Study Questions for the CISSP Exam Robert G. Ferrell, CISSP Derived from the Information Security Management Handbook, 4th Ed. by Harold F. Tipton and Micki Krause Auerbach/CRC Press: 2000 ISBN: 1-8493-9829-0 Note: I skipped the Risk Management chapter because I ran out of time. Sorry. Domain 1: Access Control What is the false reject rate? The percentage of authorized personnel rejected by a system. Also called type I errors. What is the false accept rate? The percentage of unauthorized personnel accepted by a system. Also called type II errors. What is the crossover error rate? The percentage at which FRR == FAR.The smaller the CER, the more accurate the system. What is the significance of the CER? Provides the most fair and impartial meanings of assessing system performance. What are the most important biometric system characteristics? Speed and throughput. Accepted standards are 5 seconds/person and 6-10/minute portal throughput. Which three human characteristics used for biometric identification are unique? Fingerprint, retina, iris. What are the features of the iris that make it unique? Freckles, rings, rifts, pits, striations, fibers, filaments, furrows, vasculature, coronas. What some of the types of counterfeit data used to gain access to biometric systems? Rubber, plastic, and body parts of deceased (authorized) persons. Why is lack of resistance to counterfeiting less likely to result in system failure than previously? Biometric systems have proliferated into many non-high-security areas. What is the average size of biometric data files? Range from 9 - 10KB, with most falling between 256 - 1KB. What is the accepted standard for biometric access enrollment time? Two minutes/person. What are some common concerns people have about biometric access? Intrusion into "personal space" (light beams in eye); making firm physical contact with surfaces where many other people have been; speaking closely into microphones used by many other people. Being forced to do these things by an organization. What are some problems associated with the use of biometric systems over the past 25 years? Performance, hardware/software robustness, maintenance requirements, sabotage, perceived health risks of use, privacy issues, and ability/willingness to use the system. What are the two factors to consider when purchasing a biometric system? Limit consideration to proven technologies and check out systems already in place. What factors come into play when considering hardware/software robustness? Scalability and durability. Name some health problems that can be inadvertently discovered by biometric systems. Diabetes, stroke (blood vessel pattern changes in the retina). What are the advantages of using biometric access over cardkey systems? Biometric systems identify people. Card systems identify keys. Life cycle costs are reduced when no card or PIN administration is needed. What are some common biometric parameters that change over time? Voice, signature, retina pattern (during certain disease states). What are some different types of biometric systems? Fingerprint, hand geometry, voice pattern, retina pattern, signature dynamics. Fill in the following table: Biometric System File Size Enroll/Response Accuracy (%) Unique Aspects Time FAR FRR CER Fingerprint 0.5-1.5KB <2 m/5-7 s 0 9.4 5 Ultrasound can detect prints through gloves Hand Geometry 9 B <2 m/3-5 s 0.1 0.1 2.2 Smallest user file size Voice Pattern 1-10KB <2 m/10-14 s 10 Messaging functions Retina Pattern 96B <2 m/4-7 s 0 1.5 Perceived health risks Iris Pattern 256B <2 m/2.5-4 s 0 Low <0.5 Iris pattern is lifelong Signature Dynamics 1-1.5KB <2 m/5-10 s Not durable, not to be used for access. What are the two uses of biometric ID systems in information security? Access to hard-copy documents/media, access to computer resources. What are the ways in which logon information supplied by a user may be used in support of secondary domain sign-on? Passed directly as part of a secondary sign-on, immediately invoking secondary session, indirectly, where primary authentication triggers retrieval of secondary credentials, and temporarily, cached until secondary services are requested. What are the two significant security considerations inherent in the single sign-on process? Authentication credentials must be protected during transferral from primary to secondary, and secondary domains must trust primary. What are the functional objectives of the Single Sign-on Standard (SSOS)? Support for changing user-controlled authentication information. Support for notification of the SSOS implementation that a separate application has changed the user-controlled information. SSOS shall not predefine the timing of secondary sign-on operations. Support for cleanup services at session termination. Support for establishment of a default user profile (with optional inclusion of a set of default profiles from which a user may choose). The SSOS interface shall be independent of the authentication mechanism. Support for creation, deletion, and modification of user accounts. Support for setting of attributes for individual user accounts. What are the security objectives of the SSOS? Audit all security-related events that occur within the context of the SSOS. Protect all information to enable trust relationships to be established. SSOS shall not adversely affect the resilience of the system. SSOS shall not adversely affect the availability of any individual service. SSOS shall not provide access to user account information outside the controlling domain SSOS shall provide security to information being exchanged between its constituent components and between those components and other services. What are some aspects of security sign-on services outside the scope of the SSOS? Configuration and management of alternative user profiles. GUIs and command line interfaces to SSOS-base services. Maintenance of the integrity of user account data that have been modified outside the SSOS context. Name some key components that should be part of any SSO solution. Open architecture. Open authentication. Support for multiple login methods, including one-time passwords. Credentials forwarding. Support for multiple servers, clients, and hosts. Seamless user and admin interfaces. Central admin. Domain 2: Telecommunications and Network Security What is the first step in constructing security policies for external network connections? Understanding of the risks and assumptions. What are the two broad categories of security policies? Technical policies, carried out by hardware or software. Administrative policies, carried out by people using and managing the system. What are the classes of authentication? Static, where attackers cannot see, insert, or alter authentication information. Solution: password validation. Robust, where dynamic authentication data change with each session. Solutions: smart cards, one-time passwords, digital signatures. Continuous, where attacker can see, alter, and insert authentication data. Solution: encrypting all data (Fortezza, et al). What are the three main security challenges presented by software importation? Virus/trojan prevention, detection, and removal. Controlling interactive software (Java, ActiveX). Software Licensing. What criteria apply to each of these challenges? Control, Threat Type, and Cleansing Action What are the three types of firewalls? Packet filters, application gateways, and hybrid (complex) gateways. What are two of the main advantages of application gateways over packet filters? Application gateways provide a separate box that can help limit the extent of an intruder's access, and they provide detailed logging of all accesses and transactions. What is a multi-homed host? One that has multiple network interfaces, each connected to logically and physically separate networks. Why should host routing be disabled for a dual-homed firewall? To prevent the firewall from routing packets directly from one interface to the other. To what do the terms "screened host" and "screened subnet" refer? Screened hosts or bastion hosts, are hosts to which all external services connect. This host then communicates with the internal network via a differnet interface. Screened subnets, or perimeter networks, are networks separated from the internal network by a screening router. The bastion host (or hosts) is situated in this subnet. What factors usually drive the decision to establish firewalled intranets? The need to make certain information available only to a subset of the employees. The desire to provide a high degree of accountability for the access and use of data. Why is it imperative that administrative accounts on firewalls be strongly protected? Firewalls are generally the only points on the network visible to an external attacker. Access to the administrative account is usually the first thing they try to obtain. What are trusted networks? Trusted networks are those which share the same security policy or implement security controls and procedures that provide an agreed upon set of common security services. What is a virtual private network? An encrypted connection between two firewalls that allows the networks attached to those firewalls to intercommunicate over a secure link. What is one advantage of running DNS service on the firewall? All DNS information about the internal hosts is invisible to external sites. The only IP address-host name mapping visible to the world is that of the firewall. What are three means of assuring file system integrity on a firewall? Checksums, cyclic redundancy checks, and cryptographic hashes of the runtime image. What are some of the security-related events that should be logged by a firewall? Hardware and disk media errors, logins/logouts, connect time, use of sysadmin accounts, inbound/outbound SMTP traffic, TCP network connect attempts, inbound/outbound proxy traffic. What are some major types of Internet security threat? IP spoofing, DNS spoofing, session hijacking, network snooping, denial of service, social engineering. What are some useful Internet security controls? Encryption, one-time passwords, firewalls. What is a firewall? A firewall is a security barrier between two networks that screens incoming and outgoing traffic, accepting or rejecting connections according to a set of rules. What are some important factors to consider when choosing a firewall? Amount and type of security offered, granularity of control, vendor reputation, vendor support, verifiability of the firewall's code, support for strong authentication, ease of administration, ability to withstand direct attacks, quality and extent of logging/alarms. What is a firewall policy? A statement of the rules by which incoming and outgoing traffic should be allowed or rejected. What are generally the two most neglected aspects of firewall use? Proper maintenance and regular examination of logs. What are the four phases of corporate Internet adoption, as defined by IBM? Access, presence, integration, e-business. What are the primary functions of each layer in the OSI model? Physical: physical connection; transfers bits. (Ph) Data Link: reliable delivery; does checksums of messages. (DL) Network: manages network logistics; isolates upper layers from addressing/delivery. (N) Transport: error detection; provides end-to-end error detection and function between applications. (T) Session: manages sessions between communicating applications (Application-TCP/IP interface). (S) Presentation: standardizes data presented to the application layer. (Pr) Application: user interface; where applications communicate across the network. (A) What are the security functions that can be added by network communication devices? Repeater: (->Data Link) none, since they merely copy signals and send them on. Bridge: (->Network) stores and forwards entire packets; can filter out non-local packets. Uses hardware (48 bit) addressing only. Routers/Gateways: (->Transport) can filter packets by IP address or port. Can be used to allow/disallow/re-route IP datagrams according to IP address. What are the architectural layers of TCP/IP? Network Access: routines for accessing physical networks. (Ph, DL, N) Internet: defines datagram and handles data routing. Host-to-Host Transport: provides end-to-end data delivery. Application: applications and processes that use the network. What elements are defined in the Internet Protocol standard (RFC 791)? Datagram definition scheme Internet addressing scheme Network Access layer - Host-to-Host layer transport mechanism Datagram routing to remote hosts Packet fragamentaion and reassembly Why are TCP and IP often referred to together? IP is a connectionless protocol that defines how datagrams are constructed and what they contain. TCP is a connection-oriented protocol that handles handshaking, data transmission, and the exchange of control information via ICMP. What are the differences between TCP and UDP, and under what circumstances is UDP useful? TCP is connection-oriented and reliable (i.e., it contains mechanisms to ensure delivery and perform error correction). UDP is connectionless and does no error correcting. UDP is useful primarily for shorter messages where it is easier to resend an undelivered or garbled message than it is to deal with the overhead incumbent with TCP. What sorts of services reside in the TCP Application layer? Telnet, FTP, SMTP, DNS, RIP, NFS. What is the sequence of steps involved in establishing a TCP connection? Host A sends packet with SYN flag set to synchronize sequence numbers (bits 32-63). Host A now has a SYN sent in its buffer. Host B sends back SYN-ACK, which contains initial sequence number (i) and incremented sequence number (i+1) (bits 64-95). Host B now has SYN-received in buffer. Host A replies with ACK containing next sequence number. Now a socket (Host_A_IP:Port, Host_B_IP:Port)is established and bidirectional data flow begins. What is the best way to stop intruders from gaining root access via SYN flood/IP spoofing? Don't use .rhosts files, and never trust any node on the Internet. Which host should be the only one to run anonymous FTP? The firewall. What are the two types of extranets? One-to-many (provider-centric), many-to-many (user-centric). Name the general categories of extranet control enforcement mechanisms and give examples. Network: VPN, firewall, intrusion detection Authentication: certificate, token, password Platform: intrusion detection, compliance management, Web-to-Web server, Web agent, monitoring, auditing. What do Quality of Service/Service Level Agreements define? Availability, bandwidth, latency, response time. What statements define extranet security architecture? Extranets must be securely partitioned from the corporate intranet. Secure connectivity must be provided (dedicated line or VPN). Users must be adequately authenticated. Authorization must adhere to the least-privilege principle. Managers must receive monthly access reports to verify proper usage. Extranet must not provide a routeable path to the participant networks (no loop-back). Real-time monitoring, auditing, and alerting must be enabled. Why is user accountability in an extranet difficult or impossible at the network level? All users share the same IP address, due to proxying, firewalls, and NAT. At what layer must user authentication in an extranet be instituted? Application. What are some examples of proxy authentication? NT domains, cross certification with digital certificates, RADIUS, shared directory servers. What is the principle of "least privilege"? Users are granted only the minimum system privileges necessary to do their jobs. Name the components of a full extranet security architecture. Directory server, certificate server, authentication server, Web security server. What are the drawback areas with current VPN technology? Fault tolerance, performance, reliable transport, network placement, addressing, PKI management, interoperability. What are some of the positive benefits of installing a firewall? Increased ability to enforce network standards and policies. Centralized internetwork audit capability. What are some of the limitations of a firewall? No data integrity Can't protect traffic that bypasses them Can't protect data if they've been compromised Cannot authenticate datagrams at the network or transport layers Provide limited confidentiality What criteria must be considered when choosing a firewall? Performance: minimize impact on network with powerful processor(s). Requirements support: must support all applications and protocols in use by organization. Access control: IP address vs. user-based access. Authentication: must support authentication requirements of local security policy. Physical security: where is the firewall to be placed, and with what hardware will it interact? Auditing: superior firewalls will include a data reduction tool for parsing audit trails. Logging and alarms: firewall must accomodate security policy requirements. Customer support: vendor must supply adequate support for organization. Transparency: the more transparent, the more likely users will support the firewall. What are the three techniques available to firewalls for enforcing local security policy? Packet filtering: allow/disallow based on IP address and port (ACLs). No user authentication. Application-level gateways (proxies): enforce connection integrity and protocol adherence. Circuit-level gateways: relays connections. No data integrity. Best for outbound connections. What are some reasons for having formal firewall policies? Properly written firewall policies and standards will address important issues which may not be covered by other policies. A firewall policy can clarify how the organization's security objectives apply to the firewall. An approved set of firewall standards makes configuration decisions much more objective. What are the recommended steps in firewall policy establishment? Risk analysis, identify list of topics, assign responsibility, define audience, write policy, identify mechanisms to foster compliance, review (at least annually). What are the broad categories of security standards in the OSI architecture? Security architecture and framework standards Security techniques standards Layer security protocol standards Application-specific security standards Security management standards What are the four ISO/IEC standards that describe network layer services? ISO/IEC 8648: internal organization ISO/IEC 8880: general principles and the provision and support of connection/connectionless network services. ISO/IEC 8348: network service definition, including addenda to 8880 and for addressing, as well as describing the concepts of end-system and intermediate-system. ISO/IEC 8473: Connectionless network protocol (CLNP) description. What are the end-system and intermediate-system concepts? End-systems model hardware across the entire 7 layers of the OSI model. Intermediate-systems, located in the network layer, function only in the lowest 3 layers (Ph, DL, N). What is the definition of a subnetwork? A collection of communications facilities employing the same communications technology. What is a real subnetwork? A collection of hardware and physical links that connects real systems (e.g., LANs, PSPNs). What are the three roles performed by a network layer protocol? Subnetwork-independent convergence protocol (SNICP). Subnetwork-dependent convergence protocol (SNDCP). Subnetwork access protocol (SNAcP). Which standard was the first to specify where security services should be applied in the OSI model? ISO/IEC 7498-2. What are the general properties considered when locating security services on a network? Traffic mixing, route knowledge, number of protection points, protocol header protection, source/sink binding. What two standards apply to end system-level security? ISO/IEC 10736 for transport layer. ISO/IEC 11577 for subnetwork-independent network layer (Network-Layer Security Protocol, NLSP). What three factors favor the choice of network layer over transport layer end-level security? Ease of transparently inserting security devices at standardized physical interface points. Ability to support any upper-layer architecture. Ability to use the same solution at the end-system and subnetwork levels. What separates subnetwork-level from end system-level security? Equipment and operational costs are lower for subnetwork-level solutions because the number of end systems usually far exceeds the number of subnetwork gateways. Subnetworks close to end systems are trusted to the same extent as the end systems themselves because they are on the same premises and administered under the same conditions. What are the two service interfaces contained in the NLSP? NLSP service interface, underlying network (UN) service interface. These can be connection-oriented or connectionless. What are the fields contained in a string to be encapsulated by NLSP? Address parameters, QOS parameters, primitive type, user data, test data, security label. When can the no-header encapsulation option be used in NLSP? When the only security mechanism applied is encryption and the encryption-decryption mechanisms don't change the data lengths. How does NLSP provide data security? It maps NLSP service primitives one-on-one to UN service primitives, encapsulting those that require protection and copying verbatim those that don't. The end result is a secure data transfer PDU, which is mapped to the user data parameter of the UN service primitive. If it is too big to fit, a user data exchange must take place. What fields are contained in the PDUs exchanged by NLSP at connection establishment? Security label, key reference or key derivation info, and two encrypted integrity sequence numbers, one for each direction of traffic flow. What standards define the transport layer of the OSI model? ISO/IEC 8072 (Transport Service Definition), ISO/IEC 8073 (Connection-oriented Transport Protocol Specification), ISO/IEC 8602 (Connectionless Transport Protocol Specification), ISO/IEC 10736 (Transport Layer Security Protocol). What are the three phases of transport service? Transport connection establishment, data transfer, transport connection release. What are the parameters associated with each Transport Service (TS) primitive? Called address, calling address, expedited data option, quality of service, TS user data, responding address, disconnect reason. In the context of transport services, what is segmentation? Segmentation is the facility by which a session service data unit (SSDU) can be transmitted between peer session entities across more than one consecutive session protocol data unit (SPDU). What two types of errors originating in the subnetwork are observed by the transport layer? Signaled: one detected by the network layer but not corrected (e.g., network disconnect and reset). Residual: an error not detected by the network layer (e.g., loss, corruption, out of sequence TSDUs). Name the five basic levels or classes of network service provided by the transport layer. Class 0, simple class: Basic transport connection used where both error type rates are acceptable. Class 1, basic error recovery class: used where signaled error rate is unacceptable. Class 2, multiplexing class: Class 0 with transport connection multiplexing. Class 3, error detection and recovery class: Class 1 with multiplexing. Class 4, error detection and recovery class: Class 3 with residual error discovery/correction. Used where residual error rate is unacceptable. Name some of the basic transport layer services. Assignment to a network connection: association of a TC with a network connection. TPDU transfer: conveyance of TPDUs between peer transport entities. Segmentation and reassembly of data TPDUs too big to fit in one TSDU. Concatenation and separation: joining and separating TPDUs into a single NSDU. Connection establishment/refusal. Release (normal/error). Association of TPDUs with transport connections. TPDU numbering. Expedited data transfer. Reassignment after failure (loss of network connection). Retention until ackowledgement of TPDUs. Resynchronization. Multiplexing and demultiplexing. Explicit flow control. Checksum. Frozen references. Retransmission on timeout. Resequencing. Inactivity control. Treatment of protocol errors. Splitting and recombining. What is expedited data? Data that are guaranteed to arrive before unexpedited data. What are the criteria for the three phases of QOS? Connection establishment phase: establishment delay, establishment failure proability. Connection release phase: release delay, release failure probability. Data tranfer phase: throughput, transit delay, residual error rate, connection resilience, transfer failure probability. What is the name for the QOS component relevant to security? Protection QOS. What security services are supported by the encapsulation function of TLSP? Security label, direction indicator, integrity check-value (ICV), encyption padding, encryption, security association attributes, agreed set of security rules (ASSR). What defines an ASSR? An agreement between two or more systems as to which security mechanisms are to be used and which values are to be applied to parameters of those mechanisms. What are the four standard security services provided by Application Layer Security protocols? Confidentiality, integrity, authentication, nonrepudiation. What types of cryptography are supported by ALS? Symmetric (secret key): DES. Asymmetric (public key): RSA, PKI, X.509. Hashing: MD2, MD5, SHA. What cryptographic standards are supported by ALS? X.509 (digital certificates). PKCS (Public Key Cryptography Standard). CMS (Cryptographic Message Syntax). MOSS (MIME Object Security Services). Name the six cryptographic content types used in CMS. data, signedData, envelopedData, signedAndEnvelopedData, digestData, encryptedData. Who are the five parties involved in a Secure Electronic Transaction (SET)? Cardholder, issuer, merchant, acquirer, payment gateway. Name some security-enhanced messaging protocols currently available. Privacy Enhanced Mail (PEM). RIPEM (Riordan's PEM). S/MIME: uses MIME, CMS, PKCS, and X.509. OPGP (PGP/MIME). What are the key security features of S/HTTP? Support for MOSS and CMS. Syntax compatibility. Recursive protections. Algorithm independence. Freshness feature. Name four S/HTTP key management modes. Manual exchange (ID-password). Public key exchange (X.509). Out-of-band key exchange (using some other medium, such as postal mail). In-band symmetric key exchange (for increased performance). Name some SET implementations for conducting secure monetary transactions. Secure Payment (S/PAY). RSA Data Security/Trintech Group. Open Financial Exchange (OFX). Checkfree/Intuit/Microsoft. Micro Payment Transfer Protocol (MPTP). W3C. S/Key, MD5 or SHA, X.509. Java Electronic Commerce Framework (JECF). Electronic wallets. Not a protocol, but a framework for using active-content technology such as JVM to produce wallet modules (applets). What improvements are made in IPv6? 128-bit addressing. Simplified format header. Improved support for extensions and options. QOS capability. Address authentication. Message confidentiality and integrity. Formalizes concepts of packet, node, router, host, link, and neighbors. What is a TCP/IP "port?" A named logical connection or interface to a specific application or service within a device. How do "password grabber" sniffers work? They grab the first 256 or 512 bits of a packet on the assumption that this is where passwords will be stored. What RFC describes Telnet? RFC 855. What function does the Link Control Protocol (LCP) have in PPP? Negotiates encapsulation formats, format options, and limits on packet format (since PPP supports transmission of multiple network-layer protocols simultaneously). What is SSL? Secure Socket Layer is a Netscape-developed protocol for use in client-server applications, most notably the Web. It uses a hybrid of symmetric and asymmetric cryptography, in which a symmetric algorithm is used to hide the traffic and an asymmetric one, RSA, is used to negotiate the symmetric keys. It is session-oriented and can be either one-way or two-way. Distinguish between VPNs and SVNs. Virtual Private Networks provide secure data transmission from gateway to gateway (firewall to firewall). Secure Virtual Networks provide end-to-end encryption. Domain 3: Security Management Practices Name the three key elements of any information security program. Integrity, confidentiality, availability. What are the five keys to establishing an effective security awareness program? Assess the current level of computer usage. Determine what the managers and employees want to learn. Examine the level of receptiveness to the security program. Map out how to gain acceptance. Identify possible allies. What are some of the more common means of categorizing information systems users? Level of awareness. Job category. Specific job function. Information processing knowledge. Technology, system, or application used. What are some important pitfalls to avoid when designing a security program? Inadequate expression of management intent. Multiple sign-ons, Ids, and passwords. Multiple points of control. Unsafe defaults. Complex administration. Late recognition of problems. Increasing use, users, uses, and importance. Name some important security services. User name service. Group name service. Authentication server. Authentication service products. Single point of administration. What are the principal features of IPSEC? Separate privacy and authentication functions with (cryptographic) transform independence. End users can select the level of security and transform appropriate for their needs. Network Layer (IP) implementation with unidirectional setup. All client IP-based programs can operate securely without customization. Multicast communications are set up by the receiving station using a security parameters index (SPI) supplied by the sending station. Host and gateway topologies. Supports host-to-host (end-to-end), gateway-to-gateway (subnet-to-subnet), and host-to-gateway (remote login). Key management. Application layer key management scheme that supports public and private keys, as well as manual or automated key distribution. Multi-level Security (MLS) support. IANA numbers used for all standard codes. What are the two centerpieces around which IPSEC archictecture is designed? The authentication header (AH) and the encapsulation security payload header (ESP). Define a security association. A table or database record consisting of a set of security parameters that govern security operations on one or more network connections. What are the most common entries in a Security Association (SA)? Type and operating mode of transform. Default is MD5. Key or keys used by the transform algorithm. Encryption algorithm's synchronization or initialization vector (if any). Life span of the transform key(s). Life span of the SA. Source address of the SA. Sensitivity level of the protected data. What is the current minimum requirement for IPv4 AH compliance (compliance is mandatory in IPv6)? At least MD5 using 128-bit key. What is the default algorithm for confidentiality and integrity for IP datagrams in IPSEC? Cipher block chaining mode of DES (DES CBC). What are the two modes of operation of IPSEC? Tunnel mode, where the entire contents of the IP datagram are encapsulated into ESP, which then becomes the payload of a second datagram with a clear-text header. Transport mode, where only the TCP or UDP portion of the frame is encapsulated. This requires only one datagram. What is the purpose of ISAKMP? ISAKMP (the Internet Security Association and Key Management Protocol) supports standard key management functions and incorporates mechanisms to negotiate, establish, modify, and delete SAs and their attributes. What are the four major functional components of ISAKMP? Authentication of communications peers. Cryptographic key establishment and management. Security association creation and management. Threat mitigation. What is the Economic Espionage Act of 1996? 18 USC 1831-1832 makes it a felony to steal or misappropriate organizational trade secrets, whether done by domestic or foreign competitors, or by a foreign governmental entity. Domain 4: Application and Systems Development Security What are the three generally accepted categories of secrecy-related problems in database systems? Intentional or accidental access to information by unauthorized persons. Improper modification of data. Denial-of-service threats. Distinguish between DAC and MAC. Discretionary Access Control (DAC) restricts information based on the authorization granted to a particular user. Mandatory Access Control (MAC) secures information by assigning sensitivity levels (labels) to data. How is data access security managed in traditional RDBM systems? Appropriate use and manipulation of views. SQL GRANT and REVOKE statements. Why is changing keys frequently a cost-effective step in cryptographic systems? The cost of changing keys rises linearly, but the cost of attacking them rises exponentially. All other factors being equal, changing keys increases the effective key length of an algorithm. What are some of the principles that guide the use and implementation of key management? Key management must be fully automated. No key may ever appear in the clear. Keys must be randomly chosen from the entire key space, preferably by hardware. Key-encrypting keys must be separate from data keys. Nothing that has ever appeared in the clear should be encrypted under a key-encrypting key. All patterns in the clear text object must be disguised before encrypting. Keys with a long life must be sparsely used. What is the difference between symmetric and asymmetric key cryptography? In symmetric key cryptography, the keys used to encode and decode data are the same. In asymmetric, they have a fixed numerical relationship, but are not the same key. Most products use symmetric key cryptography to encrypt data, and asymmetric to generate keys. What RFC details Kerberos? RFC 1510. What is the Kerberos "Clock Skew?" The window of time over which the replay cache must operate; the maximum difference between the system times of two different participating systems. Domain 6: Security Architecture and Models Distinguish between an incremental and a differential backup. An incremental backup involves all files that have changed since the last backup of any type. A differential backup involves all files that have changed since the last full backup. What are some precautions that can help minimize problems in LAN disaster recovery? Carefully document all LAN hardware and sofware, including configuration settings. Use standard equipment and configurations whenever possible. Document the minimum configuration requird to restore essential data and services. Use server-mirroring, fault-tolerant hardware, and redundant disk arrays. Domain 7: Computer Operations Security What four classes of threats apply to Java? System modification, invasion of privacy, denial of service, anatagonism. Domain 8: Business Continuity Planning and Disaster Recovery Planning In what ways can a well-run BCP contribute to an organization? Sustaining growth and innovation Enhancing customer satisfaction Providing for people's needs Improving overall mission-critical process quality Providing for practical financial metrics What are the four support pillars of BCP? Basic infrastructure support services (technological platforms, telecomm, LAN, etc.) Support functions such as HR, Purchasing, and external service providers. Physical facilities Vital records. What is the MTD (maximun tolerable downtime)? The longest period of time a business process can remain interrupted before it risks its ability ever to recover. The shorter the MTD, the more time-critical the process is. What is the fundamental tenet of Organizational Change Management? You cannot change processes without changing the people who operate them. What goals are included in the BCP Balanced Scorecard? Value Statement Value Proposition Metrics/Assumptions on reduction of BCP risk Implementation Protocols Validation Methods What criteria should be evaluated as part of the testing of the restoration component of a company's BCP Does it meet the business needs in terms of timeframe? Does it reduce the exposure to loss of documents and data to an acceptable level? Does it remain in compliance with insurance requirements? Is it current, and is the level of detail sufficient to ensure a timely, efficient recovery? Domain 9: Law, Investigation, and Ethics Name some of the federal statutes which apply to computer crimes. Electronic Communications Privacy Act (ECPA) Electronic Espionage Act of 1996 (EEA) Child Pornography Prevention Act of 1996 (CPPA) Computer Fraud and Abuse Act of 1986, 18 USC 1001 (CFAA) What are the most common forms of evidence accepted by a court of law? Direct (eyewitness testimony) Real (physical) Documentary (records, printouts, manuals, etc.) Demonstrative (models, charts, diagrams, simulations, animation, etc.) What is the substance of Federal Rules of Evidence 702? Expert witnesses must be qualified as experts through skill, training, or education. What are the four types of computer-generated evidence? Visual output on a monitor. Printed evidence on a printer Printed evidence on a plotter Film recorder (includes magnetic media, CDs, optical disks). What is the Best Evidence Rule? Court prefers original evidence, but will accept duplicates under the following circumstances: Original destroyed by act of God (can, however, include things like careless employees). Original destroyed in normal course of business Original in possession of third party beyond the court's subpoena power What is the Exclusionary Rule? Evidence must be gathered in accordance with court guidelines covering search and seizure. What are the requirements for records to be admitted as evidence, according to FRE 803(6)? Witness must have custody of the records in question on a regular basis Witness must rely on those records in the regular course of business. Witness must know that they were prepared in the regular course of business What must the Chain of Evidence demonstrate? Who obtained the evidence Where and when the evidence was obtained Who secured the evidence Who had control or possession of the evidence What are the stages in the Evidence Life Cycle? Collection and identification Analysis Storage, preservation, and transportation Presentation in Court Return to owner Under what conditions is a private party subject to 4th amendment strictures? The private party performs a search which a government entity would need a warrant to conduct The private party performs that search to assist the government, as opposed to furthering its own interest The government is aware of and does not object to the activity What steps must be taken by an organization to ensure any possibility of prosecution? Must have a functional security system in place Must inform users that access is unauthorized Must obtain written acknowledgement that policies and procedures are understood Name the bare minimum requirements for a computer forensic system. Ability to conduct a disk image backup of the suspect system Ability to authenticate the file system Ability to conduct forensic analysis in a controlled environment Ability to validate software and procedures Why is a separate copy of a suspect disk needed for file authentication? Because the process of creating an MD5 or SHA hash will change the file accessed time stamp. What are some essential components of a corporate security policy? Incident response plan Information dissemination policy Electronic monitoring statement Audit trail policy Inclusion of a warning banner stating that unauthorized access is prohibited and that all accesses will be monitored. Domain 10: Physical Security Name four types of Intrusion Detection Systems (IDSs). Anomaly detection systems Misuse detection systems Target monitoring systems Stealth probe/attack detectors Give 6 advantages to using IDS technology. Cost reduction Increased detection capability Reporting Forensics Failure detection and recovery Give 8 disadvantages to IDS. Immaturity False Positives Performance affects Initial cost Vulnerability to attack Applicability Vulnerability to tampering Changing technology