Ciss previsionnotes

- The scope and focus of a BCP is mostly dependant on the BIA (business impact analysis) - El Gamal is an unpatented, asymmetric key algorithm based on the discrete logarithm problem used in Diffie-Hellman. It extends the functionality of Diffie-Hellman to include encryption and digital signatures. - Function Point (FP) analysis is a measure of the size of an information system based on the number and complexity of the inputs, outputs and files that a user sees and interacts with - PGP uses the IDEA algorithm (symmetric) for encryption and the RSA algorithm (asymmetric) for key distribution and digital signatures. - Program Evaluation Review Technique (PERT) charts. PERT charts are project management tools used for time/progress estimation and resource allocation, NOT for estimating the financial burden of the project - Because of the amount of computation involved in public key cryptography, a DES hardware implementation of secret key cryptography is on the order of 1000 to 10000 times faster than RSA public key cryptography. - A SA is a one-way connection between two communicating parties, meaning that two SAs are required for each pair of communicating hosts. Additionally, each SA only supports a single protocol (AH or ESP). Thus, if both AH and ESP are used between two communicating hosts, a total of four SAs is required. - SESAME is subject to password guessing like Kerberos. The Basic Mechanism in Sesame for strong authentication is as follows: The user sends a request for authentication to the Authentication Server as in Kerberos, except that SESAME makes use of public key cryptography for authentication where the client will present his digital certificate and the request will be signed using a digital signature. The signature is communicated to the authentication server through the preauthentication fields. Upon receipt of this request, the authentication server will verify the certificate, then validate the signature, and if all is fine the AS will issue a ticket granting ticket (TGT) as in Kerberos. This TGT will be use to communicate with the privilage attribute server (PAS) when access to a resource is needed. Users may authenticate using either a public key pair or a conventional (symmetric) key. If public key cryptography is used, public key data is transported in preauthentication data fields to help establish identity. Kerberos uses tickets for authenticating subjects to objects and SESAME uses Privileged Attribute Certificates (PAC), which contain the subject’s identity, access capabilities for the object, access time period, and lifetime of the PAC. The PAC is digitally signed so that the object can validate that it came from the trusted authentication server, which is referred to as the privilege attribute server (PAS). The PAS holds a similar role as the KDC within Kerberos. After a user successfully authenticates to the authentication service (AS), he is presented with a token to give to the PAS. The PAS then creates a PAC for the user to present to the resource he is trying to access.

-The northbridge bus connects the CPU to the VIDEO and RAM - Continuous authentication provides protection against attacks that happen in a connection even after authentication is complete. This is usually done by applying a digital signature to every bit of data sent (eg applying some sort of cryptography to every bit sent) - The only difference between a circuit-level gateway and a simple port forwarding mechanism is that with a circuit-level gateway, the client is aware of the intermediate system, whereas in the case of a simple port-forwarding mechanism, the client must not be aware and may be completely oblivious of the existence of the intermediary - DDE (Dynamic Data Exchange) enables different applications to share data and send commands to each other directly. - Objects sensitivity label = single classificiation + compartement set - Physical cable lengths: 10Base2, also known as RG58, or thinnet, is limited to 185 meters. 10Base5, also known as RG8/RG11 or thicknet, is limited to 500 meters. 10BaseT is only limited to 100 meters. Note that the 2 in 10Base2 refers to the maximum cable length (200 meters, 185, actually) and the 5 in 10Base5 is for 500 meters. - The WAP GAP is a specific security issue associated with WAP results from the requirement to change security protocols at the carrier's WAP gateway from the wireless WTLS to SSL for use over the wired network. WTLS is replaced by TLS in WAP 2.0. The gateway described above is no longer needed to translate (decrypt from one standard and re-encrypt to another) since the Internet servers are able to interpret the TLS transmission directly. All data remains encrypted as it passes through the gateway. At the WAP gateway, the transmission, which is protected by WTLS, is decrypted and then re-encrypted for transmission using SSL, leaving data temporarily in the clear on the gateway. - National Information Assurance Certification and Accreditation Process (NIACAP), establishes the minimum national standards for certifying and accrediting national security systems. This process provides a standard set of activities, general tasks, and a management structure to certify and accredit systems that will maintain the Information Assurance (IA) and security posture of a system or site. - The object-relational database is the marriage of object-oriented and relational technologies and combines the attributes of both. - A system reboot is performed after shutting down the system in a controlled manner in response to a TCB failure. - An emergency system restart is done after a system fails in an uncontrolled manner but consistency can be brought back automatically to the system. - A system cold start takes place when unexpected TCB or media failures take place and the recovery procedures cannot bring the system to a consistent state. Intervention of administrative personnel is required to bring the system to a

consistent state from maintenance mode. - Information Labels are similar to Sensitivity Labels, but in addition to the classification and the category set of the Sensitivity Labels, they also have the necessary controls to be able to operate as a trusted computer. One other important difference is that the Reference Monitor does not use Information Labels for access permissions - DCE does provide the same functionality as DCOM, but DCE is an open standard developed by the Open Software Foundation (OSF) and DCOM, developed by Microsoft, is more proprietary in nature - Risk management consists of two primary and one underlying activity; risk assessment and risk mitigation are the primary activities and uncertainty analysis is the underlying one. After having performed risk assessment and mitigation, an uncertainty analysis should be performed. Risk management must often rely on speculation, best guesses, incomplete data, and many unproven assumptions. A documented uncertainty analysis allows the risk management results to be used knowledgeably. A vulnerability analysis, likelihood assessment and threat identification are all parts of the collection and analysis of data part of the risk assessment, one of the primary activities of risk management. - BIA should emphasize system dependancies. Then, prioritization can occur. - The Authentication Header is a mechanism for providing strong integrity and authentication for IP datagrams. It might also provide non-repudiation, depending on which cryptographic algorithm is used and how keying is performed. For example, use of an asymmetric digital signature algorithm, such as RSA, could provide non-repudiation." ESP is a mechanism for providing integrity and confidentiality to IP datagrams. It may also provide authentication, depending on which logarithm and algorithm mode are used. Non-repudiation and protection from traffic analysis are not provided by ESP - Extensible Authentication Protocol as a framework that supports multiple, optional authentication mechanisms for PPP, including cleartext passwords, challenge-response, and arbitrary dialog sequences - SSL : Presentation + transport layer. (recall presentation layer is to do with compression and encryption). Also remember successor is TLS = transport layer security - Individual accountability includes:

* unique IDs (for ID) * access rules (to determine violations) * audit trails (detective, for logging)

- Padded cells are simulated environments to which IDSs seamlessly transfer detected attackers and are designed to convince an attacker that the attack is going according to the plan. - FRAP (facilitated risk analysis process) : business managers and technical staff.

Brainstorm and identify risk, and apply a group of 26 common controls to categorize risk - The functional design analysis and planning stage of an SDLC is the point at which a project plan is developed, test schedules assigned, and expectations outlined - default open is not a prefered security model - External consistency ensures that the data stored in the database is consistent with the real world -DBMS: Cell suppression is a technique used against inference attacks by not revealing information in the case where a statistical query produces a very small result set. Perturbation also addresses inference attacks but involves making minor modifications to the results to a query. Partitioning involves splitting a database into two or more physical or logical parts; especially relevant for multilevel secure databases. - System development + system maintenance can be done by same people - The running key cipher is based on modular arithmetic - Telnet’s primary use is terminal emulation - Root cause analysis needed for eradication phase - Flash can be read/written multiple times quickly, but at the cost of only writing large blocks at a time. - As relates to operations security and TB : trusted paths are trustworthy interfaces into privileged user functions, i.e. they are pathways through the security boundary which separates the TCB components and untrusted components. trusted paths would be a form of API - In an online transaction processing system, if an invalid or erroneous transaction is detected, it should be written to a report and reviewed - limited privilege : trusted process characteristic where operations are performed without allowing the user direct access to unauthorized sensitive data - DAC and MAC both employ least privilege. But only MAC employs need to know (compartmentalization) - The reference monitor must meet three conditions: (1) it must be tamperproof (isolation) (2) it must be invoked on every access to every object (completeness) and (3) it must be small enough for thorough validation of its operation through analysis and tests, in order to verify completeness (v - MSR minimum security requirements state that a password should have minimum length of 8 characters. - One time pads to be unbreakable the pads must:

* have completely random characters * be secure * must not be re-used * key must be as long as the message

- Detection capabilities of host based IDS systems are usually limited by the audit

logging capabilities of the host - Software librarian can enforce separation of duties to ensure programmers do not have access to production code - MTD = RTO + WRT ; Maximum Tolerable Downtime = Recovery Time Objective + Work Recovery Time - An interoperable, or cooperative, database is defined as interconnected platforms running independent copies of software with independent copies of data. Not to be confused with a decentralized database, involving connected or unconnected but related platforms running independent copies of software with independent copies of data. A dispersed database involves interconnected and related platforms running the same software and using the same data, one of which is centralized (software or data). - Graham-Denning model has 8 rules - One technique of process isolation is time-multiplexing - Data or information owner can determine if controls in place protect sensitive data sufficiently - Diffie Hellmann : protocol used to enable two users using symmetric encryption to exchange a secret key (session key) over an insecure medium without any prior secrets. The negotiated key will subsequently be used for message encryption - ITSEC vs Orange book : One major difference between the two is ITSEC’s inclusion of integrity and availability as security goals, along with confidentiality. - IPSec peer authentication performed at phase 1 - IPSec: In phase 1 of this process, IKE creates an authenticated, secure channel between the two IKE peers, called the IKE security association. The Diffie-Hellman key agreement is always performed in this phase. (bi-directional SA) In phase 2 IKE negotiates the IPSec security associations and generates the required key material for IPSec. The sender offers one or more transform sets that are used to specify an allowed combination of transforms with their respective settings. (Simplex SA x2) - SET = Secure Electronic Transaction : OSI L7 application layer protocol - Quality assurance can also be an additional responsibility of the security administrator. The security administrator, being responsible for application programming, systems programming or data entry, does not provide for proper segregation of duties - Linear cryptanalysis : attempt to determine key from large amounts of plain / cipher text pairs - Output controls are used for two things: for verifying the integrity and protecting the confidentiality of an output - Input controls are used to validate input (correct range, etc), helps prevent certain types of attacks eg bugger overflow - Max key size for Rijandael is 256 bits

- ISO 27001:2005 : standard for Information Security management - DES key length = 56 bits , parity or key sequence of 8 bits = 64bit. Uses 64-bit blocks and output 64-bit ciphertext - The main advantage of the qualitative impact analysis is that it prioritizes the risks and identifies areas for immediate improvement in addressing the vulnerabilities. - Differential cryptanalysis : attempt to determine key by statistically analysing a few plain - cipher text pairs - SQL = DDL (data definition language) + DML (data manipulation language) - polymorphism : object acts differently, depending on the input message - polyinstantiation : same object, different data (eg secret data, top secret data) - Digital envelope: message encrypted with secret key, which is in turn encrypted with public key of reciever - UTP categories based on how tightly a cable is twisted - Coaxial cables need fixed spacing between connections (termination / reflection, etc) - Degree of a table represents number of columns therefore not related to number of primary keys - A protection domain consists of the execution and memory space assigned to each process. The purpose of establishing a protection domain is to protect programs from all unauthorized modification or executional interference. The security perimeter is the boundary that separates the Trusted Computing Base (TCB) from the remainder of the system - RC4 is not a block cipher (variable-key-length stream cipher) - A stream cipher generates what is called a keystream (a sequence of bits used as a key). - data diddling : active form of attack that alters existing data, most common insider attack - Elliptic Curve Cryptography has the highest strength per bit of key length of any asymmetric algo, hence less key length is needed, used for mobile devices - Trusted recovery ensures that security is not breached when a system crash or other system failure occurs. When the system crashes, it must be able to restart without compromising its required protection scheme and to recover and rollback without being compromised after the failure. Trusted recovery is only required for B3 and A1 level systems. - secondary evidence : copy of a piece of evidence or oral description - direct evidence : can prove a fact by itself (does not need backup), for example oral testimony based on info gathered through a witness’s five senses - Auxiliary station alarms automatically cause an alarm originating in a data center to be transmitted over the local municipal fire or police alarm circuits for relaying to both the local police/fire station and the appropriate headquarters.

Central station alarms are operated by private security organizations - A data dictionary is a central collection of data element definitions, schema objects, and reference keys. - A single account on the system has the administrative rights to all the security-related functions of the system. This demonstrates Trusted Facility Management because you restrict access to administrative functions. A failure or crash of the system cannot be used to breach security. This would fall under Trusted Recovery. - clapper valve holds back water in dry system (fire suppression) - Regarding SSL: Once the server has been authenticated by the browser client, the browser generates a master secret that is to be shared only between the server and client. This secret serves as a seed to generate the session (private) keys. The master secret is then encrypted with the server's public key and sent to the server. The fact that the master secret is generated by the client's browser provides the client assurance that the server is not reusing keys that would have been used in a previous session with another client. - Evaluation is the process of independently assessing a system against a standard of comparison, such as evaluation criteria. Certification is the process of performing a comprehensive analysis of the security features and safeguards of a system to establish the extent to which the security requirements are satisfied. Accreditation is the official management decision to operate a system (achieved during implementation phase. Acceptance testing refers to user testing of a system before accepting delivery. - The operation/ maintenance phase of an IT system is concerned with user authentication - attribute certificate is a digital certificate that binds a set of descriptive data items, other than a public key, either directly to a subject name or to the identifier of another certificate that is a public-key certificate - CER : crossover error rate, FRR : false rejection rate - Clark_Wilson model : achieves data integrity through well-formed transactions and seperation of duties (eg using middleware) - RADIUS and DIAMETER are only backward compatible. DIAMETER is compatible with radius, but not vie-versa - The security perimeter is the imaginary line that separates the trusted components of the kernel and the Trusted Computing Base (TCB) from those elements that are not trusted - Software plans and requirements usually addresses due care and due diligence - When access control is on what is contained in the database it is considered to be content-dependent access control - BIA primary objectives:

* Criticality prioritization * downtime estimation

* resource requirements - BIA objectives:

* interviews for data gathering * create data gathering techniques * identify critical business functions * identify resources that the above functions depend upon * how long can functions survive without the resources * identify vulnerabilities and threats to the resources * calculate risk to resources * document and report

- In IPSec, an SA is simplex in operation, not duplex - soda acid removes the fuel supply of a fire - Operational controls are concerned most with personnel safety - ARL vs CRL = Authority Revocation List vs Certificate Revocation List - Pipelining : overlapping steps of different instructions - SSL session key length vary from 40bit to 256bit - S-RPC provides authentication - Secure HTTP (S-HTTP) is designed to send individual messages securely - For authentication via DES, Cipher Block Chaining and Cipher Feedback can be used since they create a key that is dependent of the previous block and the final block serves as a Message Authentication Code. Output feedback does not allow any sort of MAC - Wireless Transport Layer Security (WTLS) is a communication protocol that allows wireless devices to send and receive encrypted information over the Internet. - Keyed hash also called a MAC (message authentication code) is used for integrity protection, and authentication. Eg of MAC : encrypt message with secret key DES, and hash the output. - In order to protect against fraud in electronic fund transfers (EFT), the Message Authentication Code (MAC), ANSI X9.9, was developed. The MAC is a check value, which is derived from the contents of the message itself, that is sensitive to the bit changes in a message. It is similar to a Cyclic Redundancy Check (CRC). The Secure Electronic Transaction (SET) was developed by a consortium including MasterCard and VISA as a means of preventing fraud from occurring during electronic payment - Capacitance detectors  is used for spot protection within a few inches of the object, rather than for overall room security monitoring. - Internet refers to the global network of public networks and ISP - Communications security management prevents,detects and corrects errors so CIA of network transaction may be maintained - The computations involved in selecting keys and in enciphering data are complex, and are not practical for manual use. However, using mathematical properties of modular arithmetic and a method known as computing in Galois

fields, RSA is quite feasible for computer use. - known-plaintext attack : a cryptanalysis technique in which the analyst tries to determine the key from knowledge of some plaintext-ciphertext pairs (although the analyst may also have other clues, such as the knowing the cryptographic algorithm). - chosen-ciphertext attack is defined as a cryptanalysis technique in which the analyst tries to determine the key from knowledge of plaintext that corresponds to ciphertext selected (i.e., dictated) by the analyst. - chosen-plaintext attack is a cryptanalysis technique in which the analyst tries to determine the key from knowledge of ciphertext that corresponds to plaintext selected (i.e., dictated) by the analyst. - Stream cipher is most suited to hardware implementations - A central authority that determines which subjects have access to which objects is a fom of non-discretionary access control - cardinality of a database refers to the number of rows in a relation (eg 1 to 1, 1 to many, etc) - X.400 is used in e-mail as a message handling protocol. X.500 is used in directory services. X.509 is used in digital certificates and X.800 is used a network security standard - Split knowledge involves encryption keys being separated into two components, each of which does not reveal the other - Reasonableness checks, range checks, syntax checks and check digits are common program controls - An analytic attack refers to using algorithm and algebraic manipulation weakness to reduce complexity. - Content dependant protection of info increases processing overhead - Simple Security property in Bell-LaPadula = no read up - Simple Security property in Biba = no read down - star property in Bell-LaPadula = confinement property - to remember : simple = read, *(star) = write - A reference monitor compares the security labels on a subject and object - Phreaking: RED BOX A red box is a phreaking device that generates tones to simulate inserting coins in pay phones, thus fooling the system into completing free calls. In the US, a dime is represented by two tones, a nickel by one, and a quarter by a set of 5 tones. Any device capable of playing back recorded sounds can potentially be used as a red box. Commonly used devices include modified Radio Shack tone dialers, personal MP3 players, and audio-recording greeting cards. BLUE BOX An early phreaking tool, the blue box is an electronic device that simulates a telephone operator's dialing console. It functions by replicating the tones used to

switch long-distance calls and using them to route the user's own call, bypassing the normal switching mechanism. The most typical use of a blue box was to place free telephone calls - inversely, the Black Box enabled one to receive calls which were free to the caller. The blue box no longer works in most western nations, as modern switching systems are now digital and no longer use the in-band signaling which the blue box emulates. Instead, signaling occurs on an out-of-band channel which cannot be accessed from the line the caller is using (called Common Channel Interoffice Signaling (CCIS)). BLACK BOX The black box (as distinguished from blue boxes and red boxes), sometimes called an Agnew (see Spiro (device) for the origin of the nickname), was a device built by phone phreaks during the 1960s and 1970s in order to defeat long distance phone call toll charges, and specifically to block the supervision signal sent by the receiving telephone handset when the call was answered at the receiving end of the call. The act of picking up the handset of a telephone causes a load to be put on the telephone line, so that the DC voltage on the line drops below the approximately 45 volts present when the phone is disconnected. The black box consisted of a large capacitor which was inserted in series with the telephone, thereby blocking DC current but allowing AC current (i.e., ringing signal and also audio signal) to pass. When the black box was switched into the telephone line, the handset could be picked up without the telephone system knowing and starting the billing process. In other words, the box fooled the phone company into thinking no one had answered at the receiving end, and therefore billing was never started on the call. WHITE BOX The white box is simply a portable Touch-Tone Keypad. - ISO has defined five basic tasks related to network management :

* Fault management: Detects the devices that present some kind of fault.

* Configuration management: Allows users to know, define and change remotely the configuration of any device.

* Accounting resources: Holds the records of the resource usage in the WAN.

* Performance management: Monitors usage levels and sets alarms when a threshold has been surpassed.

* Security management: Detects suspicious traffic or users and generates alarms accordingly. - PPTP (works at L2, modified version of GRE)

* can tunnel non-IP traffic

* does not provide token based authentication * does not provide strong encryption

- L2TP = L2F + PPTP - How hardware / software should be used : standards not policy - The following measures are used to compensate for both internal and external access violations:

* Backups * RAID (Redundant Array of Independent Disks) technology * Fault tolerance * Business Continuity Planning * Insurance

- Application firewall = Circuit Level firewall - Edit controls are considered to be preventive controls since they are used in a program before data is processed. Buffer overflows can be eliminated through the use of proper edit controls. - System configuration management is geared towards providing system stability - Configuration management is the process of tracking and approving changes to a system. It is only required for B2, B3 and A1 level system - D – Minimal protection C – Discretionary protection C1 – Discretionary Security Protection C2 – Controlled Access Protection vs object reuse (object isolation) B – Mandatory Protection B1 – Labeled Security B2 – Structured Protection B3 – Security Domains A – Verified Protection A1 – Verified Design - When an intrusion has been detected and confirmed, if you wish to prosecute the attacker in court, the following actions should be performed in the following order:

1. Capture and record system information and evidence that may be lost, modified, or not captured during the execution of a backup procedure. Start with the most volative memory areas first. 2. Make at least two full backups of the compromised systems, using hardware-write-protectable or write-once media. A first backup may be used to re-install the compromised system for further analysis and the second one should be preserved in a secure location to preserve the chain of custody of evidence. 3. Isolate the compromised systems. 4. Search for signs of intrusions on other systems. 5. Examine logs in order to gather more information and better identify

other systems to which the intruder might have gained access. 6. Search through logs of compromised systems for information that would reveal the kind of attacks used to gain access. 7. Identify what the intruder did, for example by analyzing various log files, comparing checksums of known, trusted files to those on the compromised machine and by using other intrusion analysis tools.

- Full interrution test is the most complete DRP test (but it does stop business) - Named perils is the burden of proof that particular loss is covered on insured - Elements of risk:

* threats * assets * mitigating controls

- audit logs are a form of detective logs - BIA establishes effect of disruptions on the organization - Two co-operating processes that simultaneously compete for a shared resource in defiance of security policy create a covert channel - BCP is a corporate issue and should include all parts and functions of a company - BCP usually fails due to lack of management support - SP-network is used to increase the strength of block ciphers (Substitution Permutation) - Worm - no human interaction. Symptoms : high network / CPU utilization - Ciphers should be

* functionally complex * statistically unbiased * long periods of non-repetition

- BCP exersizes include (should always identify BCP strengths and weaknesses): * table-top exercise (theoretical exercise “how do we react if such

happens?”) * call exersize (if the emergence personnel are reachable) * simulated exersize (simulated)

- Expert system gather knowledge from human SMEs and this knowledge is programmed in, and problem analysis using algorithms is done to suggest solutions, usually in conjunction with an inference engine - DSS : digital signature standard : allows for digital signing (asymmetric) - RTO = recovery time objective aka MTD = maximum tolerable downtime - During BIA, RTO is not performed. In BIA, estimate the financial and operational impacts of a disruption, identify regulatory/compliance exposure and determine the impact upon the organization's market share and corporate image. - The read privilege is the most problematic privilege regarding information flows. The privilege essentially allows the subject to create a copy of the object in memory - Data warehouse : consolidate / manage data in central location - Email source verification : client should add signature block and digital signature

to the email - Disaster recovery typically refers to the recovery of the technology enviornment - Full backup is the most efficient recovery - SSH 2 is a strong method of performing client authentication. Does not provide good host / server authentication - Von neumann - no inherent difference in memory between data and programming (instructions) representations in memory - symmetric and asymmetric are two methods of encrypting data - one-time pad : unbreakable by brute force - vs brute force, use of session keys - asynchronous time-division multiplexing: dynamically assigned time slots as needed - deadlocking = stalemate, two subjects try to modify the same object,integrity issues, so enable write access to only one subject - CA validates that a particular public key is associated with the correct user - cleanroom methodology = prevent rather than remove software defects - ANSI X9.17 is concerned primarily with the protection and secrecy of keys - In order to defeat frequency analysis, use polyalphabetic ciphers - Primary key must contain a non-null value to uniquely identify the tuple - best way to prevent MITM is to use random and unique identification - bytecode is faster than interpreted languages (it is already “compiled”) - RSA allows for the mutual identification of parties, is not based on discrete algorithms, rather it is based on difficulty of factorisation into the original prime numbers - Concealment cipher, every X number of words within a text, is a part of the real message. - First step for CIRT: determine to what extent systems and data are compromised - DBMS consistency ensures databases leaves one valid state to enter another valid state - The presentation layer contains no protocols only services. - Eg of application protocols: SMTP - Constrained user interface offers limited functionality depending on the user accessing - most effective defence vs buffer overflow = bounds checking - certification is the technical evaluation of a program to ensure that security requirements have been met - noninterference model strictly separates differing security levels to assure that higher-level actions do not determine what lower-level users can see (no data flow considered, actions considered - Least Privilege has three basic levels of privilege; read only, read/write and access change. Access Change is the highest level, this level enables operators the right to modify data directly in its original location, in addition to data copied

from the original location. - Diffie Hellman = most common form of asymmetric key cyrpto - Recovery strategies are concerned with meeting the pre-determined time frames for recovery - Prudent man rule == due care - Orange Book divisions:

* C deals with discretionary protection. * D deals with minimal security. * B deals with mandatory protection. * A deals with verified protection.

- Orange book does not cover integrity (TCSEC) - Orange book based on Bell LaPadula model - Organge book objectives:

Policy

The security policy must be explicit, well-defined and enforced by the computer system. There are two basic security policies:

● Mandatory Security Policy - Enforces access control rules based directly on an individual's clearance, authorization for the information and the confidentiality level of the information being sought. Other indirect factors are physical and environmental. This policy must also accurately reflect the laws, general policies and other relevant guidance from which the rules are derived. ○ Marking - Systems designed to enforce a mandatory security policy

must store and preserve the integrity of access control labels and retain the labels if the object is exported.

● Discretionary Security Policy - Enforces a consistent set of rules for controlling and limiting access based on identified individuals who have been determined to have a need-to-know for the information.

Accountability

Individual accountability regardless of policy must be enforced. A secure means must exist to ensure the access of an authorized and competent agent which can then evaluate the accountability information within a reasonable amount of time and without undue difficulty. There are three requirements under the accountability objective:

● Identification - The process used to recognize an individual user.

● Authentication - The verification of an individual user's authorization to specific categories of information.

● Auditing - Audit information must be selectively kept and protected so

that actions affecting security can be traced to the authenticated individual.

Assurance

The computer system must contain hardware/software mechanisms that can be independently evaluated to provide sufficient assurance that the system enforces the above requirements. By extension, assurance must include a guarantee that the trusted portion of the system works only as intended. To accomplish these objectives, two types of assurance are needed with their respective elements:

● Assurance Mechanisms

○ Operational Assurance: System Architecture, System Integrity, Covert Channel Analysis, Trusted Facility Management and Trusted Recovery

○ Life-cycle Assurance : Security Testing, Design Specification and Verification, Configuration Management and Trusted System Distribution

● Continuous Protection Assurance - The trusted mechanisms that enforce these basic requirements must be continuously protected against tampering and/or unauthorized changes.

Documentation

Within each class there is additional documentation set which addresses the development, deployment and management of the system rather than its capabilities. This documentation includes:

● Security Features User's Guide, Trusted Facility Manual, Test Documentation and Design Documentation

- A1 level requires trusted distribution - Common-mode noise is electrical noise between the hot and ground wire and between the neutral and ground wire. - critical-path analysis is the process of determining the value of company assets - Controls and safeguards reduce the impact of a threat - Symmetric stream cipher is most effective to implement in hardware - A cryptovariable or key controls the operation of the cryptographic algorithm - Aggregation and inference are the two most common forms of attack vs DBs - Should move least critical systems from backup to primary site first - ISAKMP defines procedures and packet formats to establish, negotiate, modify and delete security associations. However, it does not define the actual protocols to be used (such as key exchange protocols and hash functions), these are implementation specific. One example of the ISAKMP implementation is the Internet Key Exchange (IKE), defined as an Internet, IPsec,

key-establishment protocol (partly based on OAKLEY) that is intended for putting in place authenticated keying material for use with ISAKMP and for other security associations, such as in AH and ESP - Key encapsulation is one class of key recovery techniques and is defined as a key recovery technique for storing knowledge of a cryptographic key by encrypting it with another key and ensuring that that only certain third parties called "recovery agents" can perform the decryption operation to retrieve the stored key. - In MAC, system controls and data owner determine the need to know - Pattern matching IDS is best vs frequently morphing malware. Malware that frequently morphs will evade statistical IDS that collects info over time - Access controls help protects vs threats and vulnerabilities by reducing exposure to unauthorized activities and providing access to information and systems to only those that have been approved - Ethernet cabling uses 4-pairs (8 strands) - Operation security trple : {assets, threats, vulnerabilities} - DES uses 16 rounds of transposition and substitution functions. Triple DES uses 48 rounds - con of Kerberos server : single point of failure - Access control dominate means a subject with equal or higher access class - Kerberos Auth Server grants a service ticket once it validates the timestamp from the client (can decrypt timestamp because it stores the client’s key) - HIDS can usually detect encrypted traffic because host will decrypt it - Least significant issue for biometrics is technology type - Least effective dept to report to is the IS operations since they usually do not rank high enough - Data centre should be located in the middle of a building - Hand geometry uses the smallest file size - smart cards have processing power, memory cards do not - Primary purpose of honeypots is to observer the behaviour of attackers to fortify the network - Rate of rise sensors provide earlier warning than fixed temperature thresholds, but also have greater false positives - access control list related to object, capability tables related to subjects - it is important for an identity management system is that it must support high volumes of data and peak transaction rates - A database system would be denormalised to increase processing efficiency, but reduces integrity and storage. (normalise = reduce duplicates) - Justifications should be provided when data is denormalized, not when it is normalized, because it introduces risk of data inconsistency. Denormalization is usually introduced for performance purposes. - IKE = IPSec not PKI! - clipper chip uses 80-bit key size, works on the principle of key escrow

- PKI provides authentication, integrity and access control, not reliability. - TGS principal = resource or server - teardrop attack consists of modifying the length and fragmentation offset fields in sequential IP packets, causing overlap of packets once re-assembled - BIND variables are used as placeholders for literal values in SQL - All internal walls must have 1 hour min fire rating, unless next to records where 2 hour min fire rating needed - Reciprocal agreements are often not legally binding - The program evaluation review technique (PERT) defines activities, assigned resources, controls advance, and allows on-time decision making, used as Project Management - The domain of a relation is the set of allowable values that an attribute can take. - Common database models : hierarchical, network and relational - Three types of access control : administrative, technical, and physical - Seven main categories of access control:

*Directive *Deterrent *Preventative *Detective *Corrective *Compensating *Recovery

- Access control systems do not specify how a user can access a resource - Identity management is a set of technologies and processes intended to offer greater efficiency in the management of a diverse user and technical environment - Preliminary step sin managing resources is to define who has access to a given resource - Physical locks are intended as a delay device - Proxy server is not considered as perimeter defence, rather boundary defence - clipping level : only necessary logs are collected for monitoring - ISO 15408 = common criteria

* EAL 1 : functionally tested * EAL 2 : structurally tested * EAL 3 : methodically tested and checked * EAL 4 : methodically designed, tested and reviewed * EAL 5 : semifomally designed and tested * EAL 6 : semifomally verified design and tested * EAL 7 : fomally verified design and tested.

- qualitative risk assessment is usually earmarked by ease of implementation and can be completed by personnel with limited understanding of the risk assessment process - Long-duration security projects increase completion risk

- SLE (single loss expectancy) = asset value x exposure rate - civil law is influences by abstract concepts of law (writings of academics), rather than precedent and reasoning as in common law - security event managment (SEM) is used for log collection, collation and analysis in real time, vs log management system that is more used for historical purposes - Computer Game Fallacy : computers will prevent us from doing wrong - abstraction: giving rights to group rather than individual users (abstraction of users into groups) - link encryption is not suitable for high risk environments due to possible loss of privacy at each node (link termination point). point to point encryption is more secure - Auditors help identify control gaps - A trusted shell means that someone who is working in that shell cannot "bust out of it", and other processes cannot "bust into it". - continuous authentication best defends vs hijacking - re databases: Five operations are primitives (Select, Project, Union, Difference and Product) and the other operations can be defined in terms of those five. A View is defined from the operations of Join, Project, and Select The select operator serves to shrink the table vertically by eliminating unwanted rows (tuples). The project operator serves to shrink the table horizontally by removing unwanted columns. And the join operator allows the dynamic linking of two tables that share a common column value - Expert System Operating Modes: Backward-chaining mode - the expert system backtracks to determine if a given hypothesis is valid. Backward-chaining is generally used when there are a large number of possible solutions relative to the number of inputs. Incorrect answers are: In a forward-chaining mode, the expert system acquires information and comes to a conclusion based on that information. Forward-chaining is the reasoning approach that can be used when there is a small number of solutions relative to the number of inputs. Blackboard is an expert system-reasoning methodology in which a solution is generated by the use of a virtual blackboard, wherein information or potential solutions are placed on the blackboard by a plurality of individuals or expert knowledge sources. As more information is placed on the blackboard in an iterative process, a solution is generated. - problem management : identify root cause and address underlying issue - configuration management is a requirement for level B2 and above - B3 vs covert timing attacks. B2 vs covert storage attacks - The life cycle assurance requirements specified in the Orange Book are: security testing, design specification and testing, configuration management and trusted distribution. System integrity is also defined in the

Orange Book but is an operational assurance requirement, not a life cycle assurance requirement. - Tn3270 is a terminal emulation program for connecting to computers which use IBM 3270 terminals. It supports SSL Version 2, SSL Version 3 and TLS version 1. TN3270 Plus also supports up to 128-bit encryption. Most TN3270 servers today has support for secured connections over SSL or SSH. - Controlled Access Protection is Level C2 - 5 rules of evidence:

* complete * authentic * accurate * convincing * admissible

- SABSA : chain of traceability - Bell-laPadula (confidentiality / disclosure) vs biba (integrity / accuracy) - trusted computing base : totality of protection mechanisms within computer system - due diligence : compliance - PR : not essential in BIA but important in BCP - Common Criteria evaluations are performed on computer security products and systems.

● Target Of Evaluation (TOE) - the product or system that is the subject of the evaluation.

The evaluation serves to validate claims made about the target. To be of practical use, the evaluation must verify the target's security features. This is done through the following:

● Protection Profile (PP) - a document, typically created by a user or user community, which identifies security requirements for a class of security devices (for example, smart cards used to provide digital signatures, or network firewalls) relevant to that user for a particular purpose. Product vendors can choose to implement products that comply with one or more PPs, and have their products evaluated against those PPs. In such a case, a PP may serve as a template for the product's ST (Security Target, as defined below), or the authors of the ST will at least ensure that all requirements in relevant PPs also appear in the target's ST document. Customers looking for particular types of products can focus on those certified against the PP that meets their requirements.

● Security Target (ST) - the document that identifies the security properties of the target of evaluation. It may refer to one or more PPs. The TOE is evaluated against the SFRs (see below) established in its ST, no more and no less. This allows vendors to tailor the evaluation to accurately match the intended capabilities of their product. This means that a network

firewall does not have to meet the same functional requirements as a database management system, and that different firewalls may in fact be evaluated against completely different lists of requirements. The ST is usually published so that potential customers may determine the specific security features that have been certified by the evaluation.

● Security Functional Requirements (SFRs) - specify individual security functions which may be provided by a product. The Common Criteria presents a standard catalogue of such functions. For example, an SFR may state how a user acting a particular role might be authenticated. The list of SFRs can vary from one evaluation to the next, even if two targets are the same type of product. Although Common Criteria does not prescribe any SFRs to be included in an ST, it identifies dependencies where the correct operation of one function (such as the ability to limit access according to roles) is dependent on another (such as the ability to identify individual roles).

The evaluation process also tries to establish the level of confidence that may be placed in the product's security features through quality assurance processes:

● Security Assurance Requirements (SARs) - descriptions of the measures taken during development and evaluation of the product to assure compliance with the claimed security functionality. For example, an evaluation may require that all source code is kept in a change management system, or that full functional testing is performed. The Common Criteria provides a catalogue of these, and the requirements may vary from one evaluation to the next. The requirements for particular targets or types of products are documented in the ST and PP, respectively.

● Evaluation Assurance Level (EAL) - the numerical rating describing the depth and rigor of an evaluation. Each EAL corresponds to a package of security assurance requirements (SARs, see above) which covers the complete development of a product, with a given level of strictness. Common Criteria lists seven levels, with EAL 1 being the most basic (and therefore cheapest to implement and evaluate) and EAL 7 being the most stringent (and most expensive). Normally, an ST or PP author will not select assurance requirements individually but choose one of these packages, possibly 'augmenting' requirements in a few areas with requirements from a higher level. Higher EALs do not necessarily imply "better security", they only mean that the claimed security assurance of the TOE has been more extensively verified.

- Packages (Common Criteria) According to the Common Criteria, an intermediate combination of security requirement components is termed a package. The package permits the expression of a set of either functional or assurance requirements that meet some

particular need, expressed as a set of security objectives. A package may be used in the construction of more complex packages or Protection Profiles and Security Targets - A Protection Profile (PP) is a document used as part of the certification process according to the Common Criteria (CC). As the generic form of a Security Target (ST), it is typically created by a user or user community and provides an implementation independent specification of information assurance security requirements. A PP is a combination of threats, security objectives, assumptions, security functional requirements (SFRs), security assurance requirements (SARs) and rationales. - Capability Maturity Model CMM :

* initial : processes are reactive, poorly controlled, unpredictable * reproducible: processes characterised for projects, not organisation wide,

still reactive * defined : organisation wide characterization, proactive * managed : metrics and measurements of processes * optimization : process improvement

- MOM = means, opportunity, motive - Tactical security plans : mid-term plans, eg rolling out new security policy - Transport mode usually used when communications terminates at end points. Tunnel mode usually used at gateway to give access to internal systems - Common criteria > protection profiles > common set of functional and assurance requirements for a category of vendor products in a particular enviornment - Hardware RAID implementation is usually platform independent - Test environment using live workloads The best way to properly verify an application or system during a stress test would be to expose it to "live" data while in a testing environment. Fabricated test data may not be as varied, complex or computationally demanding as "live" data. A production environment should never be used to test a product, as a production environment is one where the application or system is being put to commercial use. It is a best practice to perform testing in a non-production environment - From a security standpoint, a compiled program is less desirable than an interpreted one because malicious code can be resident somewhere in the compiled code, and it is difficult to detect in a very large program. - CCTV :

* visual assessment of incidents * surveillance * deterrence * evidential archives

- The invocation property is unique to the BIBA model - Database shadowing: copying an entire database or updating records in multiple locations to ensure fault-tolerance

- L2TP alone does not guarantee encryption - Bell laPadula : * (star) property ensures no write down - Biba : * (star) property ensures no write up - The Orange book requires Hardware and/or software features shall be provided that can be used to periodically validate the correct operation of the on-site hardware and firmware elements of the TCB for System Integrity. - The Federal Sentencing Guidelines for Organisations require that an organisation provides ethics training - Competitive intelligence attack is a business attack, loss of trade secrets and so on. - Inappropriate disclosure is a confidentiality, not an integrity goal. - FIPS 140 is the standard for the security of hardware / software cryptographic modules - System high security policy means that all users in that system are cleared to view the most highly classified info on the system - Two-man control: Two individuals review and approve the work of each other. (detective or preventative) - Dual control: Both individuals are needed to perform a task (detective or preventative). Separation of duties enables dual control - Elements of a physical protection system:

* deter * detect * delay * responsd

- Brewer-Nash a.k.a chinese wall model, prevents disclosure to competitors - High-rate Digital Subscriber Line (HDSL) delivers 1.544 Mbps of bandwidth each way over two copper twisted pairs. SDSL also delivers 1.544 Mbps but over a single copper twisted pair. - Due care is not related to profit - An identity-based access control is an example of discretionary access control that is based on an individual's identity. Task-based and role-based access controls are examples of non-discretionary access controls. Rule-based access control is another example. - Note: Mandatory Access Controls use labels. If rules exist without labels, it cannot be MAC, must be NDAC - Referential Integrity requires that for any foreign key attribute, the referenced relation must have a tuple with the same value for its primary key. - Security testing and trusted distribution are needed for Life-Cycle Assurance - Graham-Denning : sets of objects, subjects and rights, concerned with how subjects are assigned rights, how objects are created - Circumstantial evidence is defined as inference of information from other, intermediate, relevant facts

- Symmetric stream lends itself best to implementation in hardware. Stream ciphers can be designed to be exceptionally fast. This requires more processing power than block ciphers require, which is why stream ciphers are better suited to be implemented at the hardware level. - Business Impact analysis identifies the exposures to loss to the organisation - The primary key must contain a non-null value to uniquely identify the tuple - Cryptography does not directly support availability, does not directly support authenticity either. - Access controls support CIA triad. - Provide message integrity:

1. Create checksum 2. append 3. encrypt and send

- Provide authentication and integrity: as above but encrypt with private key

- Hot site is not instantly available - rame relay and X.25 are both examples of packet-switching technologies - ISDN and PPP are examples of circuit-switching technologies - Running key cipher is based on modular arithmetic - Non repudation is provided by the asymmetric private key since in theory only 1 person should know this - Non repudation is considered a preventative control - IGMP has a protocol value of 2 - ICMP has an IP protocol value of 1 - TCP has an IP protocol value of 6 - UDP has an IP protocol value of 17 - An authentication system should not return information on which part of the auth control failed - The more a key is used, the shorter it’s lifetime should be - Cable length is the most common failure issue with twisted pair cabling. - PPP : support of multiple network types over the same serial link - Users can obtain certificates with various levels of assurance. Here is a list that describe each of them:

* Class 1/Level 1 for individuals, intended for email, no proof of identity

* Class 2/Level 2 is for organizations and companies for which proof of identity is required

* Class 3/Level 3 is for servers and software signing, for which independent verification and checking of identity and authority is done by the issuing certificate authority * Class 4 for online business transactions between companies * Class 5 for private organizations or governmental security

- IDEA = 128 bits

- iris scanners must be positioned so as not to allow sunlight to enter the aperture - Kerberos primarily provides authentication (authorization provided by other subsytems) - diverse routing : routes traffic through split cable facilities or duplicate cable facilities. This can be accomplished with different and/or duplicate cable sheaths. With diverse routing, you can protect not only against cable failure but also against local exchange failure as there are two separate routes from two exchanges to your site. alternative routing : is a method of routing information via an alternate medium such as copper cable or fiber optics. This involves use of different networks, circuits or end points should the normal network be unavailable. Alternative routing provides two different cables from the local exchange to your site, so you can protect against cable failure as your service will be maintained on the alternative route. - Monitoring techniques include Intrusion detection, Penetration testing and Violation processing using clipping levels. - A memory dump can be admitted as evidence if it acts merely as a statement of fact. (identifies system state) - DSS (decision support system) emphasizes flexibility in the decision-making approach of users. It is aimed at solving less structured problems, combines the use of models and analytic techniques with traditional data access and retrieval functions and supports semi-structured decision-making tasks - The RAID Advisory Board has defined three classifications of RAID:

* Failure Resistant Disk Systems (FRDSs) * Failure Tolerant Disk Systems * Disaster Tolerant Disk Systems.

- The broad categories for security standards in the OSI architecture are: ● Security Attack: Any action that compromise the security of information

owned by an organization.

● Security Mechanism: A process that is designed to detect, prevent or recover from a security attack. And security mechanism is a method which is used to protect your message from unauthorized entity.

- Specific Security Mechanisms: Encipherment (encryption) Digital signature mechanisms Access control mechanisms Data integrity mechanisms Authentication exchange mechanism Traffic padding mechanism Routing control mechanism Notarization mechanism (assurance : eg CA) - Pervasive Security Mechanisms:

Trusted functionality Security labels Event detection Security audit trail Security recovery

● Security Services: Security Services is the services to implement security policies and implemented by security mechanism.

Basic security services defined: * authentication * access control * data confidentiality * data integrity * non-repudation * availability service

- Typically estimating the cost of changes requested is not included in change maintenance (change control) phase - Consulting local fire safety codes is one of the most important fire safety steps - Wet chemical vs Kitchen/grease fire - FE-13 considered best alternative the halon, breathable up to 30% concentration - open system is not open source. open system = built from industry standard parts - PROM : only programmable once - EPROM : erasable programmable ROM, uses UV to erase - EEPROM : electrically erasable PROM - In building construction, a plenum is a separate space provided for air circulation for heating, ventilation, and air-conditioning (sometimes referred to as HVAC) and typically provided in the space between the structural ceiling and a drop-down ceiling. A plenum may also be under a raised floor. In buildings with computer installations, the plenum space is often used to house connecting communication cables. Because ordinary cable introduces a toxic hazard in the event of fire, special plenum cabling is required in plenum area - ECB is the best encryption mode for databases since data within a file does not need to be encrypted in any certain order (ECB : same plaintext = same ciphertext) - Normalization is an important part of database design that ensures that attributes in a table depend only on the primary key, reducing duplicity - Hearsay evidence must be generated / collected in the normal, regular conduct of business - Token ring is more fault-tolerant than ethernet - BCP committee does not need to include HR

- Hacking is usually classed as a human threat to IT systems - Call-back authentication methods require fixed numbers hence not appropriate for mobile users - The Digital Linear Tape (DLT) is only 0.498 inches in size, yet the compression techniques and head scanning process make it a large capacity and fast tape - The Secure Electronic Transaction (SET) protocol developed by vias and masterdcar, uses digital signatures, and requires two pairs of asymmetric keys and two digital certificates - Fraggle vs Smurf = UDP vs ICMP - Security modes of operation (MAC):

Signed NDA for

Proper clearance for

Formal access approval for

A valid need to know fo

Dedicated security mode

ALL information on the system.

ALL information on the system.

ALL information on the system.

ALL information on the system.

System high security mode

ALL information on the system

ALL information on the system

ALL information on the system

SOME information on the system

Compartmented / partitioned security mode

ALL information on the system

ALL information on the system

SOME information on the system

SOME information on the system

Multilevel security mode

ALL information on the

SOME information on the

SOME information on the

SOME information on the

system system system system

Multilevel : highest risk Partitioned : aka controlled security mode - DAT : digital audio tape : allows for audio + data backup - TCB assures that system meets security requirements sufficiently and effectively, but not necessarily efficiently - A relational database model has three parts:

* Data structures called tables or relations * Integrity rules on allowable values and value combinations in the tables * Operators on the data in the tables

- The spiral model is actually a meta-model that incorporates a number of the software development models. - Non-discretionary access control is lattice-based access control. To apply this concept to access control, the pair of elements is the subject and object, and the subject has to have an upper bound equal or higher than the object being accessed. - SQL is considered a data definition language - TACACS+ is a total new protocol and incompatible with TACACS. Allows the use of two-factor auth, user changing passwords - PGP uses symmetric encryption - ESP authentication capabilities are limited due to non-inclusion of IP header info in authentication process - Incident handling:

1. Analyse information, raise incident, determine to what extent systems and data is compromised (identify)

2. Communicate to parties 3. Collect / record info 4. Contain 5. Recover

- Corrective controls are concerned with remedying circumstances and restoring controls whereas recovery controls are concerned with restoring resources, capabilities or losses. Compensating controls are alternative controls, used to compensate weaknesses in other controls and preventive controls are concerned with avoiding occurrences of risks. - A chosen-ciphertext attack is one in which cryptanalyst may choose a piece of ciphertext and attempt to obtain the corresponding decrypted plaintext. This type of attack is generally most applicable to public-key cryptosystems. - Cross certification : creating trust between PKI - Risk is the likelihood of a threat exploiting a vulnerability - Tunnel mode is most commonly used between gateways, or at an end-station to a gateway, the gateway acting as a proxy for the hosts behind it.

Transport mode is used between end-stations or between an end-station and a gateway, if the gateway is being treated as a host—for example, an encrypted Telnet session from a workstation to a router, in which the router is the actual destination. Basically transport mode should be used for end-to-end sessions and tunnel mode should be used for everything else. (Refer to the figure for the following discussion.) - blowfish is an open, royalty free encryption algorithm - lattice based access control is an example of mandatory access control - assurance procedures ensure that technical controls conform to the security policy and that they are correctly implemented - testing using live data is not recommended since it does not cover the full range of possible inputs - C2 introduces object reuse protection - only A1 has formal definitions of roles - 1500v minimum static electricity to cause HDD damage - Kerberos does not address availability - ssh operates at transport layer like SSL. Remember SSH tunnelling (port based) - cmw : compartmented mode workstation, provides a trusted workstation or OS. Depends on information labels, which are similar to sensitivity labels but include controls to run as a trusted computer - motion sensor categories : passive infrared, microwave, ultrasonic, NOT photoelectric - database definitions:

Table - relation Column - attribute Row - tuple Cardinality - no of rows Degree - no of column

- transaction oriented processing = atomicity = all or none - ISE 27001 code of practice for operations security. - ISO 27002 specs for ISMS .. Information security management System, basis for audit and certification - change management : approval (what) - configuration management : documentation (how) - BIA ... Primary obj is to determine MTD max tolerable downtime. Includes two processes 1. Identify critical assets 2. Perform risk assessment - after BIA, identify the preventative measures. This is when rto is identified - MTD = rto + wrt - S/MIME is a public key system , uses certificates signed by CAs, but responsibility of keeping certificates up to date and

encrypting/decrypting outgoing/incoming messages is local to each client so it is considered a public hybrid system - Host.equiv unix : authorized / trusted hosts or users, no need for passwords - Chief among the documents is the Trusted Network Interpretation (the Red Book), which covers networks and network components. Another important book is the Trusted Database Management System Interpretation (the Lavender Book), interpreting Orange Book requirements for DBMS products. Other books include the Password Management Guideline (Green Book) - Weakness of callback systems : call forwarding - All recovery plans become obsolete quickly. Should be tested at least once a year minimum - WAP protocol stack:

WDP = wireless datagram protocol - In MAC, the sensitivity label contains the classification and category (need to know) - The exclusionary rule mentions that evidence must be gathered legally or it can't be used. The best evidence rule concerns limiting potential for alteration. - Public Key Cyrpto Standards PKCS #1 RSA Cryptography Standard Defines the mathematical properties and format of RSA public and private keys (ASN.1-encoded in clear-text), and the basic algorithms and encoding/padding schemes for performing RSA encryption, decryption, and producing and verifying signatures. PKCS #3 Diffie-Hellman Key Agreement Standard A cryptographic protocol that allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. PKCS #5 Password-based Encryption Standard See RFC 2898 and PBKDF2.

PKCS #6 Extended-Certificate Syntax StandardDefines extensions to the old v1 X.509 certificate specification. Obsoleted by v3 of the same. PKCS #7 Cryptographic Message Syntax Standard Used to sign and/or encrypt messages under a PKI. Used also for certificate dissemination (for instance as a response to a PKCS#10 message). Formed the basis for S/MIME, which is as of 2010 based on RFC 5652, an updated Cryptographic Message Syntax Standard (CMS). Often used for single sign-on. PKCS #8 Private-Key Information Syntax Standard. Used to carry private certificate keypairs (encrypted or unencrypted). PKCS #9 Selected Attribute Types Defines selected attribute types for use in PKCS #6 extended certificates, PKCS #7 digitally signed messages, PKCS #8 private-key information, and PKCS #10 certificate-signing requests. PKCS #10 Certification Request Standard See RFC 2986. Format of messages sent to a certification authority to request certification of a public key. See certificate signing request. PKCS #11 Cryptographic Token Interface (Cryptoki) An API defining a generic interface to cryptographic tokens (see also Hardware Security Module). Often used in single sign-on, Public-key cryptography and disk encryption[1] systems. PKCS #12 Personal Information Exchange Syntax Standard Defines a file format commonly used to store private keys with accompanying public key certificates, protected with a password-based symmetric key. This container format can contain multiple embedded objects, such as multiple certificates. Usually protected/encrypted with a password. Usable as a format for the Java key store. Usable by Tomcat, but not by Apache. PKCS #13 Elliptic Curve Cryptography Standard PKCS #14 Pseudo-random Number Generation PKCS #15 Cryptographic Token Information Format Standard - "First generation firewall" packet filtering firewall - "Second generation firewall" proxy (application layer firewall, circuit level proxy, or application proxy ) - "Third generation firewall" stateful Firewall - "Fourth generation firewall" dynamic packet filtering firewalls - CHAP is not used in IKE/IPSEC - Revision Tables:

- ISC code of ethics: Protect society, the commonwealth, and the infrastructure

● Promote and preserve public trust and confidence in information and systems.

● Promote the understanding and acceptance of prudent information security measures.

● Preserve and strengthen the integrity of the public infrastructure. ● Discourage unsafe practice.

Act honorably, honestly, justly, responsibly, and legally ● Tell the truth; make all stakeholders aware of your actions on a timely

basis. ● Observe all contracts and agreements, express or implied. ● Treat all members fairly. In resolving conflicts, consider public safety and

duties to principals, individuals, and the profession in that order. ● Give prudent advice; avoid raising unnecessary alarm or giving

unwarranted comfort. Take care to be truthful, objective, cautious, and within your competence.

● When resolving differing laws in different jurisdictions, give preference to the laws of the jurisdiction in which you render your service.

Provide diligent and competent service to principals ● Preserve the value of their systems, applications, and information. ● Respect their trust and the privileges that they grant you. ● Avoid conflicts of interest or the appearance thereof. ● Render only those services for which you are fully competent and qualified.

Advance and protect the profession ● Sponsor for professional advancement those best qualified. All other things

equal, prefer those who are certified and who adhere to these canons. Avoid professional association with those whose practices or reputation might diminish the profession.

● Take care not to injure the reputation of other professionals through malice

or indifference. ● Maintain your competence; keep your skills and knowledge current. Give 

generously of your time and knowledge in training others.