*Key Management Practices*

- Kerckhoff's law <screenshot>

A cryptosystem should be secure eern if everything about the system, except the key

Advances in kay management

- over web we need to exchange key
- framework is used to send/receive keys is XML
- XML - eXtensible Markup Langauge
- XML- based standards and specifications
- XML Key Management Specfifications2.0(XKMS)
Simplicity , increase security,

*Segregation of Duties*
- a crosscheck to ensure that misuse and abuse of assets, due to innocent mistakes

Key recovery
- Dual control
2 or more peopel required working in cooperation
- Split Knowledge
Specific information know only to one individual that must be combined with
knowledge held by another individual.

Key Escrow storing key with trusted party.

What makes key managmenet secure?

Key Wrapping and key Encrypting keys (KEK)

Key Distribution Centers (KDC)
-Master Key (static)
-session key (dynamnic)
-Each user has its own master key

Keys storage and destruction

Key Escrow (Key Recovery)

Ensring a thirdparty maintains a copy of private key or key needed to decrypt
information
should be mandatory for most org's use of cryptography

Summary: Screenshot

Attacks on Cryptosystem
-ciphertext-only attack
-known-plaintext attack
-chosen-plaintext attack
-chosen ciphertext attach

Statistical Attack
- Targets cryptography algorithm

side Channel Attack

-
Birthday attach (Hash collision)
Two different msgs providing same hash value.

linear cryptanalysis
- its knownplain text attack
reply attack
social engineer attack
Dictionary attack
Brute force attack
Summary - Screenshot

Under implemetation attack

Side channel
fault analysis
Probing attack.

*Risk from Remote Computing*

*Risk from mobile worker*

End point device risk

trusted client
network architecture
policy implmentation
stolen or lost device

Mobile work risk

platform proliferation (BOYD)
Home base PC and mulidevice synch sol

potential attach vectors for mobile devices

sms, wifi, bluetooth/infra-red,usb,webbrowser/ jailbrokerphones, os
vulnerabilities / physical access

Useful stds
- SP 800-40 R3 patc mgm
-800-121 R1 - bluetto seurity
-800-124 R - MDM

Industrial Control Systems

- embeded system platforms

Type of ICS
supervisory control and data acquistion system (SCADA)
Distributed control system (DCS)
Programmable Logic controller (PLC)

perimeter lighting
is deterance control

If power is gone Generator kicks in withing 10 secs

User Power conditioners to handle power issues

SMoke detector
- Photoelectric Smoke Detector
- Ionization Detector
- reactes to charged practicles of smoke
- gives early warning
Crytography
Crypto- Secret
Graphy- science of writing.
Cryptography made of two components Algorithm (Logic) and Key (Factor)
Science of Meaning communications **

Cryptography
Modern
-Symmetric
-Block
-Stream
-Asymmetric

Traditional /Classical
Substitutional
Transposition

Encryption happens at bits level

Encoding happens at character level

Cryptography Goals
Confidentiality
Authenticity (validation of source)
Integrity. (Hash value)
Non-repudiation (Proof of origin)

Strength of cryptosystem
Effectiveness of crytopsystem
Algorithm
secrecy of the key
length of key

Exclusive Or XOR functionality

Two rules
If both bits are same the result is zero
if they are different than each other then result is one
Encryption System
Null Cipher may be used when krypton is not needed but must be configured to make
system work.

Running key Cipher

OTP - One time Pads (Which is impossible to break)
For One time Pad Encryption scheme to be considered Unbreakable, each pad
In the scheme must be
⁃ Made up of truly random Values
⁃ Used only one time
⁃ Securely distributed to its destination
⁃ Secured at sender’s and receiver’s sites
⁃ At least as long as the message

Data in Transit

Algorithm / Protocol Governance

cryptography policies, standard, procedure related should be minimally address
- approved algorithm and keys sizes
- transition plans or compromised keys/ algorithm
- procedure for use of cryptography
- key generation, escrow, destruction
- incident reporting

International Export Controls

Symemtric cryptopgraphy
Advantages
Fast
secure
confiden
integrity and authentic
out of band
Disadvantage
key management is difficult
non repudiation not available

⁃ Stream-based cipher
⁃ Block Cipher :Users confusion and diffusion in their encryption method.
Initialisation Value (IV)

Data Encryption Standard (DES)

What is DES key size? 64 bits
DES Effective key size ? 56 bits as 8 bits used for parity
AES = 128 bit
Basic Block Cipher Modes of DES
Refere screenshot (ECB, CBC,CFB).
Streamline cipher (OFB, CTR)

2 DES
Meet in the middle attack on 2 DES
3 DES

Advanced Encryption Standards (AES)

Users block sizer of 128,192.256 bit
CCMP (Counter Mode with cipher block chaining Message
Rijinder
IDEA
CAST
Blowfish
Twofish
RC5
RC4 (used in SSL and WEP)
- key length at least 128bit
Summary Table Screenshot IMP

Asymmetric Cryptography
Also called as public key
5 Rules os asymmetric cryptogprahy referescreenshot

Different security gaols

Authenticity. (Encrypt with sender’s private key)
Confidentiality (
authentication and confidentiality (secure and origin)
=encrypt with senders private key and encrypt again with receiver’s public key
Algorithms in asymmetric
RSA.
EI Gamal
ECC. (Used in BIGDATA, limited processing power and no longer key)
(RSA vs ECC)
(Diff Halgaim Vs EL Gamal)

RSA - Public key algorithm 1978 (Provides authentication and Encryption)

Brute force, mathematical attach, timing attack,
 Diffie Hellmann Algorithm
Discrete logarithm ( key agreement)
EL Gamal
Providing confidentiality and additional digital signatures service and
double the size data
ECC
Shoter keys from ECC implementation
Mathew Hellmann Not in syllabus but assyemtric

Symmetric Vs asymmetric Refere Screenshot

Hybrid Cryptography => Integrity

Message Digests => Data Integrity

Relook at video for understanding in detail white boarding

Example of Hashing Algorithm

MD2 128 bit
MD4 128 bit
MD5 128 bit - Ron Rivest
SHA-1 160 bit -NIST - SHA-256 SHA-384;SHA512
HAVAL. - Variation of MD5 ; variable length msg digest

MAC - Message Authentication Code

Two Types:- HMAC and CBC MAC

Session Key - refers screenshot

Quantum Key Distribution - New generation uses physics and light
Digital Signatures - screenshot used for non repudiation
Authenticity and Integrity

Summary for Asymmetric services = Screenshot

- Provides Integrity, authencation, no reputation

Com
bine Everything S / MIME

Quantum Cryptography (Used for key exchange)

- instead of maths it uses physics
- Fastest compare to asymmetric

Public key information (PKI)

CA (Certificate Authority) - TTP (Trusted Third Party)
PKI-CRL - certificate Revocation list
PKI- OCSP. - Online Ceritifcate status protocol
Receiving Certificate process - refers screen shot
SSL - Screenshot
SSL -TSL - Screenshot
SET - screenshot
Architecture
- enterprise architecture
- Security architecture

Defines how computing components are buit

Define show components connects communicates
How services get from system to users
Enterprise Architecture
IT stragegy
- Business archi. - products and services
- Information archi - data and information
- Application archi - system and applications
- Technology archi - network and infrastructure

Architecture integration
All information is not equal nor constant interns of value and risk over time

An efficient security program that applies the right tehc to project most critical
assent

Combined with quality prcoess

Security architecture
The manner in which security controls are designed, Implemented and integrated into
the system architecture.

Enterprise security architecture

- Building blocks for infosec
- Long term strategy for seuciry services
- Priorities for security services development

Key goal and objectctives

- Simple and long view o f control
- Unified vision for common security controls
- Leverages existing technology
- Flexible approaches to current and future threats

Benefits
- Helps decision maker to investment and design
- Future state tech architecture
- Support , enable , extent security policies and standards
- manages it solutions risk consistently.
- Reduce cost and improve flexibility
- Security mechanism for end of life

Common security services

- Boundary control services - firewalls, DMZ,Trusted DMS
- Access control services - SSO, IDM
- Integrity services - IPS
- Cryptographic services. PKI,NR,DC
- Audit and monitoring services - IDS

Common Criteria
- Documenting security requirements
- Documenting and validating security capabilities
- promoting international cooperation in are of it security.
Capturing and analysing requirements
Regardless of which framework used
- Business requirements for key stakeholders
- Key principles and grinders for design

Type of Requirements
- Functionals - controls, assets,threaths
- Non functional - QOS, performance and reliability
- Capturing requirements - vulnerabilities assessment, risk Asse, threat modelling.
information systems security evaluation models
- Security policy. What is requirement
- Security model - how this will work
- Formal security model - evaluate product.

Security models
- Requirements, CIA?
- Flexible
- May need to combine more than one model.

Example:
Security policy
-NIST
ISO
Security model
Programmin code
Operating system

Bell-LaPadula confidentiality Model

- Primary objective Confidentiality
- Multilevel security system
- Lattice based model (lattice- multiple level)
- State machine model
-
Simple security property - NO READ UP /READ DOWN
Star security property- No Write Down /Write up
Strong security property Constrained (Tranquility
)

Biba Intercity Model

- Address only and only Integrity
- Two main rules
- Start integrity - Subject cannot write data to an object at a higher integrity
level.
- Integrity level
- Simple integrity property means no read down

Simple property means READ

START means Alter/Edit/Write

Clark-Wilson interiors model

- Focused on integrity
- Well formed transactions One transaction should flow via multiple checkpoints. If
one checkpoint fails transaction can not go further
- separation of duties.
- Prevents users from making improper medication
- Forces collision to commit fraud
Brewer Nash (Chinese wall)
- Prevent conflict of interest
- UAT- Prod segregation
Graham -Denning Model

Information flow Model

- Classification and Need to Know
- Covert channels (bypass control and get access)
- information flow Lower security levels to higher level.
Non Interference Model
- Higher security level does not interfere with actions at lower security level
- Project state of entity at lower security level

Lattice Model
- Used in military
- Control model

Certification Technical evaluation

Accreditation- acceptation from management
-TCSEC(Trusted computer system Evaluation Criteria) used by DOD in their
Orange Book.

Common Criteria
- ISO/IEC 15408 standard
was first truly international product evaluation criteria
- Protection Profile
- ELA types (Evaluation Assurance Level)
- EAL1 Functionally tested - lowest
- EAL2 Structurally tested
- EAL3 Methodically tested and checked
- EAL4 Methodically designed , tested and Reviewed - Medium
- EAL5 Semi-formally designed and tested
- EAL6 semi-formally verified design and tested
- EAL7 Formally verified design and tested.

Module Topics
Access control Mechanisms
*Subject is active entity and Object Passive Entity (Subject user and object is
asset)
- Distinguish subject and object
- How sub and obj allowed to interact
- Assign identifiers to both sub n obj
- Authenticate all sub before they allowed to access resources on system

Processor State
- Support at least two Staes: supervisor (kernel mode) and problem (user mode ring
level3)
Layering
- Separate functional components thats tract in sequential and hierarchical way
- Ensure that volatile and sensitive areas are protected unauthorised access
Process Isolation
- Protect interaction with process
- Name distinguishes
- Distinct address space for each process in memory
- Virtualization :
- Type of Host
- Virtual host (Guest os)
- Physical host (Bare metal)
Type 1
Bare Metal ==> Hypervisor ==> Guest OS
- Less functionality More Secure
Type 2
Bare Metal => OS=> Virtual workstation
=> VMs
- more functionality but less secure

Common Threats
- System intergircy
- Confidentiality
- Availability
- Hardware failure
- Misses of system
- Buffer overflows memory attacks
- Denial of services
- Reverser engineering
- System hacking

Architecture based Risk

-System emanations (TEMPEST is standard to control system Emanations)
-Single point of failure
-Bypassing controls
-Race conditions (State attack) Two processes try to access same resource but they
should be in proper sequence) (Time of Check and time of use Attack)

State Attacks
“State attacks are also known as “race conditions”, which attempt to take advantage
of how a system handles multiple requests “

Covert Channel
- Covert - closed
- Overt - open
Two type attacks
Storage
Memory reuse
Object reuse
Timing
TOC, TOU,RC

Mainframes and other thin client system

Embedded Systems
*Firmware is basically ReadOnly*
Pervasive computing and model devices
*mobility is primary factor of data loss and control*

Guidelines for mobile security NIST 800 124

Security for Desktops, laptops and thin clients

Mobile device Management

Remotely manage mobile device using mdm agents
- refere screenshot

Server Based
Warehousing - Data warehousing is collected data sources or DB.
Big Data - also called as unstructured data (Primary concern is Privacy) .
Information should be masked for sensitive data while sharing with analytical tools

Data Mining
- Running queries on databases to collect information from data warehousers.
Counter measure is data masking

Large scale parallel data systems

-cluster computing, grid computing, cloud computing, the internet,
telecommunication, cyber physical systems, M2M
Examples: torrents,
IOT - protected as an endpoint
- not part of core infrastructure must be isolate from IOT

Grid computing
- Used in cloud providers

Cloud computing

Cloude service models

Service model - SAAS, PAAS, IAAS
Deploy model - private cloud, community cloud, hybrid cloud.

Cloud Security
- Refere Screenshot
Responsibility Matrix for security
Refere screenshot
[3/2, 12:52 PM] Prabh nair: Classification information and Security assest
IMP:- categarition is part of classification
Classification: Ensure information is marked in such a way that only those with
appropriate level of clearance can have access to the information.

Data Classification
analysing data that organization retains, determining its IMPORTANCE and VALUE and
then assigning it to a CATEGORY.

Sensitivity Vs Criticality

-Sensitivity describes the amount of damange that would be done should the
information be disclosed.

-Criticality describes the time sensitivity of the data.

Data Classificiation Considerations

- Value of data to org, can change over time.
- clearance is word used in militory.
- Level of damange that could be cuased if data is damanged or currpteed
- legal, regulatory to protect data
- industry and pupose /mission which org operates

DAta Classification Policy

- Data owner /bussiness owner will have access to data
How the data is secured
How lng the data the is to be retained
what menthods used to dispose of data
whether the data needs to be encrypted
appropriate use of data.

*D C helps the org comply with cuase and resolution *

What classification should be used

Class
-Commercial
-Military

Examples of categorizing data by title

- Private (SSN,bank a/c ,creditcard)
- Company restricted (data restricted to employee)
- Company confidential (can be all used to view can not be used)
- Public (can be used by Emp)

Who decides Data's Classificiation?

Individual who owns data
data owner should review classification atlease annually.

Data ower- who creates data, accountable for data.

Asset Management
- Tangable
- Intangable

- Inventory Managment
-Accurate
-Reside Who owns them
-H/w
-S/w

- Configuration managment
-
CMDB (Configuration Management Data Base)
- a logical entity with key integation points
- support and enables processess in service delivery, service support, IT asset
management and other IT disciplines.

Enablers for success of Asset management

Software Licensing
- Original copies of licensed software must be controlled by orgs to prevent
copyrights infringement
- All software copies should be managed by software or media Librarian
-conduct inventory

Determine and Maintain ownership

*Equipment is referred as services*

Introduciton
Data policy

cosideration
Cost, Owernship, Privacy, Liability, Sensitivity,
Existing law and policy requirements, Policy and process.

Information - Group of system produces information.(People, Process and

technology).
Information is always mission oriented.

Data owner
Data Custodianship
Data quality, effective control as defined by data owner,

Data quality Standards

- Accuracy, Precision, Resolution, Reliability,
Repeatability, Reproducibility, currency, Relevance, Ability to audit,
Completeness, Timeliness.
QC => internal standards
QA => External STandards

Improving Data Quality

Prevention
Correcction

Benefits of Data standards.

- Efficient data managemet
- Increased data sharing
higher qulaity data
improved data consistency
increased dtata intergration
Btter understanding of data
improved documentation of infrmation resources

Data Life cycle control

Data Audit
Note: Good Datamanagement required ongoing data audit.
Data storage and archiving
-server hardware and software
-network infrastructure
-database maintainance and updating
-database backup and recovery requirements
-archiving of data should be a priority data management issues

Data Remanence
- Residual physical representation of data that has been in some way erased
Commonly used countermeasures
- clearing
-/zerorition
- purging / Sanitazation
-multiple zerorition
- Degausssing (only for HDD) Physical level data destruction.
- destruction
destroying media and not data
- Grinding, shreeding
SSD- Physical detroy disk Crypto erase
- overwritting
- encryption
[3/2, 7:46 PM] Prabh nair: Classification information and Security assest
IMP:- categarition is part of classification
Classification: Ensure information
is marked in such a way that only those with appropriate level of clearance can
have access to the information.

Data Classification
analysing data that organization retains, determining its IMPORTANCE and VALUE and
then assigning it to a CATEGORY.

Sensitivity Vs Criticality

-Sensitivity describes the amount of damange that would be done should the
information be disclosed.

-Criticality describes the time sensitivity of the data.

Data Classificiation Considerations

- Value of data to org, can change over time.
- clearance is word used in militory.
- Level of damange that could be cuased if data is damanged or currpteed
- legal, regulatory to protect data
- industry and pupose /mission which org operates

DAta Classification Policy

- Data owner /bussiness owner will have access to data
How the data is secured
How lng the data the is to be retained
what menthods used to dispose of data
whether the data needs to be encrypted
appropriate use of data.

*D C helps the org comply with cuase and resolution *

What classification should be used

Class
-Commercial
-Military

Examples of categorizing data by title

- Private (SSN,bank a/c ,creditcard)
- Company restricted (data restricted to employee)
- Company confidential (can be all used to view can not be used)
- Public (can be used by Emp)

Who decides Data's Classificiation?

Individual who owns data
data owner should review classification atlease annually.

Data ower- who creates data, accountable for data.

Asset Management
- Tangable
- Intangable

- Inventory Managment
-Accurate
-Reside Who owns them
-H/w
-S/w

- Configuration managment
-
CMDB (Configuration Management Data Base)
- a logical entity with key integation points
- support and enables processess in service delivery, service support, IT asset
management and other IT disciplines.

Enablers for success of Asset management

Software Licensing
- Original copies of licensed software must be controlled by orgs to prevent
copyrights infringement
- All software copies should be managed by software or media Librarian
-conduct inventory
Determine and Maintain ownership

*Equipment is referred as services*

Introduciton
Data policy

cosideration
Cost, Owernship, Privacy, Liability, Sensitivity,
Existing law and policy requirements, Policy and process.

Information - Group of system produces information.(People, Process and

technology).
Information is always mission oriented.

Data owner
Data Custodianship
Data quality, effective control as defined by data owner,

Data quality Standards

- Accuracy, Precision, Resolution, Reliability,
Repeatability, Reproducibility, currency, Relevance, Ability to audit,
Completeness, Timeliness.

QC => internal standards

QA => External STandards

Improving Data Quality

Prevention
Correcction

Benefits of Data standards.

- Efficient data managemet
- Increased data sharing
higher qulaity data
improved data consistency
increased dtata intergration
Btter understanding of data
improved documentation of infrmation resources

Data Life cycle control

Data Audit
Note: Good Datamanagement required ongoing data audit.
Data storage and archiving
-server hardware and software
-network infrastructure
-database maintainance and updating
-database backup and recovery requirements
-archiving of data should be a priority data management issues

Data Remanence
- Residual physical representation of data that has been in some way erased
Commonly used countermeasures
- clearing
-/zerorition
- purging / Sanitazation
-multiple zerorition
- Degausssing (only for HDD) Physical level data destruction.
- destruction
 destroying media and not data
- Grinding, shreeding
SSD- Physical detroy disk Crypto erase
- overwritting
- encryption
[3/2, 10:27 PM] Prabh nair: 1. Asset sec is about protecting security of
assets

2. Classification of information is very important - Categorisation is a part

of classification

3. Marking information based on appropriate clearance level – based on data

subject

4. Primary classific
ation based on business value - Classification deals with sensitivity-
Categorisation deals with impact on CIA – criticality

5. Data classification – analysing data – determining importance and value -

Classification aim based on value and importance - Marking handling is for
visibility and classification

6. Sensitivity and Criticality - Sensitivity – amount of damage that would be

done on disclosure - Critical talks about time sensitivity of data – how much
revenue / cust dissatisfaction

7. A classification policy needs to talk on all of these: access, security,

the data owner / business owner needs to know the regulatory requirements and
dictate data custodian (if both data owner / buss owner – pls select buss owner).
Method of disposal of data, encryption, appropriate use of data

8. Proper data classification helps the org with rules and regulation (ex
pcidss – card data to be encrypted) - Classification is of 2 types – commercial
and military - Clearance mostly used in military

9. Commercial Categories - private (ssn, addhaar), comp restricted – data

restricted to emp, comp confi- only within comp, public – open to all

10. Military categories– top secret, secret and confidential unrestricted

11. Components of asset management – Inventory management and configuration

management

12. Inventory – what, where and who owns assets - Overall objective of inv
management – accuracy of HW and SW

13. CMDB – config mgmt. DB – logical entity to maintain accuracy of secure state
across all systems - CMDB- enablers - single centralised repository, aligned to
Org processes and objectives – scalable technologies

14. Change management is part of config management – aims at stability

15. Good data management practices – strategic gaols, defined roles and resp,
documentation etc

16. Cost providing data Vs cost of providing access to data need to be considered

17. Software licences – must be controlled – conduct inventory scan to check

unlicensed software – to curb violations – prevents illegal duplication - done by
media librarian - Equipment = physical, alternate for equipment =service

18. Determine maintain ownership - Data owner – owns, data custodian – manages
data - Data steward – business driven responsibility – like a custodian but not
exactly – custodian examples – DB admin, app developer, proj manager etc

19. data life cycle - create store use share archive destroy - create and destroy
=data owner- others by data custodian

20. Data policy – strategic - Flexible, dynamic, attainable

21. Protecting Privacy - DS – DO-DC to GDPR DS – DC-DP – most R& O and objectives
as per GDPR –LFT, storage, purpose limitation, CIA, accuracy etc.,

22. Group of data = information – created from a system – information is always

mission oriented – produced by people process technology – Information owner knows
the impact of info on mission of org

23. QC – based on internal std and control – due care - QA – quality audit –
quality is assessed against ext std – due diligence

24. Verification and validation required for maintaining data quality –

prevention – correction - Documentation key to good data quality - Data
documentation aka meta data – help locating the data - Data documentation practice
- data set title file name (for identification) , file content, metadata

25. Effective working of data management requires data audit

26. Data Remanence - HDD –data magnetically wirtten on hard drive - SSD- solid
state drive - Flash memory

27. Track – sector and combination of them is cluster and data is stored here

28. Clearing not a technique to destroy disk but only make data unreadable and
unrecoverable – uses overwriting or zerozisation software overwrite - Random value
into Hexa decimal values – thus rendering data unreadable -Clearing performed only
once

29. Purging and sanitisation is same – removal to prevent reconstruction-

repeated clearing includes zerozisation and degaussing - more secure than clearing

30. Degauss – LCD – expose to strong magne

tic field – physical level data destruction - As per vendor guideline no guarantee
for reuse of disk

31. Degauss not applicable for SSD only destruction- first destroy data then disk

32. Cloud – crypto erase or crypto shredding – its an encryption- first data is
encrypted and then upload data on cloud. For destruction – destroy key and destroy
data which is encrypted. Encrypt key. So destroy both keys and then data -
Physical sec of storage resp of cloud serv provider

33. Ensure appropriate retention – legal, business, forensics and investigation

34. By scoping and tailoring – build effective security posture

35. 3 types - data at rest, data in transit and data in use. Only in 1st 2
encryption is possible
36. for data in use - data right management and DLP prevents copying in another
machine

37. For data in transit encryption ins imp because =even if link is intercepted
the content should not be readable

38. Data at rest – use encryption tools to balance between security and speed –
supported by strong password

39. Covered data means masked data

40. Removable media should have title, data owner and encryption date on its
label – generally very useful for tracking but can be counter-productive in case of
destructive motive
[3/3, 12:59 PM] Prabh nair: 1. Link Encryption – performed by service provider.
Happens at layer 2 – data link layer. All fields are encrypted i.e. data, headers
& routing info.
Advantages- all fields are getting encrypted. sniffing and eavesdropping not
possible
Disadvantages: Key distribution
2. End to end encryption – performed by client. Happens at layer 7 –application
layer
Recommendation – protocol TLS 1.1 or 1.2 & Email PGP-S/MIME
3. Data security in the cloud – protecting data moving to cloud SSL/TLS/IPsec,
Encryption. Detecting of data – DAM & DLP
4. Data Dispersion – data is replicated in multiple location across cloud for high
availability
5. Data Fragmentation- splitting dataset into smaller fragments and distributes to
multiple locations.
6. Masking, Obfuscation, Anonymization & Tokenization
7. Picking Encryption algorithm and establishing hardening requirements
8. Data protection – first identify and categorize , labeling
9. Data protection policy – Data retention – established protocol for keeping info
for operational and regulatory compliance.
10. Cloud considerations – Legal, regulatory and standards.

Domain 3: Security Engineering

1. System Engineering model and process . ISO/IEC15288:2008 System & software
engineering
2. The V-model (system life cycle)
3. Verification – whether to meet user’s documented requirement. It includes
validation
4. Validation – Testing against user’s objective (User acceptance testing).
5. Key system Engineering - Technical process and Management process
6. SELC – used to build the system. SDLC – software deliver
7. ISO /IEC 21827:2008 SSE-CMM
8. Security models, information systems security evaluation models, Product
evaluation models.
9. Computing components – CPU (ALU & Control Unit), Multitasking, Multiprocessing,
multithreading
10. Trusted computing Base(TCB) - is responsible for Confidentiality and integrity
. Controls all H/W, S/W, firmware within a system.
11. TCB features – trusted shell, security kernel, reference monitor
12. Security memory management. primary storage, secondary storage, Virtual memory
13. Volatile vs. Non-volatile memory.
14. Process states – super state or privilege mode – Problem state or user mode
15. Memory protection – isolation & segmentation. Segmentation PagingProtection
keying
16.
[3/4, 12:00 AM] Prabh nair: Domain 2 balance
1. Data in transit – 2 types of encryption - Link and end to end - Link
performed by the service provider - End to end by client

2. No change in the encryption algorithm

3. A sends data to B over internet. The data sent by A has header (IP of
sender and destination) and pay load. Both these are encrypted and sent to SP
router 1 . SP adds his (routing infor) header to encrypted data and encrypts again
(encrypted data and routing
infor header)and sends to router 2. Router 2 decrypts routing header reads – again
encrypts and fwds to next router and so on …only at the recipient end the message
is decrypted (all other steps only routing info header is decrypted and encrypted)

4. Use link and end to end to make it more secure

5. Link encryption happens on L2 of OSI and end to end at the application

layer

6. All data is encrypted in link along the communication line – disadvantages

- key management and distribution is a challenge- also if one node is compromised
then all traffic thru the node can be compromised- the fact that some decryption
happens at each node can be a vulnerability

7. End to end – decryption happens only at recipient end – routing info is

visible , only data in encrypted

8. TLS replaced with SSL bcos TLS is more strong

9. Masked data transmitted over email must be secured with strong encryption
like email - SMIME or PGP

10. Encryption should be applied when transmitting covered data between devices
in protected subnets with strong FW controls - At the firewall the connection is
broken and packets are decrypted and connection re-established post inspection of
packet. Now we must know which all packets should go thru this process

11. Dlp – at rest, use and transit- Dlp primary objective – egress filtering –
prevent unauthorised data leaving org

12. Dam - dam - data base activity monitoring used for integrity, it will detect
changes

13. Data security on cloud - protecting data moving into and within cloud (SSL,
TLS IPSec), protecting data on cloud – detection of data migration to cloud – DLP
and DAM

14. Data security on cloud - Data dispersion –replication of data across cloud
in multiple physical location- RAID – AVAILABILITY –retrieval from another zone

15. Data fragmentation – splitting data into small fragments or shards –

performance is the primary objective

16. Alternate of data encryption - 2018 syllabus – masking, anonymisation,

tokenisation , obfuscation

17. Obfuscation aka masking – omitting, hiding, replacing sensitive info

18. Masking – hiding parts of data set. Masking is of 2 types – static (when data
is not in used – stored data in DB), dynamic (when data is use – PW masked while
typing in application)

19. Data anonymisation - people to whom data pertains is removed/ remain

anonymous – PIPL.COM – removal or encryption of personal references is used

20. Tokenisation - data in public cloud can be integrated with private cloud
that stores sensitive data; The data sent to public cloud is altered and contains a
ref to the data in private cloud example -Used in POS devices – PCIDSS –token alone
is sent for authentication – cr card numbers are exchanged with other numbers is
database – called as tokens – these numbers are static

21. Examples of insecure NW protocols and alternatives – Web access - HTTP

instead use HTTPS; SSL instead use TLS. File transfer – FTPS, SFTP SCp to be used
instead of FTP, RCP. Remote shell – SSH V3 to be used instead of Telnet. Remote
desktop RAdmin, RDP to be used instead of VNC

22. Handling requirement –Data identification – classification/categorisation –

label and mask

23. Physical labelling (document) and logical labelling (digital document). DLP
works on logical labels for restricting information. FW cannot inspect based on
label, it can only inspect based on predefined rules

24. Labelling – define information. marking in internal – label external- label

can also contain =ownership and other associated information when media without
label – pls label it at highest level of sensitivity

25. store media safely – if not required – pls destroy

26. Cloud data retention 2018 syllabus -–legal req must be documented– mapping
of data – classification – driven by policy appropriate

Domain 3 first part

Domain 3- Building security and implementing security

1. Sys engineering models follow a life cycle - Standard for building a

product ISO 15288:2008

2. V model system life cycle – 6

steps – order important

3. Verification check against the requirement and validation test against

user objective – UAT - 1st verification and then validation

4. SDLC – for developing software and SELC- methodology for building a system
- Steps in SDLC and SELC exam question

5. When u build a system the order of priority is people, process and

technology

6. ISO 21827:2008 – SSE CMM- capability maturity model – system engineering

7. Fundamental concept of sec urity model – v v vimportant- examples of

security models
8. Computer components, ALU, CPU, GPU, memory, storage,buses, I/O, nw, OS

9. Cpu - control unit and arithmetic logic unit like a traffic cop-
Fetches instruction from the memory and Decodes, Executes the codes and Stores back
to memory – FDES order

10.

· Multitasking – only one processor – various tasks –shared processing

· Multi processing – various processors – used in cloud and grid computing

· Multi threading – only 1 processor- multiple thread of single application

/ multiple thread of multiple application processed by same processor - Example -
MS paint – to run the paint execute process – split into task – task split threads

11. TCB – very important – responsible for confidentiality and integrity –this
has a Hware, Sware and a firmware within a system and enforces security of a system
and describes the concept of trust in a system

12. TCB has 4 functions – I/O, execution of domain security, memory protection
and process activation

13. Trusted computing base- admin level restrictions esp for installing new
software by any user there is a restriction – example -Black berry and Linux still
use TCB

14. System modification is gen done only by root - Internal nucleus is kernel -
layer 0 - root - the rounds are called rings of protection- root kit – a malware
which compromises the layer 0

15. Root mode is Trusted Shell – an isolated user interface via command line that
cannot be accessed by external users / observers – U have to be a privileged user
for accessing the trusted shell

16. SECurity KERNEL – software / hardware that applies reference monitor

17. Reference monitor manages the access controls - ensures proper privileges
between objects and subjects - example - the prompt to run as admin to do
modifications at the root level - Ref monitor is like a bodyguard checks access
privileges with kernel

18. Rules defined by reference monitor – rules are forwarded to kernel and user
is awarded access or otherwise - The kernel accesses the ref monitor before access
is granted

19. TCB – main objective is to enforce security policy – Ref monitor operates at
the separation point between trusted and untrusted realm

20. 2 types of users – Privileged (supervisor state – ring 0 to2), normal user
(problem state – ring 3 and above)

21. Other terms – Execution domain – isolated domain where TCB can function
without external access from other systems ; Sec perimeter –conceptual line between
trusted and untrusted components; Trusted path – a connection that cannot be
compromised

22. Secure memory management – primary – ram, cache - Secondary – H disk

23. If running out of primary memory space and spills into secondary memory –
virtual memory

24. Volatile – RAM – need power – Non-volatile – do not need power - ROM- FLASH
MEMORY

25. Memory protection – isolation, segmentation, paging

26. Isolation – it’s a requirement for multilevel security mode - logical –

controls via OS

27. Segmentation – dividing computer memory into segments – more physical – HW

controls

28. Paging is further segmenting - Paging – dividing the memory address space
into equal size block called pages

29. Protection keys – each process has unique key used by paging for processing
information

30. Firmware – The storage of programs or instructions in ROM, typically embedded

in HW and used to control HW. Non-volatile