Documentos de Académico
Documentos de Profesional
Documentos de Cultura
________________________________________________________________________________
______________________________________________________
CH 2: Attacks and monitoring
Monitoring is a necessary function of the auditing process through which subject
s are held
accountable for their actions and activities with regard to other subjects, obje
cts, or functions
on any given system.
A response by an IDS can be active, passive, or hybrid:
---Active response
Directly affects the malicious activity of network traffic or the host applicati
on
---Passive response
Does not affect the malicious activity but records information about the
issue and notifies the administrator
---Hybrid response
Stops unwanted activity, records information about the event, and possibly
even notifies the administrator.
Host based and Network BAsed IDS:
Read page 50..must read....
________________________________________________________________________________
________________________________________________________________________________
____________
CISSP CH 6
Humans are the weakest element in any system.
Job descriptions: defines what type of individual should be hired.
Elements in designing a job description:
-seperation of duties: task is divided between multiple individuals so that no o
ne is incharge of the whole task
-job responsibilities: specific tasks that employees shud perform on daily basis
.
-job rotation.:rotating employees among numerous job positions
Collusion: negative activity by 2 or more people resulting in fraud or theft.
-Security Professional
-Data owner: Classifies information, labels data.
-Data custodian: Performs activities to fulfil the CIA triad. Performs backups,
validating data integrity, deploying sec sols and managing data storage.
-User: Person having access to the secured system. Principle of least privilege
shud be implemented
-Auditor: Tests and verifies that security policies are in place.
Componenets of Sec Policies:
- Standards: Tactical documents that provide steps/methods to acomplish goals.
-Baselines: Minimum level of securty that must be implemented.
-Guideleines: provide methodologies to implmeent standards and baselines
-Procedures: step by step how-to document that describes the exact actions to be
performed.
Types of Sec plans:
- Strategic Plans: Long term plan if updated and maintained. Provides a planning
horizon which also includes risk mgmt.
-Tactical Plan: Provides details to accomplish goals set by strategic plan. Usua
lly year long plans.
-Operational plan: short term plan based on strategic and tactical plans.
Security is a continuous process.
Types of Security Policies:
- Regulatory: Discusses the regulations that must be followed.
-Advisory: discusses behaviors and activities that are acceptable and defines co
nsequences of violation.
- Informative: Provides info or knowledge on a topic like mission statement, vis
ion statement, goals. It is nonenforceable.
RISK: Possibility of damage or destruction happening to assets
Risk Terms:
-Asset: anything of value to org and which shud be protected.
-Asset Valuation(AV): actual cost + nonmonetary expenses.
-Threats: a Potential danger to assets.
-intentional threat: caused by human or non human threat agents
-threat events: accidental exploitation of vulnerabilities
-Vulnerability: absence/weakness of safeguard/countermeasure. It is a flaw/looph
ole/error...
-Exposure: caused when vulnerability is exploited, thus causing exposure to othe
r elements.
-Realized Threat: an event that causes loss.
-Experienced Exposure: Exposure to realized threat.
-Risk: Assessment of possibility, probability or chance
-Safegaurds: Coutermeasure.
-Attack: Process of exploiting a vulnerability.
-Breach: bypass or thwart of security mechanism.
ASSETS are endangered by THREATS which exploits VULNERABILITIES which causes EXP
OSURE which is a RISK which can be mitigated by SAFEGUARDS which protect ASSETS
AV(Asset value)
EF(Exposure Factor) : PERCENTAGE of LOSS if a specific asset is violated by a re
alized risk
SLE(Single Loss Expentancy): AV * EF
nsistent with
all of the database s rules (for example, all records have a unique primary key).
-Isolation:If a database receives two SQL transactions that modify the same data
, one transaction
must be completed in its entirety before the other transaction is allowed to mod
ify the same
data.
-Durability: Database transactions must be durable. That is, once they are commi
tted to the
database, they must be preserved. Databases ensure durability through the use of
backup
mechanisms, such as transaction logs.
Concurrency, or edit control: Allows only one authorized user to modify data. Co
ncurrency uses a lock feature to allow an authorized user to make changes but deny
other users. When the transaction/modification is complete, unlock feature is m
ade available so that other user can modify if needed.
OBDC:Open Database Connectivity (ODBC) is a database feature that allows applica
tions to communicate
with different types of databases without having to be directly programmed for i
nteraction
with every type of database. ODBC acts as a proxy between applications and backend database
drivers, giving application programmers greater freedom in creating solutions wi
thout having to
worry about the back-end database system
Aggregation: combine records in database to generate meaningful info.
ex:sum(), count(), min(), max(), avg()
Inference Attack: deriving info indirectly from database:
ex: tom only has access to only total salaries paid to all employees. But if joh
n resigns, he can derive what salary he used to get.Or if Tim joins the company,
Tom can derive his salary from the amount added to total salary.
datawarehouse: large database.
data dictionary: info about the data stored in database including usage, format,
relationship,etc..
Data mining: process of analysing data stored in data warehouses for potential c
orelated info, historical trends, etc.
ex: mining would include finding ou peak business hours, which month there is in
crease in product demand in a year.
Expert systems: omputers in collaboration with database making logical decisions
based on artifial inteligence.
ex: weather forecasts, volvanic eruptions predictions, etc.
In neural networks, chains of computational units are used in an attempt to imit
ate the biological
reasoning process of the human mind. In an expert system, a series of rules is s
tored in a knowledge base, whereas in a neural network, a long chain of computat
ional decisions that
feed into each other and eventually sum to produce the desired output is set up.
A decision support system (DSS) is a knowledge-based application that analyzes b
usiness data
and presents it in such a way as to make business decisions easier for users. It
is considered more.
of an informational application than an operational application. Often a DSS is
employed by knowledge workers (such as help desk or customer support personnel)
and by sales services (such as phone operators).
NIDES: NextGeneration Intrusion Detection Expert System dev by Philip Porras.
Avoiding system failure:
-Limit Checks:Limit checks ensure that data does not exceed the maximum
allowable values, data type, etc.
The fail-secure or fail-safe failure state puts the system into a high level of
security (and possibly even
disables it entirely) until an administrator can diagnose the problem and restor
e the system
to normal operation.
ex: if biometric device fails, employees will have to wait until it is fixed.
-The fail-open state allows users to bypass failed security controls, erring on
the side of permissiveness.
ex: if biometric device's power is lost, employees may be allowed to enter the p
remises without fingerprint scan.
First-generation languages (1GL) include all machine languages.
Second-generation languages (2GL) include all assembly languages.
Third-generation languages (3GL) include all compiled languages.
Fourth-generation languages (4GL) attempt to approximate natural languages and
include the SQL used by database.
Fifth-generation languages (5GL) allow programmers to create code using visual i
nterfaces.
Message: used for giving input.
Method: response to that input.
Behavior: output exhibited by object.
Cohesive An object is highly cohesive if it can perform a task with little or no
help from others.
Coupling Coupling is the level of interaction between objects.
###Conceptual definition : is a very high-level statement of purpose and should
not be longer than one or two paragraphs.
###Functional Requirements Determination: after agreeing upon the conceptual def
n, list of what is required to realize a concept is developed.
### Protection Specifications Development: includes security parameters to prote
ct development phase.
###Design Review
Once the functional and protection specifications are complete, let the system d
esigners do
their thing! In this often-lengthy process, the designers determine exactly how
the various
parts of the system will interoperate and how the modular system structure will
be laid out.
Also, during this phase, the design management team commonly sets specific tasks
for various
teams and lays out initial timelines for the completion of coding milestones.
###Code Review Walk-Through: developers start writing code, project managers rev
iew the same.