CISSP COURSE - Cloudinary · PDF filereproduction prohibited overview isc2 requirements on individuals these include: • background • five years experience in any of the 10 domains

Reproduction prohibited

CISSP COURSEPART 1

ENTREPRENEUR | CISO ADVISOR | CYBERFEMINIST | PEERLYST BRAND

AMBASSADOR | TOP 50 CYBER INFLUENCER | @RESPONSIBLE CYBER

MAGDA LILIA CHELLY

1


OVERVIEW

ISC2 REQUIREMENTS ON INDIVIDUALS

THESE INCLUDE:

• BACKGROUND

• FIVE YEARS EXPERIENCE IN ANY OF THE 10 DOMAINS OR FOUR YEARS EXPERIENCE AND

A COLLEGE DEGREE

• TEST FEE

• APPROVED APPLICATION

• AGREEMENT TO THE ISC2 CODE OF ETHICS

2


DOMAINS

THE 8 DOMAINS ARE:

1. SECURITY AND RISK MANAGEMENT

2. ASSET SECURITY

3. SECURITY ENGINEERING

4. COMMUNICATION AND NETWORK SECURITY

5. IDENTITY AND ACCESS MANAGEMENT

6. SECURITY ASSESSMENT AND TESTING

7. SECURITY OPERATIONS

8. SOFTWARE DEVELOPMENT SECURITY

3

Reproduction prohibited4

SECURITY AND RISK MANAGEMENT


SECURITY & RISK MANAGEMENT

5

• Confidentiality: Ensures that information

is not compromised or shared.

• Integrity: Ensures that data is not

damaged or modified.

• Availability: Ensures that information is

always available when needed.

Availability



6

Identification

Authentication

Authorization

Auditing

Accounting

Username

Password

Access rights

Logs

Review



7

NONREPUDIATION The subject of an

activity or event is not in measure to deny that the

event happened

DATA HIDING The data is prevented from

access



8

Data Owner responsible for classifying information

Data Custodian responsible for prescribed protection implementation

DUE CARE Doing the right thing

DUE DILIGENCE Continuing to do the right thing



9

SECURITY MANAGEMENT Strategic (Long term

plan with goals, mission, and objectives), tactical

(Midterm plan with detailed goals), and operational plans

(Short term plan)



10

Procedures

Guidelines

Standards

PoliciesSecurity governance practicesdefining, and directing the security efforts



11

CONTROL OBJECTIVES FOR INFORMATION & RELATED

TECHNOLOGY (COBIT) security concept

infrastructure



12

The annual costs of safeguards

should not exceed the expected

annual cost of asset loss.



13

A quantitative risk analysis

calculates the ALE, which is

the annual loss of an

asset if expected threats are

realized.



14



15

Delphi Risk Analysis

• Group discussion method

• Opinion

• Comments are written anonymously

• Consent



16

Property Quantitative Qualitative

Financial costs

Automated

History

Without calculations

Low history required

Easy

Smooth communication



17



18

Control types are:

• Preventive• Detective• Corrective• Deterrent• Recovery• Directive• Compensative

Co

ntr

ols Administrative

Logical

Physical



19

Employees & hiring process should take in consideration:

• Collusion

• Screening

• Background checks

• Security clearances

• Employment agreements

• Nondisclosure agreements



20

Separation of duties Critical task division between

several employees

Least Privilege Minimum access

Job Rotation Rotate personnel

Mandatory vacations One or two weeks of vacation



21

Criminal law Protect basic principles

Civil law Protect transactions between people and

organizations

Administrative law Protect day-to-day operations



22

Copyrights Authorship protection

Trademarks Names, and logos protection

Patents Invention protection

Trade secret Company’s operation protection

©

™®



23


ASSET SECURITY


ASSET SECURITY

25

Personally identifiable information (PII) Data that

can identify an individual

Protected health information (PHI) Health-related

data related to an individual



26

Top Secret

Secret

Confidential

Sensitive but Unclassified

Unclassified

Confidential / Private

Sensitive

Public



27

Sanitization represents processes

removing data from a system or from

media.

Data remanence is the data that stays

on a hard drive as residual magnetic

flux.



28

Degaussing is the process of reducing or eliminating an unwanted

magnetic field (or data) stored on tape and disk media.

Erasing media is deleting data.

Clearing, or overwriting, is preparing media for reuse.

Purging is a more intense form of clearing.



29

To remove data from solid state drives (SSDs), commonly is used

destruction.


ASSET SECURITY

30

The EU Data Protection law enforce protection of privacy

data.

Safe Harbor principles is a method of ensuring that third

parties are complying with the EU Data Protection law.

The seven principles are notice, choice, onward transfer,

security, data integrity, access, and enforcement.


SECURITY ENGINEERING



32

Work function, or work factor Strength of a

cryptography system



33

• Fixed-length output

• One-way

• Functionality

• Collision free



34

Zero-knowledge proof communication concept with no real data transfer, example digital signature

Split knowledgeMultiple users required to perform the operation



35

(n*n)-1/2 n



36



37

Digital Signature Standard (DSS)

SHA-1 and SHA-2 message digest functions

+

One encryption algorithms (Digital Signature Algorithm (DSA);Rivest, Shamir, Adleman (RSA); or Elliptic Curve DSA (ECDSA) )



38



39



40

Certification Technical evaluation

Accreditation Process of formal acceptance



41

CPU classification

• Multitasking: A single processor

• Multiprogramming: A single processor

• Multiprocessing: Multiple processors



42

Dedicated systems all users have clearance, access

permissions, and need to know for all data

System high mode No need-to-know

Compartmented No need-to-know & no access

permission requirement

Multilevel mode Removes all three requirements



43

TCSEC Trusted Computer System Evaluation Criteria

(TCSEC), United States Government Department of Defence

ITSEC Information Technology Security Evaluation

Criteria, by the Commission of the European Communities

TCB Trusted computing base (hardware, firmware,

and/or software components)



44

The Reference Monitor

Part of the TCB

Validates access to resource

Rings of protection work with TCB

File

Subject

Reference

Monitor

Object

Security Kernel



45

Ring 0: OS Kernel/Memory

Ring 1: Others OS Components

Ring 2: Drivers, Protocols

Ring 3: User-Level programs

and applications



46

BRING YOUR OWN DISASTER

BYOD

NO, NO, NO :p

BRING YOUR OWN DEVICE



47

A covert channel Method that is used to transfer information but that is not normally used for information.



48

Buffer overflow, no, no, no not Buffalo Flow …

Size check failure and memory data writing



49

Time-of-check-to-time-of-use or TOCTTOU

Watch the state of data or resources



50

Physical Security

A MUSTSite management, personnel controls, awareness training, and emergency response andprocedures



51

Technical physical controls

Intrusion detection, alarms, CCTV, monitoring, HVAC, power supplies, and fire detection and suppression



52

The humidity should be between 40% to 60%.

The temperature should be between 10 and 26 Celsius or 50-80 Fahrenheit.



53

Physical controls

Fencing, lighting, locks, construction materials, mantraps, dogs, andguards



54

PREVENTATIVE CONTROLSNo internal or external access

DETECTIVE CONTROLSTrack an unauthorized transaction

CORRECTIVE CONTROLSRecover or restore operations

DETERRENT CONTROLSUsed to encourage or increase compliance



55


COMMUNICATION & NETWORK SECURITY



57

TCP/IP is similar to the OSI model



58

• Transfer of bits

Example of equipment:

• Network interface controller

• Repeater

• Ethernet hub

• Modem

• Fiber media converter

PHYSICAL LAYER



59

• Combines bits into bytes and bytes into frames

• Uses MAC addresses

• Error detection

Sub-Layers:

• Logical link control sublayer

• Media access control sublayer

Example of equipment:

• Bridges

• Layer 2 switches = multi-port bridges DATA LAYER



60

• Serial Line Internet Protocol (SLIP)

• Point-to-Point Protocol (PPP)

• Address Resolution Protocol (ARP)

• Reverse Address Resolution Protocol (RARP)

• Layer 2 Forwarding (L2F)

• Layer 2 Tunnelling Protocol (L2TP)

• Point-to-Point Tunnelling Protocol (PPTP)

• Integrated Services Digital Network (ISDN)

DATA LAYER



61

• Logical addressing

NETWORK LAYERExample of equipment:

• Router

• Switches



62

L2 switch Switching only

It uses MAC addresses to switch the packets from a port to the destination

port

L3 switch Switching, IP addresses & routing

For intra-VLAN communication, it uses the MAC address table. For extra-

VLAN communication, it uses the IP routing table.



63

• Internet Control Message Protocol (ICMP)

• Routing Information Protocol (RIP)

• Open Shortest Path First (OSPF)

• Border Gateway Protocol (BGP)

• Internet Group Management Protocol (IGMP)

• Internet Protocol (IP)

• Internet Protocol Security (IPSec)

• Internetwork Packet Exchange (IPX)

• Network Address Translation (NAT)

• Simple Key Management for Internet Protocols (SKIP)

NETWORK LAYER



64

• Transmission Control Protocol (TCP)

• User Datagram Protocol (UDP)

• Sequenced Packet Exchange (SPX)

• Secure Sockets Layer (SSL)

• Transport Layer Security (TLS)

TRANSPORT LAYER



65Source: https://en.wikipedia.org/wiki/Transport_layer



66

• Authentication• Authorization• Session restoration

• Network File System (NFS)

• Structured Query Language (SQL)

• Remote Procedure Call (RPC)

SESSION LAYER



67

• Data Presentation/Translation, example XML, PHP, GIF, and JPEG • Encryption • Compression

PRESENTATION LAYER

‘’For example, HyperText Transfer Protocol (HTTP), usually presented as

an application-layer protocol, uses presentation-layer features to display

data.’’



68

• American Standard Code for Information Interchange (ASCII)

• Extended Binary-Coded Decimal Interchange Mode (EBCDICM)

• Tagged Image File Format (TIFF)

• Joint Photographic Experts Group (JPEG)

• Moving Picture Experts Group (MPEG)

• Musical Instrument Digital Interface (MIDI)

PRESENTATION LAYER



69

• User interface for applications



70

• Hypertext Transfer Protocol (HTTP)

• File Transfer Protocol (FTP)

• Simple Mail Transfer Protocol (SMTP)

• Telnet

• Trivial File Transfer Protocol (TFTP)

• Post Office Protocol version 3 (POP3)

• Internet Message Access Protocol (IMAP)

• Simple Network Management Protocol (SNMP)



71

Frame

Data packetDestination

address

Source

addressType

Frame check

sequence

6 bytes 6 bytes 2 bytes 46–1500 bytes 4 bytes



72

TCP/IP Model

coaxial, fiber optic, wireless

Networkaccess andlocalnetwork

UDP

Internet

Host-to-hostTCP

Process andapplication

Network interface cards

FTP SMTP RIP DNS SNMP

ARP RARP

IP IGMP ICMP



73

IPv4 (32 bits) vs IPv6 (128 bits)



74

IPv6 application rules

Initial address: 2008:0cb9:0000:0000:0000:ee00:0052:7329

After removing all leading zeroes:

2008:0cb9:0:0:0:ee00:0052:7329

After omitting consecutive groups of zeroes:

2008:0cb9::ee00:0052:7329

The loopback address, 0000:0000:0000:0000:0000:0000:0000:0001 is equivalent

to ::1



75

Address Class Range and Class Description

A0.0.0.0 to 126.0.0.0

Mask 255.0.0.0First byte defines network

B128.0.0.0 to 192.255.0.0

Mask 255.255.0.0First two bytes define network

C192.0.0.0 to 223.255.255.0

Mask 255.255.255.0First three bytes define network

D 224.0.0.0 to 239.255.255.255 Multicast traffic

E 240.0.0.0 to 255.255.255 Reserved for future use

IP document (RFC 721)



76

ICMP Internet Control Messaging Protocol



77

ARP Address Resolution ProtocolRARP Reverse Address Resolution Protocol

ARP only works between devices in the same IP subnet.



78

The TCP three-way handshakeURG: Urgent data

ACK: Significant acknowledgement number field

PSH: Need to push buffered data to the application

RST: Reset TCP connection

SYN: Synchronize with the new sequence number value

FIN: Final data



79

UDP Protocol

Connectionless protocol

No handshake

Data

Data

Data

Data



80

Service TCP UDP

Reliability

Connection

Congestion Control

Speed



81

20 FTP data

21 FTP control

22 SSH

23 Telnet

25 SMTP

53 DNS

69 TFTP

80 HTTP

110 POP3

119 NNTP

123 NTP

143 IMAP4

443 HTTPS

Well Known ports: 0-1023 for a total of 65535

Example of security practices: Moving SSH off the default

port of 22 will deter some of the non-targeted and script

kiddie type attacks



82Source: http://www.planetoftunes.com



83

Mesh Topology: All workstations are connected to each-

other

• Advantage: Dedicated connection for all workstations.

• Disadvantage: The more wires required for each

connection.

Star Topology: All workstations are connected to the

central equipment

• Advantage: Other workstations can connect easily

without affecting rest of the network.

• Disadvantage: Single point of failure (Central hub or

switch)

Bus Topology: All workstations are connected to a

backbone

• Advantage: Requires less cable length.

• Disadvantage: Single Point of Failure (Backbone)



84

BNCRJ-45

10Base2

10BaseT



85

Twisting wires helps

reduce the effect of

stray capacitance, noise

and signal loss.



86

Wireless technologies

Wireless encryption standards:

• Wired Equivalent

Privacy (WEP)

• Wi-Fi Protected Access

(WPA)

• WPA2



87

Warwalking: Walking around

Wardriving: Driving around

Warflying: Flying around to look

Warchalking: Drawing of symbols in public

places to advertise an open Wi-Fi network


THANK YOU !

PLEASE FEEL FREE TO ASK QUESTIONS OR SHARE YOUR TIPS

88

Documents

CISSP COURSE - Cloudinary · PDF filereproduction prohibited overview isc2 requirements on individuals these include: • background • five years experience in any of the 10 domains