CruSec’s 2019 CISSP Study Guide - Domain 3: Security Architecture and Engineering
Domain 3: Security Architecture and Engineering
3.1 Implement and manage engineering processes using secure design principles
The Kernel is the heart of the operating system, which usually runs in Ring 0. It provides an interface between hardware and the rest of the OS.
Ring Model – separates users (untrusted) from the kernel (trusted).
Hypervisor Mode – called Ring -1 (“minus 1”). Allows virtual guests to operate in ring 0.
Open Systems are hardware and software that use public standards. A Closed System uses proprietary standards.
CPU – two parts
Arithmetic Logic Unit (ALU) – performs mathematical operations
Control Unit – fetches instructions and sends them to ALU for processing
CPUs fetch machine language code and executes them
Fetch and execute processes
Write (save) results
These four steps take one clock cycle to complete
Pipelining combines multiple steps into one process. Allows simultaneous fetch/decode/execute/write steps for different instructions.
Multitasking – Simply being able to do several things at once
Multithreading permits multiple concurrent tasks to be performed within a single process.
Multiprocessing – requires more than one CPU or cores.
Multiprogramming is like multitasking but takes place on mainframe systems and requires specific programming
Symmetric multiprocessing uses one OS to manage all CPUs
Asymmetric multiprocessing systems have one OS image per CPU
Single-state processors are capable of operating at only one security level at a time. A multistate processor can operate at multiple levels simultaneously.
One process cannot affect another. They’ll be sharing the same hardware, but memory allotted for one process should not be able to manipulate the memory allotted for another.
Virtual memory – provides isolation and allows swapping of pages in and out of RAM.
Swapping – moves entire processes from primary memory (RAM) from or to secondary memory (disk)
Paging – copies a block from primary memory from or to secondary memory.
WORM Storage - “write once, read many”. Ensures integrity as data cannot be altered after first write. Examples include CD-R and DVD-R
Trusted Platform Module – hardware crypto-processor. Generates, stores and limits the use of crrypto keys. Literally a chip on a motherboard. Commonly used to ensure boot integrity.
Data Execution Prevention – areas of RAM marked Non-Executable (NX bit). Prevents simple buffer overflows.
Address Space Layout Randomization – each process is randomly located in RAM. Makes it difficult for attacker to find code that has been injected.
Reference Monitor – mediates access between subjects and objects. Enforces security policy. Cannot be bypassed.
Trusted Computing Base – combination of HW, SW and controls that workk together to form a trusted base that enforces your security policies. TCB is generally the OS Kernel, but can include things like configuration files.
Security Perimeter – separates the TCB from the rest of the system. The TCB communicates through secure channels called trusted paths
3.2 Understand the fundamental concepts of security models
Bell-LaPadula Model – Developed by DoD, focuses on maintaining confidentiality. Two primary rules:
No Read Up – subjects with low clearance cannot erad objects with higher clearance
No Write Down – Top Secret data cannot be written down to Secret machines
Does not maintain integrity in any way. A low-clearance operative can submit false data which moves up to high clearance levels. Nothing prevents unauthorized alteration of data.
State Machine Model – every possible interaction between subjects and objects is included in its state. If every possible state is secure, the system is proven to be secure.
Lattice-based Access Controls -think “ladder”. Subjects have a least upper bound and a greatest lower bound of access. Highest level of access is “Alpha, Beta, Gamma
Biba Model – Concerned only with integrity. Two rules:
Simple integrity axiom - “no read down”. Prevents bad data from lower levels from moving up
*-integrity axiom - “no write up”. Prevents low level subjects from changing high-level data
These rules are exact opposite of the B-LP model
If a high ranking subject issues data, everyone is able to trust that data. If a low ranking subject issues some sort of data, no one above that subject has permission to trust it.
Clark-Wilson – another integrity model. “Subjects must access objects through programs. Cannot access data directly.” Includes separation of duties.
Often used by commercial applications
Informatiom Flow Model – limits how info flows in a system. Biba and B-LP are both examples of this
Brewer Nash / Chinese Wall – protects against conflict of interest.
If an accounting firm processes financial data for Company A and B, they cannot access B’s company while working on A.
Take-Grant - four rules:
These privileges are spread across different subjects, so it almost acts as Separation of duties.
Graham-Denning Model – defines a set of basic rights in terms of commands that a subject can execute on an object. Three parts: objects, subjects and rules.
Harrison-Rizzo-Ullman Model – like Graham-Denning, but treats subjects and objects as the same and only has 6 rules:
Enter right into access matrix
Delete right from access matrix
Non-Interference Model – ensures that commands and activities at one level are not visible to other levels
For example, prior to the Gulf War, the Pentagon ordered a huge amount of pizza and people were able to assume something was going on. The war started shortly after.
Access Control Matrix – describes the rights of every subject for every object in the system. An access matrix is like an excel spreadsheet. The rows are the rights of each subject (called a capability list), and the columns show the ACL for each object or application
Zachman Framework for Enterprise Architecture – takes the Five W’s (and How), and maps them to specific subjects or roles.
3.3 Select controls based upon systems security requirements
Scoping is the process of determining which portions of a standard an organization will use. If there’s no wireless, wireless encryption standards are out of scope
Tailoring is customizing the standard for an organization to address their specific technologies
Tailoring and scoping allow administrators to customize baselines to their needs.
3.4 Understand security capabilities of information systems
Security Modes of Operational
Dedicated – system contains objects of only one classification level. All subjects are cleared for that level or higher. All subjects have access approval and need to know for all info stored/processed on that system
System High – system contains objects of mixed labels (confidential, secret, top secret). All users have appropriate clearances and access permissions for all info processed by a system, but they don’t necessarily need to know all the info processed by that system. Provides the most granular control over resources compared to the other security models.
Compartmented – All subjects accessing the system have necessary clearance, but do not have formal access approval or need to know for ALL info on the system. Technical controls enforce need to know for access.
Multilevel – also known as label-based. Allows you to classify objects and users with security labels. A “reference monitor” controls access. If a top-secret subject attempts to access a top-secret object, access is granted. By the reference monitor.
3.5 Assess and mitigate the vulnerabilities of security architectures, designs and solution elements
Cloud deployment approaches:
Private Cloud – organizations building th eir own cloud infrastructure
Public – AWS, Azure
Hybrid – any mixture of the two. Maybe sensitive data is placed on private cloud, and non-sensitive is placed on public
Community – provides cloud-based assets to two or more organizations. Maintenance responsibilities are shared between the organizations.
SaaS – Software-as-a-Service. provided through a browser, such as web mail.
PaaS – Platform-as-a-Service. Provides customers with a pre-configured computing platform. The vendor manages the underlying platform and all maintenance associated with it.
IaaS – Infrastructure-as-a-Service. You’re just renting physical equipment. Client is responsible for their data, patching and updating everything, etc.
The hierarchy, rated from the least amount of customer responsibility to the most, is SaaS > PaaS > IaaS
Peer-to-peer – sharing between many systems, such as BitTorrent. It’s decentralized and so integrity is questionable.
Mitigating IoT Vulnerabilities:
Keep IoT devices on another network
Turn off network functionality when not needed
Apply security patches whenever possible
Protecting mobile devices:
Enable screen locks and GPS for remote wipe
Used to control industrial equipment such as power plants, heating, prison doors, elevators, etc
Supervisory control system – gathers data and sends commands
Remote Terminal Unit (RTU) – connects devices to SCADA network. Converts analog to digital
Human Machine Interface – presents data to the operator
Often older and have security issues. Typically they are airgapped (no direct connection to outside world).
Polyinstantiation - Two rows may have the same primary key, but different data for each clearance level. Top secret clearance subjects see all data. Secret clearance subjects see only the data they are cleared for. This prevents unprivileged users from assuming data based on what they notice is missing.
Data mining – searching a large database for useful info. Can be good or bad. For example,, a credit card company may mine transaction records to find suspicious transactions and detect fraud.
Data Analytics is understanding normal use cases to help detect insider threats or other compromises.
Data Diddling – altering existing data, usually as it’s being entered.
3.6 Assess and mitigate vulnerabilities in web-based systems
Covert Channels – communications that violate security policies.
Backdoors – system shortcut to bypass security checks. Could be planted by attackers, or included by developers (called maintenance hooks).
Java Applets run in web browsers to make a web session more functional and interactive
ActiveX is similar, but only for Microsoft products. Implemented digital certificates for security
3.7 Assess and mitigate vulnerabilities in mobile systems
3.8 Assess and mitigate vulnerabilities in embedded devices
3.9 Apply cryptography
NOTE: a sender will use their private key to actually sign the digital signature
Cryptography is the science of encrypting information. The work function/factor of a cryptosystem is the measure of its strength in terms of cost and time to decrpt messages. The work function is generally rated by how long it takes to brute-force the cryptosystem.
Encryption is the act of rendering data unintelligible to unauthorized subjects
Algorithms and keys work together to encrypt and decrypt information. In the above example, 13 is the key and ROT is the algorithm. In modern cryptography, algorithms don’t change often but keys should every time
Confusion – relationship between plaintext and ciphertext should be as random as possible
Substitution replaces one character for another
Permutation provides confusion by rearranging the characters of the plaintext (such as ROT 13)
Substitution and permutation are often combined.
Monoalphabetic ciphers use one alphabet, meaning letter E is always substituted with the same letter every time. These ciphers are susceptible to frequency analysis
Polyalphabetic ciphers use multiple alphabets.
Cryptosystem Development Concepts:
Algorithms should be available for review, however the key should always be secret. This is to avoid security by obscurity
Kirchhoff’s Principal – Idea that algorithm should be available for public review
Exclusive-OR (XOR) Operation - Logical, binary operation which adds two bits together. Plaintext is XORed with a random keystream to generate ciphertext
If values are same, result is 0
If values are different, result is 1
Zero-proof Knowledge is the concept that you can prove your knowledge of a fact to a third party without revealing the fact itself. This is the case with digital signatures and certificates. This is illustrated by the “Magic Door”, where user A uses a secret password to open a door to get to user B without having to tell user B the password:
Caesar Cipher – used simple substitution where characters where shifted 3 spaces
Scytale – used by Spartans. Wrapped tape around a rod. The message was on the tape and the key was the diameter of the rod.
Vigenere Cipher – polyalphabetic cipher. Alphabet is repeated 26 times to form a matrix (Vigenere Square).
One-Time Pad – if done correctly, it’s mathematically unbreakable. Sender and recipient must have a pad with pages full of random letters. Each page is used only once. The only way to break it is to steal or copy the pad. They key must be at least as long as the message to be encrypted.
Key distribution is burdensome. Very hard to do correctly in terms of getting random numbers
The equation for determining how many keys are required for symmetric communications is:
Uses the same key both to encrypt and decrypt a message. This makes it very fast compared to asymmetric encryption. May be referred to as “secret key” or “shared key” cryptography.
A session key is a temporary symmetric key used for a connection
Difficult to securely exchange the keys
Not scalable. The number of keys you need grows exponentially as you add additional people to the communication link
Stream vs Block Ciphers - In a stream cipher, data is encrypted bit-by-bit. Usually implemented in hardware and requires no memory. Not used anymore because it’s likely for patterns to emerge. Block ciphers group communications into blocks and encrypt those all together. This alleviates the issue of patterns in stream ciphers because an attacker would never know if a block is one word or ten words.
Block ciphers are usually implemented in software and requires a lot of memory.
Uses substitution and transposition (rearranges order of plaintext symbols) ciphers
Initialization Vector (IV) – a random value added to the plaintext before encryption. Used to ensure that two identical plaintext messages don’t encrypt to the same ciphertext
Chaining – uses the result of one block to “seed”, or add to, the next block
Common Symmetric Algorithms:
DES – Uses a single 56-bit key. Brute forced two decades ago. No longer safe to use.
3DES – Three rounds of DES encryption using two or three different 56-bit keys. Key length is 112 bits or more depending on how many keys you use. Considered secure, but slower to compute than AES
Two keys are required at a minimum to achieve strong security
Modes of DES
Electronic Code Book (ECB) – Each block encrypted independently. Decrypting starts at beginning of ciphertext. Processes 64-bits at a time using the same key. A given message will always produce the same ciphertext. Creates patterns and is susceptible to frequency analysis. This is the weakest DES mode.
Cipher Block Chaining (CBC) – most common mode. Uses an IV to seed first block. The ciphertext is then XORed. Problematic because errors in earlier blocks will propagate throughout the rest of the encrypted data.
Cipher Feedback (CFB) – not applicable
Output Feedback (OFB) - not applicable
Counter Mode (CTR) – fixes the issue of propagating errors
AES – Three key lengths: 128, 192 and 256-bits. Current US recommended standard.. Open algorithm, patent free (anyone can use it)
RC4 – Key length of 8-2048 bits. Was used in SSL and WEP communication
Blowfish – Developed by Bruce Schneider. key sizes 32-448 bit. Faster than AES.
Two Fish - Developed by Bruce Schneider. key size 128-256 bit. Better than Blowfish. Uses a process known as prewhitening to XOR plaintext with a separate subkey before encryption
IDEA – block algorithm using 128-bit key and 64-bit block size. Patented in many countries.
“PGP is a good IDEA” - PGP is often used in conjunction with IDEA
Be able to look at a list of algorithms and pick out the symmetric ones. Think of the word FISHES. A fish is symmetric. Anything with FISH or ES in the name is symmetric, as are RC4, Skipjack, and IDEA.
The equation for determining how many keys are required for asymmetric communications is:
Designed to solve the key exchange problem of symmetric encryption. Each user has a public and a private key. The public is made available, but the private key is kept secret
Far slower than symmetric encryption and is weaker per key bit. 512-bit public key is roughly equivalent to a 64-bit symmetric key.
must be a way to calculate a public key from a private key, but impossible to deduce the private key from the public key.
Works by multiplying prime numbers. Calculating the product of those two prime numbers, but determining which prime numbers achieved the product is much more difficult.
Diffie-Hellman – original asymmetric algorithm. Allowed two parties to agree on a symmetric key via a public channel. Based on “difficulty of calculating discrete logarithms in a finite field”.
RSA – based on factoring large prime numbers. Key length and block size of 512-4096. 100 times slower than symmetric encryption. Only requires two keys for any given communication and is ideal for large environments with a low amount of time required for key management
DSA – used for digital signatures
El-Gamal – extension of Diffie-Hellman that depends on modular arithmetic
Biggest disadvantage is that it doubles the length of messages
Elliptic Curve Cryptography (ECC) – faster than other asymmetric algorithms, so its used on devices with less computing power, such as mobile devices. It is patented so it costs money to use it. 256-bit ECC key is as strong as a 3,072-bit RSA key
Elleptic Curve Diffie-Hellman Ephemeral (ECDHE) is associated with providing perfect forward secrecy, a feature where communications cannot be broken even if the server is compromised.
PGP – originally used IDEA. Can now use PKI. Uses a web of trust model to authenticate digital
SSL/TLS – client requests a secure connection to a server. Server sends the client its public key in the form of a certificate. The client takes the public key and generates a one-time session key (temporary symmetric key) and encrypt it with the server public key and send it back to the server. The server uses their private key to decrypt the client’s private key. That symmetric key is now used to encrypt all data exchanged between client and server.
Considered one way because there is no way to reverse a hash. Plaintext is “hashed” into a fixed-length value (ie not variable), called a message digest or hash
Hashing helps ensure integrity. If the content of a file changes, its hash will change.
Hash Functions:MD5 is not used because it has been found to create collisions in the past. There is more data in the world than there are possible 128-bit combinations
HMAC uses a secret key in combination with a hash algorithm to verify that a hash has not tampered with it. It computes the hash of a message plus a secret key
When a digital signature is issued by a CA, they will include the recipient’s public key
If an outside individual receives someone else’s digital cert, they will verify its authenticity
by looking at the CA’s public key
Provide authentication and integrity. Do not provide confidentiality.
It will calculate the hash of a document it and encrypt it with your private key. Anyone can verify it with your public key.
Digital Signature Standard uses SHA-1, 2 and 3 message digest functions along with DSA, RSA and Elliptic Curve algorithms.
Digital Watermarks – encode data into a file. May be hidden using steganography.
Brute force – tries every possible key. In theory it will always work with time, except against one-time pads. If a key is long enough, however, it will take incredibly long amounts of time.
Rainbow Tables – pre-computed tables of passwords and their hashes. Not practical for modern. Effective against Windows LANMAN hashes
Salts are random values added to the end of a password before hashing it to help protect against rainbow table attacks. Salts are stored in the same database as the hashed password. Salting can be accomplished by PBKDF2, bcrypt and scrypt. Unique salts should be generated for each user.
Peppers are large constant numbers used to further increase the security of the hashed password, and are stored OUTSIDE the database that houses the hashed passwords.
Collisions – when two different messages have the same hash value, such as the Birthday Attack. If a room has 23 people in it, there is a significant chance that two people will have the same birthday. Chances increase with the size of the environment.
MD5 (128-bit) will have a collision after 2^64 calculations
Known-Plain Text Attack – attempting to attain the key when you have the encrypted text and all or some of the plain text.
In WWII, the Germans and Japanese always started a transmission with a certain phrase. The Allies knew this phrase and could record the encrypted message, and were able to break the code
Chosen-Plaintext Attack – attacker has the ability to encrypt chosen portions of the plaintext and compares it to the encrypted portion to discover the key
Cipher-Text Only Attacks – Attacker collects many messages encrypted with the same key, and uses statistical analysis to break the encryption
Chosen Ciphertext Attack – cryptanalyst can choose the cipher text to be decrypted. Thus, they have ciphertext and plaintext for messages that they choose.
Known Key – attacker may have some knowledge about the key. This reduces the number of variations they have to consider to guess the key (ex: Passwords must be 8-12 characters)
Meet-in-the-middle Attack – Encrypts the plaintext using all possible keys and creates a table with all possible results. Then they decrypt the plaintext using all possible keys. This is why 3DES is used over 2DES.
Side-Channel Attack – uses physical data to break cryptosystem, such as monitoring CPU cycles or power consumption used while encrypting or decrypting. Longer keys may require more CPU cycles for examination.
Meltdown and Spectre are examples
Implementation Attacks -exploit a vulnerability with the actual system used to perform the math. System may leave plaintext in RAM, or the key may be left on the hard drive.
Public Key Infrastructure. Provides a way to manage digital certificates, which is a public key signed with a digital signature. The standard digital certificate format is X.509.
A digital certificate will contain:
Digital signature of signer
A certificate will NOT contain:
The Certificate Authority creates certs to verified users. Examples include Verisign, DigiSign, Comodo, GoDaddy, etc.
Certificate Policy – set of rules dictating the circumstances under which a cert can be used. Used to protect Cas from claims of loss if the cert is misused.
Certificate Revocation List (CRL) – identifies certs that have been revoked due to theft, fraud, change in information associated with the CA, etc. Expired certs are not on the CRL. DOES NOT UPDATE INFO IN REAL TIME
Online Certificate Status Protocol – used to query the CA as to the status of a cert issued by that CA. Useful in large environments. Responds to a query with the status of valid,, suspended or revoked
There are several models:
Hierarchical Trust – Root CA can delegate intermediate CAs to issue certs on its behalf.
Web of Trust – All parties involved trust each other equally. No CA to certify certificate owners
Hybrid-Cross Certification – Combination of hierarchical and mesh models. Common for when two different organizations establish trust relationships. A trust is created between two Root CAs, and each organization trusts the others’ certificates.
Placement of a copy of secret keys in a secure location. Two methods:
Key Escrow – keys needed to decrypt cyphertext are held in escrow so that, under certain cirumstances, an authorized third party may gain access to those keys.
Recovery Agent – has authority to remove lost/destroyed keys from escrow. Requires at least TWO agents (M of N controls – a number (n) of agents must exist in an environment. Of those agents, a minimum number (m) must work together to recover a key). This is an example of Split Knowledge, where information or privilege required to perform an action is divied among multiple users.
Ipsec is a security architecture framework that supports secure communication over IP. It establishes a secure channel in either transport or tunnel mode, and is used primarily for VPNs.
IPSec – two primary protocols
Authentication Header (AH) – provides authentication and integrity for each packet. Acts as a digital signature for data.
Encapsulating Security Payload (ESP) – provides confidentiality with encryption
Internet Key Exchange (IKE)
IPSec has several modes:
Tunnel mode – whole packet is encapsulated (encrypted), including the header, for gateway-to-gateway communications. Connects networks to networks, or hosts to networks
Transport mode – Only the payload is encapsulated, and is used primarily for peer-to-peer communications. Connects hosts to hosts.
Think of driving a car – when you drive through a tunnel, your entire car is encapsulated. When outside of the tunnel, you are encapsulated by your car.
Encapsulation is the addition of a header and footer to a packet. It enables multi-layer protocols.
Security Association (SA) – one way connection. May be used to negotiate AH and/or ESP parameters. If using ESP only, two SAs are required (one for each direction). If using AH and ESP, 4 SAs are required
SA process is managed by the Internet Security Association of Key Management Protocol (ISAKMP)
Know the difference between tunnel and transport mode, AH and ESP, and how many security associations you need.
3.10 Apply security principles to site and facility design
3.11 Implement site and facility security controls
Fault – a temporary loss of power
Blackout – Power is completely off
Sag – or dips. When voltage briefly drops below acceptable operating range
Brownout – A prolonged sag
Spike – or transients. Voltage briefly rises above acceptable operating range. Very brief, and should be absorbed by surge protectors
Noise – signals emitted from cabeling
HVAC should keep rooms with electronics between 60-75 degrees fahrenheit/15-23 degrees celsius. Humidity should be mainteained between 40-60%.
Humidity too low can generate static discharges up to 20,000 volts. Only a fraction of that is needed to damage electronic components.
Locate server rooms and other critical components away from any water source.
Know what mantraps and turnstiles look like
A preaction system is the best water-based suppression system.
Closed-head systems should be avoided as they actively contain water and present a risk in the event of failure
FEMA (Federal Emergency Management Agency) provides flood risk data for locations in th US
500-Year Flood Plain indicates there is a 1-in-500 (.002%) chance a flood will occur in the given location in any given year
Types of fire extinguishers:
Class A - Uses water to suppress common combustibles
Class B – uses CO2, halon or soda acid to suppress liquid-based fires
Class C – Use CO2 or other suppressants and suppress electric fires
Class D – Use dry powder to suppress metal fires