CISSP EXAM CRAM - DOMAIN 3 Security Architecture and Engineering

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

welcome back to part three of the cissp exam cram series and today we're covering domain three which is security architecture and engineering this is a big domain i have lots of tips for you today so let's get down to business so in domain three of the cissp exam you are looking at the largest domain in terms of the sheer amount of content that we need to cover and there's a lot of memorization work for you in here this is video three in the series of eight four through eight coming pretty quickly in the next few days and there are a couple of supplemental videos that i want to tell you about here in a minute because one of those at least will be very helpful in onboarding the information you need to memorize from this domain so we're looking at security architecture and engineering in domain 3. i have a video on memorization tips and we cover memory devices using examples from the cissp exam and in particular i used some examples from domain three since there's so much work here to do with cryptography and security models i actually use those as examples so if you haven't seen this video take a look absolutely worth 20 minutes of your time i have another one out there on quantitative risk analysis formulas i had a couple of folks ask for videos focused on these formulas in a hands-on example so there you have it enjoy them ping me of questions so let's get into domain three lesson three we'll take a look at the exam outline this is the official isc squared so we're looking at managing engineering processes fundamental concepts of security models memorization is going to be absolutely key here i'm going to feed you some of those memory devices i mentioned go watch my video on memorization that will help you with those security models in particular selecting controls based on requirements security capabilities of information systems mitigating vulnerabilities comes up across a number of subjects architectures designs solution elements web-based systems mobile systems and embedded devices so mitigating vulnerabilities is different from understanding the attacks on systems we'll talk about common attacks in other lessons but you won't hear about most of them here we're going to be focused on mitigation applying cryptography cryptography is the most technical concept uh can the most technical topic on the cissp exam i saw quite a few questions from this area a lot of memorization here i'm going to show you how to break it down to kind of chunk this is the technique i use to break this into manageable parts so i can onboard the memorization more quickly applying security principles to site and facility design and implementing site and facility control so so now you're getting more into the the physical aspects of security so let's talk cryptography so codes versus cipher so code are are systems of symbols that sometimes imply secret but don't always have to be secret don't always provide confidentiality ciphers on the other hand are meant to hide the true meaning of a message so codes are sometimes secret but don't always provide confidentiality ciphers are always secret confidentiality is always going to be implied there so you do need to know the types of ciphers that are out there so stream cipher number one uh a symmetric key cipher uh in a stream cipher your your plain text digit is encrypted one at a time it's a stream so to speak because it's not a block of data so where a stream cipher goes one character at a time a block cipher will apply the key and algorithm to a block of data like 64 contiguous bits for example so basically as a group rather than one bit at a time so that's the fundamental difference between a stream cipher and a block cipher substitution so this is a random bit string it's basically the same length as the block size that's xored in the message so transposition so transposition to transpose something means to rearrange and that's the easy way to remember this is a transposition cipher is going to rearrange the letters of a plain text message forming a ciphertext message an initialization vector is is also a random bit string it's an xor operation that uses the same key length as the block's eye so the two things you're remembering here is with initialization vector is it's it's an xor with the message and it's the same length as the block size i'll explain what xor is in just a moment so stick with me if you don't know exactly what that is i'll clear that up for you in the next few but with initialization vectors uh it's going to create a unique cipher text every time the same message is encrypted with the same key so the the caesar um visionnaire and the one-time pad these are all stream ciphers the difference between these ciphers is their key length so stream cipher different key length so caesar is going to be a key length of one and if you think about caesar back in the day he was number one so key length the one it adds up the visionaire cipher uses a longer key it's usually a word or a sentence and then the one time pad uses a key length that's as long as the message itself so caesar is one visionaire is a word or a sentence and the key length in a one-time pad is the same length as the message itself now we need to talk a bit more about one-time pad i do expect you're going to see at least a question on this on the exam so for a one-time pad to be successful the key must be generated randomly without any known pattern and it has to be at least as long as the message to be encrypted because remember that's what what differentiates one time pad from visionaire and caesar so the the key is the same size as the message itself and the pads must be protected against physical disclosure you can't give away the secret right and each pad must be used only one time and then discarded because repetition could reveal the answer right so basically all of these must be true for a one-time pad to be successful so a concept here zero knowledge proof so this is a communication concept and and basically zero knowledge proof is a specific type of information that's exchanged but no data is is actually transferred this is true with digital signatures and digital certificates so what the heck does that mean let me give it to you in plain english to just put it simply zero knowledge proof enables one to prove knowledge of a fact without revealing the fact itself so that's in effect what digital signatures and certificates allow us to do split knowledge so split knowledge means that the information or the privilege required to perform an operation is divided amongst multiple users that makes sense right splitting the knowledge amongst multiple people so this ensures that no single person has sufficient privileges to compromise the security of the environment it's it's separation of of the knowledge of the privilege i kind of think of of split knowledge as role separation of a fashion really we talk about role separation in the workplace so one person doesn't have too much privilege that they can carry out some sort of internal threat all on their own another concept work function sometimes called work factor so this is a way to measure the strength of a cryptography system by measuring the effort in terms of cost and or time to decrypt the message so that the cost or time to decrypt the message speaks to the value of the function so usually the time and effort required to perform a complete brute force attack against an encryption system is what a work function rating represents so so the security and protection offered by the system is directly proportional to the value of the work function or or factor would you like that in plain english i hear you it's the time and effort required to break a protective measure that's that's the work factor so when you hear work work function or work factor think time and effort required to break a protective measure so the importance of key security so cryptographic keys provide necessary element of secrecy and modern systems utilize keys that are at least 128 bits long to provide adequate security and that number is going to increase over time in fact when we see the rise of of quantum computing as a mainstream capability uh that's going to change everything about cryptography we're going to see a a massive shift in this space but know that 128 bits is our low water mark so to speak when it comes to key length in modern cryptography so symmetric versus asymmetric cryptography so symmetric relies on the use of a shared key so a shared key versus asymmetric where we have public private key pairs for communication between parties so the difference between the two number one symmetric key lack support for scalability it's it's not easy to distribute the key because we only have one key how do you transmit that key uh secretly you know confidentially between two two people and we don't have a way to implement non-repudiation there so we can't guarantee uh the the source of the message now asymmetric on the other hand basically gives us that capability to implement a solution that guarantees we know who that message came from but it also makes it easy to distribute that key amongst many parties because we have private and public key pairs to uh to work with stick with me and here in about five minutes we'll actually walk through an asymmetric example so you can see how the public private key pairs are used in a scenario to implement non-repudiation but also to transmit data confidentially but symmetric cryptography is going to be faster since we have that shared key asymmetric is going to be stronger and and more scalable generally speaking so so when you think symmetric that's single shared key and it's faster and asymmetric is a private public key pair that's going to be stronger than asymmetric so to speak so confidentiality integrity and non-repudiation are three concepts you'll definitely need to know for the exam so confidentiality is really focused on the secrecy of data both you know while it's in rest or while it's in transit integrity basically provides a recipient with an assurance that the data wasn't altered that the integrity of the data remains that the data we received is the data that was sent in other words and non-repudiation gives us undeniable proof that the sender of a message is the one who actually authored it it basically prevents the sender from subsequently denying that they sent the original message which is fantastic in certain circumstances so you need to be able to explain the five basic operational modes of data encryption standard des and triple desks so i'm going to cover these for you in a way that i hope is is easier for you to remember because just looking at them on the surface they're not just super super easy to remember they don't stand out so the first is electronic code book mode so this is the least secure of the lot and with codebook mode it processes a 64-bit block the problem is if it encounters the same block multiple times it produces the same encrypted block which makes it easy to break so i like to say this code book is pretty easy reading cipher block chaining and in cipher block chaining each block of encrypted text is exhored with the block of ciphertext immediately proceeding so the previous link in the chain so to speak cipher feedback is basically cipher block chaining in a streaming version it's going to work on the data in real time in memory but but do remember when chaining is involved errors will propagate that's that's a key factor to associate with cipher block chaining and cipher feedback is when they use chaining errors propagate but cipher feedback is basically cipher block chaining in a streaming version working in memory buffers now the next one output feedback works a lot like cipher feedback but it exerts the plain text with a seed value which means we're not using chaining anymore it's using a seed value instead of that immediately preceding ciphertex so no no chaining means errors don't propagate in this case and then another variation of that is is counter which uses an incrementing counter instead of a seat and again uh you know using that increment encounter is pretty pretty easy to uh to tie to that fifth mode and then how is triple dez different well triple dez runs dez three times with with two or three keys different keys to increase the effective key size to 112 or 168 bits respectively so let's talk about exclusive or xor i said we'd get to this here we are so so this is a concept that's used pretty heavily in cryptology it's a lot more complicated than it sounds it's actually just a flipping of bits in a pretty simple systematic fashion so you're looking at my table here you have the original value the key value and the cipher value what you're looking at here is when the the binary values match so when the original and the key value match you get a zero when they don't match original and key value don't match we get a one simple as that so that's xor exclusive or so key clustering is a weakness in cryptography where a plain text message generates identical ciphertext messages using the same algorithm but using different keys i'll tell you how i remember this one i think of of key cluster as being similar to collisions in hashing so hashes have a collision when two different strings produce the same hash collisions are exact exactly why md5 isn't used as a hashing algorithm anymore so with key clustering basically it's when two different keys using the same algorithm produce the same ciphertech so it's similar to collision in that respect is your frontline support struggling with too many microsoft cloud portals now they can manage office 365 users and devices directly from microsoft teams using simon the ai powered chatbot for the microsoft cloud a link with more info in the video description so now we're going to talk asymmetric cryptography or public key cryptography so on the asymmetric side of cryptography of public keys that are going to be shared amongst communicating parties so if you and i are going to communicate and share secrets you can see my you have access to my public key and i have access to yours my private key is secret only i know my private key and in your case only you know yours and in terms of data to encrypt a message you each can use the recipient's public key so i can use your public key to encrypt a message and then you can decrypt it using your own private key and with a digital signature to sign a message you're going to use your own private key which gives us non-repudiation it ensures that if i sign a digitally signed a message with my private key it ensures that it was sent by me and to validate a signature you'll use my public key so asymmetric and symmetric can work together in the sense that remember symmetric cryptography is is fast right so we can use asymmetric cryptography to securely transmit the shared key we're going to use in symmetric cryptography so essentially asymmetric solves three problems one of which is distribution of of a secret and with symmetric that's that's a problem right sharing that key amongst many parties on the symmetric side would be really difficult so that's where asymmetric can help out so just remember each party has both a private and public key so let's look at a simple example we have franco and maria so franco sends a request to maria requesting her public key maria sends her public key back to franco remember your public key is shared with olin franco is going to encrypt his message using maria's public key and she's going to decrypt the message using her private key as simple as that and the contents of that message could be anything including but not limited to a key a shared key to be used in a symmetric crypto function so hash function so a good hash function has five requirements has to allow input of any length and it has to provide fixed length output that is to say no matter how long the input the output must always be the same length the hash must always be the same length it has to make it relatively easy to compute the hash function for any input so it needs to be relatively fast in that respect it has to provide a one-way functionality in other words it can't be reversed or a hash function that's easily reversed a two-way functionality would not be so simple and it has to be collision free collisions are exactly why the md5 protocol is not why md5 is no longer used as a hashing algorithm so a collision in hashing means that we could put two different inputs through a hash function and it would generate the same output meaning we can't then determine reliably what the original value was that's exactly why md5 is not used anymore let's talk about cryptographic salts so attackers may use something called a rainbow table it's a table of precomputed values to to try to identify commonly used passwords and a salt is random data that's used as an additional input to a one-way function that hashes data password passphrase whatever and and because we're injecting random data adding salts to passwords before hashing them reduces the effectiveness of the rainbow table attacks because the attacker doesn't know what additional random data has been injected before the hash so digital signature standard so dss uses sha one shot two shot three message digest function functions uh it used to use sha one generally speaking uh shot two is going to be more common now the sha2 is approved with dss and it works in conjunction with one of three encryption algorithms so it would work with a digital signature algorithm or dsa an rsa algorithm or elliptic curve dsa so public key infrastructure so this is the certificate server that you'd see commonly in an enterprise environment so uh certificate authorities are sometimes called certification authorities generate digital certificates that contain public keys of system users every certificate has a public key and a private key to be clear and the users can distribute the certificates to people with whom they want to communicate and the recipients verify a certificate using the ca's public key so so that's how one can establish a chain of trust back to the issuing certificate authority so it all it goes all the way back to the the root certification authority so in pki you'll sometimes have uh tiers of servers and you'll have an issuing authority but you'll have a root authority at the at the base of the the infrastructure often times that root authority is is maintained offline but it's using uh asymmetric in that case certs are used for web network and email security pretty commonly so in fact let's talk about web network and email security so an email pretty common standards for encrypted messages include s mime and pretty good privacy on the website of the house the de facto standard is is http over tls transport layer security which has largely replaced the older ssl standard that was in use for a lot of years then on the network side i the ipsec protocol is is pretty pretty standard framework used for encrypting network traffic uh you may actually see a bit uh additional uh in terms of questions on on ipsec so let's talk about ipsec at some greater depth here so ipsec is a security architecture that supports frame secure communications over ip and it establishes a channel in one of two modes transport mode or tunnel mode and it can be used to establish direct communication with computers over or over a vpn so i've seen ipsec used between computers without a vpn vpn is a very common use of ipsec though the windows operating system has has capability to do you know ipsec between computers without a vpn but you can also establish a vpn and it uses one of two protocols authentication header and encapsulating security payload all right common cryptographic attacks just a couple here you should be familiar with for sure from uh from domain three brute force attacks which are attempts to randomly find the correct cryptographic key so it's just using brute force of of computing power with known plain text and chosen ciphertext to but it requires the attacker to have some extra information uh there's a meet in the middle attack which exploits protocols that use two rounds of encryption so it's it's going to exploit some weaker protocols and it requires requires the attacker to know something somewhere around at least eight bytes of uh of a message so so if an attacker knew the parties involved and weaker protocols were in play here i'm eating the middle attack might be possible but but it uses looking for those two rounds of encryption would be the key i'd remember for the exam in case this comes up man in the middle attack who hear a lot more about this this fools both parties into communicating with the attacker in the middle instead of directly with one another so each side actually thinks they're communicating with one another but instead they're communicating with the man in the middle and a birthday attack is an attempt to find collisions in hash functions um and and remember a collision in a hash function is when a hash function can receive two different values but generates the same output that's a collision then a replay attack is an attempt to reuse authentication requests so basically to get uh the uh the the uh the hashed um output of the uh the authentication request and to present that um so that's actually uh pretty pretty common so digital rights management you hear this a lot uh in the entertainment world so it allows content owners to enforce restrictions on the use of their content by others so this used to be a a big deal in the entertainment world with uh with music back in the day it's occasionally found in the enterprise protecting sensitive information stored in in documents but the entertainment content is where where drm was always a big discussion and nobody was ever very happy about it uh so let's talk about symmetric algorithms if you haven't watched my my uh video on memorization techniques for ci sp you'll get a taste of them here so so i like to break my cryptography down in a process called chunking so i start by breaking it down to the types of algorithms i need to remember because this is the most technical topic on the cissp exam and it's a big topic so let's look at symmetric algorithms here so you need to remember these you need to know the block size i'd try to remember the key size as well and and remember you know symmetric from asymmetric so so looking at this table i see i have a big chunk of of algorithms here that have a 64-bit block size uh including uh blowfish the uh the the des family the uh rc two through five so one of the tricks i use here so i i tie blowfish and skip jack together i remember that they're both 64-bit because blowfish and skipjack are both fish okay you're asking what the heck is a skipjack this is a skipjack it's a tuna i i've lived near the coast many times so i happen to to know that and because i know blowfish and skipjack are both the 64-bit block size remembering two fish is easy for me because one fish times two is two fish right so that's 128 so two fish is going to be a little more advanced in that respect and i know that aes is used commonly in the enterprise so that's advanced as well so i just kind of tie those together that the advanced family has a 128-bit block size and rc-5 has three different options there but but i remember that the the greatest is the the 128 so then you just half that and then half again to get your three rc5 algorithms and then streaming you know doesn't have the block size right it's doing it piece at a time as it streams okay hash algorithms we've talked about these a lot today right so these are easy to break down so i break the md5 family down so that's message digest mdmd24 and five uh all have a hash value of 128. also notice that none of those are still in use remember i mentioned md5 which is the the newest of the three you see there none of those are still in use they were replaced by multiple other functions and then you have the shaw family and the shaw family is easy to remember here because uh the and these are this is secure hash algorithm so you'll notice that with the shaw family that the name maps to the uh the hash value link so so all of those shaw 224 through 512 these are these are sha-2 variants and uh and essentially the uh the hash value shows up in the name and and sha-1 is not really in use anymore but the sha-2 family are still actively used so make sure you you're going to break out md the md family and the shaw families and remember those the three major public key crypto systems so you have rsa which is probably the most famous it was it was developed by three folks back in the 1970s you have elgamal which is actually an extension of of diffie-hellman key exchange and it depends on modular arithmetic so with rsa i tie rsa back to the uh to prime numbers so rsa involves the difficulty of factoring the product of prime numbers diffie diffie-hellman relies on modular arithmetic it's less common than rsa in the last few years but elgamal is based on diffie-hellman and then elliptic curve depends on the elliptic curve discrete logarithm problem and it's going to provide more security than other algorithms when both keys are of the same length but but rsa i think is the the most famous of these and the most likely to come up on the exam but try try to kind of tie some of these key facts about these three into your head so you can pick the right one out should a question come up so digital signatures so digital signatures rely on public key cryptography and hashing functions so so digital signatures have to use shot two nowadays and there are three currently approved encryption algorithms for digital signatures you've got dsa you've got rsa and you've got elliptic curve dsa all right asymmetric algorithms so we just we just touched on rsa elgamal and ecc and remember elgamal is based on diffie-hellman key exchange right so this is a small table to memorize i didn't give you much in terms of memory devices here because it's pretty small but these are your asymmetric so so i use a method called chunking i basically break out the symmetric and the hashing and the symmetric and and then and then kind of subdivide between there because remember on the symmetric side i broke out the md family in the shaw family so uh if you haven't watched it go back and watch my my memory video it's absolutely worth it okay security models are going to be a huge topic on the exam as well huge is overstating it it's going to factor prominently and there are quite a few security models here we're going to use some memory techniques to uh to remember these as well so let's get into it i like to chunk these as well i like to break them out into models that focus on integrity and those that focus on confidentiality so on the integrity side we have the biba model which is a state machine model we have clark wilson uh which is is home to something called the access control triple we'll talk about that in a minute then there's goguen mizegure which is the non-interference model i'm sure butchered that name and then southerland which which also prevents interference uh so so based on information flow and state machine model as well and then on the confidentiality side we have bellapadula which which features the the no read up no write down concept we'll get to in just a moment we have brewer and nash home of the chinese wall concept and then take graph which employs take grant which employs a directed graph with with bella padula no read up no write down i always tie in my mind but i always remember that bellapadool is used by the government as well and the rest of these are largely going to be commercial the other thing i remember is bella padula is no read up no write down and the others tend to be no right up no read down so bella padula is is kind of the one i tie everything else to and trying to kind of break those out like clark wilson for example access control triple is is a distinction there that may come out in an in an exam so so we'll get into these in more detail but it starts with chunking by breaking these out into the the models that focus on integrity and those that focus on confidentiality so for the exam though remember if the questions about lattice the answer is likely clark wilson and lattice refers to lattice-based access control which is an access control system that focuses on interaction between objects and subjects so the subject is the the person or system accessing a resource and the object is the resource being accessed so bella padula are members for government the rest are largely commercial and i also remember that bella padula is no read up no right down and the others tend to be the opposite of this no write up no read down more on what the heck that means in just a moment so bellapadula this is a state machine model that enforces confidentiality so a state machine is a concept used in designing computer programs let me break that out for you separately in just a moment but but bella padula is a state machine model that enforces confidentiality it uses mandatory access control to enforce the the dod multi-level security policy so so think government when when bella padula comes up so the simple security property it means a subject cannot read data at a higher level of classification that is no read up so think about uh secret classifications in the government all the way up to top secret so a subject that you know g14 can't read up to security at g15 i'm making up that classification but you get my point and then the star security property says the subject cannot write info down to a lower level of classification there's no write down so what that what that would mean is if i'm at g15 i can't just unilaterally declassify some information or down classify information from g15 to g14 so other people can read it so here's how i remember this i use a picmonic which is a memory device using a picture so bellapadula so that gives me an obvious picture in my mind right a bell and so i know that this algorithm is no read up no write down so i think read up going up one side of the bell and no write down going the down the other uh and there's an acronym here so i like to try to take that no read up no write down and turn that into an acronym so no running under nets with dingo so you'll hear some of this over in my my memory devices uh video around cissp because the the security models and the algorithms that are in domain three here are really tough for people to memorize excuse me and they tend to be very common topics on the exams other things you definitely need to remember but like i say because bella lapadula is unique from all the others in a couple of ways i try to use this as my anchor to help remember everything else more easily so moving on the biba model this is another lattice based model so lattice-based access control focusing on interaction between subjects and objects and this is an integrity based model it enforces integrity so the simple integrity property ensures a subject at one level is not permitted to read an object of lower integrity no read down and the star integrity property is an object at one level of integrity is not allowed to write to an object of higher integrity so no right up and there's an invocation property here prohibits a subject at one level of integrity from invoking a subject at a higher level of integrity so i mentioned simple and star property the simple property is always the read property the star property is always the right property in these security models so another one likely to come up clark wilson so this is another lattice-based model developed to address to address integrity so so both integrity models both commercially used so simple integrity again no read down star integrity no write up so remember these are these are the opposite of the bellapadula they're commercial and they're no read no read down no right up now clark wilson i mentioned features the access control triple and and that's uh a definite distinction and now you're asking what the heck is an access control triple so the access control triple is composed of a user a procedure or a transformational procedure they call it and a constrained data item it was basically designed to protect integrity and prevent fraud and basically ensuring that authorized users can't change data in an inappropriate way all right so the take grant model another one i mentioned so take grant is another confidentiality based model that supports four basic operations take grant create and revoke brewer and nash also called the chinese wall model was developed to prevent conflict of interest problems it's another confidentiality based the graham denning model this model uses a formal set of protection rules for which each object has an owner and a controller and it's focused on secure creation and deletion of both subjects and objects and and it has a graham denning has a collection of eight primary protection rules that define the boundaries of certain secure actions it's actually worth remembering those because they're easy to remember you can securely create or delete a subject or an object and you can securely provide the read grant delete and transfer access rights so so these are the eight rules of graham denning worth committing those to memory as well i should think all right so security modes it starts with dedicated mode so security clearance permits access to all information processed by a system approval for all and valid need to know for all so that's dedicated mode all all right access approval and need to know multi-level mode on the other hand can process information at different levels even when all system users don't have the required security clearance to access all information processed by the system so there are some distinctions there so the key there is when all users don't have the required security clearance multi-level mode can be very useful system high mode requires that each user have valid security clearance access approval for all information processed by the system and valid need to know for at least some of the info on the system this this offers of all the models this offers the most granular control over resources and users and then there's compartmented mode which goes one step further than system high and in compartmented mode each user has to have valid security clearance and access approval for all info based processed by the system but it also requires valid need to know for all info so that's how compartmented varies from system high is that it requires valid need to know for all info as opposed to uh to only some so so before it gets away from me let's talk about the uh the state machine model uh which i said those security models that we talked about a minute ago are based on so a state machine model describes a system that's always secure no matter what state it's in so it's based on the computer science definition of a finite state machine so a state is a snapshot of a system at a specific moment in time and all your state transitions the transition from one state to another has to be evaluated like the transition from on to off for example but if each possible state transition results in another secure state then a system can be called a secure state machine so that's the key and an information flow model focuses on the flow of information information flow models are actually based on a state machine model um so biba and bella padula are both in both information flow models remember they were looking at no read up no write down they're talking about the flow of information in read and write to simplify that bill la padula in preventing information flow from a high security level to a low security level right remember it was no right down and biba focuses on flow from low to high remember no write up so so bella padula focuses on enforces confidentiality biba focuses on integrity integrity all right trusted computing base you're going to uh to expect it to be able to define a trusted computing base which is a combination of hardware software and controls that work together to form a trusted base to inform your security policy it's a subset of a complete information system it's it's the portion that can be trusted to enforce your security policy to to always adhere to your security rules now security perimeter is another topic that may come up on the exam you'll be expected to know what that is a security perimeter is an imaginary boundary that separates the the trusted computing base from the rest of the system from from the not secure parts of the the system so a trusted computing base has to create secure channels trusted paths to communicate with the rest of the system and then it protects users from compromise essentially so reference model and security kernel two two concepts that will come up on the exam potentially as well so the reference model reference monitor rather is the logical part of the trusted computing base that confirms whether a subject has the right to use a resource prior to granting access and the security kernel is a collection of trusted computing-based components that implement functionality of the reference monitor so security kernel implements access control and ref reference model enforces it generally basically if we boil it down hopefully that helps kind of solidify that a little more simply than what uh what the official text will tell you so let's talk about common criteria so common criteria enable an objective evaluation to validate that a product or a system satisfies a set of security requirements so and and then there's are there two related concepts we want to talk about trusted computer system evaluation criteria which which was a previous standard that used a structured set of criteria for evaluating computer security within products and there was another called information technology security evaluation criteria so tc sec itsec and and itsec represents kind of the first attempt to create a security evaluation criteria it's really here for historical purposes in fact uh common criteria has largely replaced or superseded both of these now you'll be expected to remember the class as a protection for the exam it's actually called out in the official study guide so here are a comparison of of the classes of these three standards so the the uh the comparison here you notice that there are seven levels there there's actually more than that in some cases this is where i think you need to focus on the exam and if you felt like these are really difficult to memorize in a way which i do think they are there's not much of a a memory device i can give you here i would start by memorizing the uh the common criteria given that that is going to be the most common in terms of practice and these others are going to be a bit more historical to varying degrees covert channels you'll be expected to know what a covert channel is so a covert channel is a method used to pass information over a path that's not normally used for communication and because it's not normally used it may not it may not be protected by the system's normal security controls uh so for example steganography uh the the the process of transmitting information embedded in a photograph basically a way to to covertly pass information through a seemingly benign object uh but but it's not normally used it may not be protected by the system's normal security controls as in the case of steganography right there's two types of covert channels there's covert timing and covert storage so timing channels are based on on the time it takes to access certain components like systems paging rate the time a certain transaction takes to execute or the time it takes to get access to a shared bus and the storage channel uh occurs when out-of-band data is stored in a message so icmp the what's used for ping that protocol will sometimes have some extra information in the packets which will tell us something about the identity of the target operating system so an attacker can use that that extra information covert channels are difficult to detect because it's outside normal communication channels so trusted platform module so this is a chip that resides on the motherboard of a device it's really commonly used in in the windows operating system and linux as well for that matter it's it's multi-purpose it's it's like storage and management for keys used for for disk encryption for example but it provides the operating system with access to keys but prevents component removal and access essentially but but the tpm is a chip and you're going to find it in all your modern laptops these days so let's talk about types of access control starting with mandatory access control and this is a policy that's determined by the system not the owner so there is a mandatory uh access control system in place that the the user cannot that the object owner can't define and it relies on classification labels that are representative of security domains discretionary access control allows the owner or creator of an object to control access at their discretion that's how you remember discretionary access control access control is at the discretion of the owner or creator non-discret non-discretionary access control enables enforcement of system-wide restrictions that override object specific access control and rule-based access control defines specific functions for access to requested objects specific functions or rules for access so remember discretionary is at the discretion of the owner creator non-discretionary is system wide and mandatory is determined by the system not the owner so role based access controller are back as you're often going to hear it called this uses a well-defined collection of named job roles to endow someone with specific permissions for example in the cloud in microsoft azure we have a global administrator who has access to everything we have an access administrator that role can handle issues with relation to access there is a security reader role that has permission to read security information throughout the system so role-based access control is is something you'll hear out there frequently and it'll it'll have a role that you can then assign users or groups to quite typically if you think about it in the windows context so back to mandatory access control your mac models are going to work on one of three environment types classifications you've got a hierarchical environment where where the labels are assigned in an ordered structure from low to to high security low to medium to high you have compartmentalized which requires specific security clearances over compartments or domains instead of objects and then you have the hybrid environment which which combines hierarchical and compartmentalized so the security levels you have security levels and within those levels you have sub compartments so that's going to be the most uh granular and and flexible of the three a key point about the mac model though is that every object and every subject has one or more labels classification labels they're predefined and the system determines access based on on the assigned labels so let's talk about just a few terms here so certification this is the the technical evaluation of each part of a computer assist a computer system to assess its concordance with security standards that's the official definition what the heck does concordance mean well it really means uh agreement or alignment or compliance with with security standards and then accreditation is the process of formal acceptance of certified configuration from a designated authority it's one thing to have a a certified you know technical compliance accreditation is where a governing body then certifies that configuration an open system these are designed using industry standards they're usually easy to integrate with other open systems and and and then you have by comparison a closed system that's generally proprietary hardware or software and with these they're kind of black box their specs aren't normally published they're going to be harder to integrate because they are what we'd call a black box they're proprietary and secret uh to a degree so techniques for ensuring cia what do i mean by cia no i'm not i'm not talking about the cia the government cia i'm talking about the cia triad confidentiality integrity and availability so confinement restricts a process to reading from and writing to certain memory locations bounds are the limits of memory a process can't exceed when reading or writing and isolation is the mode a process runs in when it's confined through the use of memory bounds so so definitely know the definitions for confinement bounds and isolation because these are all techniques for for ensuring cia so let's talk about authentication factor so with multi-factor authentication you can have something you know like a pin or a password something you have like a trusted device it's quite common in in secure environments that you have to to authenticate with something you know and you have to be attempting to authenticate from a device that is trusted it's known to not be compromised it complies with the organization's standards then something you are like biometric uh like windows hello does face scanning when you when you go to secure data centers many times there's a biometric mechanism like a retina scan or maybe even a fingerprint authen and i'll see this is authentication and authorization so authentication often is the process of proving that you are who you say you are then authorization is the act of granting an authenticated party permission to do something so that's identity and access control if i were to say it another way so permissions rights and privileges are granted to users based on their identity and if a user has rights to a resource they're granted authorization that's that's basically authenticity and authentication can be achieved with both the metrics and an asymmetric cryptosystems but you know whether it's symmetric or asymmetric will will also factor in on the uh you know how secure it is and the speed right and how scalable okay so a few terms around multi x here so multitasking this is simultaneous execution of more than one application on a computer and it's managed by the operating system so i can run multiple applications on windows or on my mobile phone multi-threading permits multiple concurrent tasks to be performed within a single process so multi-threading gives me multiple threads within within a process so multiple concurrent tasks is the key to remember in multi-threading then there's multi-processing which is the use of more than one processor to increase computing power pretty much everything i can think of in terms of of standards you know desktop and and laptop computing devices now uh have long supported more than one processor and then in the mainframe world we have something called multi-programming it's similar to multi-tasking but it takes place on mainframe systems and requires some specific programming so think about multi-programming as multi-tasking for mainframe that's the the bottom line there so single state and multi-state processor pretty pretty simple single state processors are capable of operating only one security level at a time and multi-state can operate at multiple levels of security okay processor operating modes there's user mode which is where applications operate with limited instruction sets uh so these are going to be your ordinary end user operations typically and then privileged mode or where it's known as system motor kernel mode or sometimes supervisory mode but but this is where controlled secure privileged operations occur so it's often going to be a protected area in terms of of memory under processor and storage access but but think controlled operations i think of user as end user operations and privileged as system or administrator operations so remember you're going to be expected to know the different memory types from rom which is read only memory to to ram to programmable rom to eprom eeprom and and flash memory so so these are going to give you you want to memorize these in the context that i put here so for example with eprom you have a small window that when illuminated can erase the content of a chip because uh one of one of the aspects of security comes down to secure erasure of information from from storage right because sometimes we can erase information from storage but it's not truly erased it's still accessible through forensic means to a skilled person so so memorize your memory types memorize your memory so security issues with storage so primary storage is is the same as memory the primary classification secondary storage consists of magnetic flash and optimal media that first has to be read into primary memory before the cpu can use the data and then random access storage devices can be read at any any point in time and sequential access storage requires scanning through all the data physically stored before uh the desired location so you have to access all the data in order so sequential uh would be difficult uh to leverage in some circumstances uh three main security issues around secondary storage so not memory right removable media can be used to steal data i can plug a usb key into a computer copy some data and walk out the door right so we have to to secure that channel of of moving data access controls and encryption have to be applied to protect data right we have to apply uh you know some sort of limitation of access role-based access control for example and data can remain on the media even after file deletion or media formatting what i just mentioned right that when you delete the file you're not always deleting the file i can use forensic means to to find that data after you've deleted it so so you want to to be very aware of that input and output devices so so input and output devices are going to be subject to eavesdropping and tapping so so think back to phone systems you know uh tapping a phone used to be a common um you know mechanism for for uh breaching security of voice conversations a network connection a network cable can be tapped as well we can tap directly into a cable with something called a vampire tap so so eavesdropping and tapping are used to smuggle data out of an organization so you have to be careful about securing entry points into your environment this is really where physical security starts to come into play we have to secure the wiring closet for example and we'll talk about securing a wiring closet in a bit so the purpose of firmware you'll be expected to know what firmware actually does it's basically a software that's stored on a read-only memory chip and it contains basic instructions needed to start a computer or a peripheral device like a printer so vulnerability threats counter measures let's talk about uh processes so process isolation ensures that individual processes can only access their own data so so one process can't read from another you can imagine if an attacker knew they could read other processes that would be an interesting channel for them to pursue layering creates different security realms within a process and limits communication between them and then abstraction creates a black box interface for programmers to use without knowledge of the device's interworking so you'd see abstraction in a proprietary system and then data hiding prevents information from being read at a different security level so hardware segmentation enforces process isolation uh with physical security controls but it prevents information data hiding prevents information from being read from a different security level so so that's the key to remember there so the role of security policy so the role of a security policy is to inform and guide the design development implementation testing and maintenance of a particular system so so we start for example with our organization security policy and that gives us the rules that we need to adhere to in in designing and implementing a solution to solve a problem that gives us the the security standards by which we go it may be the organization it could be a governing body in the case of a regulated environment you know pci dss for example lays out policy related to handling credit card data for example cloud computing you'll be expected to know what cloud computing is right so this is where where processing and storage is performed somewhere else over a network connection rather than locally so so really commonly you can think azure amazon and google cloud which which you know have their own data centers that you can rent time in you know you pay as you pay for what you use essentially and and sensitive and confidential data can be at risk if the cloud provider and their personnel don't adhere to the same security standards as your organization i tend to think with the major cloud providers it's actually more secure and and all three of these providers are going to give you some way to see the security standards to which they are they adhere and for which they are certified azure last i looked as the most certified in terms of the various standards they adhere to i'm a big believer that that in the cloud the major providers these days do it better than the average i.t department can do in their own data center i think the cloud's come a long way in that respect hypervisors you're expected to be known to know that what a hypervisor is and the two types so so there's a type one hypervisor which is a native or bare metal hypervisor so you can think of of an esxi server from vmware that basically there's no operating system you're logging into and using and then launching virtual machines it's just bare metal running vms that's its sole purpose uh hyper-v uh has has a type one hypervisor option as well and then there's a type 2 hypervisor which is a hosted hypervisor so a couple of things you could think about here would be well on windows 10 for example you can light up the hyper-v feature and you can in the windows 10 gui you know create and launch virtual machines that would be kind of a type 2 scenario other type 2 hypervisors uh oracle virtualbox vmware workstation you know where you've got a gui and then you can then go in and mess with your your virtual machines a casbie a cloud access security broker so this is a security policy enforcement solution that can be installed on premises or in cloud so so casby's haven't been around that long you'll often hear casby's mentioned uh with the phrase shadow i.t because we can use casbis to enforce security policies to ensure that only secure applications are used in our environment and that our data is not stored in unauthorized repositories so we can we can make sure that if we're using cloud storage that it's only approved or sanctioned uh storage locations security is a service basically a cloud provider concept where security is provided to an organization through or by an online entity and there are many flavors of of security as a service there are many services that you can acquire in the cloud to protect information identities security information event management systems which can can do some centralized processing of your environment so really just think of of security as a service as outsourcing the security function smart devices so so smart devices are typically mobile devices that offer customization options you know often through installing apps and they might use you know technology on the device or in the cloud you know hey the ai can be local or it can be cloud-based uh internet of things so that's a class of devices connected to the internet you'd be familiar with the internet of things you know that that can include all the devices in your home automation automation your uh your home assistant like google or alexa uh or or siri for example um or or a car connected to the internet right so there are billions of devices that fall into the world of internet of things or iot it's called so be basically familiar with what internet of things refers to so mobile device and mobile app security this is a big space you'll need to know some of the basics here so so a range of potential security features available to a mobile device could include encrypting the device which is very common with both ios and android uh remote wiping a device and and typically you can wipe just business data you can do what they call a selective wipe with with the right management software so you can wipe just the business data off a device locking screens requiring pins gps controlling which applications access which types of data which leads me to the reality here that mobile application security is also pretty important and likely to come up on uh any any question around mobile devices so these are applications that need to be secured um and and could be related to securing uh you know through credentials uh application whitelisting etc and in the world of of you know enterprise computing byod bring your own devices really popular in large companies and that's a policy that allows employees to use their own personal device to access business information and resources you know this this tends to make people happier but it increases our security risk because we have to put some boundaries around what type of device they can bring and what applications they can use to access our corporate data so that's going that's where where device security and mobile application security factor in and your major platforms nowadays major mobile device management platforms nowadays give us the ability to manage the device and to manage applications on devices that we cannot fully control mdms would include things like microsoft intune airwatch mobileiron quite quite a few quite a few mobile device management platforms out there intune and airwatch are two that come to mind that give us the the capabilities we're talking about here so let's talk about embedded systems and static environments so an embedded system is typically designed around a limited set of specific functions uh in relation to a larger product for which it's a component lots of devices that fall into this category motion sensors lighting systems cache registers digital signature pads wi-fi routers then static environments are applications uh oss hardware sets or networks that are configured for a specific need capability or function and they're they're set to remain unaltered uh you know change is reality in this world but uh they're set they mean set to remain unaltered even uh through interaction with with people with users and administrators and both of these need to be managed and managing these you can use network segmentation security layers firewalls manual updates controlling your firmware versions you know any any sort of wrappers around these but just understand the basic definitions i don't expect to see a lot of focus on this on the exam but but just fyi privilege and accountability so there's the principle of least privilege this is a foundational component of secure computing and and separation of privilege so so least privilege ensures that only a minimum number of processes are authorized to run in in supervisory mode this also factors in when we grant people role-based access control the principle least privilege means we give someone for the permissions they need to do their job and no more and separation of privilege increases the granularity of secure operations by separating the privileged operations any one entity can perform be that a system or a person so so we sometimes call that in the world of people we call that role separation you know maybe the same person can't establish permissions who then administers the system somebody else grants permissions they grant they are the access administrator and then somebody else performs the technical functions of the system administrator so so accountability ensures that through all of this an audit trail exists so we can trace operations back to their source so if permissions are granted at a higher level for someone we know who or what did that and and if we don't have proper you know separation of privilege there's an audit trail that shows us where one person maybe was temporarily granted elevated privileges performed multiple operations that broke our separation of privilege clause and and moved on okay common flaws and vulnerabilities we have the buffer overflow and this this occurs when a programmer fails to check the size of of input data prior to writing data to a specific memory location so if we don't if if software is poorly written and it doesn't check the size of the data it can potentially overwrite the bounds of memory to for which it's been granted access and potentially overwrite more important or other important data which can cause a system to to malfunction in a number of ways and including crash you know back in the early days of computing you know buffer overflows were really common in addition to buffer overflows programmers can leave backdoors and privileged programs on a system after it's deployed that's that's where we have to to employ security uh you know policies and and standards to and and tooling to ensure that we we catch anything installed on a system that shouldn't be there uh even and even well-written systems can be susceptible to what we call time of check to time a use attack so any any state change presents an opportunity for an attacker to compromise a system so if i if i you know get credentials at one time you know credentials captured at one time used it as another uh can can factor for example in a replay i think i think of a replay attack as as something i can relate to this because in a replay attack i capture credentials and then i attempt to reuse those credentials at a later time so so i think of that as kind of an equivalent concept to time of check time of use attacks functional order of security control so so your security controls should be laid out in this order so a deterrence control basically discourages uh behavior a deterrent control could be a a security policy or a posted sign for example um so it's not an outright blockage of of a a negative or malicious behavior denial you know if if deterrence doesn't work then we should be able to deny the the behavior the access so so for example locked vault doors or a front desk with a security guard if denial fails then we need a detection control to detect the intrusion for example motion sensors and if that if detection doesn't work then we need to have you know a delay in place here to ensure that the the intruder or the malicious entity is delayed sufficiently in their access attempts to enable somebody to respond uh for example um like a a cable lock on an asset it's important to remember this order when you're deploying physical security controls uh first deterrence then denial then detection then delay so so think of it in that in that order we we discourage the behavior if discouragement doesn't work we deny if if somebody you know goes ahead and they get past our denial we need to detect the negative behavior in action and then try to delay its completion now we're going to dive into a wide range of material around physical security and this is super important because it's an area that many it folks haven't spent a lot of time with so physical security controls can be divided into three groups administrative logical also known as technical if you see technical controls or logical controls two ways to say the same thing and and physical controls now i have some listed here i want to break these out in a way that's easier for you to memorize so let's start with the logical controls the technical control so these will be items like access controls intrusion detection uh alarms uh closed circuit tv and monitoring hvac systems in your data centers power supplies fire detection and suppression and we'll dig into some of these into some of these individual areas momentarily here so administrative controls are more focused on policies and procedures facility construction facility selection picking the right site site management having proper procedures for managing your site personnel controls employee policies security awareness training emergency response and and then within emergency response having emergency procedures you know laid out at the step-by-step level so administrative controls can be wide-ranging and then physical controls for physical security are exactly what they sound like this will be things like fences lights locks construction materials man traps to allow only one person in at a time bollards to keep someone from driving up on a facility dogs guards quite quite a few options there but but remember for the exam there's no security without physical security without control over the physical environment uh no amount of administrative or or technology is going to provide adequate security security that's bottom line if a malicious person can gain access to your facility or your equipment like your wiring closet they can do just about anything they want from you know destroying equipment outright to disclosing or changing configurations in a way that may be difficult for you to recover from so in terms of physical security controls no know your fences so so three to four feet for example to occur deters a casual trespasser if you're trying to deal with serious intruders eight feet with barbed wire uh temperature understand that temperatures for computers uh 60 to 75 degrees fahrenheit in the ideal range that's 15 to 23 celsius computer damage at 175 fahrenheit storage device damage at 100 and your ideal humidity is 40 to 60 percent there there are negative consequences on both sides of that which i'll talk about in just a moment electrical impacts know the difference between a blackout a brownout fault surge spike sag uh and i've labeled them here to to the degree uh that they will differentiate enough for you to remember for the exam so a blackout is prolonged loss of power where brownout for example is just prolonged low voltage where your your electricity is not consistent and clean so remember these six for sure uh light know that uh lights eight feet high with two feet of candle power is the uh the uh the magic uh are the magic numbers for security controls okay humidity and static so so when we're dealing with humidity too much humidity if we get much over 60 we can get to a situation where we have uh condensation that can cause corrosion uh your condensation is going to be bad for for uh equipment right and too little humidity causes static electricity even on a non-static carpet low humidity can generate a 20 000 volt static discharge which which is enough to damage just about any sort of equipment let's talk about fire suppression agents we're going to go from class a to class d so class a are going to be your common combustibles like wooden paper uh and these can be extinguished with water or or soda acid uh class b boil and you notice i have um the the acronyms there so ash boil so class b boil these are burning burning alcohol oil and other petroleum products like gasoline these are extinguished with with gas or soda acid you should never use water on a class b fire period class c these are electrical fires that are fed by the electricity that that started them so electrical fires are conductive fires and and the agent has to be non-conductive i mean meaning it cannot conduct electricity like any type of gas and incidentally when you disconnect the power source the electrical fire then becomes another class of fire based on what what is burning so when we remove the power source it becomes a class a b or d fire uh and then cla but any type of gas is good for electrical fire because we need something that doesn't conduct electricity you know water would be catastrophic for example uh class d uh these fires are burning metals and they're extinguished with dry powder uh you know when you get into the into these odd classes of firelight classy these are scary because these are you're putting these out are not going to be common knowledge your your organization has to be prepared for these right class k is a kitchen fire that's going to be like burning oil or grease your wet chemicals are used to extinguish glass k fires i'm not convinced you'll see anything about kitchen fires on the exam i put it on there just in case uh you know offices have kitchens right so worth worth mentioning i think there are three categories of fire detection though they include smoke sensing flame sensing and heat sensing so know your three categories of fire detection as well uh fire extinguisher classes and suppression agents in the table here if you want to memorize these with a bit less detail there's just a table that very goes out for you a little more cleanly voltage and noise so you have two types of electromagnetic interference you have common mode noise which is generated by the difference in power between the hot and the ground wires of a power source and then you have traverse mode noise which is generated by the the difference in the hot and the neutral wire so that's that's the key the key differentiators between the two that i would memorize and and radio frequency or rfi interference is generated by you know electrical appliances light sources you know cable circuits etc really any anything you know running on electricity right voltage i mentioned static voltage earlier here are some common levels of static thresholds of static voltage damage you should you should probably be familiar with this this isn't the first thing i'd memorize but if you can if you can park these these voltage levels in your head uh it's worth doing right so damage from from fire suppression itself so the destructive elements of a fire include smoke and heat but also the suppression medium so like like water or soda acid you know what we're using to suppress the fire can cause damage so smoke is damaging to you to most of your storage devices uh heat can damage you know any electronic or computer component suppression mediums can cause a variety of problems short circuits they can initiate corrosion uh or otherwise just render equipment useless you might put the fire out and really you know the suppression medium might be so so damaging that you know really all you're saving is human life because at the end of the day that's the most important thing right so all of these issues have to be addressed when designing a fire response system but at the end of the day the number one concern is always going to be human safety so if you are faced with any sort of choose the best answer if uh or the most important you know human safety is always going to be the top of the list so water suppression systems so so pre-action systems use closed sprinkler heads and the pipe is charged with compressed air instead of water uh the water's held held in check by electronically operated sprinkler valves and the compressed air these are going to be good for areas with people and computers wet pipe systems are filled with water dry pipe systems are you know contain compressed gas dry pipe systems also have close sprinkler heads the difference is the pipes are filled with compressed air not water the water is held back by a valve that remains closed as long as there's enough air pressure in the pipe so this is used in areas a lot of times where water might might freeze like like parking garages deluge systems are pretty similar to dry pipe systems except the sprinkler heads are open and they're larger than dry pipe heads that's why you get a deluge a large amount the pipes are empty at normal air pressure the water is held back by a deluge valve but the sprinkler heads are going to be larger which means they can they can disperse more water more quickly but also remember you know just as oil and water don't mix water and electricity do not mix right so that's always that's always an easy answer when you're thinking about those classes of fire you know electrical in particular you know we know we're not going to use anything that conducts electricity which would include water uh gas discharge so gas disk discharge systems tend to be more effective than water systems but they shouldn't be used in environments where people are located because gas discharge systems work by removing oxygen from the air so so gas discharge and people don't mix okay halon is effective it's bad for the environment though it's ozone depleting and and it turns to toxic gas at 900 fahrenheit note to self and suitable replacements a number of suitable replacements here argon energen arrow k so so there's a list here um do your best to memorize this this this is down in the nooks and crannies i'm not sure how uh how detailed a question would ever get to to get down to these levels but know that the halon is effective as a gas system but it's bad for the environment so other gases would be suitable replacements yeah for that reason so lock types you've got electronic combination locks which would be like a cipher lock that's something you know key card systems which would be something you have the key card in your hand right biometric system something you are like a retina scan a fingerprint scanner uh conventional locks uh you know where we use a key so those are easily picked or bumped and keys can be duplicated right conventional locks are going to be the least secure of the lot often pick and bump resistant locks uh are expensive but they make it harder to pick and keys aren't as easily duplicated so if you're going to go with conventional locks the the pick and bump resistant locks are are better so for the exam now remember that locks can be picked and which need to be bumped remember how lights and fences need how high lights and fences need to be right so we said lights eight feet to uh candle power two and fences need to be eight feet to deter serious intruders right know the difference the different physical controls related to entry and i wanna just mention a couple here so this is a man trap in case you've never seen it somebody mentioned out in one of the the public forums that they got a question on on not a man trap but i wanted to show you that in case you don't know what a man trap is you see basically the door opens one person can go in and then when they're cleared the door on the other side opens and then a bollard bollards are these poles you'll see these in front of office buildings these these show up in front of even grocery stores and prevent somebody from driving into a facility that's what a baller does so just in case you've never seen them now you've seen them so site selection and facility design so know the key elements in site selection and facility design so for for site selection visibility is important uh composition of the surrounding area how accessible is the area and what are the effects of natural disaster so in terms of visibility can i see threats coming right um are there are there elements in the surrounding area that could hurt me do i am i building a building next to a cliff where rocks could fall um if i have a natural disaster you know am i am i building you know near the edge of a riverbank and an earthquake you know causes our building to fall into the water we need to think about all those those elements in sight selection and for facility design we need to think about the level of security that our organization requires and planning for that before we begin construction because we have to deal with a variety of factors when it comes to physical security right we have to have controls for entry we can think about those things like ballers to prevent people from driving into a facility if if driving into a facility would be a desirable way to to breach our our site know how to design and configure secure work areas so there shouldn't be equal access to all locations within a facility which you probably know so areas with the high value assets require restricted access and your valuable assets your confidential assets they should be located at the heart or or the center of protection provided by the facility there should be layers of of you know access controls and preventative measures in place so so and centralized server or computer rooms don't necessarily need to be human compatible because they're they're meant to house server or computer rooms which means they're their temperatures are going to be optimized for computers the the materials are going to be optimized for computers there's a certain level of human safety because people have to go in there at some some level right but the fire suppression for example is going to be optimized to putting out uh electrical fires not not fires that happen in a kitchen right uh and and a lot of times those those you know fire fire suppression systems in a computer room assume that the doors are locked or will even kick off a procedure that automatically locks the door so when the system goes off people are not present and and you know put in harm's way threats to physical access control so no matter which physical access control is used a security guard or monitoring system needs to be deployed to prevent abuses of the controls like propping open secure doors and and bypassing locks masquerading using somebody else's security id to gain an entry to a facility see this all the time with uh with folks that have vendors on site for the day they'll just lend their card to a vendor that wants to go uh for a smoke break or something you know then potentially giving them access to a server room so you have to watch that sort of thing and then piggybacking which is following someone through a secured gator doorway without being identified or authorized so somebody else swipes a badge for example opens the door and then the the person piggybacking just catches the door behind them before it closes right so so no masquerading and piggybacking as well securing a wiring closet so no security concerns of a wiring closet you know first and foremost preventing physical unauthorized access is going to be first and foremost right because i can go in there and i can pull cables and cause disruptions i can potentially put a tap in place so i can eavesdrop on your uh your communications um lots of negative there but with the wiring closet secure physical security first and foremost everything else is going to be secondary because once i'm in the closet there's little you can do right uh understand how to handle visitors in a secure facility so so if a facility employs restricted areas to control physical security there needs to be a mechanism to handle visitors so so maybe an escort is assigned to visitors and their activities are monitored they have to they have to have somebody accompanying them you may have a badge on them that says your visitor requires escort uh tracking actions of outsiders when they're granted access to prevent malicious activity is is going to be key for most protected assets there needs to be uh you know deterrence and and uh uh you know some some sort of denial and certainly a an audit trail uh of one sort or another understand needs for media storage as well this could well come up on the exam and this feels less relevant you know in in 2021 but uh you know media storage facilities folks still do use tape out there it's not not unheard of and we do have you know all sorts of storage devices so media storage facilities have to be designed to to securely store you know blank reusable in installation media so concerns are going to include theft corruption uh data remnant recovery so when we erase something it's not fully erased uh so so for example like with a hard drive i said that you know just deleting data still leaves it there recoverable by forensic means so we can we can kick off an overwrite that right overwrites the drive with ones or zeros we can use a degaussing um tool to uh to send a charge through and wipe a device your media facility protections should include locked cabinets or safes a librarian or a custodian that that is a gate and access gate to those two said cabinets or safes implementing a check-in or check-out process um which could be facilitated or administered by a librarian or custodian for sure and using media sanitation lots of media sanitation we have techniques out there one of the one of the simplest is shredding right we have confidential paper documents we shred you know i mentioned degaussing that's not going to be effective for a lot of the the modern uh storage devices but check check the uh the cissp official study guide try to try to memorize some of the media sanitation i really don't think that's going to be front and center according to the skills measured but but worth having a look at as your time allows and let's talk about evidence storage so so when we think about evidence we need to retrain logs drive images snapshots data sets for for internal investigations or potentially uh external forensic investigations with law enforcement so protections for evidence storage include locked cabinets or safes dedicated isolated storage facilities offline storage access restrictions and activity tracking and hash management and encryption at the end of the day chain of custody is important for evidence when it comes to legal proceedings we'll touch on this in a later domain uh but but when it comes to evidence yeah we're trying to to at the end of the day protect that uh chain of custody because the integrity of that evidence would be of paramount concern audit trails and access logs very useful tools for managing physical access control um because in part you know like like at a front desk right that if we use audit trail and if we use an access log to sign folks in that that helps it's a good deterrent control when we think about electronic uh audit trails for privileged operation so we may need to create access logs manually like by a security guard they can be automated with the right equipment if you've got you know smart cards for example the folks used to log in you can also monitor entry points with with closed circuit tv that way we can compare the audit trail with the closed circuit tv to see if what the the the sign in log says happened actually happened if if the sign in log says one person entered but but cctv footage shows two people entering then we have a divergent in um you know the recorded event um you know why are these important well you know at the end of the day it's critical to reconstructing the events of an intrusion and a breach or an attack um you know whether we're talking about physical audit trails and access logs to physical entry and exit to a building or or electronic logs you know related to to sign in and administrative activities in a computing system so the need for clean power so power supplied by electric companies isn't always consistent and clean meaning it's not always at the same level and coming um without spikes and drops so we remember we talked about the six six impacts to electrical power so most of your equipment requires clean power in order to function properly and to potentially avoid damage a ups uninterruptible power supply is a type of self-charging battery that can be used to supply consistent complete power consistent clean power to sensitive equipment um in the event of power failure so so number one if we have a problem with the consistency of our power and we have to drop back to battery while it's it's repaired we can do that or if power drops altogether we can supply power for minutes or hours depending on the size of our ups and when organizations build data centers they look at a ups that can run their entire data center for a period of hours and they'll even look beyond that to you know generators to to provide power on an ongoing basis and there you have it that is domain three of the cissp exam i hope you found this installment useful make sure you hit the notification bell when you subscribe to the channel so you get the heads up on domains four through eight and until next time take care and stay safe

Info

Channel: Inside Cloud and Security

Views: 20,875

Rating: 4.8441558 out of 5

Keywords: #cissp, #infosec, #isc2

Id: iEBHjVcu_8s

Channel Id: undefined

Length: 93min 23sec (5603 seconds)

Published: Thu Feb 18 2021