Upload
duongquynh
View
227
Download
3
Embed Size (px)
Citation preview
Reproduction prohibited
CISSP COURSEPART 1
ENTREPRENEUR | CISO ADVISOR | CYBERFEMINIST | PEERLYST BRAND
AMBASSADOR | TOP 50 CYBER INFLUENCER | @RESPONSIBLE CYBER
MAGDA LILIA CHELLY
1
Reproduction prohibited
OVERVIEW
ISC2 REQUIREMENTS ON INDIVIDUALS
THESE INCLUDE:
• BACKGROUND
• FIVE YEARS EXPERIENCE IN ANY OF THE 10 DOMAINS OR FOUR YEARS EXPERIENCE AND
A COLLEGE DEGREE
• TEST FEE
• APPROVED APPLICATION
• AGREEMENT TO THE ISC2 CODE OF ETHICS
2
Reproduction prohibited
DOMAINS
THE 8 DOMAINS ARE:
1. SECURITY AND RISK MANAGEMENT
2. ASSET SECURITY
3. SECURITY ENGINEERING
4. COMMUNICATION AND NETWORK SECURITY
5. IDENTITY AND ACCESS MANAGEMENT
6. SECURITY ASSESSMENT AND TESTING
7. SECURITY OPERATIONS
8. SOFTWARE DEVELOPMENT SECURITY
3
Reproduction prohibited4
SECURITY AND RISK MANAGEMENT
Reproduction prohibited
SECURITY & RISK MANAGEMENT
5
• Confidentiality: Ensures that information
is not compromised or shared.
• Integrity: Ensures that data is not
damaged or modified.
• Availability: Ensures that information is
always available when needed.
Availability
Reproduction prohibited
SECURITY & RISK MANAGEMENT
6
Identification
Authentication
Authorization
Auditing
Accounting
Username
Password
Access rights
Logs
Review
Reproduction prohibited
SECURITY & RISK MANAGEMENT
7
NONREPUDIATION The subject of an
activity or event is not in measure to deny that the
event happened
DATA HIDING The data is prevented from
access
Reproduction prohibited
SECURITY & RISK MANAGEMENT
8
Data Owner responsible for classifying information
Data Custodian responsible for prescribed protection implementation
DUE CARE Doing the right thing
DUE DILIGENCE Continuing to do the right thing
Reproduction prohibited
SECURITY & RISK MANAGEMENT
9
SECURITY MANAGEMENT Strategic (Long term
plan with goals, mission, and objectives), tactical
(Midterm plan with detailed goals), and operational plans
(Short term plan)
Reproduction prohibited
SECURITY & RISK MANAGEMENT
10
Procedures
Guidelines
Standards
PoliciesSecurity governance practicesdefining, and directing the security efforts
Reproduction prohibited
SECURITY & RISK MANAGEMENT
11
CONTROL OBJECTIVES FOR INFORMATION & RELATED
TECHNOLOGY (COBIT) security concept
infrastructure
Reproduction prohibited
SECURITY & RISK MANAGEMENT
12
The annual costs of safeguards
should not exceed the expected
annual cost of asset loss.
Reproduction prohibited
SECURITY & RISK MANAGEMENT
13
A quantitative risk analysis
calculates the ALE, which is
the annual loss of an
asset if expected threats are
realized.
Reproduction prohibited
SECURITY & RISK MANAGEMENT
14
Reproduction prohibited
SECURITY & RISK MANAGEMENT
15
Delphi Risk Analysis
• Group discussion method
• Opinion
• Comments are written anonymously
• Consent
Reproduction prohibited
SECURITY & RISK MANAGEMENT
16
Property Quantitative Qualitative
Financial costs
Automated
History
Without calculations
Low history required
Easy
Smooth communication
Reproduction prohibited
SECURITY & RISK MANAGEMENT
17
Reproduction prohibited
SECURITY & RISK MANAGEMENT
18
Control types are:
• Preventive• Detective• Corrective• Deterrent• Recovery• Directive• Compensative
Co
ntr
ols Administrative
Logical
Physical
Reproduction prohibited
SECURITY & RISK MANAGEMENT
19
Employees & hiring process should take in consideration:
• Collusion
• Screening
• Background checks
• Security clearances
• Employment agreements
• Nondisclosure agreements
Reproduction prohibited
SECURITY & RISK MANAGEMENT
20
Separation of duties Critical task division between
several employees
Least Privilege Minimum access
Job Rotation Rotate personnel
Mandatory vacations One or two weeks of vacation
Reproduction prohibited
SECURITY & RISK MANAGEMENT
21
Criminal law Protect basic principles
Civil law Protect transactions between people and
organizations
Administrative law Protect day-to-day operations
Reproduction prohibited
SECURITY & RISK MANAGEMENT
22
Copyrights Authorship protection
Trademarks Names, and logos protection
Patents Invention protection
Trade secret Company’s operation protection
©
™®
Reproduction prohibited
SECURITY & RISK MANAGEMENT
23
Reproduction prohibited24
ASSET SECURITY
Reproduction prohibited
ASSET SECURITY
25
Personally identifiable information (PII) Data that
can identify an individual
Protected health information (PHI) Health-related
data related to an individual
Reproduction prohibited
SECURITY & RISK MANAGEMENT
26
Top Secret
Secret
Confidential
Sensitive but Unclassified
Unclassified
Confidential / Private
Sensitive
Public
Reproduction prohibited
SECURITY & RISK MANAGEMENT
27
Sanitization represents processes
removing data from a system or from
media.
Data remanence is the data that stays
on a hard drive as residual magnetic
flux.
Reproduction prohibited
SECURITY & RISK MANAGEMENT
28
Degaussing is the process of reducing or eliminating an unwanted
magnetic field (or data) stored on tape and disk media.
Erasing media is deleting data.
Clearing, or overwriting, is preparing media for reuse.
Purging is a more intense form of clearing.
Reproduction prohibited
SECURITY & RISK MANAGEMENT
29
To remove data from solid state drives (SSDs), commonly is used
destruction.
Reproduction prohibited
ASSET SECURITY
30
The EU Data Protection law enforce protection of privacy
data.
Safe Harbor principles is a method of ensuring that third
parties are complying with the EU Data Protection law.
The seven principles are notice, choice, onward transfer,
security, data integrity, access, and enforcement.
Reproduction prohibited31
SECURITY ENGINEERING
Reproduction prohibited
SECURITY ENGINEERING
32
Work function, or work factor Strength of a
cryptography system
Reproduction prohibited
SECURITY ENGINEERING
33
• Fixed-length output
• One-way
• Functionality
• Collision free
Reproduction prohibited
SECURITY ENGINEERING
34
Zero-knowledge proof communication concept with no real data transfer, example digital signature
Split knowledgeMultiple users required to perform the operation
Reproduction prohibited
SECURITY ENGINEERING
35
(n*n)-1/2 n
Reproduction prohibited
SECURITY ENGINEERING
36
Reproduction prohibited
SECURITY ENGINEERING
37
Digital Signature Standard (DSS)
SHA-1 and SHA-2 message digest functions
+
One encryption algorithms (Digital Signature Algorithm (DSA);Rivest, Shamir, Adleman (RSA); or Elliptic Curve DSA (ECDSA) )
Reproduction prohibited
SECURITY ENGINEERING
38
Reproduction prohibited
SECURITY ENGINEERING
39
Reproduction prohibited
SECURITY ENGINEERING
40
Certification Technical evaluation
Accreditation Process of formal acceptance
Reproduction prohibited
SECURITY ENGINEERING
41
CPU classification
• Multitasking: A single processor
• Multiprogramming: A single processor
• Multiprocessing: Multiple processors
Reproduction prohibited
SECURITY ENGINEERING
42
Dedicated systems all users have clearance, access
permissions, and need to know for all data
System high mode No need-to-know
Compartmented No need-to-know & no access
permission requirement
Multilevel mode Removes all three requirements
Reproduction prohibited
SECURITY ENGINEERING
43
TCSEC Trusted Computer System Evaluation Criteria
(TCSEC), United States Government Department of Defence
ITSEC Information Technology Security Evaluation
Criteria, by the Commission of the European Communities
TCB Trusted computing base (hardware, firmware,
and/or software components)
Reproduction prohibited
SECURITY ENGINEERING
44
The Reference Monitor
Part of the TCB
Validates access to resource
Rings of protection work with TCB
File
Subject
Reference
Monitor
Object
Security Kernel
Reproduction prohibited
SECURITY ENGINEERING
45
Ring 0: OS Kernel/Memory
Ring 1: Others OS Components
Ring 2: Drivers, Protocols
Ring 3: User-Level programs
and applications
Reproduction prohibited
SECURITY ENGINEERING
46
BRING YOUR OWN DISASTER
BYOD
NO, NO, NO :p
BRING YOUR OWN DEVICE
Reproduction prohibited
SECURITY ENGINEERING
47
A covert channel Method that is used to transfer information but that is not normally used for information.
Reproduction prohibited
SECURITY ENGINEERING
48
Buffer overflow, no, no, no not Buffalo Flow …
Size check failure and memory data writing
Reproduction prohibited
SECURITY ENGINEERING
49
Time-of-check-to-time-of-use or TOCTTOU
Watch the state of data or resources
Reproduction prohibited
SECURITY ENGINEERING
50
Physical Security
A MUSTSite management, personnel controls, awareness training, and emergency response andprocedures
Reproduction prohibited
SECURITY ENGINEERING
51
Technical physical controls
Intrusion detection, alarms, CCTV, monitoring, HVAC, power supplies, and fire detection and suppression
Reproduction prohibited
SECURITY ENGINEERING
52
The humidity should be between 40% to 60%.
The temperature should be between 10 and 26 Celsius or 50-80 Fahrenheit.
Reproduction prohibited
SECURITY ENGINEERING
53
Physical controls
Fencing, lighting, locks, construction materials, mantraps, dogs, andguards
Reproduction prohibited
SECURITY ENGINEERING
54
PREVENTATIVE CONTROLSNo internal or external access
DETECTIVE CONTROLSTrack an unauthorized transaction
CORRECTIVE CONTROLSRecover or restore operations
DETERRENT CONTROLSUsed to encourage or increase compliance
Reproduction prohibited
SECURITY ENGINEERING
55
Reproduction prohibited56
COMMUNICATION & NETWORK SECURITY
Reproduction prohibited
COMMUNICATION & NETWORK SECURITY
57
TCP/IP is similar to the OSI model
Reproduction prohibited
COMMUNICATION & NETWORK SECURITY
58
• Transfer of bits
Example of equipment:
• Network interface controller
• Repeater
• Ethernet hub
• Modem
• Fiber media converter
PHYSICAL LAYER
Reproduction prohibited
COMMUNICATION & NETWORK SECURITY
59
• Combines bits into bytes and bytes into frames
• Uses MAC addresses
• Error detection
Sub-Layers:
• Logical link control sublayer
• Media access control sublayer
Example of equipment:
• Bridges
• Layer 2 switches = multi-port bridges DATA LAYER
Reproduction prohibited
COMMUNICATION & NETWORK SECURITY
60
• Serial Line Internet Protocol (SLIP)
• Point-to-Point Protocol (PPP)
• Address Resolution Protocol (ARP)
• Reverse Address Resolution Protocol (RARP)
• Layer 2 Forwarding (L2F)
• Layer 2 Tunnelling Protocol (L2TP)
• Point-to-Point Tunnelling Protocol (PPTP)
• Integrated Services Digital Network (ISDN)
DATA LAYER
Reproduction prohibited
COMMUNICATION & NETWORK SECURITY
61
• Logical addressing
NETWORK LAYERExample of equipment:
• Router
• Switches
Reproduction prohibited
COMMUNICATION & NETWORK SECURITY
62
L2 switch Switching only
It uses MAC addresses to switch the packets from a port to the destination
port
L3 switch Switching, IP addresses & routing
For intra-VLAN communication, it uses the MAC address table. For extra-
VLAN communication, it uses the IP routing table.
Reproduction prohibited
COMMUNICATION & NETWORK SECURITY
63
• Internet Control Message Protocol (ICMP)
• Routing Information Protocol (RIP)
• Open Shortest Path First (OSPF)
• Border Gateway Protocol (BGP)
• Internet Group Management Protocol (IGMP)
• Internet Protocol (IP)
• Internet Protocol Security (IPSec)
• Internetwork Packet Exchange (IPX)
• Network Address Translation (NAT)
• Simple Key Management for Internet Protocols (SKIP)
NETWORK LAYER
Reproduction prohibited
COMMUNICATION & NETWORK SECURITY
64
• Transmission Control Protocol (TCP)
• User Datagram Protocol (UDP)
• Sequenced Packet Exchange (SPX)
• Secure Sockets Layer (SSL)
• Transport Layer Security (TLS)
TRANSPORT LAYER
Reproduction prohibited
COMMUNICATION & NETWORK SECURITY
65Source: https://en.wikipedia.org/wiki/Transport_layer
Reproduction prohibited
COMMUNICATION & NETWORK SECURITY
66
• Authentication• Authorization• Session restoration
• Network File System (NFS)
• Structured Query Language (SQL)
• Remote Procedure Call (RPC)
SESSION LAYER
Reproduction prohibited
COMMUNICATION & NETWORK SECURITY
67
• Data Presentation/Translation, example XML, PHP, GIF, and JPEG • Encryption • Compression
PRESENTATION LAYER
‘’For example, HyperText Transfer Protocol (HTTP), usually presented as
an application-layer protocol, uses presentation-layer features to display
data.’’
Reproduction prohibited
COMMUNICATION & NETWORK SECURITY
68
• American Standard Code for Information Interchange (ASCII)
• Extended Binary-Coded Decimal Interchange Mode (EBCDICM)
• Tagged Image File Format (TIFF)
• Joint Photographic Experts Group (JPEG)
• Moving Picture Experts Group (MPEG)
• Musical Instrument Digital Interface (MIDI)
PRESENTATION LAYER
Reproduction prohibited
COMMUNICATION & NETWORK SECURITY
69
• User interface for applications
Reproduction prohibited
COMMUNICATION & NETWORK SECURITY
70
• Hypertext Transfer Protocol (HTTP)
• File Transfer Protocol (FTP)
• Simple Mail Transfer Protocol (SMTP)
• Telnet
• Trivial File Transfer Protocol (TFTP)
• Post Office Protocol version 3 (POP3)
• Internet Message Access Protocol (IMAP)
• Simple Network Management Protocol (SNMP)
Reproduction prohibited
COMMUNICATION & NETWORK SECURITY
71
Frame
Data packetDestination
address
Source
addressType
Frame check
sequence
6 bytes 6 bytes 2 bytes 46–1500 bytes 4 bytes
Reproduction prohibited
COMMUNICATION & NETWORK SECURITY
72
TCP/IP Model
coaxial, fiber optic, wireless
Networkaccess andlocalnetwork
UDP
Internet
Host-to-hostTCP
Process andapplication
Network interface cards
FTP SMTP RIP DNS SNMP
ARP RARP
IP IGMP ICMP
Reproduction prohibited
COMMUNICATION & NETWORK SECURITY
73
IPv4 (32 bits) vs IPv6 (128 bits)
Reproduction prohibited
COMMUNICATION & NETWORK SECURITY
74
IPv6 application rules
Initial address: 2008:0cb9:0000:0000:0000:ee00:0052:7329
After removing all leading zeroes:
2008:0cb9:0:0:0:ee00:0052:7329
After omitting consecutive groups of zeroes:
2008:0cb9::ee00:0052:7329
The loopback address, 0000:0000:0000:0000:0000:0000:0000:0001 is equivalent
to ::1
Reproduction prohibited
COMMUNICATION & NETWORK SECURITY
75
Address Class Range and Class Description
A0.0.0.0 to 126.0.0.0
Mask 255.0.0.0First byte defines network
B128.0.0.0 to 192.255.0.0
Mask 255.255.0.0First two bytes define network
C192.0.0.0 to 223.255.255.0
Mask 255.255.255.0First three bytes define network
D 224.0.0.0 to 239.255.255.255 Multicast traffic
E 240.0.0.0 to 255.255.255 Reserved for future use
IP document (RFC 721)
Reproduction prohibited
COMMUNICATION & NETWORK SECURITY
76
ICMP Internet Control Messaging Protocol
Reproduction prohibited
COMMUNICATION & NETWORK SECURITY
77
ARP Address Resolution ProtocolRARP Reverse Address Resolution Protocol
ARP only works between devices in the same IP subnet.
Reproduction prohibited
COMMUNICATION & NETWORK SECURITY
78
The TCP three-way handshakeURG: Urgent data
ACK: Significant acknowledgement number field
PSH: Need to push buffered data to the application
RST: Reset TCP connection
SYN: Synchronize with the new sequence number value
FIN: Final data
Reproduction prohibited
COMMUNICATION & NETWORK SECURITY
79
UDP Protocol
Connectionless protocol
No handshake
Data
Data
Data
Data
Reproduction prohibited
COMMUNICATION & NETWORK SECURITY
80
Service TCP UDP
Reliability
Connection
Congestion Control
Speed
Reproduction prohibited
COMMUNICATION & NETWORK SECURITY
81
20 FTP data
21 FTP control
22 SSH
23 Telnet
25 SMTP
53 DNS
69 TFTP
80 HTTP
110 POP3
119 NNTP
123 NTP
143 IMAP4
443 HTTPS
Well Known ports: 0-1023 for a total of 65535
Example of security practices: Moving SSH off the default
port of 22 will deter some of the non-targeted and script
kiddie type attacks
Reproduction prohibited
COMMUNICATION & NETWORK SECURITY
82Source: http://www.planetoftunes.com
Reproduction prohibited
COMMUNICATION & NETWORK SECURITY
83
Mesh Topology: All workstations are connected to each-
other
• Advantage: Dedicated connection for all workstations.
• Disadvantage: The more wires required for each
connection.
Star Topology: All workstations are connected to the
central equipment
• Advantage: Other workstations can connect easily
without affecting rest of the network.
• Disadvantage: Single point of failure (Central hub or
switch)
Bus Topology: All workstations are connected to a
backbone
• Advantage: Requires less cable length.
• Disadvantage: Single Point of Failure (Backbone)
Reproduction prohibited
COMMUNICATION & NETWORK SECURITY
84
BNCRJ-45
10Base2
10BaseT
Reproduction prohibited
COMMUNICATION & NETWORK SECURITY
85
Twisting wires helps
reduce the effect of
stray capacitance, noise
and signal loss.
Reproduction prohibited
COMMUNICATION & NETWORK SECURITY
86
Wireless technologies
Wireless encryption standards:
• Wired Equivalent
Privacy (WEP)
• Wi-Fi Protected Access
(WPA)
• WPA2
Reproduction prohibited
COMMUNICATION & NETWORK SECURITY
87
Warwalking: Walking around
Wardriving: Driving around
Warflying: Flying around to look
Warchalking: Drawing of symbols in public
places to advertise an open Wi-Fi network
Reproduction prohibited
THANK YOU !
PLEASE FEEL FREE TO ASK QUESTIONS OR SHARE YOUR TIPS
88