThe building blocks, or primitives,
based on the question What do we pr ot ect , w hy and how of any security program
are: Confidentiality Integrity Availability Confidentiality describes the secrecy
of the information asset. It is about determining the level of access in terms of
how and where the data can be accessed. This can be classified by a degree of
confidentiality. Protections however are as good as the security program itself.
Therefore you must pay attention to the tools used, install safeguards (such as
encryption) and be aware of social engineering techniques (which require a high level
of
user
awareness).
Integrity
justifies
the
cost
of
maintainihttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlng
collecting
and
the
You
data.
should put mechanisms in place to prevent attacks on storage of data (contamination)
and on its transmission (interference). Protecting data involves both storage and
network mechanisms. There are malicious and non-malicious attacks on the integrity
of data. The first kind are viruses, back doors and logic bombs. Non-malicious attacks
are caused by users by entering invalid or inaccurate data, by not following the
procedures, or using wrong programs to access data. You have to give users awareness
trainings and programs should be tested before they are placed on the network. In
network environments, data can be encrypted to prevent its alteration. Availability
is the ability of users to access an information asset. The organizational policies
should
specify
various
controls
and
procedures
to
help
maintain
availability.Contamination InterferenceP RIVACYPrivacy relates to all the elements
文档下载 免费文档下载
http://doc.xuehai.net/
of the CIA-triad. It consihttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlders
which information can be shared with others (confidentiality), how that information
can be accessed safely (integrity), and how it can be accessed (availability). Several
laws and acts, such as the U.S. Federal Privacy Act (1974) and the Health Insurance
Portability and Accountability Act (HIPAA) pay attention to this issue. However, laws
and regulations have difficulty to keep up with the technology. Therefore
organizations should look at the privacy of their own information assets. They should
have a privacy statement which must reflect how the data is handled and available
to the users which information is being collected.I DENTIFICATION AND A
UTHENTICATIONInformation security is the process of managing the access to resources.
If an entity requires access to an information resource, you must identify
(identification) it and verify that the entity is who he claims to be (authentication).
In
most
cases
this
process
is
a
two-http://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlstep process. The first
step is identification. Identifiers can be public or private and are tied directly
to the entity. Normally a username is used. The second step is authentication. What
the entity knows What the entity has Who or what the entity is Strong authentication
There are three types of authentication: A PIN or password An access card, a smart
card or token Usually identified through biometricsIf two or more are used, it is
called strong authentication. Passwords and PINs are the most common forms of
authentication. They are also the weakest link because users tend to create easily
guessed passwords. Password management tries to create a balance between creating
password that cannot bePassword managementCISSP3-1
Security Management and Practices guessed an password users don t need to write down.
Methods for password management are: Password generators Usually third party products
which create passworhttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlds out of
random characters. Password checkers Tools that check passwords for their probability
of being guessed. Limiting login attempts Setting a threshold for login failures after
which an account is locked. Challenge- Response Cognitive passwords. Using random
文档下载 免费文档下载
http://doc.xuehai.net/
selected questions which the user has to answer; normally used by voice response
systems. Token devices come in two versions: synchronous an asynchronous. Synchronous
token devices are time-based and generates a value that is valid for a set period
of time. An asynchronous token device uses a challenge-response mechanism to
determine whether the user is valid. The server displays a challenge, the users enters
that challenge into a token device and generates a token value. This value is entered
by the user after which the server verifies the value with an authentication server.
Cryptographic keys combine the concepts of something you have and something you know.
The user has http://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmla private key that
is used to sign a common hash value that is sent to the authentication server. To
strengthen the authentication process, the user is asked to enter a PIN or passphrase
that is also added to the hash.N ONREPUDIATIONNonrepudiation is the ability to ensure
the authenticity of a message by verifying it using the message s digital signature.
You can verify the signature with the public key obtained from a trusted certification
authority (CA).A CCOUNTABILITY AND A UDITINGSystem events can be tracked by using
audit records. Systems and security administrators use these records to: Produce
usage reports; Detect intrusions or attacks; Keep a record of system activity for
performance tuning; Create evidence. Accountability4 is created by logging the system
events with the information from the authenticated users, including all necessary
information such as date, time and network addresses. If you set up auditing, you
hahttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlve
to
decide
how
much
information you want to gather by defining a threshold or clipping level. The auditing
of systems require active monitoring (such as keystroke monitoring) and passive
monitoring (examining audit data). It is important to protect the integrity of the
audit data. Not only for the analysis of this data, but also for law enforcement.
For use of this data in legal proceedings you must prove that the integrity of the
data has been maintained and there was no possibility for it to be altered. This is
called proving the chain of custody.3.2 Security Management PlanningBefore
information security policies can be created, the management should plan a risk
analysis on the information assets. A risk analysis identifies the assets, determine
文档下载 免费文档下载
http://doc.xuehai.net/
the risks to them and assign a value to their potential loss. Using this, the
management can make decisions to policies that best protect those assets by minimizing
or mitigating the rhttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlisks.3.3
Risk Management and AnalysisRisk management Risk management is the process of
assessing risk and applying mechanisms to reduce, mitigate or manage risk to the
information assets. Its purpose is not to create a totally4The principle that
individuals, organizations and the community are responsible for their actions and
may be required to explain them to others.CISSP3-2
Security Management and Practices secure environment but to define where risks exists,
the probability that they occur, the damage that they cause en the costs of securing
the environment. It is not possible or too expensive to reduce all risks to zero.
You must look at the likelihood of each risk and either look for other mitigations
or accept it as a potential loss. Assessing risks, you must consider the types of
loss (risk category) and how the risk may occur (risk factor). Risk categories The
risk
categories
are:
Damage
loshttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmls
a
of
an
physical
asset
of
the
inability to access it Disclosure disclosing critical information Losses permanent
or temporary loss of data. The risk factors are: Physical damage Malfunctions Attacks
Human errors Application errorsRisk factorsR ISK ANALYSISRisk analysis Risk analysis
identifies the risks, quantifies the impact and assesses a cost for mitigating the
risk. It also assesses the possibility that the risk will occur in order to weigh
the cost of mitigation. Risk analysis consist of three steps: 1. Asset identification
and Valuation 2. Risk Assessment and Analysis 3. Select and implement countermeasures
On completion of the risk analysis the risk manager performs a cost-benefit analysis
(CBA) comparing safeguards or the costs of not adding safeguards. Costs are given
as an annualized cost and are weighed against the likelihood of occurrence. As a rule,
safeguards are not employed when the costs outweigh the potential loss. In
fahttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlct you can do three things:
1. Do nothing and accept the risk 2. Reduce the risk by implementing countermeasures
文档下载 免费文档下载
http://doc.xuehai.net/
and accept the residual risk 3. Transfer the risk to an insurance companyI DENTIFYING
THREATS AND V ULNERABILITIESThe risk analysis should identify the threats and
vulnerabilities that could occur. As environments can be very complex, a
vulnerability in one area of the business could easily affect another area of the
business. This is called a cascading error. These errors may be caused by malicious
attacks or by errors in processing (called illogical processing). Threat agent
Identifying the threats to assets is the process of identifying the t hreat agents.
These are what cause the threats by exploiting vulnerabilities and can be human,
programmatic or a natural disaster. After the threat agents, vulnerabilities and
risks have been identified, the risk concentrates on the loss potential. This is what
would be the loss http://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlif the threat
agent is successful in exploiting a vulnerability. This should include the delayed
loss; the amount of loss that can occur over time. Think of loss in productivity,
loss of clients and business et cetera.Loss potential Delayed lossA SSET V
ALUATIONAssets and risk can be valued the quantitative way (money) and the qualitative
way (ranking threats and the effectiveness of countermeasures). The steps in a risk
assessment are: 1. Identify the assets 2. Assign values to the assets 3. Identify
the risks and threats corresponding to each asset 4. Estimate the potential loss from
that risk or threat 5. Estimate the possible frequency of the threat occurring 6.
Calculate the cost of the risk 7. Recommend countermeasures or other remedial
activitiesCISSP3-3
Security Management and Practices Identify the assets These are the systems, network
components
and
information.
Assign
values
to
the
assets
To
determine
http://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlthe value use the following
questions: How much revenue does this data generate? How much does it cost to maintain?
How much would it cost if the data were lost? How much would it cost to recover or
re-create? How much would it be worth to the competition? Identify the risks and
threats corresponding to each asset Use your common sense to determine all risks and
threats to each asset. Estimate the potential loss from that risk or threat Think
文档下载 免费文档下载
http://doc.xuehai.net/
of replacement costs and loss of productivity. The estimated cost is used to calculate
the single-loss expectancy (SLE). This is the amount of the potential loss for a
specific threat. Estimate the possible frequency of the threat occurring The
frequency of occurrence is used to estimate the percentage of loss on a particular
asset because of a threat. This is called the exposure factor (EF). If a fiber-optic
cable between two buildings is cut causing 20% of the infrastructure to become
inoperablhttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmle, the EF is 20%.
Next the annualized rate of occurrence (ARO) is calculated. This is the ratio of the
estimated possibility that the threat will take place in a one year time frame varying
from 0.00 (never) to 1.00 (certain). If a threat takes place once every four years,
the ARO is 0.25. Calculate the cost of the risk Based on the information gathered
in the previous steps, the annualized loss expectancy (ALE) can be calculated. The
ALE tells the analyst the maximum amount that should be spent on the countermeasure
to prevent the threat from occurring. SLE = asset value x EF ALE = SLE x ARO Asset
NOC Web servers Threat Fire Power failure Value 500.000 25.000 EF 0.45 0.25 SLE 225.000
6.250 ARO 0.20 0.50 ALE 45.000 3.125SLEEFAROALEQ UALITATIVE R ISK A NALYSISTo do a
qualitative risk analyses you first identify the major threats and analyze the
scenarios for the possible sources of the threat. The scores show the likelihood
http://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlof the threat occurring, the
potential for the severity and the degree of loss. Additionally potential
countermeasures are analyzed by ranking them for their effectiveness. Finally the
scores for the threat are compared to the countermeasures. If the score for the
countermeasure is greater than the threat, is means that the countermeasure will be
more
effective
in
EVALUATIONDetermining
protecting
the
most
the
asset.COUNTERMEASURE
cost-effective
S
countermeasure
ELECTION
is
called
AND
a
cost/benefit analysis. The calculation is as follows: Value of countermeasure = ALE
(without countermeasure) Cost (safeguard) ALE (with countermeasure). In the example
of the Web servers. If a UPS is purchased ( 1.000) it reduces the EF to 0.05. The
change that an outage lasts longer than the UPS occurs once in five year (ARO=0.20).
ALE (with UPS) = Cost x EF x ARO Value of countermeasure = 25.000 x 0.05 x 0.20 =
文档下载 免费文档下载
http://doc.xuehai.net/
250
=
3.125
1.000
250
=
1.875.The
bhttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlenefit
of
this
countermeasure = 1.8751.000 = 875 per year.CISSP3-4
Security
Management
and
Practices3.4
Policies,
Standards,
Guidelines
ProceduresPoliciesStandardsGuidelinesProceduresPoliciesInformation
and
Security
Policies are high-level plans that describe the goals of the procedures. They describe
security in general terms. Information Security Policies are the blueprints, or
specifications, for a security program. The first step in writing policies is to
determine the overall goal. Secondly you have to determine for which systems and
processes you want to write a policy. There is no need for one document which describes
all policies; it is better to write one policy for each topic, such as user and physical
policies, access control policies or external access policies. The third step is to
identify what is to be protected. You need to have a complete inventory of the
information
assets
thttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlhe
supporting
business
processes.
Including any material that has the organization s name or logo on it. The fourth
step is to identify from whom it is being protected. The focus should be on who can
access resources and under what conditions. Some considerations for data access are:
Authorized and unauthorized access to resources and information Unintended or
unauthorized disclosure of information Enforcement procedures Bugs and user
errors.BaselinesBaselines are used to create a minimum level of security necessary
to meet policy requirements. Baselines can be configurations, architectures or
procedures. Standards and baselines describe specific products, configurations or
other mechanisms to secure the systems. In cases in which security cannot be described
as a standard or set as a baseline, you need guidance: recommendations are created
as guidelines; i.e. for risk analyses. You do not describe in detail how to perform
an audit; a guidelhttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmline can
specify the methodology leaving the team to fill in the details. Procedures describe
how to use the standards and guidelines to implement the countermeasures that support
文档下载 免费文档下载
http://doc.xuehai.net/
the policy. The kinds of procedures differ per organization but the following are
quite common: Auditing what to audit, how to maintain audit logs. Administrative
separation of duties. Access control how to configure authentication and other access
control features Configuration firewalls, routers, switches and operating systems
Incident response how to respond to security incidents Physical and environment air
conditioning for server rooms, shielding of Ethernet cables. Implementation of these
procedures is the process of showing due diligence in maintaining the principles of
the policy. True diligence is important because it demonstrates commitment to the
policies.GuidelinesProcedures3.5 Roles and ResponsibilitiesManagement The most
important role behttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmllongs to the
management who must set the tone for the entire information security program. They
have to become part of the process. This involves showing leadership in the program.
Further more the management is responsible for doing the risk analysis and conveying
this to the technical people responsible for implementing these policies.CISSP3-5
Security Management and Practices Users One way to ensure that every employee knows
that security is part of his job is to make it part of each job description. After
it has been made part of the job description, it becomes something that can be
considered in performance evaluations. The same goes for outside contractors and
vendors. They should include similar language within their statements of work. The
IT staff is responsible for implementing and maintaining organization-wide
information security policies, standards, guidelines and procedures. They should
provide input inthttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlo security
awareness education programs and ensure that everyone knows his role in maintaining
security. Information security must also integrate into the business environment.
Jobs that support security through the processes should be defined. One way of doing
this is separation of duties and assigning ownership to assets. Further more you must
consider how security is administered throughout the organization. There should be
a central information security management group who is in charge of the monitoring
and enforcement of the policy and procedures.IT staff3.6 Understanding Protection
文档下载 免费文档下载
http://doc.xuehai.net/
MechanismsProtection mechanisms are used to enforce layers of trust between security
levels of a system. Trust levels are used to provide a structured way to
compartmentalize data access and create a hierarchical order. There are four
protection mechanisms: Layering Processes are placed in layers/zones and need to
request
access
to
a
rhttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlesource
protected
in
another
layer/zone. BellLaPadula is an application of this concept in military systems.
Abstraction Object-oriented design Data Hiding and programming. Encryption
Encryption uses cryptography to convert data into an unintelligible form.3.7
Classifying DataCommercial classification Commercial classification of data
consists of five levels: Sensitive Most limited access; should not be disclosed.
Confidential Less restrictive within the company but might cause damage if disclosed
Private Compartmental data which must be kept private. Proprietary Data that is
disclosed outside the company on a limited or restricted manner Public The least
sensitive data which would cause the least harm if disclosed. Government
classification of data is based on laws, policies and executive directives which
sometimes conflict which each other. This classification consists of five levels:
Top
Secret
Disclosure
would
cause
severe
natihttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlonal
damage
security.
to
Secret
Disclosure would cause serious damage to national security. Confidential Data that
is exempt from disclosure under laws such as the Freedom of Information Act but is
not classified as national security data. Sensitive But Data that is not considered
vital to national security but its disclosure would do some harm (i.e. data from
citizens). Unclassified (SBU) Data that is disclosed outside the company on a limited
or restricted manner Unclassified Data with has no classification or is not sensitive.
Criteria for setting a classification scheme are: Who should be able to access or
maintain the data? Which laws, regulations, directives or liability might be required
in protecting the data? For government organizations, what would the effect on
national security be if the data were disclosed? For nongovernmental organizations,
what would the level of damage be if the data was disclosed or corrupted? Where is
文档下载 免费文档下载
http://doc.xuehai.net/
the datahttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.html to be stored? What is
the value or usefulness of the data?Government classificationCISSP3-6
Security Management and Practices The steps for creating data classification
procedures are: 1. Set the criteria for classifying the data. 2. Determine the
security controls that will be associated with the classification. 3. Identify the
data owner who will set the classification of the data. 4. Document any exceptions
that might be required for the security of this data. 5. Determine how the custody
of the data can be transferred. 6. Create criteria for declassifying information.
7. Add this information to the security awareness and training programs so users can
understand their responsibilities in handling data at various classifications.3.8
Employment Policies and PracticesEmployment policies can be used to protect
information security assets by setting guidelines for: Background checks and security
clearances
Employhttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlment
agreements, hiring and terminations Setting and monitoring of job descriptions
Enforcement of job rotation Employment agreements are made to protect the
organization from the inner threat. By having the employer sign the agreements, the
organization has the ability to enforce the policies behind them. You can use an UAP,
which summarizes the overall information policy for the users, to make the other aware
of the security policies. When a contract with an employee (or contractor) is
terminated, all access rights should be revoked immediately. Also, the former
employee or contractor should be escorted out of the building. Job descriptions define
the roles and responsibilities for each employee. Within these roles and
responsibilities, procedures are used to set the various access controls.3.9 Managing
Change ControlChange control, configuration management and revision control help to
determine
the
security
impact
of
changes.Chttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlISSP3-7
4Applications and System Development Security4.1 Software Applications and
IssuesCENTRALIZED,DECENTRALIZED AND DISTRIBUTED SYSTEMSEven in the old days, when
文档下载 免费文档下载
http://doc.xuehai.net/
we had centralized systems, there was a security risk of disrupted data caused by:
Incorrect data entered in error; Incorrect data entered on purpose; Someone entering
code which extracted, modified, destroyed or disrupted data; Unauthorized access to
data or seeing data on screens; Unauthorized use of unattended terminals with active
sessions. There is a difference between decentralized and distributed systems:
Centralized All computing takes place in one place. Centrally controlled computing
Computers are distributed physically but maintained and controlled by a central
authority. Decentralized Computing facilities exist throughout the company; they may
be linked with each other. Distributed Computers are everywhere, and so is the process
of proceshttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlsing. There is no
centralized
control.
Examples
are
PDA-applications,
internetapplications,
fileservers and email. The internet is an example of a massively distributed system.
These are systems that are ubiquitous across time and space and consist of a lot of
connected systems.M ALICIOUS SOFTWARE ( MALWARE)Malware Malicious software falls
into one of the following categories: Viruses Programs which run on a computer without
the permission of its owner. There are polymorphic viruses, boot sector viruses,
multipartite viruses and macro viruses. Trojans Programs that masquerade as something
else. Logic bombs Program designed to execute because of some event. Worms Malware
that replicates and spreads itself across a network. It might use its own
communication code (SMTP) of use one of the existing services (FTP, email, telnet);
ActiveX/Java These controls are used by webbased applications but may contain harmful
code. Nimda is an examhttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlple of a
harmful applet. Blended malware Malware using the results of previous malware to
attack a system. Agents / remote control programs Programs that remote control another
computer. The border between normal programs and malware may be thin. A program that
reinstalls the operating systems may be considered to be malware but is also helpful
as an administrator tool. The purpose after the software defines it as malware or
not. The threat of malware can be managed by following the next steps: 1. Have a malware
policy that specifies the use of antivirus products and provides for regular
maintenance. Ensure its approval and support by top management. 2. Make virus
文档下载 免费文档下载
http://doc.xuehai.net/
protection software an absolute must for every device. 3. Make updating your virus
protections products a priority on all systems. 4. Install and properly configure
special mail server virus protection. 5. Configure mail server antivirus programs
to
block
attachmehttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlnts.
executable
6.
Keep
all
systems patched. 7. Reduce attack vectors by scanning removable media. 8. Reduce
attack vectors by disallowing ActiveX of Java script download where possible. 9. Keep
up-to-date on trends and actual virus threats. 10. Use recommended steps to clean
infected systems.CISSP4-1
文档下载网是专业的免费文档搜索与下载网站，提供行业资料，考试资料，教
学课件，学术论文，技术资料，研究报告，工作范文，资格考试，word 文档，
专业文献，应用文书，行业论文等文档搜索与文档下载，是您文档写作和查找
参考资料的必备网站。
文档下载 http://doc.wendoc.com/
亿万文档资料，等你来免费下载