* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download cissp笔记
Survey
Document related concepts
Net neutrality wikipedia , lookup
Computer network wikipedia , lookup
Zero-configuration networking wikipedia , lookup
Internet protocol suite wikipedia , lookup
Airborne Networking wikipedia , lookup
Network tap wikipedia , lookup
Wireless security wikipedia , lookup
Deep packet inspection wikipedia , lookup
Net neutrality law wikipedia , lookup
Recursive InterNetwork Architecture (RINA) wikipedia , lookup
Distributed firewall wikipedia , lookup
Computer security wikipedia , lookup
Cracking of wireless networks wikipedia , lookup
Transcript
文档下载 免费文档下载 http://doc.xuehai.net/ CISSP 笔记 本文档下载自文档下载网,内容可能不完整,您可以复制以下网址继续阅读或下载: http://doc.xuehai.net/bff69c6183e6980b054e00dcd.html CISSP CI SSPCertified I nformation System Security ProfessionalOp basis van de boeken: CISSP Certification, Training Guide, Roberta Bragg The CISSP Prep Guide, Ronald L. Krutz & Russel Dean Vines Samenvatting door Jos Engelhart MSc CISSPBezoek ook onze website http://www.enacom.nl. Table of Contents1 1.1 1.2 1.3ACCESS CONTROL SYSTEMS AND METHODOLOGY11.4 1.51.61.7 1.81.91.10AUTHENTICATION CONTROL AND ACCESS ..............................................................1 ACCOUNTABILITY ................................................................. .........................1 ACCESS CONTROL TECHNIQUES ..................................................................... ....1 DAC Discretionary Access Control ..............................................................1 Access MAC Mandatory Control .................................................................1 Lattice-Based Access Control...................................................http://doc.xuehai.net/ bff69c6183e6980b054e00dcd.html....................1 Rule-Based Access Control......................................................................... .2 Role-based access control......................................................................... 文档下载 免费文档下载 http://doc.xuehai.net/ ..2 Access Control Lists .......................................................................... .........2 ACCESS CONTROL ADMINISTRATION ................................................................. ..2 Account administration ................................................................. ..............2 STRATEGIES ACCESS CONTROL MODELS / .............................................................3 Bell-LaPadula .................................................................. ..........................3 Biba ........................................................................... ..............................3 Liptner s Lattice......................................................................... ......http://doc.xuehai.net/bff69c6183e6980b054e00dcd.html..........4 Non-inference Models.......................................................................... .......4 IDENTIFICATION AND AUTHENTICATION TECHNIQUES................................................4 Passwords ...................................................................... ..........................4 One-Time Passwords....................................................................... ...........4 Challenge Response ....................................................................... ............4 Biometrics ..................................................................... ...........................4 Tickets ........................................................................ .............................4 Single Sign-On ........................................................................ ..................5 ACCESS CONTROL 文档下载 免费文档下载 http://doc.xuehai.net/ METHODOLOGIES................................................................... .5 http://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlCentralized/Remote Authentication Access Controls .......................................5 Decentralized Access Control.......................................................................5 METHODS OF ATTACK ......................................................................... ............5 Brute force .......................................................................... .....................5 Denial of service......................................................................... ...............5 Spoofing........................................................................ ...........................6 Sniffing ....................................................................... .............................6 MONITORING ..................................................................... ..........................6 Intrusion detection ...................................................................... ..............6 Ihttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlntrusion prevention ..................................................................... .............6 How intrusion detection works.....................................................................6 PENETRATION TESTING ........................................................................ ...........7 Penetration Testing versus Security Assessments ..........................................7 Ethical Issues ......................................................................... ...................7 Performing a Penetration Test .....................................................................72 2.1 文档下载 免费文档下载 http://doc.xuehai.net/ 2.2TELECOMMUNICATIONS AND NETWORK SECURITY12.32.4THE OPEN SYSTEMS INTERCONNECTION MODEL ......................................................1 THE OSI LAYERS ......................................................................... .................1 Layer 7 - Application Layer .........................................http://doc.xuehai.net/bff69c6183e 6980b054e00dcd.html................................1 layer Layer 6 - Presentation ........................................................................2 Layer 5 - Session Layer .......................................................................... ....2 Layer 4 - Transport Layer .......................................................................... .2 Layer 3 - Network Layer .......................................................................... ...2 Layer 2 - Data Link Layer .......................................................................... .3 Layer 1 - Physical Layer .......................................................................... ...3 NETWORK TOPOLOGIES CHARACTERISTICS AND ......................................................3 Coax ........................................................................... .............................3 UTP............................................................................. ........http://doc.xuehai.net/bff69c6183e6980b054e00dcd.html.................... .4 Fiber Optic .......................................................................... ......................4 Multi-Mode Fiber........................................................................... .............5 Single-Mode Fiber........................................................................... ...........5 Dense Wave Division 文档下载 免费文档下载 http://doc.xuehai.net/ Multiplexing ................................................................5 Wireless ....................................................................... ............................5 NETWORK TOPOLOGIES ..................................................................... ..............5 Linear Bus Topology........................................................................ ...........5 Star Topology ....................................................................... ....................6 Ring Topology ..................................................................http: //doc.xuehai.net/bff69c6183e6980b054e00dcd.html.........................6 Tree Topology ....................................................................... ....................6 Mesh Topology ....................................................................... ...................6 LAN and WAN Technologies.................................................................... .....6CISSPi Table of Contents Ethernet ....................................................................... ............................6 Token-Ring and FDDI ........................................................................... ......6 ARCnet Attached Resource Network............................................7 Computer LAN DEVICES ........................................................................ ......................7 Hubs and Repeaters ...................................................................... .............7 Switches and bridges ...................................http://doc.xuehai.net/bff69c6183e6980 b054e00dcd.html..............................................7 文档下载 免费文档下载 http://doc.xuehai.net/ VLANs .......................................................................... ............................7 Routers ........................................................................ ............................8 Firewalls ...................................................................... .............................8 Gateways and Proxies ........................................................................ ......10 WAN TECHNOLOGIES ................................................................... ................10 WAN Connections .................................................................... ................10 WAN Services........................................................................ ..................10 WAN Devices ........................................................................ ..................12 PROVIDING REMOTE ACCESS CAPABILITIES ..............http://doc.xuehai.net/bff69c6183e6980b054e00dcd.html. ..........................................12 Access tunneling method Dial-In Remote ...........................................................12 Using as Client-Based a .........................................................12 security Virtual Private Networks ....................................................................... ....12 Remote access Authentication ................................................................. ..13 NETWORKING PROTOCOLS ...................................................................... .......13 Application Layer Protocols ...................................................................... .13 Transport Layer 文档下载 免费文档下载 http://doc.xuehai.net/ Protocols ...................................................................... ...14 Internet Layer Protocols ...................................................................... .....14 PROTECTING THE INTEGRITY, AVAILABILITY AND CONFIDENTIALITY OF NETWORK DATA .....14 The CIA-triad .http://doc.xuehai.net/bff69c6183e6980b054e00dcd.html................. ........................................................................14 Security Boundaries and Translating Controls.....................15 Security Policy Trusted to Network Interpretation ................................................................. 15 Network Layer Security Protocols...............................................................15 Transport Layer Security Protocols.............................................................16 Application Layer Security Protocols ...........................................................16 Network Monitoring and Packet Sniffers......................................................16 Intrusion Detection ...................................................................... ............16 Intrusion Response ....................................................................... ...........17 Network Address Translation............................................http://doc.xuehai.net/bff 69c6183e6980b054e00dcd.html.........................17 Addresses Public and Private IP .................................................................18 Transparency ................................................................... .......................18 Hash Totals.......................................................................... ...................18 Email Security ....................................................................... 文档下载 免费文档下载 http://doc.xuehai.net/ ..................18 Security Facsimile and Printer ...................................................................18 Common Attacks Countermeasures and .....................................................18 TOLERANCE AND RESTORATION FAULT DATA ........................................................19 ADDENDUM ....................................................................... ........................202.52.62.72.82.92.10 2.113 3.1SECURITY MANAGEMENT AND PRACTICES13.2 3.33.4 3.5 3.6 3.http://doc.xuehai.net/bff69c6183e6980b054e00dcd.html7 3.8 3.9DEFINING SECURITY PRINCIPLES ..................................................................... ...1 CIA: Information Principles Security s Fundamental .......................................1 Privacy ........................................................................ .............................1 Identification and Authentication ................................................................. 1 Nonrepudiation.................................................................. ........................2 Accountability and Auditing ....................................................................... ..2 SECURITY MANAGEMENT PLANNING.....................................................................2 RISK ANALYSIS MANAGEMENT AND .....................................................................2 Risk analysis ....................................................................... ......................3 thttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlhreats Identifying and Vulnerabilities ..........................................................3 Asset Valuation ...................................................................... 文档下载 免费文档下载 http://doc.xuehai.net/ ...................3 Qualitative Risk Analysis........................................................................ .....4 Countermeasure Evaluation Selection and ....................................................4 POLICIES, STANDARDS, GUIDELINES AND PROCEDURES ............................................5 ROLES AND RESPONSIBILITIES ............................................................... ...........5 UNDERSTANDING PROTECTION MECHANISMS .........................................................6 CLASSIFYING DATA ........................................................................... .............6 PRACTICES EMPLOYMENT POLICIES AND ...............................................................7 MANAGING CHANGE CONTROL ...................................http://doc.xuehai.net/bff69c6183e6980 b054e00dcd.html........................................74 SYSTEM DEVELOPMENT ISSUES SECURITY1SOFTWARE 4.1APPLICATIONS APPLICATIONS AND AND ................................................................1 Centralized, decentralized and distributed systems ........................................1CISSPii Table of Contents Malicious software (malware) ...................................................................... 1 Databases ...................................................................... ..........................2 Data warehouses ..................................................................... ..................2 Systems Storage and Storage .....................................................................2 Knowledge-Based Systems ........................................................................ 文档下载 免费文档下载 http://doc.xuehai.net/ .3 Web Computing Services and Other Examples of Edge ...................................3 ATTACKING SOFTWAhttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlRE ................... ................................................................3 UNDERSTANDING MALICIOUS CODE ....................................................................4 IMPLEMENTING CONTROLS SYSTEM DEVELOPMENT ...................................................4 USING CODING PRACTICES THAT REDUCE SYSTEM VULNERABILITY ...............................54.2 4.3 4.4 4.55 5.1 5.2CRYPTOGRAPHY15.3 5.4USES OF CRYPTOGRAPHY ................................................................... ..............1 CRYPTOGRAPHIC CONCEPTS, METHODOLOGIES PRACTICES ...................................1 AND Symmetric Algorithms ..................................................................... ...........1 Asymmetric Algorithms ..................................................................... .........1 Safety mechanisms...................................................................... ..............1 PKI AND KEY MANAGEMENThttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.html ................. ............................................................2 METHODS OF ATTACK ......................................................................... ............26 6.1 6.2 6.3 6.4SECURITY ARCHITECTURE AND MODELS26.56.6REQUIREMENTS FOR SECURITY ARCHITECTURE AND MODELS .......................................2 SECURITY MODELS ......................................................................... ...............2 Clark-Wilson Model .......................................................................... ..........2 Access Control Lists .......................................................................... 文档下载 免费文档下载 http://doc.xuehai.net/ .........2 SECURITY SYSTEM ARCHITECTURE ................................................................... ...2 Security Principles ..................................................................... ................2 Security Modes..................................................................http://do c.xuehai.net/bff69c6183e6980b054e00dcd.html........................3 INFORMATION SYSTEM STANDARDS SECURITY ........................................................3 TCSEC The Orange Book and the Rainbow Series ........................................4 ITSEC Information Technology Security Evaluation Criteria ..........................4 Common Criteria ....................................................................... ................5 COMMON CRITERIA ....................................................................... .................5 Introduction and general model...................................................................6 Security Requirements Functional ................................................................6 Security Requirements Evaluation Assurance ................................................................6 Assurance Packages or Levels - EALs ............................................7 Areas not Addressed by the Common Criteria...........http://doc.xuehai.net/bff69c6183e6980b054e00dcd.html......... ............................7 A Comparison of the Orange Book, ITSEC and Common Criteria ......................7 IPSEC .......................................................................... .............................8 Uses for IPSec........................................................................... 文档下载 免费文档下载 http://doc.xuehai.net/ ................8 IPSec Architectural Components of ..............................................................87 7.2OPERATIONS SECURITY SECURITY17.37.4EXAMINING THE KEY ROLES .............................................1 OF 7.1 OPERATIONS The OPSEC Process ........................................................................ ............1 THE ROLES OF AUDITING AND MONITORING ..........................................................2 Using Logs to Audit Activity and Detect Intrusion...........................................2 Detection Intrusion .......................................................http://doc.xueh ai.net/bff69c6183e6980b054e00dcd.html.............................2 Penetration Testing Techniques ...................................................................2 DEVELOPING COUNTERMEASURES THREATS TO .......................................................3 Risk analysis ....................................................................... ......................3 Threats ........................................................................ ............................3 Countermeasures ................................................................ ......................3 CONCEPTS AND BEST PRACTICES ...................................................................... .4 Functions Privileged Operations ...................................................................4 Understanding Antiviral Controls..................................................................4 Protecting Media Sensitive Information and ..................................................4 Chhttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlange Management Control ......................................................................58 文档下载 免费文档下载 http://doc.xuehai.net/ BUSINESS CONTINUITY PLANNING AND DISASTER RECOVERY PLANNING1CISSPiii Table of Contents 8.1 8.2 8.3 WHAT ARE THE DISASTERS THAT INTERRUPT BUSINESS OPERATION?............................1 QUANTIFYING THE DIFFERENCE BETWEEN DRP AND BCP...........................................1 EXAMINING THE BCP PROCESS ........................................................................ ..1 Define the scope........................................................................... .............1 Perform a business impact analysis (BIA) .....................................................1 Develop operational plans for each business process ......................................2 Implement plans .......................................................................... .............3 Test plans.........................................http://doc.xuehai.net/bff69c6183e6 980b054e00dcd.html........................................................3 Maintain plans .......................................................................... .................3 DEFINING DRP ............................................................................ ................3 Determining the scope of the recovery plan ..................................................4 Creating antidisaster Procedures .................................................................4 Listing necessary resources....................................................................... ..4 procedures DEVELOPING Emergency response .................................................................4 A BACKUP STRATEGY ......................................................................4 Backup policies procedures and ...................................................................4 文档下载 免费文档下载 http://doc.xuehai.net/ Vital records program...........................................................http://doc.xue hai.net/bff69c6183e6980b054e00dcd.html......................4 Hardware backups ........................................................................ .............58.48.59 9.1LAW, INVESTIGATION AND ETHICS19.2 9.3 9.4 9.6FUNDAMENTALS 9.5 OF LAW ............................................................................ ......1 Intellectual property law ............................................................................ .1 Privacy law ............................................................................ ...................1 Governmental regulations..................................................................... ......1 CRIMINAL LAW AND COMPUTER CRIME .................................................................2 COMPUTER SECURITY INCIDENTS ...................................................................... .2 Advance planning ....................................................................... ...............2 Computer crime investighttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlation............... .......................................................3 LEGAL EVIDENCE........................................................................ ...................3 The fourth amendment....................................................................... ........3 COMPUTER FORENSICS ...................................................................... .............3 COMPUTER ETHICS ......................................................................... ...............410 10.1 10.2 10.3PHYSICAL SECURITY110.4 10.5 10.6 10.7 文档下载 免费文档下载 http://doc.xuehai.net/ 10.8CLASSIFYING ASSETS TO SIMPLIFY DISCUSSIONS PHYSICAL SECURITY ...........................1 VULNERABILITIES ................................................................ ..........................1 SELECTING, DESIGNING, CONSTRUCTING AND MAINTAINING A SECURE SITE ...................1 Site location and construction ................................................................... ..1http://doc.xuehai.net/bff69c6183e6980b054e00dcd.html Physical access controls........................................................................ ......1 Power issues and controls ....................................................................... ....2 Environmental controls........................................................................ .......2 controls Water exposure problems .........................................................2 prevention and Fire and protection.....................................................................3 TAPE POLICIES AND MEDIA LIBRARY .....................................................3 RETENTION DOCUMENT (HARD-COPY) LIBRARIES ...................................................................3 WASTE DISPOSAL ....................................................................... ..................4 PHYSICAL INTRUSION DETECTION....................................................................... 4 ADDENDUM ...........................http://doc.xuehai.net/bff69c6183e6980b054e00 dcd.html......................................................................4A BBREVIATIONSICISSPiv 1Access Control Systems and MethodologyAccess control is the collection of mechanisms 文档下载 免费文档下载 http://doc.xuehai.net/ that permits managers of a system to exercise a directing or restraining influence over the behavior, use, and content of a system.1.1 Authentication and access controlThe key part of security is controlling access to critical information. We distinguish between authentication and access control. Authentication identifies a user and verifies that the user is who he says he is. Access control systems control what access he is given on the system. This is called the The principle of least privilege : to give an user the least amount of access he needs to do his job an nothing else.1.2 AccountabilityAccountability is the process of tracking the behavior of people regarding their actions and given access controls. Then, you can makehttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.html people accountable for their actions so you can properly enforce access controls. A commonly used way is logging.1.3 Access Control TechniquesDAC MAC Access control techniques are: Discretionary Access Control Mandatory Access Control Lattice-based access control Rule-based access control Role-based access control The use of access control listsACLD ISCRETIONARY A CCESS CONTROL - DACThis type is control is essentially based on human decisions about whether someone/something should be allowed access tot a particular resource. Most times guidelines or policies are rigidly used. They are open to mistakes and can easily be overwritten. The biggest problem is humans (managers) overriding access controls for certain individuals who complain they have too less permissions. DAC is a low level of access control and very subjective.M ANDATORY A CCESS CONTROLMACMAC is based on using classification levels controlled by computer syshttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmltems. These systems are popular in government-type environments and financial institutes. Each user gets a classification level associated with their account and each piece of data has a classification level. Multilevel security Most times accounts can include a hierarchy in access rights. We call this multilevel security. This is not always wanted. Another classification is compartimentation, i.e. HR-accounts and Finance-accounts.LATTICE- B ASED A CCESS CONTROLThis type of control is based on a set of security classes that can be assigned to users or objects. For example: confidential, secret, top secret. Bases on these classes a set of flow operations 文档下载 免费文档下载 http://doc.xuehai.net/ are defined showing how information can flow from one class to another. The requirements for a lattice are: A security class must be finite and not change All the flow operations must take a partial order with one of the following properties: Reflexive An item can always flow back thttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlo the security class it came from (two way direction).CISSP1-1 Access Control Systems and Methodology confidential Anti- symmetric secret confidentialAn item cannot flow back to the security class it came from (one way direction) confidential secretTransitiveInformation flowing into a certain security class by going through another security class, can also directly flow into that class. confidential secret top secretincludes the property confidential top secretIt must have a lower bound (the null class). It must have an upper bound which represents a combination of all the items in the security class. A, B B AR ULE- B ASED A CCESS CONTROLThis kind of control is based on rule sets for individuals. These are not needed for small companies because everybody knows his role is trusted to some extend. However for larger organizations they provide a fine level of granularity. Disadvantages are: Time cohttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlnsuming - you have to figure out what everybody is allowed to do Maintainability - it becomes a complex list This is why some companies prefer role-based access control.R OLE- BASED ACCESS CONTROLAccess is provided to roles or positions across a company. Access is then assigned to the role based on the job function of a position. This control is easy to maintain and manage. It is typically implemented by using groups to which permissions are given.A CCESS CONTROL LISTSThese are similar to rule-based access controls but more formalized. ACLs contain a list of rules usually based on IP addresses of some other piece of information that can easily be discernable in the package that goes across the network. ACLs are often associated with routers.1.4 Access Control AdministrationSetting up an administration is easy; the ongoing maintenance is the difficult part. It essentially involves a user ID and a password 文档下载 免费文档下载 http://doc.xuehai.net/ which has to be set uhttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlp and maintained for every user of the system. User accounts should be disabled when an employee leaves the company instead of deleting them.A CCOUNT ADMINISTRATIONWith a new account: Assign an unique initial random temporary password for the account. Force the person to change it to another password only known to him. Prevent multiple people to have access to the same password: you loose accountability. Keep track of all access controls through logging (successes and failures). Always give someone the least amount of access he needs to do his job and nothing else. Maintain separation of duties for access to sensitive information. This means that multiple people must participate to gain access (i.e. fire a nuke).The principle of least privilege Separation of dutiesCISSP1-2 Access Control Systems and Methodology1.5 Access Control models / strategiesThe models in this section serve as a rule for fihttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlguring the out road some when general principles that should be followed when implementing access control. With the explanation two terms are used: objects which refers to passive items such as hardware, software and processes that store information and subjects which are active processes that move information (such as persons or devices).B ELL- LA P ADULABLP: confidentiality Bell-LaPadula (1970s) is a governmental information flow security model and focuses on confidentiality. Access to information is controlled by access lists but the movement is controlled by this paradigm: it protects people from accessing information they should not have access to. It is a bottom-up model which says that information can flow from the bottom to the top but not downwards. It is composed of two rules: The simple security rule deals with reading information or files. The star property rule deals with writing information or creating new files. Simple Security Ruhttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlle A principal P can read an object O only if the security level of P is higher than or equal to the secur it y level of O . This rule ensures that someone can only read information up to the level he is classified for, but not higher. Star Property Rule 文档下载 免费文档下载 http://doc.xuehai.net/ A principal P can write to an object O only if the security label of O is higher than or equal to the security label of P . Information cannot be written to a lower classification level. This property prevents the leakage of information; for example against writedown Trojan horses who attempt to read secure information and write it down into a general accessible file so an evildoer has access to it. Or to prevent copying classified data from a protected folder to a general folder. Bell-LaPadula follows the Basic Security Theorem and has the following basic concepts: Fundamental modes of access Access modes such as read, write, read only and so on are defined to permit access shttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlubject between and objects; A relationship; between the formal security levels of subjects and objects describes the access permitted between them See above. A specific subject is authorized for a particular mode of access that is required for state transition. A matrix is used to specify discretionary access controls. See above. Reading/writing is permitted at a particular level of sensitivity, but not on higher or lower levels. Access under this option is not constrained by the start property. Where the * property is too rigid, data can be moved using a Trusted Subject. Access under this option is constrained by the start property.You cannot read upYou cannot write downDominance relationsSimple Security Condition Discretionary security propertyStar * property Strong * propertyTrusted subjectUntrusted subjectB IBABiba: integrity Biba is like BLP an information-flow model but deals with integrity in computer systems. It is alhttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmll about modification of data. It has the same two rules (simple security and star property) as BLP but both rules are the opposite of the BLP model. Within Biba information can flow from the top down. Simple Security Rule A principal P can read an object O only if the security level of P is lower than or equal to the security level of O . Because Biba deals with integrity, you cannot read down. There is no need to read information that isn t relevant to a certain transaction; for example the withdrawal of money from your bank account. Star Property Rule A principal P can write to an object O only if the security label of O is lower than or equal to the security label of P . Because Biba deals 文档下载 免费文档下载 http://doc.xuehai.net/ with integrity, you cannot writeYou cannot read downYou cannot write upCISSP1-3 Access Control Systems and Methodology up. To withdraw 100 from your account the bank, it is not accepted that you tell the ihttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmls employee enough that money there on your account (write up). The employee checks the system to see if you have enough money on your account.LIPTNERSLATTICELiptner applied the former models, which apply to government settings, to commercial settings. He changed terms such as confidential and secret to system programmer, production code and so on.N ON- INFERENCE M ODELSNon-inference models deal with examining the input and the output from a system to see if they can infer any information that you should not have access to. An example is two groups using a system. Group A uses commands X; group B uses commands Y. A does not know about the commands of B and X does not interfere with Y.1.6 Identification and Authentication TechniquesAuthentication is the process of proving that you are the person you tell you are. For this there are several techniques: Passwords One-time passwords Challenge response Biometrics Tickets Single sign-on There are http://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlthree things that can be used to authenticate yourself: Something you know passwords Something you have one-time passwords Something you are biometricsSSOP ASSWORDSThe problem is that users tend to choose easy-to-guess passwords. People tend to write down difficult passwords. This makes it easy for others to find out the password.O NE- T IME P ASSWORDSThese passwords solve the problems of normal passwords. These systems normally use hardware devices that generate passwords (i.e. every minute) but there are also software tools. The server runs the same software so the password can easily be checked. The problem is that users have to ensure that they have the device with them all the time. Another problem is that the clocks of the device and the server may get out of sync.CHALLENGE R ESPONSEChallenge response schemes are an alternative to one-time passwords. The user identifies himself to the server with his user ID. The servhttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmler responds with a code which has to be entered on a device. The device responds with an output which has 文档下载 免费文档下载 http://doc.xuehai.net/ to be provided to the server.B IOMETRICSYou don t have to carry devices around which can break or get lost. Biometric devices can be used to authenticate fingerprints and hand, face and retinal scans.T ICKETSThese systems provide you with a ticket which has to be unencrypted. Secret keys have to be exchanged prior to the authentication process. When you connect to the system, you give him your user ID. The server sends you an encrypted ticket. If you are who you tell you are, you can unencrypt the ticket. Kerberos An example of a common program is Kerberos. The problem of these systems is that they do not scale very well.CISSP1-4 Access Control Systems and MethodologyS INGLE S IGN- O NSSO Single sign-on is used when you have a large number of applications that needs to authenticate the same user. To prevehttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlnt logging in many times, the user logs on once to a central server that authenticates the user to the other applications. The disadvantage is that an evildoer has access to all the system once he knows the primary user ID and password.1.7 Access Control MethodologiesRADIUS TACACS There are two primary remote access controls: RADIUS Remote Authentication Dial-In User Service TACACS Terminal Access Controller Access Control System TACACS is the same as TACACS but has more advanced features.CENTRALIZED/REMOTE A UTHENTICATION A CCESS CONTROLSRADIUS and TACACS are used when users are required to authenticate to different applications and you do not want to manage a separate listing of user accounts for each application. All the applications point to the RADIUS or TACACS server to authenticate the users. This way you only have to administer and manage only one set of accounts and credentials. RADIUS and TACACS are also used with http://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmldevices and applications that do not have built-in facilities for authentication, such as routers. The (dis)advandage of centralized access control is that it is a SPOF (single point of failure). It works well with small companies but not at bigger ones. You need backup and failover capabilities or decentralized control.D ECENTRALIZED A CCESS CONTROLWith this kind of control each individual or department is responsible for its own access control (i.e. Windows for Workgroups). Most organizations tend to use 文档下载 免费文档下载 http://doc.xuehai.net/ hybrid systems and setup zones or domains with each a centralized access control for that domain. Domain A domain is a group of computers under the same administrative authority. From an access control standpoint, a domain is a group of systems that all authenticate to a central system or group of systems. As each zone has its own controller, the controllers pushes a copy of their databases at regular intervals to the other contrhttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlollers. They are only allowed to read these databases unless a controller goes down. Another controller then takes over the function of the down controller. Trust If a user wants to get access to another domain, trust comes into play. This is done by setting up trust relationships between domains. You can have a full trust or a one- waytrust. Full trust means that two domains have access to the other s domain. One-waytrust means that one domain does have access to another domain but not the other way around.1.8 Methods of AttackMethods of attack are: Brute force Denial of service Spoofing SniffingB RUTE FORCETrying all possible combinations; most popular with cracking passwords. A subset of the brute-force attack is the dictionary attack (passwords based on dictionary words).D ENIAL OF SERVICEPreventing others from gaining access to a server. Ways to launch a DOS-attack against control are: locking all accounts by entering fahttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmllse passwords (most times the third time a wrong password is provided the account is locked)CISSP1-5 Access Control Systems and Methodology to flood the pipes (using up all available resources).S POOFINGSpoofing is using somebody else s identity pretending that you are that person. To prevent this, you should have multilevel access control so that you need something you know and something you have.S NIFFINGUsing a tool (sniffer) on a wire which reads unencrypted user IDs and passwords.1.9 MonitoringI NTRUSION DETECTIONPassive, detection, no prevention, only alerts Intrusion detection is the field of study dealing with monitoring networks and hosts and looking for attacks. It is passive, the emphasis is on detection: you monitor a network or host looking for signs of an attack. They do not prevent an attack, they alert that a potential 文档下载 免费文档下载 http://doc.xuehai.net/ problem exists. Types of intrusions are: Host versus network Passive versuhttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmls active Known versus unknown Host versus network Is the attacker trying to gain access to a single host or the entire network? Entering a company s network through a single host requires physical access to that host or by a stolen computer which has access to that host. IDS, HIDS, NIDS HIDS are passive NIDs are active Intrusion Detection Systems (IDS) are broken down into host-based intrusion detection systems (HIDS) and network-based intrusion detection systems (NIDS). HIDSs are passive components (analyze logs) and sit on a single computer and are configured for a special purpose and do not scale very well. NIDSs are active components, sit on a network like a sniffer examining the network traffic real-time, scale very well and look out for general types of attacks. Passive versus active An active attack means that an intruder is actively doing something on the network once he has access to it. A passive attack means that once the ihttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlntruder is in the network, the attacker monitors traffic of keystrokes to find information. Active attacks are more easy to detect because the intruder is actually doing something. Passive attacks are very difficult to detect because they are just listening. Known versus unknown A known attack is something the vendor has acknowledged to be a security hole in its software. Most times these holes are patched. But, as long as they are not applied by the customer, their network is still vulnerable. Unknown attacks are known by a small group of people but it is not public knowledge. Because the vendor doesn t know these vulnerabilities, he cannot release a patch.I NTRUSION PREVENTIONTill 2002 intrusion prevention was about preventing intrusions by strong identification and authentication (one-time passwords, biometrics, ). IDS From 2002 intrusion prevention describes a new class of systems: IDS. The look for possible attacks on the netwhttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlork (passive) but also act as an active device like firewalls through which traffic must pass. If an attack is sensed, it stops the attack by blocking the traffic of preventing malicious behavior by enforcing rules and policies.H OW INTRUSION DETECTION WORKSThere are two typical types of IDS: signature matching and anomaly detection. 文档下载 免费文档下载 http://doc.xuehai.net/ Signature matching Signature or pattern matching uses a database of known attack signatures. When a signature is found, it sends an alert.CISSP1-6 Access Control Systems and Methodology Positive aspects of signature matching: Easy to update You can create your own signatures Negative aspects of signature matching: They detect only known attacks They are based on static signatures thus tending to generate a high number of false attacks Anomaly matching The concept is to determine what is normal traffic and not. Positive aspects of anomaly matching are: You don t have to worry about updahttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmltes Negative aspects of anomaly matching: You have to determine what is normal and not After an IDS determines that an attack has been detected, it sets of some type of alarm. For example to a pager or to a firewall to update its rule sets (which can be tricky because an intruder may want this to happen).1.10 Penetration testingPenetration testing is also called ethical hacking. The idea is that you can find weaknesses in your access control system policy and fix them before a real attacker breaks in.P ENETRATION T ESTING VERSUS S ECURITY A SSESSMENTSA penetration test tests the security from the Internet using a domain and an IP address; nothing else. The goal is to find out as much as possible about the company, including ways to break in. You are proving that you can get in. Security assessments do include a pen test but are much more thorough. You get access to all the key systems within a company to evaluate the current levhttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlel of security. You are trying to paint a picture of the current threats that exist and what can be done to protect against them.ETHICAL I SSUESFirst of all get written permission before starting a pen test. Keep in mind that although you do not mean to do harm, the system doesn t belong to you. Therefore you need permission before you can do anything.P ERFORMING A P ENETRATION T ESTThe steps are: 1. Perform passive reconnaissance 2. Perform active reconnaissance (scanning) 3. Exploit the system by gaining access through the following stacks: Operating systems attacks Application-level attacks Scripts and sample program attacks Misconfiguration attacks Elevating of privileges 文档下载 免费文档下载 http://doc.xuehai.net/ Denial-of-service attacks 4. Upload programs 5. Download data 6. Maintain access by: Back doors Trojan horses 7. Cover your tracks In most cases the pen test includes just 1-3. Nessus NMAP Common tools for pen tests are Nessus and NMAP. Nessus scans for (knhttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlown) vulnerabilities across various operating systems and reports back. NMAP scans which ports are open, performs OS fingerprinting and has other advanced features like spoofing.CISSP1-7 2Telecommunications and Network Security2.1 The Open Systems Interconnection ModelMonolithic networking model The need for network computers came with the desire to share resources like printers. The biggest hindrance was the lack of networking standards. Clients could only be connected to one kind of network, like Novell, Unix or Microsoft, which didn t scale at all. The OSI-model was a scalable open standard facilitating the open communications between all systems. It is a framework of how networking functions.2.2 The OSI LayersThe benefits of a layered reference model are: It divides the complex network operation into smaller pieces or layers; It facilitates the ability to change at one layer without having thhttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmle to layers; change It all defines a standard interface for multi-vendor integration.L AYER 7APPLICATIONResponsible for interfacing with the userL AYER 6PRESENTATIONResponsible for translating the data from something the user expects to something the network expects Responsible for dialog control between systems and applicationsL AYER 5SESSIONL AYER 4TRANSPORTResponsible for handling end-to-end data transport servicesS EGMENTL AYER 3NETWORKResponsible for logical addressingP ACKETL AYER 2DATALINKResponsible for physical addressingFRAMEL AYER 1PHYSICALResponsible for physical delivery and specificationB ITSNote: A protocol may perform multiple functions across multiple layers.LAYER 7 - A PPLICATION LAYERThe Application layer is responsible for providing the user access to network resources via the use of network-aware applications. Note: Not every program is network-aware thus are thttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlhe not defined Application in layer. Examples of network-aware programs are: Email gateways - POP3, SMTP, X.400. These 文档下载 免费文档下载 http://doc.xuehai.net/ programs deliver messages between applications; Newsgroup and IRC programs using NNTP and IRC providing for communication between hosts by allowing posting messages to a news server or the typing of a live conversation between chat clients; Database applications providing data storage and warehousing capabilities in central data repositories that can be accessed, managed and updated; WWW- applications providing access to Web resources; these applications include client Web browsers and Web servers.CISSP2-1 Telecommunication and Network SecurityLAYER 6 - P RESENTATION LAYERThe Presentation layer is the translator of the network. It translates data which the user understands to data which the network understands. The following protocols reside at this layer: Graphic formats such as JPEG, TIFF, GIF and BMP handle thhttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmle presentation and display of graphic images; Sound and movie formats such as QuickTime, MPEG, WMF provide for the translation and presentation of sound and video files; Network redirectors handling the protocol conversions from the network based formats (Server Message Block and Netware Core Protocol) and the end user applications.LAYER 5 - S ESSION LAYERNetwork hosts run multiple applications and can connect to several other hosts running multiple applications. The Session layer sets up the logical communications channels between network hosts and applications. Each time a connections is made, it is called a session. It provides a mechanism for setting up, maintaining and tearing down sessions, keeping data separate from other applications. Examples of Session layer protocols are: NFS RPC SQL Network File Systems sources; Remote Procedure Calls used with TCP/IP and Unix for remote access to rea client/server redirection mechanismhttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.html;Structured Query Language a mechanism to access and define a user s information requirements connecting to a database;LAYER 4 - T RANSPORT LAYERSegmentation and reassembly Virtual circuits The Transport layer I responsible for handling the end-to-end communications between host systems. I.e. via a process knows as segmentation and reassembly. Data from the upper layer is broken up into segments with a certain maximum size and passed to the 文档下载 免费文档下载 http://doc.xuehai.net/ Network layer. Segments are labeled so that the receiving system knows how to reassemble them. The logical communication between hosts is referred at as virtual circuits. Protocols that reside on this layer are TCP (Transmission Control Protocol) and UDP (User Datagram Protocol).TCP, UPDLAYER 3 - N ETWORK LAYERLocal hosts Remote hosts The Network layer is responsible for the logical addressing of packets end the routing of data between networks. There are local and remote hosts. Local hoshttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlts can receive the physical signal that the source host transmits. Remote hosts are hosts in physical different locations and/or networks; they cannot receive the physical signal. Therefore the network layer uses logical addresses to logically define hosts. The process of transmitting data regardless of physical location is known as routing. Protocols that reside on this layer are IP (Internet Protocol) and IPX (Internet Packet Exchange). Routers and Layer-3 switches are considered Network layer devices because of their special capabilities. They know the difference between networks, thus they can be used to separate broadcast domains; they will not forward broadcasts1 from one network to another by default. Broadcasts and collisions Broadcasts and collisions can greatly degrade the network performance. Forwarding broadcasts prevents the host from doing other tasks. You can improve performance by using routers to separate broadcast dohttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlmains, thus reducing the number of systems that have to deal with broadcasts. Collisions occur when multiple devices share the same single segment of a cable. A cable can only carry one signal at a time. Collisions cause devices to retransmit data thus decreasing the performance of the network. IP handles the logical addressing of hosts and the routing of data via a hierarchal addressing scheme. The benefits are scalability (it can handle more addresses than a flat scheme) and it is much easier to enable routing because networks can be grouped together and treated as single entries in the routing table making routing much more efficient. IP is defined in RFC 791.RoutingInternet protocol - IP1A broadcast is data addressed for all the hosts regardless as to whether the destination can do anything with the data.CISSP2-2 文档下载 免费文档下载 http://doc.xuehai.net/ Telecommunication and Network Security Internet Packet Exchange IPX IPX is used primarily on Nhttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlovell-based networks and provides for the logical addressing of hosts via network and host addresses.LAYER 2 - D ATA LINK LAYERThis layer is responsible for the physical addressing of frames and the translations of packets from the Network layer into bits for the Physical layer to transmit. Packets from the Network Layer are encapsulated with datalink header and footer information to become frames. CRC (Cyclic Redundancy Check) is used to ensure error-free delivery. The Data Link layer uses the hardware address to identify the source and destination devices. The following protocols are used at this layer: The LLC sublayer it defines the interface between the Network layer and the underlying network architecture. The MAC sublayer it defines how the packets are transmitted on the data.IEEE 802.2 IEEE 802.3LAYER 1 - P HYSICAL LAYERThis layer is responsible for sending and receiving data. It also handles the specifications for thehttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.html electrical, mechanical and procedural components of the communications media. It also identifies DTE (Data Terminal Equipment) and DCE (Data CircuitTermination Equipment) used in physical signaling and transmitting and receiving of data. Hubs and repeaters are considered physical-layer devices because the simply receive, re-amplify and forward the signal without actually looking at the data that is being transmitted.Upper Layer Data TCP/UDP Header Upper Layer DataSession Layer Transport LayerSegmentIP HeaderDataNetwork LayerPackageLLC Header MAC HeaderData DataFCS FCSData Link LayerFrame01001101010101Physical LayerBits2.3 Network Characteristics and TopologiesTypes of networks and connection types Network Ethernet Thin coax / 10BASE-2 10BASE-T Fiber Wireless Connections Coax, UTP, fiber optic, wireless transmission RG58/U Category 3, 4, 5, 5E or better cabling 62.5 / 125 micron multimode fiber (short http://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlhaul) or 9 micron single mode (long haul) Radio or microwave transmission methodsCOAXThin coax networks (thin-net or 10BASE-2) use coaxial cabling with T-connectors to connect to NICs. Thick-net or 10BASE-5 uses coaxial cabling with vampire tabs and AUI transceivers to connect to the NICs. Existing cable specifications for coax cable are RG-58 /U, 文档下载 免费文档下载 http://doc.xuehai.net/ RG-58 A/U, RG-58 C/U, RG-59, RG-6, RG-62 and RG-8.CISSP2-3 Telecommunication and Network Security Coax is a bus network. There is a 50 resistor (terminator) at the end of a bus system to stop the signal from bouncing back the wire (the resistance of the network is 50 at three feet or more). Because coax has a single point of failure for the entire segment which is difficult to troubleshoot, these networks are less commonly used. A TDR (Time Domain Reflectometer) can be used to give an approximate distance to the break in a wire. 10BASE-2 10BASE-2 stands for 10Mbps for a mhttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlaximum length of 200 meters (actually 185). It adheres the 5-4-3 rule meaning that you can have a maximum of 5 segments via 4 repeaters but only 3 segments can have hosts on them. The other 2 segments are called IRLs (Inter-repeater Links). The maximum number of nodes per segment is 30. 10BASE-2 uses BNC (British Naval Connector) type connections: a BNC cable connector at the end of each cable and a BNC barrel connector or BNC T connector to establish connections between cables. 10BASE-5 10BASE-5 uses a Vampire tap and a transceiver tot connect to devices. 10BASE-5 supports a maximum of 100 taps. The transceiver provides for the connectivity to devices via AUI (Attachment Unit Interface) connections. Per segment 10BASE-5 supports a maximum of 1024 hosts and the maximum length of a segment is 500 m. 10BASE-5 adheres to the 5-4-3 rule and uses barrels and terminators. It also uses NType connections: plugs, jacks, barrels and terminatorshttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.html.UTPUTP comes in 10BASE-T and 100BASE-TX media type (10 Mbs / 100 Mbs). The category indicates the quality of the signal carrying, the number of used wires and the number of twists in the wires. These factors contribute to the potential speed. Category Category 3 Category 4 Category 5 Category 5e Category 6 Category 7 Speed Rating Voice and data up to 10 Mbps / 16 MHz Voice and data up to 16 Mbps / 20 MHz Voice and data up to 100 Mbps / 100 MHz Voice and data up to 1.000 Mbps / 100 MHz Voice and data up to 1.000 Mbps / 250 MHz Voice and data up to 10.000 Mbps / 600 MHzCAT5 and CAT5e are mostly used. These categories use RJ-45 connectors, modular jacks, punch-down blocks or switches. The four pairs of conductors twist around each other inside the cable 文档下载 免费文档下载 http://doc.xuehai.net/ jacket. UPT has no shielding and is very susceptible to EMI (electromagnetic interference) and should not be placed nearby EMI sources. It is also very easy to capture the data beinhttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlg transmitted without placing a tap into the cable. UPT has a maximum length of 100 meters and a maximum of 4 repeaters between end stations (hubs act as repeaters). There can be a maximum of 1024 stations per network. UTP supports only two devices on a cable: a computer and a hub. Therefore, failures are easy to pinpoint. Generally, if you have a link light with UTP the problem is elsewhere.F IBER O PTICFiber-optic cable is used for backbone and device interconnectivity. Because of its costs and fragility it is not used for end-user connectivity. It has now replaced 10BASE-5 for the backbone device interconnectivity method due to speed and distance. A fiber consists of a core (silica glass or plastic, 8-1000 microns) and a cladding which reflects the light that tries to escape the core. The cladding is surrounded by a coating (buffer). In a loose buffer construction, there is a layer of gel between the buffer and the fiber, thttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlight in buffer a construction there is not. Fibers are typically bundled in (multiple) pairs (strands) because fiber can only send a signal in a single direction. The strands are reinforced by a plastic coating and then wrapped in Kevlar to provide both strength and flexibility.CISSP2-4 Telecommunication and Network Security One pair cables are used in patch cord implementations. These are called simplex or zipcord. Multiple fiber cable that is double buffered is referred to as distribution cable. To terminate such a cable, one needs a breakout box. A breakout cable is made of several simplex/zipcord cables.M ULTI- M ODE F IBERMulti-mode fiber is mainly used for short or medium distances and for low bandwidth applications. It is called multi-fiber because it is designed to carry multiple light rays (modes) each using a slightly different reflection angle within the core. For 100 Mbps Ethernet the max. distance 2 km; forhttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.html 1 Gbps Ethernet the max. distance is 550 m.S INGLE- M ODE F IBERBecause single-mode fiber carries only a single 文档下载 免费文档下载 http://doc.xuehai.net/ ray it can be used for longer distances and a smaller core can be used. For 100 Mbps Ethernet the max. distance 20 km; for 1 Gbps Ethernet the max. distance is about 3 km up to 100 km. The mostly used connectors are the Stick and Turn (ST), Stick and Click (SC) and SC Duplex connectors. Fibers are connected via splicing (fusion or mechanical). Fusion uses welding while mechanical uses an alignment fixture to mate the fibers.D ENSE W AVE D IVISION M ULTIPLEXINGDense Wave Division Multiplexing (DWDM) is one of the newest forms of fiber-optic transmission and works by the principle that different color light resides at different frequencies and the light at one frequency des not interfere with light in a different frequency. The advantage is that you have multiple channels of data (4 to 32 and even more as times goes by)http://doc.xuehai.net/bff69c6183e6980b054e00dcd.html. OC-48 transmits at 2.5 Gbps per channel. The more channels the more bandwidth you have.W IRELESSA big push for wireless has been with the small office/home office (SOHO) users because houses are not designed for network cabling. Another deployment has been with the PoS (Point of Sales) systems. Drawbacks are: The lack of standardization. Think of 802.11 Wi-Fi to 802.11a to 802.11b to 802.11g to 802.15 Bluetooth. The signal can easily be picked up from the air. Security. One can easily connect to such a system using the appropriate equipment. Interference. Interference can severely limit distances that wireless networks cover.2.4 Network TopologiesLINEAR B US T OPOLOGYSegment Within a linear bus all systems are connected in a row to a single cable. All computers share the same single piece of wire. This piece of cable is known as a segment. Linear bus uses three core concepts: How the signal is transmitted Signalhttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.html Signal bounce termination Transmission The signal is sent to all devices connected to the linear bus segment (this is not a broadcast!). All devices connected to the segment get the signal but not all do process this signal. Signal bounce Only one signal can exist on the segment at a time. This means that only one device can transmit at a time. The more devices you have, the worse the performance will get (contention). It is also a passive technology because the devices do not move the data from one device to another it is generated at the source and all devices passively receive the signal. To prevent 文档下载 免费文档下载 http://doc.xuehai.net/ the signal bouncing from the end may cause problems to other systems to communicate. To prevent this, a linear bus uses terminators at the end of a bus to absorb the signal.Contention, Passive technologyCISSP2-5 Telecommunication and Network SecuritySignal termination If any part of the bus is not properly terminated, entirehttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.html the bus will cease to function properly. Someone can take out all of the devices on the bys by removing the termination (by cutting the cable). Linear bus is very susceptible to cable faults.S TAR T OPOLOGYAll devices are connected to an active hub or switch. The benefit is that in case of a cable fault only one device is affected. Logically this network operates as a bus due to the hub/switch. Collapsed backbone Star topologies are used to implement a collapsed backbone. The backbone exists between hubs/switches and requires less cabling. If an individual cable fault occurs, the hub/switch short the port on which the cable fault occurs and allows the other devices to continue functioning. However, the hub/switch is a SPOF.R ING T OPOLOGYActive topology A loop of cable is used to interconnect devices. The signal is transmitted in a single direction with each device retransmitting the signal. Therefore, it is an active topology. A dhttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlrawback is that if any system stops passing the signal or starts generating bad signals, it can take the entire ring out.T REE T OPOLOGYThe tree topology is based on the bus and star topology. There are multiple nodes supported on each potential branch.M ESH T OPOLOGYIn a mesh topology each node is connected to every other node. These networks are typically deployed to create backbone and WAN-networks.LAN AND WAN T ECHNOLOGIESData is transmitted on LANs using one of three transmission techniques: Unicast 1 specific destination host (physically and logically) Broadcast To all hosts within a subnet or network. A directed broadcast is a broadcast on Layer 2 but the destination address is a unicast address on Layer 3. Multicast To multiple hosts via the use of group membership addresses.ETHERNETEthernet is the most popular topology because it can be implemented to be very tolerant of network failures. Ethernet is 文档下载 免费文档下载 http://doc.xuehai.net/ specified in http://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlthe 802.3-spedifications al a CSMA/CD methodology and is mostly used as a star topology (but functioning like a linear bus). This means that multiple devices share the same bandwidth. CSMA/CD is also known as collision management: Carrier Sense The hosts checks if it can start a transmission. Multiple Access Multiple devices access the same network. After sending the data, the host checks if other hosts are trying to send data. If so, it sends a warning signal and tries to resend the data again after a while. Collision Detection Detect if collisions take place the host will be informed so it can retransmit the data. Ethernet can function in half-duplex (like a walky-talky) or full-duplex mode. For fullduplex mode you need two pairs of wires.T OKEN- R ING AND FDDIWithin a ring topology the most predominant method of transmitting data is token passing. In a token-ring architecture the data is appended to a packet the token. TheCISShttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlP2-6 Telecommunication and Network Security sending host must get the token first before it can append the data to it and transmit the token. The token is sent through the ring until it reaches it designation or passes the active monitor twice (in which case it is deleted). Token ring uses a logical ring but is mostly cabled as a star. It is an active technology which uses the following ports: Station ports These exist on token ring NICs and connect to the network Lobe ports These exist on the token ring hub or MAU and connect to station ports Ring in / Ring out ports Connect one ring to another ring. The first system brought alive in a network is assigned as the active monitor. The active monitor is responsible for generating the token, removing bad tokens, providing clocking, maintaining ring delay, handling orphaned frames en purging the ring. Malicious users can try to take over the role of active monitor and createhttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.html a DoS. Token-ring can be designed very fault tolerant but it is very costly. FDDI uses a redundant ring to ensure fault tolerance.ARCNETA TTACHED R ESOURCE COMPUTER N ETWORKThis is a dead network topology because it is a bus technology. ARCnet uses CSMA/CA ( Collision Avoidance) using a token to transmit data.2.5 LAN DevicesLAN technologies tend to 文档下载 免费文档下载 http://doc.xuehai.net/ focus on connecting a large number of systems that are in close proximity to each other to a very fast network.H UBS AND R EPEATERSLayer-1 device Hubs and repeaters do the same thing. As hubs have more ports than repeaters they are also called multi-port repeaters. Hubs just amplify the signal and repeat it out all ports. Therefore they are layer-1 devices.S WITCHES AND BRIDGESSwitches and bridges are in general the same. Differences are: Switches are hardware based and use ASICs to make decisions; bridges use software and are therefore slower; Switches have more ports (theyhttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.html are called multi-port bridge); Switches can run multiple instances of running tree; bridged can run only one. Layer-2 device Spanning tree is a protocol used to determine redundant paths in a network and blocking any paths that would create loops (which can result in broadcast storms). Switches are layer-2 devices because they are Data Link layer aware (they know how physical addressing occurs and they use this to optimize network communications). Switches use segmentation. Each port is considered by the switch as a segment. If a signal is received, it tries to determine to which port the destination host of a signal is connected and forwards the message to that specific port (designation port). If it cannot, it falls back to basic Ethernet and forwards the signal to all ports. A switch can provide some security via VLANs and port-based security. Layer-3 switches are hybrid devices that combine layer-2 and layer-3 functionality allowhttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmling the switch to forward frames when possible and route packets when needed. Layer-3 switches are particularly suited for VLAN environments.SegmentationVLANSThe goal of VLANs (Virtual Local Area Network) is the separation of broadcast domains and the creation of subnets. They are logically segmented networks within a single switch or within a single switch fabric (group of physically connected switches). A router is needed to communicate between subnets. By restricting the traffic at the router and separating hosts between VLANs you gain a degree of security. A drawback on security is that it is possible for data to transfer from one VLAN to another even though it normally shouldn t due to exploits such as buffer overruns.CISSP2-7 文档下载 免费文档下载 http://doc.xuehai.net/ Telecommunication and Network SecurityR OUTERSLayer-3 device Routers are network aware: they can differentiate between different networks. They use this information to build routinghttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.html tables containing: the networks the router knows about, the remote router to use to connect to those networks, the paths (routes) to the networks, the costs (metrics) of sending data over the paths. Routers are used to segment networks as well as to reduce broadcasts on a network. They provide better traffic management and security capabilities than switches and hubs can. They are able to examine logical addresses and layer-3 header information to determine what application ports are being used. This information is used for traffic filtering and blocking purposes.F IREWALLSFirewalls prevent traffic that is not authorized from entering or leaving the network. They are deployed as a perimeter security mechanism. There are six main types (generations) of firewalls: 1st Generation 1. Packet filtering Traffic is checked against rules set that defines what traffic is allowed and what is not by using IP-addresses and/or port numbers. If http://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlthere is a match, it can pass. Otherwise the packet is discarded. They operate very fast because they only need to read the layer-3/4 information to make a decision. A packet filtering firewall is also called a screening router. These firewalls reside on the network/transport layer and use ACLs. 2. Application proxy These kind of firewalls read the entire packet into the application layer before making a decision. This allows an application proxy firewall to recognize CodeRed data. They are slower than packet filtering firewalls. Another drawback is that the provided services are limited; if you need another service, you need an additional proxy. An application proxy firewall is sometimes called an ALG (Application Level Gateway). These firewalls reside on the application layer. 3. Circuit proxy A bit of a hybrid between application proxies and packet filtering firewalls. A circuit is created between the source and destination withouthttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.html actually reading and processing the application data. The functionality is close to a packet filter. Circuit proxy firewalls are easier to maintain than an application proxy. 3rd 文档下载 免费文档下载 http://doc.xuehai.net/ Generation 4. Stateful inspection After a host sent a packet to a destination, the destination host processes the data and sends a response. This network connection state is tracked by the firewall and then used in determining what traffic should be allowed to pass back through the firewall. Because these firewalls can examine the state of the conversation, they can monitor and track protocols as well; even UDP which is connectionless. Many Stateful packet inspection firewalls perform packet reassembly and check for harmful data. If so, the data is dropped. These firewalls reside on the network layer. 5. Dynamic packet filtering A dynamic packet filtering firewall is used for providing limited support of connectionless protocols (UDP). It queues all the UPD http://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlpackets that crossed the network perimeter and based on that will allow responses to pass back through the firewall. 6. Kernel proxy These firewall are highly customized and specialized to function in kernel mode of the operating system. This provides for modular, kernelbased, multi-layer session evaluation using customized TCP/IP stacks and kernel level proxies. There are four general types of firewall architectures: Packet- filtering routers A packet-filtering router sits along the boundary of two networks and is therefore called a boundary or perimeter router. Security is maintained by ACLs (Access Control Lists) that define allowed IP addresses, protocols and port numbers.2nd Generation4th Generation5th GenerationFirewall architecturesCISSP2-8 Telecommunication and Network Security Plusses: Excellent first security boundary as a bulk filtering device Minors: Maintaining the ACL can be very complex and timehttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.html-consuming. Lack of authentication and weak auditing capabilities Screened- host firewall These firewalls employ both a packet-filtering firewall and a bastion host (a system that is directly exposed to external threats. It is the only host on the internal network that is accessible to external hosts. An intruder hast to pass the external router (packet filtering) and the bastion host (proxy) to get access to internal resources.When compromised, nothing stops the intruder having full run of the 文档下载 免费文档下载 http://doc.xuehai.net/ internal network. Therefore is should never be used for high-risk access such as public web server access. Screened- subnet firewall (with demilitarized zone DMZ) A screenedsubnet firewall system provide additional network security by introducing a perimeter network DMZ that the bastion host resides on. This requires an intruder to bypass two packet-filtering routers before he gains access to the internal network. This design is one of the mohttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlst secure methods of providing external access to resources but it is costly and complex.Dual homed host firewall The bastion host has two interfaces (one connected to the external network and one connected to the internal network) but IP-forwarding is disabled. This means that there is no straight connection between hosts on the external and internal network. Minors: If the bastion host is compromised the intruder has potentially free access to the internal network; If you allow the bastion host to route, it doesn t perform well because it isn t designed that way;CISSP2-9 Telecommunication and Network Security Internal routing may accidentally become enabled.G ATEWAYS AND P ROXIESThe term gateway has many meanings such as: a router, providing proxy functionality and providing access to a network or service. Proxies are used as an intermediary device between a client and a server providing transparent access to rhttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlesources on the server. All traffic goes through the proxy. This allows administrators to restrict access, i.e. on outbound internet access. Proxies have caching functionality so they can provide better network performance.2.6 WAN TechnologiesWAN technologies tend to focus on interconnecting LANs and making connection to remote sites and resources. There are three main categories of WAN networks: Internet Intranet ExtranetWAN CONNECTIONSDedicated Connections Dedicated connections exist between two point-topoint sites and are available all the time. The connection is exclusive and tends to be synchronous serial connections (using precision clocking and control bits). Examples are T1, T3 and E1, E3 (Europe). OC-x is for optical carries. DS-0 thru DS-3 define the framing specifications for transmitting data over Tx and Exlines. Circuit- Switched Connections Circuit-switched connections dynamically bring up the 文档下载 免费文档下载 http://doc.xuehai.net/ circuits (connectionshttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.html) between two devices. These circuits are maintained for the duration of the call. They tend to use asynchronous serial connections, dialup modems and ISDN and are thus used for low bandwidth or backup purposes. Because with every connection authentication is required, it is considered to be a fairly secure connection. Packet- Switched Connections Packet-switched connections use synchronous serial connections (like dedicated connections) but share the network with multiple systems. It is less secure but cheaper. The company simply purchases a guaranteed amount of bandwidth. The classic packet-switched network is frame relay or X.25. Cell- Switched Connections These connections are similar to packetswitched connections but are ATM (Asynchronous Transfer Mode) networks. This is a standard that use fixed length cells thus reducing transit delays. ATM is used on high speed media (SONET, T3, E3). It is considered to be a fairly techhttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlnology.WAN secure S ERVICESPoint- to- point and Serial Line Internet Protocol (PPP and SLIP). These protocols are used for providing data link connectivity over asynchronous (dial-CISSP2-10 Telecommunication and Network Security up) and synchronous (ISDN, dedicated serial line) connections. PPP is the successor of SLIP. Both provide to authenticate the connection. PPP primarily exist to transport Network layer protocols across an point-to-point connection. When an attempt is made, three phases of communication occur: Link Establishment Phase LCP packets are exchanged to configure and test the link; Authentication Phase CHAP, PAP or manual authentication of the connecting devices occur; Network Layer Protocol Phase NCP is used to determine what Network layer protocols need to be encapsulated and are transmitted accordingly. CHAP and PAP are authentication protocols. PAP (Password Authentication Protocol) is the less securehttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.html of the two because passwords are sent in clear text. CHAP (Challenge Handshake Authentication Protocol) performs authentication during the initial handshake phase and periodically 文档下载 免费文档下载 http://doc.xuehai.net/ revalidates the password for the duration of the connection. High- Level Data- Link Control HDLC is an ISO-based standard for delivering data over synchronous lines. This protocol is bit-oriented and uses frame characters and checksums as part of the data encapsulation, but uses no authentication. Also it doesn t provide for specifying the network-layer protocol that was encapsulated. Because each vendor developed its own method for doing this, it cannot be used between devices from different vendors. X.25 X.25 operates on the physical and Data Link layers. It uses virtual circuits for establishing the communication channel between hosts. Now, it has been replaced by the faster Frame Relay. Link Access Procedure Balanced LAPB is a bit oriented protocol likehttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.html HDLC and was originally created for use on the X.25 networks. It functions by assuring that frames are correctly ordered and error free. Frame Relay Reliable and supports multiple protocols. It is based on X.25 (uses virtual circuits, operates on the physical and Data Link layers) but is much faster because error checking is left to the higher layers. It provides the communication interface between the DTE (Data Terminating Equipment) and the DCE (Data Circuit-Terminating Equipment). Frame Relay uses DLCIs (Data-Link Connection Identifiers) to identify the end points of communication of a circuit. It does not use authentication; you need something like PPP if needed. Frame Relay is one of the most fault tolerant network topologies because network traffic can be diverted to another network segment. Synchronous Data- Link Control SDLC is designed by IBM for use in mainframe connectivity but is also used for point-to-point connectiohttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlns. WAN It is incorporated into SNA and SAA but now largely replaced by HDLC. Integrated Services Data Network ISDN was developed to transmit digital signal over a standard telephone wire. The BRI is 128 Kbps; the PRI up to 1.544 Mbps. BRI is intended for small office and home user usage and uses 1 16 Kbps D (Delta) channel and two 64 Kbps B (Bearer) channels. PRI is intended for greater usage and uses one 64 Kbps D channel and 23 Mbps B channels. In conjunction with PPP ISDN allows 128 Kbps by bonding together the two B channels. Digital Subscriber Line xDSL allows broadband transmission of 文档下载 免费文档下载 http://doc.xuehai.net/ data up to 53 Mbps over the existing telephone network. There are four primary types of DSL: Asymmetric Digital Subscriber Line ADSL delivers 1.5-9 Mbps download speed and 16-640 Kbps upload speed up to 18,000 feet from the central office using a single line; Single- line Digital Subscriber Line SDSL delivers download and upload up to 1.544 Mbps up tohttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.html 10,000 feet from the central office using a single line; High- rate Digital Subscriber Line HDSL delivers download and upload up to 1.544 Mbps using two lines thus allowing full duplex mode up to 12,000 feet from the central office. HDSL allows T1-functionality; Veryhigh Digital Subscriber Line VDSL delivers 13-52 Mbps download speed and 1.5-2.3 Mbps upload speed up to 1,000-4,500 feet from the central office using a single line. Switched Multimegabit Data Service SMDS is a high-speed packetswitching technology for use over public networks. It is for companies that need to send and receive large amounts of data on a bursty basis. High Speed Serial Interface HSSI provides an extremely fast (53 Mbps) point-to-point connection between devices up to 50 feet. It can be used to connect devices at T3 or OC-1 speeds. It is often used for interconnect LAN equipment for backup and fault tolerant network uses.CISSP2-11 Telecohttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlmmunication and Network SecurityWAN D EVICESWAN devices are: Routers WAN switches to connect private data over public circuits Multiplexors MUX enable more than one signal to be transmitted simultaneously over a single circuit; Access Servers equipment used for dial-in and dial-out access to the network. Modems to convert digital and analog signals; CSU/DSU Channel Service Unit / Data Service Unit digital devices used to terminate the physical connection on a DTE-device ot the DCE.2.7 Providing Remote Access CapabilitiesRemote access techniques and technologies are used for telecommuting (a user is called a telecommuter).CLIENT- B ASED D IAL- I N R EMOTE A CCESSAlso called dial-in access, this connectivity needs a modem to dial in the corporate network. Secure connections can be made via the ISP, using a POTS2 and creating a VPN tunnel to a VPN server on the corporate network.U SING TUNNELING AS A SECURITY METHODTunneling http://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlTunneling is 文档下载 免费文档下载 http://doc.xuehai.net/ he process of transmitting one protocol encapsulated within another protocol. This can be used to transmit data that might not be supported on the network or to create a secure channel. Tunnels designate two endpoints of communication and than encapsulate the data within some other packet format. Tunneling techniques are PPTP (Point-to-point Tunneling Protocol) which provide encryption capabilities. Cisco uses GRE (General Routing Encapsulation). IPSec is often used in conjunction with GRE.V IRTUAL P RIVATE N ETWORKSA VPN is the sue of a tunnel or secure channel across the internet or other public network. The data within the tunnel is encrypted. VPNs are client-based or site-to-site. Client- based VPNs These VPNs provide remote access to users across the Internet. Users have VPN client software on their PC which allow them to connect to the network as if they are a (virtual) node on that network. Siteto- site VPNs Thttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlhis is a (semi-) permanent connection across the Internet between two devices, typically routers or firewalls. Clients do not need to have special software; the secure connection is established by special VPN hardware devices, such as routers. This is known as split tunneling. VPN devices are IPSec-compatible or not. IPSec compatible devices are installed on a network s perimeter using tunnel mode or transport mode. Non IPSec compatible devices include SOCKS-based proxy servers, PPTP compatible devices and SSH-using devices. There are three protocols that provide remote access VPN capabilities: PPTP A Microsoft-developed technology that provides remote access by encapsulating PPP inside a PPTP packet. It uses the PP authentication mechanism of PAP, CHAP or MS-CHAP and encryption (40 or 128 bit session keys and encryption). PPTP supports multi-protocol tunneling. PPTP resides on the Data Link layer. L2TP Layer 2 Tunneling Protocol. Simhttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlular to PPTP but supports RADIUS and TACACS for authentication and IPSec and IKE for encryption and key exchange. L2TP supports multi-protocol tunneling. L2TP resides on the Data Link layer. IPSec This is a network-layer encryption and security mechanism that can be used a standalone VPN solution or as a component of an L2TP VPN solution. It supports DES (hacked) and 3DES (recommended) as well as 128/160 bit encryption. IPSec further support the use of AH (Authentication Header) security and 文档下载 免费文档下载 http://doc.xuehai.net/ ESP (Encapsulation Security Payload). AH secures the IP header; ESP secures the entire packet. IPSec resides on the Network layer.2Split tunnelingPlain old telephone systemCISSP2-12 Telecommunication and Network SecurityR EMOTE ACCESS A UTHENTICATIONThere are three technologies for authentication: RADIUS A UDP based industry standard for authentication via a client/server model. The user is asked for a name and password whhttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlich is checked against a database. RADIUS simply allows or denies access. TACACS an older and end-of-life authentication technology. TACACS Like RADIUS it separates the authentication and authorization capabilities but uses TCP for connectivity. Therefore it is regarded to be more reliable than Radius.2.8 Networking ProtocolsTCP/IP is a suite of protocols developed by the Department of Defense. It was designed following a four layer architectural model:APPLICATIONPRESENTATIONAPPLICATIONSESSION TRANSPORT / HOST TO HOST INTERNETTRANSPORTNETWORKDATALINK NETWORK PHYSICALApplication layer run on a network.It provides for the application, services and processes thatTransport layer The host-to-host layer. It is responsible for handling the end-to-end data delivery on a network. Internet layer the network. Network layer Provides logical addressing and routing of IP datagrams on Responsible for the physical delivery of http://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmldata on the network.A PPLICATION LAYER P ROTOCOLSThese protocols are services. Some of the common protocols are: Bootstrap Protocol BootP provides automatic configuration of diskless workstations by looking up the MAC-address in the BootP-file. If found, it sends the necessary information tot complete the system boot process. File Transfer Protocol FTP is used to send and receive files between two systems. It provides authentication using clear-text passwords. It doesn t provide for remote execution of programs. Line Printer Daemon LPD is used in conjunction with LPR (Line Printer Remote) for connecting to network-attached print devices. Network File Systems ments. NFS is a file-sharing protocol used in UNIX environ-Post Office Protocol 3 POP3 provides for the connecting to and receipt of email from a mail server to the email client. Simple 文档下载 免费文档下载 http://doc.xuehai.net/ Mail Transfer Protocol SMTP provides for the delivery of email across servers. POP3 is reshttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlponsible for the receipt of email; SMTP for sending it. Simple Network Mangement Protocol SNMP supports the transmission and collection of management information and statistics for network devices. ItCISSP2-13 Telecommunication and Network Security sends traps whenever a network event occurs. It also allows administrators to make changes on remote systems via set operations. The information that a device can report on is maintained via MIBs (files containing Management Information Bases). Telnet A command line functionality (terminal-emulation program) used to execute commands and run applications. Not suitable for file transfers. Trivial File Transfer Protocol TFTP is a subset of FTP for file transfer. It doesn t support authentication and directory browsing and is used for updating the configuration files of routers and switches. X Windows A protocol that allows remote display of a GUI.T RANSPORT LAYER P ROTOCOLShttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlThe most significant Transport layer protocols are TCP and UDP. Compared with communicating between two people TCP can be seen as using a telephone; UDP as using a letter. TCP and UDP use port numbers as endpoints of communications. TCP TCP is responsible for creating connection-oriented, reliable end-to-end communications between host systems. It does this via series of synchronizations (SYNs) and acknowledgements (ACKs) prior to data transfer. This is called the TCP three-way handshake. It also uses windowing to determine how much data can be send before an ACK must be received. TCP also uses sequence numbers for the segments it sends. UDP UDP is responsible for connectionless (doesn t check if a designation is up, just sends), unreliable end-to-end communications between systems. It is used when the receipt of data is not important (streaming audio/video) or when the overhead of ensuring the reliable delivery is too high. TCP Acknohttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlwledged data transfer Uses sequencing Connection-oriented Reliable Higher overhead UDP Unacknowledged data transfer Does not use sequencing Connectionless Unreliable Lower 文档下载 免费文档下载 http://doc.xuehai.net/ overheadTCP/IP protocols are: Host-to-host Transport Layer Protocols such as TCP and UPD. Internet Layer Protocols such as IP, ARP/RARP en ICMP. TCP/IP provides simplex, half-duplex and full-duplex connections.I NTERNET LAYER P ROTOCOLSThe Internet layer is TCP/IP. Some common Internet-layer protocols are: IP Responsible for handling the logical addressing of hosts. IP is considered to be unreliable which is fine because TCP can provide reliability if needed. I nternet Control Message Protocol ICMP is a management and control protocol for IP and is responsible for delivering messages between hosts regarding the health of a network. It is used by IP diagnostic tools such as PING and Traceroute. ARP IP addresses and their respective MAC addresses. It issues an ARhttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlP broadcast with an IP address and the host that owns the IP address responds with its MAC address. Reversed ARP RARP is used to discover the IP-adresses if the MAC-address is known. It is used in diskless workstations to get the IP configuration information from a RARP server.2.9 Protecting the Integrity, Availability and Confidentiality of Network DataT HE CIA- TRIADConfidentiality Confidentiality is ensuring that the data transmitted is only able to be read by the intended recipient. Confidentiality can be protected by network security protocols, network authentication services of data encryption services.CISSP2-14 Telecommunication and Network Security Integrity Integrity is the assurance that the data that was received is the data that was transmitted. Techniques are nonrepudiation3, firewall systems, communication security and intrusion detection systems. Availability is a concept that can creahttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlte be applied reliability to and stability of network systems and applications. It ensures tat data is available when required. Techniques are fault tolerance of disks, systems and backups, acceptable log-in and process performance, reliable and functional security processes and mechanisms.AvailabilityS ECURITY B OUNDARIES AND T RANSLATING S ECURITY P OLICY TO CONTROLSThere are three major groupings of networks: External subnets Containing those resources that the administrator has no control over (Internet). Systems 文档下载 免费文档下载 http://doc.xuehai.net/ connected to the boundary must be hardened (run the bare minimum of services and applications). Internal subnets Containing those resources that the administrator has control over. The key to securing internal subnets is the separation of resources, auditing of transactions and the definition of an enforceable security policy. Screened subnets Also referred at as DMZ, are used to provide limited access to external users. An examplhttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmle is allowing external access to a server by port 80 but preventing other external access by packet filtering. Type enforcement Type enforcement is about defining groups of processes into domains and types based on least privilege. You group resources based on how it can be used and by whom. Access is only granted to users who need the data. These groups of resources can further be separated onto different servers and subnets to provide for granular audit and access control.T RUSTED N ETWORK I NTERPRETATIONThe DoD develop a series of books the Rainbow Series of which the Orange Book is well known. The Orange Book defines the TCSEC (Trusted Computer Security Evaluation Criteria). The other books expound upon the concepts described in this book. See paragraph TCSEC The Orange Book and the Rainbow Series on page 6-4 for a detailed description. Security policy A security policy should: Clearly define what is and is not permitted by bothttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlh users and administrators; Serve as the guideline for defining the types of resources and access that users require to those resources; Define the procedures that should be followed in the event of a compromise.N ETWORK LAYER S ECURITY P ROTOCOLSThough encryption occurs at the Presentation layer, protocols have been designed to provide this functionality at the Network layer: IPSec IPSec offers two choices of security: AH and ESP. AH (Authentication Header) authenticates the sender but the payload is not encrypted. ESP (Encapsulated Security Payload) also authenticates the sender but also encrypts the payload. Key management is handled by the ISAKMP/Oakley protocol. IPSec functions in tunnel and transport mode. Tunnel mode is used to encapsulate the entire original IP datagram in situations where the datagrams are sourced or destined to systems that do not use IPSec (i.e. in the case of a VPN). Transport mode encapsulates the uppehttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlr layer 文档下载 免费文档下载 http://doc.xuehai.net/ (Transport layer and above) data of the original packet and is used in cases where the end points of communications both support IPSec. A drawback of IPSec is that it is largely incompatible with NAT because IPSec requires that data integrity not be compromised and NAT translates data midstream between hosts. Because source addresses are changed, the data is dropped. A workaround is encapsulating IPSec traffic in TCP or UDP. SWIPE SWIPE is the predecessor to IPSec and provides encryption at the Network layer by encapsulation the packet within the SWIPE packet. It does not have policy or key management functionality. Simple Key Management for Internet Protocol SKIP is a stateless Network layer encryption mechanism for primarily SUN Solaris environments.3Nonrepudiation is a way to guarantee that the sender of a message cannot later deny having sent the message and that the recipient cannot deny having received the message. Shttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlee also Nonrepudiation on page 3-2.CISSP2-15 Telecommunication and Network Security(1) According to the DoD these protocols resides within the Application layer.T RANSPORT LAYER S ECURITY P ROTOCOLSSSL A well known security protocol is SSL (Secure Socket Layer) which is supported by firewalls and tunneling. It provides data encryption, server authentication, data integrity and optional client authentication via TCP/IP. It is primarily used for HTTP-traffic and securing the communications between Web browsers and Web servers. SSL uses digital certificates for server authentication, encryption for transmission privacy and end-to-end connections to ensure data integrity. TLS (Transport Layer Security) is the successor to SSL. Though built on SSL 3.0, it does not support SSL directly.TLSA PPLICATION LAYER S ECURITY P ROTOCOLSFor securing email the following protocols are widely used: S/MIME Secure Multipurposehttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.html / Internet Mail Extensions. Based on MIME to secure email transmissions and RSA encryption, is provides for cryptographic security through MIME encapsulation of digitally signed and encrypted objects. It ensures that authentication, nonrepudiation, message integrity and confidentiality occur. PEM Privacy Enhanced Mail. PEM provides for 文档下载 免费文档下载 http://doc.xuehai.net/ message encryption and authentication by using symmetric (secret-key) and asymmetric (public-key) encryption methods for encryption of data encryption keys. through encapsulation Secure / Multipurpose Internet Mail Extensions. It is rarely used. For securing financial transactions the SET protocol can be used. SET Secure Electronic Transmission is a framework for protection against credit card fraud. It uses a PKI (Public Key Infrastructure) to provide for the confidentiality and integrity of the cardholder data, while at the same time providing for the authentication of the card.N ETWORK M ONITORING Ahttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlND P ACKET S NIFFERSPacket sniffing is about capturing the data on a segment. A packet sniffer can be used to observe traffic patterns that the software uses and use that information to configure perimeter security devices (pattern-based application recognition).I NTRUSION D ETECTIONIntrusion detection is the process of monitoring systems for evidence of an intrusion or misuse. Intrusion Detection Systems (IDSs) are responsible for performing the following tasks: Monitoring and analyzing user, system and network access Auditing system configurations and vulnerabilities Assessing the integrity of system and data files Recognizing activity patterns that would seem to indicate and incident Analyzing abnormal use patternsCISSP2-16 Telecommunication and Network Security Operating system auditing Automatic patching of vulnerable systems through recovery actions and scripting (*) Installing and monitoring decoy servers thttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlo gather information (*) (*) Only with advanced IDSs.There are two kinds of IDSs: network-based versus server-based and knowledge-based versus behavior-based IDSs. Network- based IDSs These IDSs analyze packets real time against a known database or pattern attacks and are typically deployed to monitor traffic on a network segment. Host- based IDSs These IDSs are often system-centric in their design. Most host-based IDSs are designed to monitor logins and processes, typically through the use of auditing system logs. These IDSs are designed to specifically identify inappropriate activity on the host system only and are agent-based (an agent is required to be running on monitored system. As a result, host-based IDSs can be difficult to deploy 文档下载 免费文档下载 http://doc.xuehai.net/ and manage. Knowledge- based IDSs These IDSs are network- or host-based. It maintains a database of known attacks and vulnerabilities and detects whether attempts to exploit these vulnerabilities http://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlare occurring. Knowledge-based IDSs are more sometimes referred to as signature based. Benefits of knowledge-based IDSs are: - Low degree of false positives; - Alarms are easy to understand. Drawbacks are: - Resource intensive because it must be constantly updated; - New attacks can go unnoticed because of outdated signature files. Behavior- based IDSs These IDSs are more complex than knowledge-based IDSs because they are capable to learn. Sometimes it is referred at as anomaly based IDSs. Benefits of knowledge-based IDSs are: - Systems can dynamically respond to new, original or unique exploits and attacks; - Not dependent on specific operating systems. Drawbacks are: - High false alarms are very common; - In environments where the usage patterns of users and network resources frequently change, the IDS is unable to establish a baseline of normal behavior upon which to base any deviations. Active IDSs check real-time for pashttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlsive attacks; IDSs do log analyzing.I NTRUSION R ESPONSEIntrusion Response occurs after an event has been detected. It is often defined as a part of the responsibilities of a CIRT. The primary response of a CIRT is to define and execute the company s response to an incident via a process known as Incident Response Management. The CIRT response consists of the following: Coordinate how the notification and distribution of incidents should occur. There should be a defined escalation path. Mitigate the risk of an incident by minimizing disruptions and the costs involveld in remediating the incident. Assemble teams of people to investigate and resolve potential incidents. Provide active input in the design and development of the company security policy. Manage and monitor logs. Manage the resolution of incidents, including post mortems of incidents.N ETWORK A DDRESS T RANSLATIONTypically NAT translates each internal address to a unique exterhttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlnal address (one to one mapping). PAT (Port Address Translation) performs one to many 文档下载 免费文档下载 http://doc.xuehai.net/ mapping by using unique port numbers. Inbound NAT Inbound NAT is used to provide access to internal resources in conjunction with policy routing. The administrator creates a table in which an entry maps the externally used IP address to the internally used IP address (the system that provides a service). Inbound NAT can also be used with PAT.CISSP2-17 Telecommunication and Network Security Because NAT can hide the internal IP addresses, it provides a (light) degree of security. Effectively NAT provides a boundary between networks. It does not protect against spoofing. Therefore NAT is nothing more than a component of a security solution. Another drawback is the incompatibility of many types of encryption. NAT receives packages, builds a new package and sends it to the host. A response from the host is translated and sent to the origihttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlnal requestor. As many encryption methods do not allow manipulation of data, the package is rejected. Unless the NAT-device is configured not to do so. Another alternative is to encapsulate the encrypted data in TCP or UDP before sending it.P UBLIC AND P RIVATE IP A DDRESSESIANA There are five blocks of IP Addresses reserved by the IANA (Internet Assigned Numbers Authority: Class A B C D E Public IP Ranges 1.0.0.0 to 9.255.255.255 11.0.0.0 to 126.255.255.255 128.0.0.0 to 171.255.255.255 173.0.0.0 to 191.255.255.255 192.0.0.0 to 195.255.255.255 197.0.0.0 to 223.255.255.255 224.0.0.0 to 239.255.255.255 248.0.0.0 to 255.255.255.255 Experimental use. Multicast IP addresses3 Blocks of IP addresses are reseverd for private network use: 10.0.0.0 to 10.255.255.255 172.16.0.0 to 172.31.255.255 192.168.0.0 to 192.168.255.255 Available IP addresses are: 127.0.0.0 to 127.255.255.255 (loopback IP-addresses) 224.0.0.0 to 243.255.255.255 240.0.http://doc.xuehai.net/bff69c6183e6980b054e00dcd.html0.0 to 247.255.255.255T RANSPARENCYTransparency is the ability of a device to not appear to exist. By not responding to illegal request an attacker doesn t know what kind of device exist at a given IP address. Another method of transparency is to configure a device to receive packets but not be able to send (like IDSs).H ASH T OTALSHashing is the process of assigning a value to represent some original data string. The value is the hash total. 文档下载 免费文档下载 http://doc.xuehai.net/ An example of the usage of hash totals is the Windows authentication. The client generates a hash total based on the password and sends it to the domain controller for validation against a database with hash totals.EMAIL S ECURITYSMTP-servers should not permit relaying of mail because spammers look for these servers to send bulk mail. If you don t, you may be added to various black lists of Internet servers. Other email servers will not accept mail from blacklisted servers.F ACSIMILE Ahttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlND P RINTER S ECURITYOne should think carefully about the use of printers and faxes. Often they are used by several employees but maybe it would be better to place them in separate rooms with restricted access. The best way to handle the disposing of documents is to burn them.COMMON A TTACKS AND COUNTERMEASURESThere are six classifications of network abuse: Class A thru Class F abuses.CISSP2-18 Telecommunication and Network Security Class A Abuses A class A network abuse is the result of unauthorized network access through the circumvention of security access controls. This is sometimes referred at as logon abuse. Techniques for class A network abuses are: Social Engineering Brute force Class B Abuses A class B network abuse is defined by non-business use of systems. Examples are visiting unauthorized websites or using companies resources for personal benefit. An acceptable user policy (AUP) and securihttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlty enforceable policy is an effective way to handle class B network abuses. Types of these kind of abuses are: PBX fraud and abuse Email and Internet abuse Class C Abuses Class C network abuses are identified by the use of eavesdropping techniques. Examples are: Network sniffing Dumpster diving (going through the trash) Keystroke recording Class D Abuses A class D network abuse is identified by denial of service saturation of network devices and resources. Examples are: SYN flooding Buffer overflows Teardrop attacks The use of overlapping IP fragments LAND attacks A packet with the same source and destination IP address SMURF attacks Using ICMP to spoof ICMP echo requests to a network broadcast address. DDos attacks Multiple hosts attacking one device and using all its bandwidth. 文档下载 免费文档下载 http://doc.xuehai.net/ Class E Abuses A class E network abuse is defined by network intrusion and prevention. Examples are: Spoof attacks An attacker appearing to be something other than he ishttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.html. A common spoof attack is an ARP redirect in a switched environment. Trojans Viruses and worms Back doors The only remedy is a format and complete rebuilding TCP hijacking Inserting TCP-packets by using the sequence numbers. Piggy-backing The process of using a legitimate user s connection to gain access to a system (i.e. by using open not correctly closed connections) Class F Abuses A class F network abuse refers to probing attacks. First information is gathered about the network. Examples are: Port scans Banner abuse many services use banners that include information about the type of system the service is running on. Examples are HTTP, FTP and SMTP banners. This information can be used to determine the types of exploits to which a system might be vulnerable. Sniffing -2.10 Fault Tolerance and Data RestorationReliability of data can be handled through the use of redundant array of inexpensive disks (RAID). There are five levels http://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlof RAID: Striping RAID 0 Creates one large disk by using several disks. Used to improve performance by simultaneous reads and writes through striping of data across multiple disks. It provides no fault tolerance. RAID 1 Mirroring: data on one disk is duplicated on another disk. Fairly expensive because it requires the double amount of storage. RAID 2 No longer in use. Used multiple disks and parity information. It consists of bit-interleaved data on multiple disks. Parity information is created using a hamming code. There are 32 disks used for storage and 7 for parity.Mirroring Hamming Code ParityCISSP2-19 Telecommunication and Network Security RAID 3 Similar to RAID 0 but now uses parity information. Performs bytelevel striping. Parity information is stored on a specific parity drive. RAID 4 As RAID 3 but it performs block level striping across multiple drives. RAID 5 Stripes data and parity at acrohttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlss the block level all drives using interleave parity for data re-creation. Reads and writes can be performed 文档下载 免费文档下载 http://doc.xuehai.net/ simultaneously, offering a very good performance. RAID 7 A variation of RAID 5 wherein the array functions as a single virtual disk in the hardware. Clustering technologies are used to prevent a server entirely fail. There are two types of clustering concepts: Data clustering Two data servers are configured exactly the same; one is the mirror of the other. There is a fail-over link between the 2 servers. Load balancing Network services clustering or Server clustering Load balancing. Used to improve system performance by distributing network requests among multiple servers who have the same functionality. Of course you need data backups. Popular backup methodologies are: Full backup All data is saved every time. Can cost a lot of time and tapes. Backing up only the changed and added files. Incremental backupByte Level Parity Block Level Parihttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlty Interleave ParitySingle Virtual DiskDifferential backup All files that have changed since the last full backup are back upped. You only need the full backup tape and the last differential backup tape. Backup-media: Digital audio tape (DAT) Quarter-inch cartridge (QIC) 8mm tape Digital linear tape (DLT) CD/DVD Zip Tape array Hierarchical storage management (HSM) Cheap and compact; max. 40 Gb 50 Gb (most systems 8 Gb) Older system; replaced by DLT 4 mm tape; up to 320 Gb; very fast Widely used for desktop backup For desktop backup; up to 250 Mb Cluster of 32-62 tape drives; RAID fashion Methodology for backing up and restoring data in an enterprise.Identity Management Is a general term and encompasses technologies including password management (synchronization and self reset), user provisioning and access management. Enables and maintains user access to network resources. This includes the creation of the user entity (functionahttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmllity typically found in a human resource applications), authorization and permissions (SSO and password management functionality), and a single point of administration for de/provisioning accounts (as in provisioning).2.11 AddendumData transmission methods: Asynchronous Data transmission method using a start bit at the beginning of the data value and a stop bit at the end. Synchronous A message framed transmission method that used clock pulses to match the speed of data transmission. Isochronous Synchronous data transmission without a clocking source, with the bits sent 文档下载 免费文档下载 http://doc.xuehai.net/ continuously and no start or stop bits. Pleisiochronous A transmission method that uses more than one timing source, sometimes running at different speed. It requires master and slave clock devices. The enforced path refers to the limitations for network access to users. Individuals are authorized access to resources on a network through specific paths. The user is http://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlnot authorized to access a resource through a different route. VPN is an example of an enforced path.CISSP2-20 3Security Management and PracticesF UNDAMENTAL P RINCIPLES3.1 Defining Security PrinciplesCIA: I NFORMATION S ECURITYCIA-triadSThe building blocks, or primitives, based on the question What do we pr ot ect , w hy and how of any security program are: Confidentiality Integrity Availability Confidentiality describes the secrecy of the information asset. It is about determining the level of access in terms of how and where the data can be accessed. This can be classified by a degree of confidentiality. Protections however are as good as the security program itself. Therefore you must pay attention to the tools used, install safeguards (such as encryption) and be aware of social engineering techniques (which require a high level of user awareness). Integrity justifies the cost of maintainihttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlng collecting and the You data. should put mechanisms in place to prevent attacks on storage of data (contamination) and on its transmission (interference). Protecting data involves both storage and network mechanisms. There are malicious and non-malicious attacks on the integrity of data. The first kind are viruses, back doors and logic bombs. Non-malicious attacks are caused by users by entering invalid or inaccurate data, by not following the procedures, or using wrong programs to access data. You have to give users awareness trainings and programs should be tested before they are placed on the network. In network environments, data can be encrypted to prevent its alteration. Availability is the ability of users to access an information asset. The organizational policies should specify various controls and procedures to help maintain availability.Contamination InterferenceP RIVACYPrivacy relates to all the elements 文档下载 免费文档下载 http://doc.xuehai.net/ of the CIA-triad. It consihttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlders which information can be shared with others (confidentiality), how that information can be accessed safely (integrity), and how it can be accessed (availability). Several laws and acts, such as the U.S. Federal Privacy Act (1974) and the Health Insurance Portability and Accountability Act (HIPAA) pay attention to this issue. However, laws and regulations have difficulty to keep up with the technology. Therefore organizations should look at the privacy of their own information assets. They should have a privacy statement which must reflect how the data is handled and available to the users which information is being collected.I DENTIFICATION AND A UTHENTICATIONInformation security is the process of managing the access to resources. If an entity requires access to an information resource, you must identify (identification) it and verify that the entity is who he claims to be (authentication). In most cases this process is a two-http://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlstep process. The first step is identification. Identifiers can be public or private and are tied directly to the entity. Normally a username is used. The second step is authentication. What the entity knows What the entity has Who or what the entity is Strong authentication There are three types of authentication: A PIN or password An access card, a smart card or token Usually identified through biometricsIf two or more are used, it is called strong authentication. Passwords and PINs are the most common forms of authentication. They are also the weakest link because users tend to create easily guessed passwords. Password management tries to create a balance between creating password that cannot bePassword managementCISSP3-1 Security Management and Practices guessed an password users don t need to write down. Methods for password management are: Password generators Usually third party products which create passworhttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlds out of random characters. Password checkers Tools that check passwords for their probability of being guessed. Limiting login attempts Setting a threshold for login failures after which an account is locked. Challenge- Response Cognitive passwords. Using random 文档下载 免费文档下载 http://doc.xuehai.net/ selected questions which the user has to answer; normally used by voice response systems. Token devices come in two versions: synchronous an asynchronous. Synchronous token devices are time-based and generates a value that is valid for a set period of time. An asynchronous token device uses a challenge-response mechanism to determine whether the user is valid. The server displays a challenge, the users enters that challenge into a token device and generates a token value. This value is entered by the user after which the server verifies the value with an authentication server. Cryptographic keys combine the concepts of something you have and something you know. The user has http://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmla private key that is used to sign a common hash value that is sent to the authentication server. To strengthen the authentication process, the user is asked to enter a PIN or passphrase that is also added to the hash.N ONREPUDIATIONNonrepudiation is the ability to ensure the authenticity of a message by verifying it using the message s digital signature. You can verify the signature with the public key obtained from a trusted certification authority (CA).A CCOUNTABILITY AND A UDITINGSystem events can be tracked by using audit records. Systems and security administrators use these records to: Produce usage reports; Detect intrusions or attacks; Keep a record of system activity for performance tuning; Create evidence. Accountability4 is created by logging the system events with the information from the authenticated users, including all necessary information such as date, time and network addresses. If you set up auditing, you hahttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlve to decide how much information you want to gather by defining a threshold or clipping level. The auditing of systems require active monitoring (such as keystroke monitoring) and passive monitoring (examining audit data). It is important to protect the integrity of the audit data. Not only for the analysis of this data, but also for law enforcement. For use of this data in legal proceedings you must prove that the integrity of the data has been maintained and there was no possibility for it to be altered. This is called proving the chain of custody.3.2 Security Management PlanningBefore information security policies can be created, the management should plan a risk analysis on the information assets. A risk analysis identifies the assets, determine 文档下载 免费文档下载 http://doc.xuehai.net/ the risks to them and assign a value to their potential loss. Using this, the management can make decisions to policies that best protect those assets by minimizing or mitigating the rhttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlisks.3.3 Risk Management and AnalysisRisk management Risk management is the process of assessing risk and applying mechanisms to reduce, mitigate or manage risk to the information assets. Its purpose is not to create a totally4The principle that individuals, organizations and the community are responsible for their actions and may be required to explain them to others.CISSP3-2 Security Management and Practices secure environment but to define where risks exists, the probability that they occur, the damage that they cause en the costs of securing the environment. It is not possible or too expensive to reduce all risks to zero. You must look at the likelihood of each risk and either look for other mitigations or accept it as a potential loss. Assessing risks, you must consider the types of loss (risk category) and how the risk may occur (risk factor). Risk categories The risk categories are: Damage loshttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmls a of an physical asset of the inability to access it Disclosure disclosing critical information Losses permanent or temporary loss of data. The risk factors are: Physical damage Malfunctions Attacks Human errors Application errorsRisk factorsR ISK ANALYSISRisk analysis Risk analysis identifies the risks, quantifies the impact and assesses a cost for mitigating the risk. It also assesses the possibility that the risk will occur in order to weigh the cost of mitigation. Risk analysis consist of three steps: 1. Asset identification and Valuation 2. Risk Assessment and Analysis 3. Select and implement countermeasures On completion of the risk analysis the risk manager performs a cost-benefit analysis (CBA) comparing safeguards or the costs of not adding safeguards. Costs are given as an annualized cost and are weighed against the likelihood of occurrence. As a rule, safeguards are not employed when the costs outweigh the potential loss. In fahttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlct you can do three things: 1. Do nothing and accept the risk 2. Reduce the risk by implementing countermeasures 文档下载 免费文档下载 http://doc.xuehai.net/ and accept the residual risk 3. Transfer the risk to an insurance companyI DENTIFYING THREATS AND V ULNERABILITIESThe risk analysis should identify the threats and vulnerabilities that could occur. As environments can be very complex, a vulnerability in one area of the business could easily affect another area of the business. This is called a cascading error. These errors may be caused by malicious attacks or by errors in processing (called illogical processing). Threat agent Identifying the threats to assets is the process of identifying the t hreat agents. These are what cause the threats by exploiting vulnerabilities and can be human, programmatic or a natural disaster. After the threat agents, vulnerabilities and risks have been identified, the risk concentrates on the loss potential. This is what would be the loss http://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlif the threat agent is successful in exploiting a vulnerability. This should include the delayed loss; the amount of loss that can occur over time. Think of loss in productivity, loss of clients and business et cetera.Loss potential Delayed lossA SSET V ALUATIONAssets and risk can be valued the quantitative way (money) and the qualitative way (ranking threats and the effectiveness of countermeasures). The steps in a risk assessment are: 1. Identify the assets 2. Assign values to the assets 3. Identify the risks and threats corresponding to each asset 4. Estimate the potential loss from that risk or threat 5. Estimate the possible frequency of the threat occurring 6. Calculate the cost of the risk 7. Recommend countermeasures or other remedial activitiesCISSP3-3 Security Management and Practices Identify the assets These are the systems, network components and information. Assign values to the assets To determine http://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlthe value use the following questions: How much revenue does this data generate? How much does it cost to maintain? How much would it cost if the data were lost? How much would it cost to recover or re-create? How much would it be worth to the competition? Identify the risks and threats corresponding to each asset Use your common sense to determine all risks and threats to each asset. Estimate the potential loss from that risk or threat Think 文档下载 免费文档下载 http://doc.xuehai.net/ of replacement costs and loss of productivity. The estimated cost is used to calculate the single-loss expectancy (SLE). This is the amount of the potential loss for a specific threat. Estimate the possible frequency of the threat occurring The frequency of occurrence is used to estimate the percentage of loss on a particular asset because of a threat. This is called the exposure factor (EF). If a fiber-optic cable between two buildings is cut causing 20% of the infrastructure to become inoperablhttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmle, the EF is 20%. Next the annualized rate of occurrence (ARO) is calculated. This is the ratio of the estimated possibility that the threat will take place in a one year time frame varying from 0.00 (never) to 1.00 (certain). If a threat takes place once every four years, the ARO is 0.25. Calculate the cost of the risk Based on the information gathered in the previous steps, the annualized loss expectancy (ALE) can be calculated. The ALE tells the analyst the maximum amount that should be spent on the countermeasure to prevent the threat from occurring. SLE = asset value x EF ALE = SLE x ARO Asset NOC Web servers Threat Fire Power failure Value 500.000 25.000 EF 0.45 0.25 SLE 225.000 6.250 ARO 0.20 0.50 ALE 45.000 3.125SLEEFAROALEQ UALITATIVE R ISK A NALYSISTo do a qualitative risk analyses you first identify the major threats and analyze the scenarios for the possible sources of the threat. The scores show the likelihood http://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlof the threat occurring, the potential for the severity and the degree of loss. Additionally potential countermeasures are analyzed by ranking them for their effectiveness. Finally the scores for the threat are compared to the countermeasures. If the score for the countermeasure is greater than the threat, is means that the countermeasure will be more effective in EVALUATIONDetermining protecting the most the asset.COUNTERMEASURE cost-effective S countermeasure ELECTION is called AND a cost/benefit analysis. The calculation is as follows: Value of countermeasure = ALE (without countermeasure) Cost (safeguard) ALE (with countermeasure). In the example of the Web servers. If a UPS is purchased ( 1.000) it reduces the EF to 0.05. The change that an outage lasts longer than the UPS occurs once in five year (ARO=0.20). ALE (with UPS) = Cost x EF x ARO Value of countermeasure = 25.000 x 0.05 x 0.20 = 文档下载 免费文档下载 http://doc.xuehai.net/ 250 = 3.125 1.000 250 = 1.875.The bhttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlenefit of this countermeasure = 1.8751.000 = 875 per year.CISSP3-4 Security Management and Practices3.4 Policies, Standards, Guidelines ProceduresPoliciesStandardsGuidelinesProceduresPoliciesInformation and Security Policies are high-level plans that describe the goals of the procedures. They describe security in general terms. Information Security Policies are the blueprints, or specifications, for a security program. The first step in writing policies is to determine the overall goal. Secondly you have to determine for which systems and processes you want to write a policy. There is no need for one document which describes all policies; it is better to write one policy for each topic, such as user and physical policies, access control policies or external access policies. The third step is to identify what is to be protected. You need to have a complete inventory of the information assets thttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlhe supporting business processes. Including any material that has the organization s name or logo on it. The fourth step is to identify from whom it is being protected. The focus should be on who can access resources and under what conditions. Some considerations for data access are: Authorized and unauthorized access to resources and information Unintended or unauthorized disclosure of information Enforcement procedures Bugs and user errors.BaselinesBaselines are used to create a minimum level of security necessary to meet policy requirements. Baselines can be configurations, architectures or procedures. Standards and baselines describe specific products, configurations or other mechanisms to secure the systems. In cases in which security cannot be described as a standard or set as a baseline, you need guidance: recommendations are created as guidelines; i.e. for risk analyses. You do not describe in detail how to perform an audit; a guidelhttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmline can specify the methodology leaving the team to fill in the details. Procedures describe how to use the standards and guidelines to implement the countermeasures that support 文档下载 免费文档下载 http://doc.xuehai.net/ the policy. The kinds of procedures differ per organization but the following are quite common: Auditing what to audit, how to maintain audit logs. Administrative separation of duties. Access control how to configure authentication and other access control features Configuration firewalls, routers, switches and operating systems Incident response how to respond to security incidents Physical and environment air conditioning for server rooms, shielding of Ethernet cables. Implementation of these procedures is the process of showing due diligence in maintaining the principles of the policy. True diligence is important because it demonstrates commitment to the policies.GuidelinesProcedures3.5 Roles and ResponsibilitiesManagement The most important role behttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmllongs to the management who must set the tone for the entire information security program. They have to become part of the process. This involves showing leadership in the program. Further more the management is responsible for doing the risk analysis and conveying this to the technical people responsible for implementing these policies.CISSP3-5 Security Management and Practices Users One way to ensure that every employee knows that security is part of his job is to make it part of each job description. After it has been made part of the job description, it becomes something that can be considered in performance evaluations. The same goes for outside contractors and vendors. They should include similar language within their statements of work. The IT staff is responsible for implementing and maintaining organization-wide information security policies, standards, guidelines and procedures. They should provide input inthttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlo security awareness education programs and ensure that everyone knows his role in maintaining security. Information security must also integrate into the business environment. Jobs that support security through the processes should be defined. One way of doing this is separation of duties and assigning ownership to assets. Further more you must consider how security is administered throughout the organization. There should be a central information security management group who is in charge of the monitoring and enforcement of the policy and procedures.IT staff3.6 Understanding Protection 文档下载 免费文档下载 http://doc.xuehai.net/ MechanismsProtection mechanisms are used to enforce layers of trust between security levels of a system. Trust levels are used to provide a structured way to compartmentalize data access and create a hierarchical order. There are four protection mechanisms: Layering Processes are placed in layers/zones and need to request access to a rhttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlesource protected in another layer/zone. BellLaPadula is an application of this concept in military systems. Abstraction Object-oriented design Data Hiding and programming. Encryption Encryption uses cryptography to convert data into an unintelligible form.3.7 Classifying DataCommercial classification Commercial classification of data consists of five levels: Sensitive Most limited access; should not be disclosed. Confidential Less restrictive within the company but might cause damage if disclosed Private Compartmental data which must be kept private. Proprietary Data that is disclosed outside the company on a limited or restricted manner Public The least sensitive data which would cause the least harm if disclosed. Government classification of data is based on laws, policies and executive directives which sometimes conflict which each other. This classification consists of five levels: Top Secret Disclosure would cause severe natihttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlonal damage security. to Secret Disclosure would cause serious damage to national security. Confidential Data that is exempt from disclosure under laws such as the Freedom of Information Act but is not classified as national security data. Sensitive But Data that is not considered vital to national security but its disclosure would do some harm (i.e. data from citizens). Unclassified (SBU) Data that is disclosed outside the company on a limited or restricted manner Unclassified Data with has no classification or is not sensitive. Criteria for setting a classification scheme are: Who should be able to access or maintain the data? Which laws, regulations, directives or liability might be required in protecting the data? For government organizations, what would the effect on national security be if the data were disclosed? For nongovernmental organizations, what would the level of damage be if the data was disclosed or corrupted? Where is 文档下载 免费文档下载 http://doc.xuehai.net/ the datahttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.html to be stored? What is the value or usefulness of the data?Government classificationCISSP3-6 Security Management and Practices The steps for creating data classification procedures are: 1. Set the criteria for classifying the data. 2. Determine the security controls that will be associated with the classification. 3. Identify the data owner who will set the classification of the data. 4. Document any exceptions that might be required for the security of this data. 5. Determine how the custody of the data can be transferred. 6. Create criteria for declassifying information. 7. Add this information to the security awareness and training programs so users can understand their responsibilities in handling data at various classifications.3.8 Employment Policies and PracticesEmployment policies can be used to protect information security assets by setting guidelines for: Background checks and security clearances Employhttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlment agreements, hiring and terminations Setting and monitoring of job descriptions Enforcement of job rotation Employment agreements are made to protect the organization from the inner threat. By having the employer sign the agreements, the organization has the ability to enforce the policies behind them. You can use an UAP, which summarizes the overall information policy for the users, to make the other aware of the security policies. When a contract with an employee (or contractor) is terminated, all access rights should be revoked immediately. Also, the former employee or contractor should be escorted out of the building. Job descriptions define the roles and responsibilities for each employee. Within these roles and responsibilities, procedures are used to set the various access controls.3.9 Managing Change ControlChange control, configuration management and revision control help to determine the security impact of changes.Chttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlISSP3-7 4Applications and System Development Security4.1 Software Applications and IssuesCENTRALIZED,DECENTRALIZED AND DISTRIBUTED SYSTEMSEven in the old days, when 文档下载 免费文档下载 http://doc.xuehai.net/ we had centralized systems, there was a security risk of disrupted data caused by: Incorrect data entered in error; Incorrect data entered on purpose; Someone entering code which extracted, modified, destroyed or disrupted data; Unauthorized access to data or seeing data on screens; Unauthorized use of unattended terminals with active sessions. There is a difference between decentralized and distributed systems: Centralized All computing takes place in one place. Centrally controlled computing Computers are distributed physically but maintained and controlled by a central authority. Decentralized Computing facilities exist throughout the company; they may be linked with each other. Distributed Computers are everywhere, and so is the process of proceshttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlsing. There is no centralized control. Examples are PDA-applications, internetapplications, fileservers and email. The internet is an example of a massively distributed system. These are systems that are ubiquitous across time and space and consist of a lot of connected systems.M ALICIOUS SOFTWARE ( MALWARE)Malware Malicious software falls into one of the following categories: Viruses Programs which run on a computer without the permission of its owner. There are polymorphic viruses, boot sector viruses, multipartite viruses and macro viruses. Trojans Programs that masquerade as something else. Logic bombs Program designed to execute because of some event. Worms Malware that replicates and spreads itself across a network. It might use its own communication code (SMTP) of use one of the existing services (FTP, email, telnet); ActiveX/Java These controls are used by webbased applications but may contain harmful code. Nimda is an examhttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlple of a harmful applet. Blended malware Malware using the results of previous malware to attack a system. Agents / remote control programs Programs that remote control another computer. The border between normal programs and malware may be thin. A program that reinstalls the operating systems may be considered to be malware but is also helpful as an administrator tool. The purpose after the software defines it as malware or not. The threat of malware can be managed by following the next steps: 1. Have a malware policy that specifies the use of antivirus products and provides for regular maintenance. Ensure its approval and support by top management. 2. Make virus 文档下载 免费文档下载 http://doc.xuehai.net/ protection software an absolute must for every device. 3. Make updating your virus protections products a priority on all systems. 4. Install and properly configure special mail server virus protection. 5. Configure mail server antivirus programs to block attachmehttp://doc.xuehai.net/bff69c6183e6980b054e00dcd.htmlnts. executable 6. Keep all systems patched. 7. Reduce attack vectors by scanning removable media. 8. Reduce attack vectors by disallowing ActiveX of Java script download where possible. 9. Keep up-to-date on trends and actual virus threats. 10. Use recommended steps to clean infected systems.CISSP4-1 文档下载网是专业的免费文档搜索与下载网站,提供行业资料,考试资料,教 学课件,学术论文,技术资料,研究报告,工作范文,资格考试,word 文档, 专业文献,应用文书,行业论文等文档搜索与文档下载,是您文档写作和查找 参考资料的必备网站。 文档下载 http://doc.wendoc.com/ 亿万文档资料,等你来免费下载