Security Engineering 4. Communications and Network Security 5. Identity and Access Management 6. Security and Assessment Testing 7. Security Operations 8. Each chapter includes information on exam objectives, exam warnings, and the top five toughest questions along with their answers.
The only book keyed to the new objectives that has been crafted for last minute cramming Easy to find, essential material with no fluff — this book does not talk about security in general, just how it applies to the test Includes review of five toughest questions by topic - sure to improve your score. The course is designed to take a practical approach to learn with real-life examples and case studies.
CISSP formalize an information security professional's deep technological and managerial knowledge and experience to efficaciously design, engineer and pull off the overall security positions of an organization. You can cooperate with thought leaders, network with global peers; grow your skills and so much more. The community is always here to support you throughout your career.
The book's 14 chapters provide in-depth discussions of the following topics: systems security; operating system hardening; application security; virtualization technologies; network security; wireless networks; network access; network authentication; risk assessment and risk mitigation; general cryptographic concepts; public key infrastructure; redundancy planning; environmental controls and implementing disaster recovery and incident response procedures; and legislation and organizational policies.
The only book keyed to the new SY objectives that has been crafted for last minute cramming Easy to find, essential material with no fluff — this book does not talk about security in general, just how it applies to the test Includes review of five toughest questions by topic - sure to improve your score.
The book begins with a review of important concepts that are needed for successful operating system installation. The hardware must provide confidentiality, integrity, and availability for processes, data, and users.
The motherboard contains hardware including the CPU, memory slots, firmware, and peripheral slots, such as peripheral component interconnect slots. The keyboard unit is the external keyboard. Ultimately, everything a computer does is mathematical: adding numbers, which can be extended to subtraction, multiplication, division, etc.
CPUs are rated by the number of clock cycles per second. Fetch Instruction 1 2. Decode Instruction 1 3. Execute Instruction 1 4. Write save Result 1 These four steps take one clock cycle to complete. Each part is called a pipeline stage; the pipeline depth is the number of simultaneous stages that may be completed at once.
A four-stage pipeline can combine the stages of four other instructions: 1. Fetch Instruction 2, Decode Instruction 1 3. This increases the throughput. A CPU interrupt is a form of hardware interrupt that causes the CPU to stop processing its current task, save the state, and begin processing a new request. When the new task is complete, the CPU will complete the prior task.
A heavyweight process HWP is also called a task. A parent process may spawn additional child processes called threads. A thread is a lightweight process LWP.
Threads are able to share memory, resulting in lower overhead compared to heavy weight processes. Multitasking allows multiple tasks heavyweight processes to run simultaneously on one CPU.
Multiprocessing has a fundamental difference from multitasking: it runs multiple processes on multiple CPUs. Virtual memory provides many functions, including multitasking multiple tasks executing at once on one CPU , swapping, and allowing multiple processes to access the same shared library in memory, among others. It first runs the power-on self-test POST , which performs basic tests, including verifying the integrity of the BIOS itself, testing the memory, and identifying system devices, among other tasks.
Once the POST process is complete and successful, it locates the boot sector for systems that boot off disks , which contains the machine code for the operating system kernel.
The kernel then loads and executes, and the operating system boots up. It is often used to support records retention for legal or regulatory compliance. WORM storage helps assure the integrity of the data it contains; there is some assurance that it has not been and cannot be altered, short of destroying the media itself. Not all computer manufacturers employ TPM chips, but the adoption has steadily increased. The TPM chip allows for hardware-based cryptographic operations.
Security functions can leverage the TPM for random number generation; the use of symmetric, asymmetric, and hashing algorithms; and secure storage of cryptographic keys and message digests. The most commonly referenced use case for the TPM chip is ensuring boot integrity. By operating at the hardware level, the TPM chip can help ensure that kernel-mode rootkits are less likely to be able to undermine operating system security. In addition to boot integrity, TPM is also commonly associated with some implementations of full disk encryption.
The two most prominent protections against this attack are data execution prevention DEP and address space location randomization ASLR. Another protection mechanism, ASLR, seeks to make exploitation more difficult by randomizing memory addresses.
For example, imagine an adversary develops a successful working exploit on his or her own test machine. When the code is run on a different system using ASLR, the addresses will change, which will probably cause the exploit to fail.
Operating systems provide memory, resource, and process management. It provides the interface between hardware and the rest of the operating system, including applications. That boot sector contains the beginning of the software kernel machine code, which is then executed. It enforces the system's security policy, such as preventing a normal user from writing to a restricted file, like the system password file.
A Type 1 hypervisor, also called bare metal, is part of an operating system that runs directly on host hardware. A Type 2 hypervisor runs as an application on a normal operating system, such as Windows Many virtualization exploits target the hypervisor, including hypervisor-controlled resources shared between host and guests, or guest and guest. These include cut-andpaste, shared drives, and shared network connections.
As discussed previously, complexity is the enemy of security1; the sheer complexity of virtualization software may cause security problems. Combining multiple guests onto one host may also raise security issues.
Virtualization is no replacement for a firewall; never combine guests with different security requirements such as DMZ and internal onto one host. The risk of virtualization escape is called VMEscape, where an attacker exploits the host OS or a guest from another guest. Many network-based security tools, such as network intrusion detection systems, can be blinded by virtualization. A cloud also implies geographic diversity of computer resources.
The goal of cloud computing is to allow large providers to leverage their economies of scale to provide computing resources to other companies that typically pay for these services based on their usage. IaaS provides an entire virtualized operating system, which the customer configures from the OS on up. PaaS provides a preconfigured operating system and the customer configures the applications.
Finally, SaaS is completely configured, from the operating system to applications, and the customer simply uses the application. In all three cases, the cloud provider manages hardware, virtualization software, network, backups, etc.
See Table 3. Private clouds house data for a single organization and may be operated by a third party or by the organization itself.
Benefits of cloud computing include reduced upfront capital expenditure, reduced maintenance costs, robust levels of service, and overall operational cost savings. From a security perspective, taking advantage of public cloud computing services requires strict service level agreements and an understanding of new sources of risk.
Organizations should also negotiate specific rights before signing a contract with a cloud computing provider.
These rights include the right to audit, the right to conduct a vulnerability assessment, and the right to conduct a penetration test, both electronic and physical, of data and systems placed in the cloud.
Rather than achieving highperformance computational needs by having large clusters of similar computing resources or a single high-performance system, such as a supercomputer, grid computing attempts to harness the computational resources of a large number of dissimilar devices. One of the key security concerns with parallel systems is ensuring the maintenance of data integrity throughout the processing.
This shared memory, if not appropriately managed, can expose potential race conditions that introduce integrity challenges. Any system may act as a client, a server, or both, depending on the data needs. Decentralized peer-to-peer networks are resilient; there are no central servers that can be taken offline. Integrity is a key P2P concern. With no central repository of data, what assurance do users have of receiving legitimate data?
Cryptographic hashes are a critical control and should be used to verify the integrity of data downloaded from a P2P network. Thin clients rely on central servers, which serve applications and store the associated data. Thin clients allow centralization of applications and their data, as well as the associated security costs of upgrades, patching, data storage, etc.
Thin clients may be hardware based such as diskless workstations or software based such as thin client applications. We will also discuss countermeasures, or mitigating actions that reduce the associated risk.
The communication channel used by malware installed on a system that locates personally identifiable information PII such as credit card information and sends it to a malicious server is an example of a covert channel.
Two specific types of covert channels are storage channels and timing channels. Attackers will often install a backdoor after compromising a system. There are many types of malicious code; viruses, worms, Trojans, and logic bombs can all cause damage to targeted systems. Zero-day exploits are malicious code ie, a threat for which there is no vendor-supplied patch, meaning there is an unpatched vulnerability.
Also called multipart virus. Worms typically cause damage two ways: first by the malicious code they carry and then the loss of network availability due to aggressive self-propagation.
The term derives from the Trojan horse described in Virgil's poem The Aeneid. Kernel-mode rootkits operate in ring 0 on most operating systems. The original executable is compressed, and a small decompresser is prepended to the executable. Upon execution, the decompresser unpacks the compressed executable machine code and runs it.
Packers are a neutral technology that is used to shrink the size of executables. Many types of malware use packers, which can be used to evade signature-based malware detection. Malware such as worms often contain logic bombs, behaving in one manner, then changing tactics on a specific date and time.
Signaturebased antivirus software uses static signatures of known malware. Heuristic-based antivirus uses anomaly-based detection to attempt to identify behavioral characteristics of malware, such as altering the boot sector. Patching, system hardening, firewalls, and other forms of defense-in-depth mitigate server-side attacks.
Organizations should not allow direct access to server ports from untrusted networks such as the Internet, unless the systems are hardened and placed on DMZ networks. Client-side attacks are difficult to mitigate for organizations that allow Internet access. Clients include word processing software, spreadsheets, media players, Web browsers, etc.
They often fail to prevent client-side attacks. Unlike HTML, which provides a way to display content, applets are executables. The primary security concern is that applets are downloaded from servers, then run locally. Malicious applets may be able to compromise the security of the client. Java applets run in a sandbox, which segregates the code from the operating system.
The sandbox is designed to prevent an attacker who is able to compromise a java applet from accessing system files, such as the password file. They use digital certificates instead of a sandbox to provide security. One of their best-known projects is the OWASP Top 10 project, which provides consensus guidance on what are considered to be the 10 most significant application security risks. In addition to the wealth of information about application security threats, vulnerabilities, and defenses, OWASP also maintains a number of security tools available for free download including a leading interception proxy called the Zed Attack Proxy ZAP.
XML is used on the web, but is not tied to it; XML can be used to store application configuration and output from auditing tools, among other things. Extensible means users may use XML to define their own data formats. SOA is intended to allow multiple heterogeneous applications to be consumers of services. The service can be used and reused throughout an organization rather than built within each individual application that needs the functionality offered by the service.
Services are expected to be platform independent and able to be called in a generic way that is also independent of a particular programming language. The intent is that that any application may leverage the service simply by using standard means available within their programming language of choice.
Services are typically published in some form of a directory that provides details about how the service can be used and what the service provides. Though web services are not the only example, they are the most common example provided for the SOA model. The sheer amount of data that may be housed in a database requires special security consideration.
The word polyinstantiation is based on the Latin roots for multiple poly and instances instantiation. Database polyinstantiation means two rows may have the same primary key, but different data.
These issues occur in multiple realms, including database security. Inference requires deduction. There is a mystery to be solved, and lower level details provide the clues. Aggregation is a mathematical process; a user asks every question, receives every answer, and derives restricted information.
Traditional network-based protection, such as firewalls and intrusion detection systems, are powerless to prevent the initial attack. Technical controls to mitigate infected mobile computers include requiring authentication at OSI model Layer 2 via Another mobile device security concern is the loss or theft of a mobile device, which threatens the confidentiality, integrity, and availability of the device and the data that resides on it.
Backups can assure the availability and integrity of mobile data. Full disk encryption also known as whole disk encryption ensures the confidentiality of mobile device data. Remote wipe capability is another critical control, which describes the ability to erase and sometimes disable a mobile device that is lost or stolen. While it may be known that the data is being transmitted, the content of that data should remain unknown to third parties.
Data in motion moving on a network and data at rest stored on a device, such as a disk may be encrypted for security. Cryptography creates messages with hidden meaning; cryptanalysis is the science of breaking those encrypted messages to recover their meaning. Many use the term cryptography in place of cryptology; however, it is important to remember that cryptology encompasses both cryptography and cryptanalysis. A cipher is a cryptographic algorithm. A plaintext is an unencrypted message.
Encryption converts a plaintext to a ciphertext. Decryption turns a ciphertext back into a plaintext. It is important to note that it does not directly provide availability. Cryptography can also provide authentication, which proves an identity claim.
Additionally, cryptography can provide nonrepudiation, which is an assurance that a specific user performed a specific transaction that did not change.
Confusion means that the relationship between the plaintext and ciphertext should be as confused or random as possible. Cryptographic substitution replaces one character for another; this provides the confusion.
Permutation, also called transposition, provides diffusion by rearranging the characters of the plaintext, anagram-style. Strong encryption destroys patterns.
Any signs of nonrandomness can be clues for a cryptanalyst, hinting at the underlying order of the original plaintext or key. For key-based encryption, it should be very difficult ideally, impossible to convert a ciphertext back to a plaintext without the key. The work factor describes how long it will take to break a cryptosystem decrypt a ciphertext without the key. Secrecy of the cryptographic algorithm does not provide strength; in fact, secret algorithms are often proven quite weak.
Strong crypto relies on math, not secrecy, to provide strength. A polyalphabetic cipher uses multiple alphabets; for example, E substitutes for X one round, then S the next round. Polyalphabetic ciphers attempt to address this issue via the use of multiple alphabets. Combining a key with a plaintext via XOR creates a ciphertext. XORing the same key to the ciphertext restores the original plaintext. XOR math is fast and simple, so simple that it can be implemented with phone relay switches.
Two bits are true or 1 if one or the other exclusively, not both is 1. In other words: if two bits are different, the answer is 1 true. If two bits are the same, the answer is 0 false. XOR uses a truth table, shown in Table 3.
This dictates how to combine the bits of a key and plaintext. Full disk encryption also called whole disk encryption of a magnetic disk drive using software such as BitLocker or PGP Whole Disk Encryption is an example of encrypting data at rest. For example, as we will learn later this chapter, a digital signature provides authentication and integrity, but not confidentiality. Symmetric ciphers are primarily used for confidentiality, and AES is preferable over DES due to its strength and performance.
Symmetric cryptography uses a single key to encrypt and decrypt. Asymmetric cryptography uses two keys, one to encrypt and the other to decrypt. Hashing is a one-way cryptographic transformation using an algorithm, but no key. Table 3. If you encrypt a zip file, then decrypt with the same key, you are using symmetric encryption.
Strengths of this method include speed and cryptographic strength per bit of key; however, the major weakness is that the key must be securely shared before two parties may communicate securely. Some block ciphers can emulate stream ciphers by setting the block size to 1 bit; they are still considered block ciphers.
This ensures that identical plaintexts encrypt to different ciphertexts. Chaining called feedback in stream modes seeds the previous encrypted block into the next block ready for encryption. This destroys patterns in the resulting ciphertext. DES Electronic Code Book mode see below does not use an initialization vector or chaining, and patterns can be clearly visible in the resulting ciphertext.
IBM designed DES, based on their older Lucifer symmetric cipher, which uses a bit block size ie, it encrypts 64 bits each round and a bit key. It may sound like splitting hairs, but that is an important distinction to keep in mind on the exam.
DEA may be the best answer for a question regarding the algorithm itself. It uses no initialization vector or chaining. Identical plaintexts with identical keys encrypt to identical ciphertexts.
Two plaintexts with partial identical portions, such as the header of a letter, encrypted with the same key will have partial identical ciphertext portions. The first encrypted block is an initialization vector that contains random data. One limitation of the CBC mode is that encryption errors will propagate; an encryption error in one block will cascade through subsequent blocks due to the chaining, therefore destroying their integrity. It uses feedback, which is the name for chaining when used in stream modes, to destroy patterns.
CFB uses the previous ciphertext for feedback. The previous ciphertext is the subkey XORed to the plaintext. Since the subkey is not affected by encryption errors, errors will not propagate. CTR mode uses a counter, so this mode shares the same advantages as OFB in that patterns are destroyed and errors do not propagate. However, there is an additional advantage: since the feedback can be as simple as an ascending number, CTR mode encryption can be executed in parallel.
The work factor required to break DES was reasonable in , but advances in CPU speed and parallel architecture have made DES weak to a brute-force key attack today, where every possible key is generated and attempted.
It uses a bit key and bit block size. The IDEA has patents in many countries. AES uses bit with 10 rounds of encryption , bit with 12 rounds of encryption , or bit with 14 rounds of encryption keys to encrypt bit blocks of data. Fifteen AES candidates were announced in August , and the list was reduced to five in August Rijndael was chosen and became AES. Blowfish uses from through bit keys the default is bit to encrypt 64 bits of data. Both are open algorithms, meaning they are unpatented and freely available.
RC5 uses bit testing purposes , bit replacement for DES , or bit blocks. The key size ranges from zero to bits. RC6 was an AES finalist. It is also stronger than RC5, encrypting bit blocks using , , or bit keys. The public key, as its name indicates, is made public, and asymmetric encryption is also called public key encryption for this reason. Anyone who wants to communicate with you may simply download your posted public key and use it to encrypt their plaintext.
Once encrypted, your public key cannot decrypt the plaintext, but your private key can do so. As the name implies, your private key must be kept private and secure. Additionally, any message encrypted with the private key may be decrypted with the public key, as it is for digital signatures, as we will see shortly.
These methods use one-way functions, which are easy to compute one way but are difficult to compute in the reverse direction.
Multiplying the prime number by the prime number results in the composite number 49,, That way is quite easy to compute, as it takes just milliseconds on a calculator. Factoring is the basis of the RSA algorithm. Computing 7 to the 13th power exponentiation is easy on a modern calculator: 96,,, Discrete logarithms apply logarithms to groups, which is a much harder problem to solve.
This one-way function is the basis of the Diffie-Hellman and ElGamal asymmetric algorithms. An attacker who is able to sniff the entire conversation is unable to derive the exchanged key. Diffie-Hellman uses discrete logarithms to provide security. Solving this problem is harder than solving discrete logarithms, so algorithms based on elliptic curve cryptography ECC are much stronger per bit than systems using discrete logarithms and also stronger than factoring prime numbers.
ECC requires less computational resources because it uses shorter keys comparison to other asymmetric methods. Lower-power devices often use ECC for this reason. The strength of asymmetric encryption is the ability to communicate securely without presharing a key. They are called one-way hash functions because there is no way to reverse the encryption.
Common older hash functions include secure hash algorithm 1 SHA-1 , which creates a bit hash and Message Digest 5 MD5 , which creates a bit hash. Assume you are hashing documents that are a megabit long with MD5. Think of the documents as strings that are 1,, bits long, and think of the MD5 hash as a string bits long. The universe of potential 1,,bit strings is clearly larger than the universe of bit strings.
It is the most widely used of the MD family of hash algorithms. MD5 creates a bit hash value based on any input length. MD5 has been quite popular over the years, but there are weaknesses where collisions can be found in a more practical amount of time. MD6 is the newest version of the MD family of hash algorithms, first published in SHA-1 creates a bit hash value. This is what law enforcement officials typically do when tracking a suspect who used cryptography; they obtain a search warrant and attempt to recover the key.
Given enough time, the plaintext will be recovered. This technique may recover a key by tricking the key holder into revealing the key. You may be wondering why you would need the key if you already have the plaintext, but recovering the key would allow you to also decrypt other ciphertexts encrypted with the same key. Encrypting without knowing the key is accomplished via an encryption oracle, or a device that encrypts without revealing the key.
Adaptive-chosen plaintext begins with a chosen plaintext attack in the first round. Adaptive-chosen ciphertext also mirrors its plaintext cousin: it begins with a chosen ciphertext attack in the first round. The cryptanalyst then adapts further rounds of decryption based on the previous round. Known key means the cryptanalyst knows something about the key and can use that knowledge to reduce the efforts used to attack it.
If the cryptanalyst knows that the key is an uppercase letter and a number only, other characters can be omitted in the attack. The plaintexts may differ by a few bits. The pairs are studied to derive information about the key used to create them. Both differential and linear analysis can be combined as differential linear analysis.
This means the sender cannot later deny or repudiate signing the document. Roy wants to send a digitally signed email to Rick. Roy writes the email, which is the plaintext.
He then uses the SHA-1 hash function to generate a hash value of the plaintext. He then creates the digital signature by encrypting the hash with his RSA private key.
Roy then attaches the signature to his plaintext email and hits send. Attack ships on fire off the shoulder of Orion. Roy must have sent the email only Roy knows his private key. This authenticates Roy as the sender. The email did not change. This proves the integrity of the email. If the hashes match, Roy cannot later deny having signed the email. This is nonrepudiation.
If the hashes do not match, Rick knows either Roy did not send it, or that the email's integrity was violated. A digital certificate is a public key signed with a digital signature.
Main objectives of the exam are to be covered concisely with the key concepts that are highlighted. The CISSP certification is considered to be the most prestigious, globally-recognized, vendor neutral exam for the professionals of information security.
Over , professionals are going to be certified worldwide, with many more joining their ranks. All domains are to be covered as concisely and complete as possible, giving the users the best possible chance so that they could ace the examination.
The book is composed of 10 domains of the Common Body of Knowledge and each section, it defines each domain. The only guide you need for last-minute studyingAnswers the toughest questions and highlights core topicsCan be paired with any other study guide so you are completely prepared.
Main objectives of the exam are covered with key concepts highlighted. Fast Facts quickly review fundamentalsExam Warnings highlight particularly tough sections of the examCrunch Time sidebars point out key concepts to rememberDid You Know? The only book keyed to the new objec
0コメント